Defense in Depth: Secure Controls Framework

Is the free to use Secure Controls Framework the one meta-framework to rule them all?

Check out this post and discussion for the basis of our conversation on this week’s episode which is co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX), CISO at Mitel. Our guest is Tom Cornelius, founder of and contributor to the Secure Controls Framework (SCF) (@scf_support).

Subscribe to Defense in Depth.

Got feedback? Join the conversation on LinkedIn.

Thanks to this week’s podcast sponsor, SpyCloud

Learn more about how you can protect employees and customers from account takeover with SpyCloud.

On this episode of Defense in Depth, you’ll learn:

  • Purpose of the Secure Controls Framework is to have a single framework to address multiple requirements. It’s a meta-framework that takes into consideration the controls of all other frameworks.
  • You only need to use the security controls that are important and relevant to you. For that reason, don’t be daunted by the number of controls on SCF (currently 750).
  • You can have security without privacy, but you can’t have privacy without security. Integrating privacy and security is critical to SCF.

Defense in Depth