1

My organization utilizes Risk Assessments as the catalyst for a lot of our Information Security efforts. Currently we assess applications using the cloud security alliance's CAIQ framework and questionnaire. However while 90% of what gets assessed is cloud based, I think we need another set of questions for internal assets.

Question: Has anyone ever worked within an organization that utilizes multiple frameworks that would switch between the framework based on the type of data or technical specifications in order to complete a risk assessment?

VectorPrime
  • 71
  • 4
  • 1
    You don't ask a question here...Could you edit and clarify what you're wondering about? – Ryan Kelso Feb 28 '17 at 19:26
  • 1
    I apologize. Not sure how I managed to do that. I've edited the post. – VectorPrime Feb 28 '17 at 19:32
  • I have worked with multiple frameworks, but still can't see what your question is... – Rory Alsop Feb 28 '17 at 19:44
  • Sorry Rory, The first time I posted, I think I was rushing. The Second time, I just didn't make myself clear. Hopefully I'm clear now. I just need to know if this is unique, because it is to me. – VectorPrime Feb 28 '17 at 19:51
  • Still, the answer is yes. You either jump across to a different one, or you incorporate the various frameworks in your own overarching framework. It's exactly as it sounds. I'm still not really seeing a question... – Rory Alsop Feb 28 '17 at 19:51
  • I appreciate the response. That was really all I needed to know... – VectorPrime Feb 28 '17 at 19:54

0 Answers0