Are You Team NIST or Team ISO?

If you don’t know what we’re talking about—you need to read this.

It’s no secret that SAI360 takes IT risk and cybersecurity seriously. Today we help hundreds of organizations to automate, prioritize, manage, and report on risks in a constantly changing world. That’s why we were named a Leader by Gartner in its recent IT Risk Management Magic Quadrant. 

Are You Team NIST or Team ISO for IT risk management? Read this Gartner paper for insights.We also know that the success of risk projects is about so much more than technology. It’s about having a strategy, understanding scope, and mapping out processes.

But you don’t have to start from scratch—you can use frameworks such as NIST 800-39 and ISO 27005. These frameworks on managing information security risks provide in-depth steps and workflows that can help.  

But they aren’t similar in approaches. Should you choose NIST? Or ISO?

In its insights paper, Ten Cyber and IT Risk Fundamentals You Must Get Right, Gartner has a view on this – click to download and read whether you should be on team NIST or team ISO.

10 Cyber and IT Risk Fundamentals You Must Get Right | Gartner

 


Additional resources:

 


Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Gartner: “Ten Cyber and IT Risk Fundamentals You Must Get Right,” by Claude Mandy and Jie Zhang. Published 19 October 2021. Gartner, “Magic Quadrant for IT Risk Management,” by Brent Predovich and Claude Mandy. Published 13 September 2021.​ Gartner and Magic Quadrant are registered trademarks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved.

Previous Article
What’s on the Horizon for Regulatory Change Management?
What’s on the Horizon for Regulatory Change Management?

Does regulatory change happen in a vacuum? Or is it a reactive process? What do we need to look out for in ...

Next Article
Recovery Point Objective – Start by Asking the Right Questions
Recovery Point Objective – Start by Asking the Right Questions

Sometimes planning for disaster recovery is knowing what questions to ask. Let's talk about discuss RTO (Re...

10 Cyber and IT Risk Fundamentals You Must Get Right

READ REPORT