Cyber Security

Framework
 Cyber Security
Framework
• Introduction
• Types of Cyber Security Framework
• Components of Framework
• functions of Cyber Security Framework
 Cyber Security
Framework
A cybersecurity framework is a blueprint designed to help
organizations develop and implement effective cybersecurity
practices. There are many different frameworks available, each
with its own strengths and weaknesses. The best framework for
an organization will depend on its specific needs and priorities.
Introduction to Cyber Security
Frameworks
Introduction to Cyber Security
Frameworks
Need for Implementation of
Cyber Security Framework
Types of Cyber Security Framework
 Types of Cyber Security
Framework
• Control Frameworks
• Program Frameworks
• Risk Frameworks
• Compliance Frameworks
• Industry-Specific Frameworks
 Control Frameworks
• These frameworks focus on
implementing specific controls
to mitigate security risks. A
popular example is the Center
for Internet Security (CIS)
Controls which is a
prioritized list of security
controls developed by a non-
profit organization.
 Program Frameworks
• These frameworks provide
guidance on how to develop and
implement a comprehensive
cybersecurity program. A well-
known example is the System and
Organization Controls (SOC)
framework, which is a set of
auditing standards developed by
the American Institute of Certified
Public Accountants (AICPA).
 Risk Frameworks
• These frameworks help
organizations identify, assess,
and prioritize their
cybersecurity risks. The most
popular example here is the
National Institute of
Standards and Technology
(NIST) Cybersecurity
Framework, which is a
voluntary framework
developed by the U.S.
 Compliance Frameworks
• These frameworks are
designed to help
organizations comply with
specific laws and
regulations. An example is
the Health Insurance
Portability and
Accountability Act
(HIPAA), which is a U.S.
law that sets standards for
protecting sensitive patient
Industry-Specific Frameworks
• These frameworks are
tailored to the specific
needs of a particular
industry. For example, the
Payment Card Industry
Data Security Standard
(PCI DSS) is a set of
security requirements for
organizations that handle
credit card data.
Types of Frameworks
ISO 27000 Series in Cyber
Security Framework
ISO 27001 and 27002 in Cyber
Security Framework
Overview of COSO Cyber
Security Framework
Enterprise Risk Management
Integrated Framework
Center for Internet Security
Control Framework
 NIST SP 1800 Series of
Standards and Frameworks
Benefits of Cyber Security
Frameworks
Components of Framework
 Components of Framework
• Most frameworks focus on 3 main components:
• Core
• Implementation Tiers
• Profiles
 Core
•This foundational element defines
the overall objectives, guiding
principles, and key functions of
cybersecurity. It provides a common
language and terminology for
everyone in the organization to
understand cybersecurity.
 Implementation Tiers
• These tiers outline
different levels of maturity
in cybersecurity practices.
Organizations can assess
their current
cybersecurity posture and
choose the
implementation tier that
best reflects their
capabilities and risk
tolerance.
 Profiles
• These are customized configurations that allow
organizations to tailor the framework to their specific
needs and priorities. Profiles consider the organization's
size, industry, and unique risk landscape.
• The Framework Profile is a tool that provides
organizations a platform for storing information
concerning their cybersecurity program. A profile allows
organizations to clearly express the goals of their
cybersecurity program.
Development of Framework
Support Risk Management with
Framework
7-Step Process of Framework
Functions of Cyber Security
Frameworks
 Functions of Cyber Security
Frameworks
•Identify
•Protect
•Detect
•Respond
•Recover
 Identify
• This function involves understanding
your assets, data, and systems to identify
vulnerabilities and threats.
• This function assists in developing an
organizational understanding to
managing cybersecurity risk to systems,
people, assets, data, and capabilities.
Understanding the business context, the
resources that support critical functions,
and the related cybersecurity risks
enables an organization to focus and
prioritize its efforts, consistent with its
risk management strategy and business
needs.
 Protect
• This function focuses on
implementing safeguards to
prevent cyberattacks and
mitigate risks.
• This function outlines appropriate
safeguards to ensure delivery of
critical infrastructure services.
The Protect Function supports
the ability to limit or contain the
impact of a potential
cybersecurity event.
 Detect
• This function involves
continuously monitoring your
systems for suspicious activity
and potential breaches.
• This function defines the
appropriate activities to identify
the occurrence of a cybersecurity
event. The Detect Function
enables timely discovery of
cybersecurity events.
 Respond
• This function outlines the plan for
containing, eradicating, and
recovering from a security
incident.
• This function includes appropriate
activities to take action regarding
a detected cybersecurity incident.
The Respond Function supports
the ability to contain the impact of
a potential cybersecurity incident.
 Recover
• This function details the steps for
restoring systems and data after a
security incident.
• This function identifies appropriate
activities to maintain plans for
resilience and to restore any
capabilities or services that were
impaired due to a cybersecurity
incident. The Recover Function
supports timely recovery to normal
operations to reduce the impact
from a cybersecurity incident.
Mitigation Plan for Cyber
Security Framework
Training Schedule For Cyber
Security Framework
Cyber Security Framework
Implementation Budget
Cyber Security Framework
Execution Plan
Before V/S After of Implementation
of Cyber Security Framework
KPI Report of Cyber Security
Framework
Applications of Cyber Security
Framework
THANK YOU