A cybersecurity framework can assist with cybersecurity risk management by establishing a set of guidelines, standards and best practices. The purpose of describing these controls as ‘frameworks’ is to support the building of a foundation to support an organization’s security efforts. There are many national frameworks that you can use to build your own strategy that best meets the needs of your organization.
- NIST-US National Institute of Standards and Technology. The 5 elements of the NIST Framework Core are Identify, Protect, Detect, Repond and Recover.
- CIS (Center for Internet Security) Critical Security Controls – Organized as 18 prioritized controls and includes implementation groups in order to process and implement easier.
- The International Standards Organization (ISO)-A demanding control offering 114 different recommendations in 14 categories.
In addition, there are different types of cybersecurity controls which focus on specific areas:
- Control Frameworks will provide specific security processes to protect information systems.
- Program Frameworks focuses on the management of cybersecurity programs.
- Risk Frameworks provide a systematic method to identify, assess and manage cyber risks.
The bottom line.
A cybersecurity framework can give organizations a reliable and standardized way to mitigate cyber risks. This can assist with keeping the organization safer and compliant.
Resources:
Understanding the NIST cybersecurity framework
CIS Critical Controls
ISO 27000 Family
Cybersecurity Frameworks 101-The Complete Guide