A good rule of thumb to ensure reasonable cybersecurity is to take AIM: Align, Implement and Measure.

 Align. Whether it’s the NIST Frame-work, the CIS Top 20, ISO, or any other standard, it is advisable to pick one. There may not be correct answers for cybersecurity, but aligning against industry standards helps organizations ensure they considered the right questions.

Implement. Having policies and assessing risk are necessary steps, but they are not sufficient. Organizations must then implement appropriate physical, administrative and technical controls to mitigate the highest ranked business and victim-centric risks, and should consider creating risk registers to accept, track and manage remaining material risks.

Measure. In addition to conducting periodic penetration tests and vulnerability assessments, organizations should monitor for emerging threats and perform routine program audits. If the cybersecurity program isn’t measured, does it reasonably exist?

https://www.securitymagazine.com/articles/89275-taking-aim-at-reasonable-cybersecurity?_lrsc=0bced36d-270c-4c1e-8355-5cdd3f9ce55f&trk=&utm_source=LinkedInElevate&utm_source=LinkedIn&utm_content=LinkedInElevate