In today’s article we will discuss the importance of Cyber Security and a list of all Cyber Security frameworks in detail:
Cyber Security is a body or a combination of technologies, processes, and practices that are defined and designed to protect computer systems, network systems and vital data from outside threats.
It regulates unauthorized access to the network. In the computing world, security generally refers to Cyber Security and physical security.
In terms of software terminology, a framework is considered to be a defined structure which can be utilized several times. A framework is a base structure where the teams can consume this and build further something useful.
As discussed earlier, a framework is a defined structure or a set of rules and regulations that the team can consume and build something useful. In the same way, Information Security framework is nothing but a documented processes. It is utilized to define policies and procedures while implementing or managing information security controls within an organization.
The following is a snapshot of all the list of Cyber Security Frameworks that exists and explained in detail as we go through the article.
National Institute of Standards and Technology
Control Objectives for Information and Related Technologies
3. ISO/IEC Standards
Committee of Sponsoring Organizations of the Treadway Commission
North American Electric Reliability Corporation
Technical Committee on CyberSecurity
7. HITRUST CSF
Health Information Trust Alliance
Let us discuss these frameworks in detail one by one:
National Institute of Standards and Technology.
This framework was built by considering numerous security professionals from different businesses and put together a standard rules and regulations process which has finally designed into a framework.
It is not a standard checklist that one will check and mark it as completed during each phase of completion. Instead, it focuses on assessing the current situation
How to assess security
How to consider risk
How to resolve the security threats
The framework is more associated and helps the individuals to take appropriate decision and also help the team to communicate about the security measures, risks involved etc
This framework concentrates on cyber secure management, communication between internal and external environments, improving and updating security policies etc.
The five core factors that are involved while designing this framework are:
Understanding the above core elements will benefit the organization and the policies will be built according to the problem areas itself.
Control Objectives for Information and Related Technologies
It is one of security framework which includes good aspects of business practices into IT management, governance, and security. It was built by ISACA, i.e. Information Systems Audit and Control Association. It is an international association of professionals focused on IT security governance.
This framework is helpful for organizations who are planning to improve their security and quality of production.
This framework is built on the following factors:
Need to meet stakeholder expectations
End to end process control of the enterprise
It is a single integrated framework
Management and Governance are two different things
This framework has been set by International Standards Organization (ISO) and International Electrotechnical Commission (IEC).
The origin of this framework was the British Standard BS 7799 but later got into several updates and modifications and finally got to ISO/IEC 27001:2013.
It caters towards high-level security management and implementation guide that accepts industry level best practices for Cybersecurity
The framework will the organization to consider all aspects of cyber security process and involves the following:
Physical and environmental security
Access control and Access Management
IT security practices
Incident management and Compliance
Using this framework, it provides suggestions to hundreds of security controls that can be implemented within the organizations which will be addressed. All the issues will be addressed while risk management and evaluation
The Committee of Sponsoring Organizations of the Treadway Commission.
1. This framework is built by 5 popular associations go together, they are :
IMA, The Institute of Management Accountants
AAA, the American Accounting Association
AICPA, the American Institute of Certified Public Accountants
IIA, the Institute of Internal Auditors
FEI, Financial Executives International
2. This framework is built on the following core points, i.e. monitoring, controlling, auditing, reporting etc
3. This framework has 17th core points which are categorized into five categories they are :
Information & communication
Monitoring and Controlling
These concepts are combined and the policies are built which will be adopted by the employees and also customize it according to the business structure which will eventually help their functional and operational units.
The North American Electric Reliability Corporation.
This framework is developed which focuses on developing and enforcing reliability standards and performance oriented inputs
This framework is developed to ensure that the electric grids are followed by certain standards. But in general, this framework can be adopted by any of the industry in specific.
The Technical Committee on Cyber Security.
This framework is developed to cater improvement within Telecommunications standards in the European zone.
Though this framework was developed specifically for European zone it can be easily adopted worldwide.
This framework focuses more towards increase privacy awareness and provides improved security towards both individuals and the organizations.
The Health Information Trust Alliance.
This framework was built by a private sector organization which caters towards Healthcare and IT security industries. Evolution of these privately held organizations has helped to evolve Common Security Framework.
This framework addresses how to improve security, risk based implementing security infrastructure, discuss alternate control options
So far we have seen different types of security frameworks that are available in the current market so that the organizations can leverage and start building up their security infrastructure. But in reality, no one security framework is enough to build a real time security policies because every organization is different and it is a fundamental reason why there are no common security frameworks that are set as a standard.
One has to make sure that as an organization one has to plan and develop Cyber Security policies so that each and every level of employee is taken into consideration while developing security protocols. If not each and every individual sees Cyber Security in a different perspective and if that is the case the entire organization security is in jeopardy.
Get Updates on Tech posts, Interview & Certification questions and training schedules