Blog

Cyber Security Frameworks

  • (5.0)
  •   |   1093 Ratings

In today’s article we will discuss the importance of Cyber Security and a list of all Cyber Security frameworks in detail:

What is Cyber Security?

Cyber Security is a body or a combination of technologies, processes, and practices that are defined and designed to protect computer systems, network systems and vital data from outside threats.

It regulates unauthorized access to the network. In the computing world, security generally refers to Cyber Security and physical security.

What is a Framework?

In terms of software terminology,  a framework is considered to be a defined structure which can be utilized several times. A framework is a base structure where the teams can consume this and build further something useful.

Enhance your IT skills and proficiency by taking up the Cyber Security Training.

Cyber Security Frameworks

What is an Information Security Framework?

As discussed earlier, a framework is a defined structure or a set of rules and regulations that the team can consume and build something useful. In the same way, Information Security framework is nothing but a documented processes. It is utilized to define policies and procedures while implementing or managing information security controls within an organization.

The following is a snapshot of all the list of Cyber Security Frameworks that exists and explained in detail as we go through the article.

Abbreviation

Fullform

NIST                    

National Institute of Standards and Technology

COBIT

Control Objectives for Information and Related Technologies

ISO/IEC Standards      

ISO/IEC Standards

COSO

Committee of Sponsoring Organizations of the Treadway Commission

NERC

North American Electric Reliability Corporation

TY CYBER

Technical Committee on CyberSecurity

HITRUST CSF

Health Information Trust Alliance

 

Let us discuss these frameworks in detail one by one:

NIST:

National Institute of Standards and Technology.

  1. This framework was built by considering numerous security professionals from different businesses and put together a standard rules and regulations process which has finally designed into a framework.

  2. It is not a standard checklist that one will check and mark it as completed during each phase of completion. Instead, it focuses on assessing the current situation

    1. How to assess security

    2. How to consider risk

    3. How to resolve the security threats

  3. The framework is more associated and helps the individuals to take appropriate decision and also help the team to communicate about the security measures, risks involved etc

  4. This framework concentrates on cyber secure management, communication between internal and external environments, improving and updating security policies etc.

  5. The five core factors that are involved while designing this framework are:

    1. Identify

    2. Protect

    3. Detect

    4. Respond

    5. Recover

Understanding the above core elements will benefit the organization and the policies will be built according to the problem areas itself.

COBIT:

Control Objectives for Information and Related Technologies    

  1. It is one of security framework which includes good aspects of business practices into IT management, governance, and security. It was built by ISACA, i.e. Information Systems Audit and Control Association.  It is an international association of professionals focused on IT security governance.

  2. This framework is helpful for organizations who are planning to improve their security and quality of production.

  3. This framework is built on the following factors:

    1. Need to meet stakeholder expectations

    2. End to end process control of the enterprise

    3. It is a single integrated framework

    4. Management and Governance are two different things

ISO/IEC Standards:

  1. This framework has been set by International Standards Organization (ISO) and International Electrotechnical Commission (IEC).

  2. The origin of this framework was the British Standard BS 7799 but later got into several updates and modifications and finally got to ISO/IEC 27001:2013.

  3. It caters towards high-level security management and implementation guide that accepts industry level best practices for Cybersecurity

  4. The framework will the organization to consider all aspects of cyber security process and involves the following:

    1. Physical and environmental security

    2. Access control and Access Management

    3. IT security practices

    4. Cryptography

    5. Communications Security

    6. Incident management and Compliance

  5. Using this framework, it provides suggestions to hundreds of security controls that can be implemented within the organizations which will be addressed. All the issues will be addressed while risk management and evaluation

COSO:

The Committee of Sponsoring Organizations of the Treadway Commission.

1. This framework is built by 5 popular associations go together, they are :

  1. IMA, The Institute of Management Accountants

  2. AAA, the American Accounting Association

  3. AICPA, the American Institute of Certified Public Accountants

  4. IIA, the Institute of Internal Auditors

  5. FEI, Financial Executives International

2. This framework is built on the following core points, i.e. monitoring, controlling, auditing, reporting etc

3. This framework has 17th core points which are categorized into five categories they are :

  1. Control environment

  2. Risk assessment

  3. Control activities

  4. Information & communication

  5. Monitoring and Controlling

These concepts are combined and the policies are built which will be adopted by the employees and also customize it according to the business structure which will eventually help their functional and operational units.

NERC:

The North American Electric Reliability Corporation.

  1. This framework is developed which focuses on developing and enforcing reliability standards and performance oriented inputs

  2. This framework is developed to ensure that the electric grids are followed by certain standards. But in general, this framework can be adopted by any of the industry in specific.

TCCYBER:

The Technical Committee on Cyber Security.

  1. This framework is developed to cater improvement within Telecommunications standards in the European zone.

  2. Though this framework was developed specifically for European zone it can be easily adopted worldwide.

  3. This framework focuses more towards increase privacy awareness and provides improved security towards both individuals and the organizations.

 

Checkout Cyber Security Interview Questions

 

HITRUST CSF:

The Health Information Trust Alliance.

  1. This framework was built by a private sector organization which caters towards Healthcare and IT security industries. Evolution of these privately held organizations has helped to evolve Common Security Framework.

  2. This framework addresses how to improve security, risk based implementing security infrastructure, discuss alternate control options

Conclusion:

So far we have seen different types of security frameworks that are available in the current market so that the organizations can leverage and start building up their security infrastructure. But in reality, no one security framework is enough to build a real time security policies because every organization is different and it is a fundamental reason why there are no common security frameworks that are set as a standard.

One has to make sure that as an organization one has to plan and develop Cyber Security policies so that each and every level of employee is taken into consideration while developing security protocols. If not each and every individual sees Cyber Security in a different perspective and if that is the case the entire organization security is in jeopardy.

Explore Cyber Security Sample Resumes! Download & Edit, Get Noticed by Top Employers!Download Now!

Popular Courses in 2018

Get Updates on Tech posts, Interview & Certification questions and training schedules