Programs
CISC Limited works with the following security programs and associated frameworks.
Center for Internet Security (CIS)
The Center for Internet Security (CIS) is a non-profit organisation with a mission to make the connected world safer through the promotion of Cyber Security best practices.
CIS provide a Critical Security Controls set of 18, presented as individual safeguards which adopt the NIST Five Functions (Identify, Protect, Detect, Respond, and Recover).
The controls and safeguards are classified against three attainment levels (IG1, IG2, and IG3) which are loosely aimed at small, medium, and large organisations.
The CIS and Critical Security Controls are coupled with a suite of tools such as the Community Defense Model (CDM) which references the MITRE ATT&CK.
Cyber Essentials (Standard and Plus)
Cyber Essentials is a United Kingdom certification cyber security scheme to demonstrate a minimum level of protection for an organisation.
This is achieved through the use of a questionnaire with 89 requirements presented alongside implementation guidance.
The standard attainment (called Cyber Essentials) uses a self-attestation approach that a Cyber Essentials Assessor verifies.
Cyber Essentials Plus has the exact requirements with the addition of independent validation by an accredited third party (certification body).
Once the program has been attained, your organisation is placed on a public register, and the whole process is repeated each year.
Trusted Partner Network (TPN)
The Trusted Partner Network (TPN) has launched a new version of its third-party assessment program called TPN+, which incorporates 64 controls outlining Best Practices for the Media & Entertainment (M&E) industry.
The controls are presented across four domains which are Organizational Security, Operational Security, Physical Security, and Technical Security, of which the latter consumes 56% of the requirements. This program caters for on-site, cloud, and hybrid workflows for companies in the supply chain and recognises SaaS providers for the first time.
The TPN is run by the Motion Picture Association (MPA), which has been formed with the support of international content owners such as the major film studios (Walt Disney Studios, Warner Bros., Universal Studios, Columbia Pictures, and Paramount Pictures) plus Amazon, Apple, Netflix and so on.
The TPN+ program introduces two levels of attainment. The Blue Shield requires registration, completing a questionnaire, submission of evidence (such as ISO 27001 certification) and payment of an annual membership fee. The Gold Shield introduces an accredited assessor to validate these materials during an on-site or remote assessment.