Yesterday, I mentioned the value of benchmarks / frameworks / standards to guide you in your efforts to defend against cyber attacks.

Why isn’t there just one benchmark that everyone should align to?

Because each one requires a different level of effort, cost and attention to attain and sustain.

Because each is trying to protect against varying levels of risk.

If this was about securing a property:

  • Some are designed to protect a white house
  • Others are designed to protect The White House.

So What?

Depending on your specific situation (e.g. the most likely threats; your current and future capabilities, and your organisation’s attitude to risk), many of the benchmarks will be insufficient or excessive.

But just like Goldilocks, I bet there is one that suits you just right.

Image of two houses - One is a white house. The other is The White House.