Training
Featured CourseView All Courses
Get a Free Hour of SANS Training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
Cloud Security Training, Courses, and Resources
Can't find what you are looking for?

Let us help.

Contact us
Community Resources

SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

AI Risk & Readiness

Explore expert-driven guidance, training, and tools to help defend against AI-powered threats and adopt AI securely.

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations

Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Talk With an Expert
Talk With an Expert

Cybersecurity Standards Scorecard (2025 Edition)

  • Thu, Oct 16, 2025
  • 12:00PM - 1:00PM EDT
  • English
  • James Tarala
  • Technical Presentation
Login to register
Webcast Hero

In the 1990s government agencies, industry groups, and cybersecurity researchers started creating cybersecurity standards and these standards led to cybersecurity regulations and laws that dictate to organizations what they must do to protect their data. Today, there are now dozens of standards dictating thousands of cybersecurity controls that organizations can consider when building their cybersecurity plans. Every year more standards are released, and the confusion grows. To make the problem even more challenging, no two standards are the same, nor do they even cover the same scope of defenses.

This reality has led to confusion and frustration for organizations seeking to build comprehensive cybersecurity programs. What should we do, what can we do, or must do to protect our own information systems? Until recently there has not been a Cyber Rosetta Stone for security and privacy professionals to use to compare these standards. Most organizations have limited resources and must choose which controls to implement and which to ignore. We haven’t had risk or threat models to demonstrate why certain cybersecurity controls are important and what should be prioritized.

In this webcast, James Tarala, Senior Faculty at the SANS Institute and Managing Partner at Cyverity, will explain the state of cybersecurity standards in 2025 with a scorecard comparison of popular standards based on specific, measurable research. This presentation is an annual report which will focus primarily on the changes to the cybersecurity standards space over the past year. He will also introduce a Cyber Rosetta Stone that simplifies building a cybersecurity control libraries across all the standards. Attendees will leave this webcast with a clear understanding of the differences and gaps in cybersecurity standards that will support their informed decisions about which standards to use when building their own cybersecurity programs.

This Session is Ideal for the Following Professionals:

  • Risk Management Professionals
  • Governance, Risk, Compliance Professionals
  • IT Auditors
  • Directors of Security Compliance
  • Information Assurance Management
  • System Administrators / Engineers

Learning Objectives:

  • Understand the evolution and current state of cybersecurity standards
  • Identify key differences and gaps across cybersecurity standards
  • Apply a Cyber Rosetta Stone to simplify control selection and prioritization

This webcast supports content and knowledge from LDR519: Cybersecurity Risk Management and Compliance. To learn more about this course, explore upcoming sessions, and access your FREE demo, Click Here.

Meet Your Speaker

James Tarala
James Tarala

James Tarala

Managing Partner

James Tarala, managing partner at Cyverity, co-created the CIS Controls and Cybersecurity Standards Scorecard, transforming cybersecurity governance and empowering global organizations to operationalize risk into actionable defense strategies.

Read more about James Tarala