ISO 27001 verses NIST: the cyber wars
Companies often grapple with security frameworks as if it were a deeply theological question. Maybe you are a US multinational that has inherited NIST based controls but your clients want a certification of compliance which the NIST 800-53 cannot provide. Maybe you are an organisation who’s deeply technical experts reject broad-based controls in favour of …