­
Launching Community based "Common Framework for Security Technology Evaluation" @ Annual Summit,2014 - All Articles - CISO Platform

200qvwg.jpg?width=200Why do we need a common security technology evaluation framework? 

Floating an RFP (Request for Proposal)  or evaluating a new technology for a CISO is a substantial effort. Going through the sea of data  and marketing buzz to judge a vendor and its product is definitely not an easy task. We started creating frameworks for various security technologies to solve the following problems:

  • Creating a framework to evaluate a technology is a substantial effort.
  • There is tremendous effort duplication in the industry since everybody invents their own framework. There is scope for reuse and collaboration for the basic structure (at least).
  • Going through the sea of product information and marketing buzz is a massive effort.
  • There are too many "buyer's guide" in the market. It is time to have an open community based unbiased framework where anybody can provide their feedback and incorporate their learning.

(Read more:  5 Best Practices to secure your Big Data Implementation)

What will be the process of building the framework?

As a part of our initiative, we have create a common framework and then 20 specific frameworks for specific technologies. As an example, if you want to evaluate a DLP solution, you may use the framework and then work on top of it for your custom requirements. We at least intent to save some of your effort.

Step 1:  Release of the generic framework for community feedback. We shall finalize the overall structure in next 15 days.

Step 2: Release of technology specific frameworks (e.g. Web Application Firewall, DLP etc) for community feedback and extensive community sessions during CISO Platform Annual Summit.

Step 3: Release of final technology frameworks for the members.

Community Feedback Process and Documentation Trail: Any member can provide their comment on the framework using the commenting feature. Our analyst and advisory team shall take the final decision on incorporating such feedback. In any case, all feedback (whether accepted or not) shall remain published in the comment section for other members to use it based on their own judgment/discretion.

(Read more:  How Should a CISO choose the right Anti-Malware Technology?)

Common Framework structure

In this article we are introducing the structure of Evaluation Framework. This is a generic framework and for each specific technology we shall add specific questions for evaluation. It takes a top down approach where the high level categories are the Major areas of security product evaluation namely Functionality, Commercial, Management and Support, Organization and Reference. Further each category is sub-divided into the sub-categories. 

Important Note: The following is just a structure. We will soon release 20 specific frameworks with specific checklist and questionnaire for each "sub category".

2zyxxjq.png

29x9hsh.png

>> Formal launch of the frameworks @ Annual Summit

The final draft above framework will be launched at Annual Summit 2014 (20-21st Nov) where active discussions with CISOs and technology vendors shall take place. Post such feedback, we will release the final checklists for the community.

We invite your review/feedback as comments below or via mail directly to 'pritha.aash@cisoplatform.com' .

(Read more:  7 Key Lessons from the LinkedIn Breach)

Votes: 0
E-mail me when people leave their comments –

Priyanka, Co-Founder and Editor, CISO Platform Breach Intelligence, leads our threat intelligence and incident analysis efforts, providing actionable insights to the global cybersecurity community. With extensive experience in cybersecurity leadership and breach analysis, she specializes in translating complex technical threats into strategic intelligence for security executives.

You need to be a member of CISO Platform to add comments!

Join CISO Platform

Join The Community Discussion

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)
 

 

 

CISO Platform Talks : Security FireSide Chat With A Top CISO or equivalent (Monthly)

  • Description:

    CISO Platform Talks: Security Fireside Chat With a Top CISO

    Join us for the CISOPlatform Fireside Chat, a power-packed 30-minute virtual conversation where we bring together some of the brightest minds in cybersecurity to share strategic insights, real-world experiences, and emerging trends. This exclusive monthly session is designed for senior cybersecurity leaders looking to stay ahead in an ever-evolving landscape.

    We’ve had the privilege of…

  • Created by: Biswajit Banerjee
  • Tags: ciso, fireside chat

CISO MeetUp: Executive Cocktail Reception @ Black Hat USA , Las Vegas 2025

  • Description:

    We are excited to invite you to the CISO MeetUp: Executive Cocktail Reception if you are there at the Black Hat Conference USA, Las Vegas 2025. This event is organized by EC-Council & FireCompass with CISOPlatform as proud community partner. 

    This evening is designed for Director-level and above cybersecurity professionals to connect, collaborate, and unwind in a relaxed setting. Enjoy…

  • Created by: Biswajit Banerjee
  • Tags: black hat 2025, ciso meetup, cocktail reception, usa events, cybersecurity events, ciso

6 City Playbook Round Table Series (Delhi, Mumbai, Bangalore, Pune, Chennai, Kolkata)

  • Description:

    Join us for an exclusive 6-city roundtable series across Delhi, Mumbai, Bangalore, Pune, Chennai, and Kolkata. Curated for top cybersecurity leaders, this series will spotlight proven strategies, real-world insights, and impactful playbooks from the industry’s best.

    Network with peers, exchange ideas, and contribute to shaping the Top 100 Security Playbooks of the year.

    Date : Sept 2025 - Oct 2025

    Venue: Delhi, Mumbai, Bangalore, Pune,…

  • Created by: Biswajit Banerjee

National Insider Risk Symposium, Washington DC, USA 2025

  • Description:

    We are excited to invite you to the 10th National Insider Risk Symposium, a premier forum bringing together leaders and experts from both the commercial and public sectors to address the evolving landscape of insider threats. CISOPlatform is a proud community partner for this event. 

    Event Details:
    Venue: National Housing Center, 1201 15th St NW, Washington, D.C. 20005
    Dates: September 17–18,…

  • Created by: Biswajit Banerjee
  • Tags: national insider risk symposium, ciso, cybersecurity events, usa events