#8 - Measuring & Securing Your Business with CIS v8 & CISA CPG: A Commercially Reasonable Approach

In today’s evolving threat landscape, businesses must adopt security frameworks that are both effective and defensible. This talk explores how the CIS Critical Security Controls v8 and CISA Cybersecurity Performance Goals (CPG) provide a structured, measurable approach to securing your organization while aligning with the concept of commercially reasonable security.

Attendees will learn how to apply these frameworks to assess risk, implement safeguards, and demonstrate due diligence in cybersecurity. Through interactive tabletop exercises and live demonstrations, participants will gain hands-on experience in evaluating security postures, responding to threats, and justifying security investments in a way that meets regulatory and legal expectations.

This session is ideal for security professionals, business leaders, and compliance officers looking to bridge the gap between cybersecurity best practices and real-world business needs.