Generic filters
Exact matches only
Search in title
Search in content
Filter by Custom Post Type
Filter by Categories

Security Standards with Benoit Heyndrickx

Discover the latest in Information Security with insights from Benoit Heynderickx from Information Security Forum (ISF). Explore evolving security standards, regulations, and IS frameworks, including ISO certifications and industry-specific controls. Learn about prioritization strategies and how recent regulations like DORA and NIS Directive will impact critical sectors and the security landscape. Gain insights into differentiating compliance and protection, and safeguarding digital assets effectively. Stay ahead in the dynamic world of security standards with expert guidance in this insightful interview.

Play Video

In this extensive conversation, Benoit delves into various aspects of information security standards, regulations, and best practices. Our host, Guy Marong, kicks off by welcoming Benoit again and talks about the Information Security Forum (ISF) in London. They describe ISF as a think tank providing insights into the industry’s future. Benoit highlights the evolution of security standards from UK-specific ones to the internationally recognized ISO 27001. They note recent developments in European regulations, particularly in the financial sector.


Benoit shares his experience with navigating security standards, highlighting the challenge of starting with a comprehensive set of controls like ISO 27001. He believes these may not be suitable for all organizations, especially smaller ones. He suggests more accessible options like UK Cyber Essentials or the CIS Controls, which offer actionable guidance for companies of varying sizes.


Exploring other security frameworks


The conversation touches on the importance of risk management and the role of different frameworks like CIS Controls and CSA in providing technical controls tailored to specific needs. They also discuss the benefits and criticisms of ISO certification, emphasizing the need for ongoing updates and management commitment.


Moving forward, they explore different approaches to organizing controls, whether by standards like the NIST Cybersecurity Framework or the stages of the Cyber Kill Chain. Both Guy and Benoit stress the importance of aligning controls with business objectives and stakeholder needs.


The discussion then turns to recent regulations like DORA and NIS Directive, focusing on incident response, supply chain security, and regulatory compliance. They acknowledge the significance of these regulations in raising awareness but caution against over-reliance on compliance as a security strategy.


Finally, they conclude by encouraging organizations to adopt a pragmatic approach to security, starting with foundational controls and gradually scaling up based on their risk profile and business requirements. They emphasize the need for ongoing education, collaboration, and adaptation to navigate the evolving landscape of information security effectively.



Cubic Lighthouse is a cybersecurity publication dedicated to demystifying security, making news actionable, providing deeper thinking about the fundamentals of security, and providing decision-makers and the community at large with the right information to make the right decisions. We will also feature more technical articles and provide personal/family security advice.

©2024 Cubic Consulting, a Smart Security Company for your Business – All Rights Reserved.