Former White House CIO Theresa Payton. Photo: Cybercrime Magazine.

Security Governance Framework: The Hybrid Approach

Theresa Payton offers tips on creating your own model

Steven T. Kroll

Northport, N.Y. – Jun. 25, 2019

Theresa Payton is a globetrotting cybersecurity CEO, author, keynote speaker, and actress. Her company, Fortalice Solutions — a cybersecurity intelligence and operations provider — has been on the front lines of hundreds of incident responses.

This week, Theresa talks about your security governance framework and what you should consider before choosing the right one. Information security is a complex field that requires myriad processes, tools, and decisions — and having an effective framework makes a CISOs job a little easier.

Many people look for the one framework — ISO 27,000, NIST — to meet their security demands without thinking if it’s the right fit for their organization. Theresa recommends considering the risk level, return on investment, and institutional culture when selecting a framework. Don’t just settle.



Maybe, a one-size-fits-all approach to governance is not the right model. This doesn’t add difficulty to an already tough position. Rather, it’s an extension of carefully weighed options that guarantee full maturity and capability within your security posture.

Every large enterprise is a multi-faceted entity. It’s important to determine what you need for workstreams, lines of businesses, and security teams. By doing this you can add layers from separate security governance frameworks to develop a program that satisfies your organization’s specific needs. As Theresa says, maybe a hybrid approach is the way to go.

Watch Theresa’s two-minute video to learn more. Your security governance framework will be more efficient if you follow her advice.

Stay tuned for more cyber advice from Theresa!

Theresa Payton Archives

Steven T. Kroll is a public relations specialist and staff writer at Cybercrime Magazine.