Overview of Cyber security Frameworks

Cyber security Framework provides a policy framework of computer security guidance for how private sector organizations can assess and improve their ability to prevent, detect, and respond to cyber attacks.


Overview of Cyber security Frameworks has been in limelight for over few years due to the continual cyber attacks that are happening. Well allow us to understand what Cyber-Security is normally and perceive what’s the most use of its implementation. Cyber security is nothing however a typical method, a bunch of technologies won’t to implement the quality processes outlined to secure or to safeguard organization’s information and their network of systems. The utilization of Cyber security is to create positive that there’s not unauthorized access to the confidential information. Also, the method conjointly dictates that Cyber security isn’t solely regarding cyber safety it’s additionally physical security yet.

The following area unites are positively looked into:

  • Application security method
  • Information security
  • Network security
  • Operational security
  • Data/ Disaster Recovery
  • End-user education

An information security framework is a series of documented, agreed and understood policies, procedures, and processes that outline how information is managed during a business, to lower risk and vulnerability, and increase confidence in an ever-connected world. Infosavvy  provides the different  trainings like PCI DSS, ISO 27001 Lead Auditor(ISO 27001 LA) , ISO 27001 Lead Implementer(ISO 27001 LI) with certification.

Why is Cyber security important?

Cyber security is a very important side as a result of this business trends area unit all operative on the information that the organizations have harvested for years. The economic process of the corporate is totally depended upon however well their operational structure is managed and the way well it’s safeguarded against cyber attacks.
The main issue with Cyber Security is that it’s not only 1 of a method wherever you outline the method and stop. In Fact, it’s AN {evolutionary organic method biological process} process that has to be modified from time to time.


Used by 47% of organizations, the PCI DSS (Payment Card Industry Data Security Standard) governs the way credit and debit card information is handled.

The Standard applies to any organization (regardless of size or number of transactions) that accepts, stores, transmits or processes cardholder data.

Organizations that comply with its requirements are during a better position to spot vulnerabilities that would be exposed by criminal hackers or cause internal data breaches – thus protecting customers from stressful situations and organizations from embarrassing or costly security incidents.

Although not federally mandated within the united states, PCI DSS is mandated by the Payment Card Industry Security Standard council. The council is comprised of major credit card bands and is an industry standard. Some states have even incorporated the standard into their laws.

12 Step PCI DSS Requirements Checklist
Goal: Build and Maintain a Secure Network and Systems

1.Install and maintain a firewall configuration to shield cardholder data.
2.Do not use vendor-supplied defaults for system passwords and other security parameters.
Goal: Protect Cardholder Data

3.Protect stored cardholder data.
4.Encrypt transmission of cardholder data across open, public networks.
Goal: Maintain a Vulnerability Management Program

5.Protect all systems against malware and frequently update anti-virus software or programs.
6.Develop and maintain secure systems and applications.
Goal: Implement Strong Access Control Measures

7.Restrict access to cardholder data by business justification (i.e., “need to know”).
8.Identify and authenticate access to system components.
9.Restrict physical access to cardholder data.
Goal: Regularly Monitor and Test Networks

10.Track and monitor all access to network resources and cardholder data.
11.Regularly test security systems and processes.
Goal: Maintain an Information Security Policy

12.Maintain a policy that addresses information security for all personnel.

Also Read:-Top cyber security certifications of 2020 in India

2. ISO 27001

Used by 35% of organizations, ISO 27001 is that the international standard that describes best practice for implementing an ISMS (information security management system).

Achieving accredited certification to ISO 27001 demonstrates that your company is following information security best practice, and delivers an independent, expert assessment of whether your data is adequately protected.

11 Step ISO 27001 Requirements Checklist

Step 1 – Identify the Objectives of your Business

Step 2 – Obtain Management Support

Step 3 – Define the Scope

Step 4 – Write a brief ISMS Policy

Step 5 – Define Risk Assessment Methodology & Strategy

Step 6 – Create a Risk Treatment Plan & Manage those Risks

Step 7 – Set Up Policies and Procedures to Control Risks

Step 8 – Allocate Required Resources and Implement Training plus Awareness Programs

Step 9 – Carefully Monitor the ISMS

Step 10 – Prepare for an Internal Audit

Step 11 – Periodic Management Review

3. CIS Critical Security Controls

Used by 32% of organizations, the CIS Critical Security Controls are a group of 20 actions designed to mitigate the threat of the majority of common cyber attacks.

The controls were designed by a group of volunteer experts from a variety of fields, including cyber analysts, consultants, academics, and auditors.

8 Steps to Successfully Implement the CIS Top 20 Controls in Your Organization

Step 1: Take inventory of your assets

CSC 1: Inventory and Control of Hardware Assets

CSC 2: Inventory and Control of Software Assets

Step 2: Measure asset controls

CSC 3: Continuous Vulnerability Management

 CSC 4: Controlled Use of Administrative Privileges

CSC 5: Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers

CSC 7: Email and Web Browser Protections

CSC 8: Malware Defenses

CSC 10: Data Recovery Capability

CSC 13: Data Protection

CSC 18: Application Software Security

Step 3: Perimeter defenses

CSC 9: Limitation and Control of Network Ports, Protocols, and Services

CSC 11: Secure Configuration for Network Devices, such as Firewalls, Routers and Switches

CSC 12: Boundary Defense

CSC 15: Wireless Access Control

Step 4: Detect and respond to incidents

CSC 6: Maintenance, Monitoring, and Analysis of Audit Logs

CSC 16: Account Monitoring and Control

CSC 19: Incident Response and Management

Step 5: Evaluate the most critical gaps

Step 6: Plan and implement your controls

Step 7. Train and monitor users

CSC 4: Controlled Use of Administrative Privileges

CSC 7: Email and Web Browser Protections

 CSC 14: Controlled Access Based on the Need to Know

CSC 16: Account Monitoring and Control

CSC 17: Implement a Security Awareness and Training Program

Step 8. Test your controls

CSC 20: Penetration Tests and Red Team Exercises

4. NIST Cyber security Framework

NIST stands for National Institute of Standards and Technology. it’s a regular method or a framework that’s set for all personal sectors organizations that have to be compelled to fulfill and safeguard their knowledge by preventing, detective work and responding to cyber attacks within the most effective approach. By following the quality method, the organizations are able to defend their knowledge and network of systems by external cyber attacks.

Related Product:- Certified Ethical Hacker | CEH Certification

Implementation Tiers in NIST Cyber Security Framework:

The implementation tiers truly outline what quantity of the National Institute of Standards and Technology security framework is place into action and what else is managed. The implementation tiers area unit classified into four classes, they’re as follows:

Tier 1: Partial Implementation:
Within this implementation tier, the method that’s followed is informal and users have restricted awareness regarding cyber security and have lowest cyber security coordination.

Tier 2: Risk-Informed:
Within this implementation tier, {the method the method} is explained to the management and gets an approval for process implementation. However the method isn’t enforced and deployed at the structure level, it’s simply followed in bound areas wherever it desires the foremost.

Tier 3: Repeatable:
Within this implementation tier, {the method the method} is explained to the high-level management and therefore the process is enforced at the structure level. The analysis of {the method the method} happens often wherever the implementation process is reviewed and updates area unit provided. It desires formal regular follow-ups.

Tier 4: Adaptive:
Within this implementation tier, the method is actively evaluated and cyber security implementation is really thought of as a section of the structure culture. The danger management method offers out all the required details wherever the entire user’s area unit educated regarding the protection policies that everybody ought to follow as a regular follow.

Benefits of implementing office Cyber security Framework

The following square measure the advantages of implementing National Institute of Standards and Technology Cyber security Framework inside your organization:

  • The framework acts as a regular method that each organization must follow on. By permanent by these normal processes, the organizations will really perceive, structure and manage the risks related to Cyber attacks. If these aren’t lessened at early stages then the organizations ought to expertise vast loss and trust issue among the purchasers are going to be disturbed and for good the organization’s monetary and economic process within the market are going to be in danger.
  • With the assistance of the framework, the organizations will truly foresee the risks concerned by characteristic at AN earlier stage.
  • The quality method or policies embrace in user education further. The policy dictates that the users ought to abide by few standards whereas exploitation their equipment and ought to confirm they don’t use any external disk drive while not previous permission.
  • With the method in suit, we will really establish the suitable level of security primarily based on the organization’s necessities.
  • Helps the organizations to portion an exact quantity of cyber security budget throughout the budget coming up with and allocation at a better level. This helps the organization to implement few customary procedures by hiring the proper talent.

How to implement office Cyber security Framework:
The office Cyber security Framework could be a good road map for the non-public sector or mid-level organizations wherever they do not have a proper security method in suit. That being same, to implement this within the day to day life, the organizations ought to perceive the subsequent core ideas of a Cyber security framework.

Questions related to this topic

  1. How many controls are there in NIST cybersecurity framework?
  2. How do you implement NIST cyber security framework?
  3. What are the five phases of the NIST cybersecurity framework?
  4. What does NIST stand for in Cyber Security?

Cyber Security Related Things

This Blog Article is posted by

Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092

Contact us – www.info-savvy.com


Leave a Comment