Common Sense Security Framework (CSSF) for Small Businesses

interesting site, i downloaded the excel and those questions are quite relevant and simple to understand. however, just curious where and whom these questions are being benchmarked against?

This is an open source framework and from the looks of the slides in www.commonsenseframework.org/wp-content/...y-Framework-v1.1.pdf , I take it that they reference against
- PCI DSS 3.0
- NIST SP 800-37
- SANS Top 20 Critical Controls (Now under CIS)
- ISO 27002:2013
- ASD Strategies to mitigate targeted cyber intrusion


As part of my work, I was looking at frameworks. Especially the NIST Cybersecurity Framework, ISO27001, CoBIT5 and the MAS TRM. Quite a lot of controls. I have found this spreadsheet where they sort out the controls in the different frameworks (excluding MAS TRM). Helps me to do the gap analysis for my work place.
www.google.com.sg/url?sa=t&rct=j&...3N_M3XH_u7csw8HhKF1g

i see. okie will try it out and evaluate. is this something new in the market?

Looks quite new since it came out in 2015. It should be a starting point for small companies who are looking into securing their environment.

For mid to large organisations, they will tend to look at CIS Top 20 controls, ISO 27000, NIST or COBIT for Information Security.

Hmm, hope there is someone technical enough to interpret it within the organization as i don;t think a layman will really know what to do with it, he/she may read it differently.

IT Managers have to take on a secondary security role. That's what we noticed nowadays. They are in the best position to know what is in the company.