Last time on "A Year in the Life of OpenFAIR," we covered the establishment of an internal risk triage tool that my firm developed.
About a year ago, one guy came up with a great idea:
“What if we measured our customers against the Critical Security Controls (CSC)? Then we could have some consistency between contracts, and start to provide some benchmarking. It would help our customers measure their maturity, set priorities, and understand their risk exposure.”