Cyber Security Tutorial

Cyber Security Overview Cyber Security Introduction Cyber Crime Cyber Space Cyber Criminals Cyber Law Cyber Attackers Types of Hackers Functions of Cyber Security Method to Improve Data Security Cyber security frameworks Importance of Cyber Security Types of Cyber Security Cyber Security Fundamentals Applications of cyber security Cyber security in education sector Cyber security in health care industry Cyber security tools Cyber security policies Types of security policies Characteristics of cyber security policies Digital signature Cyber Security Standards NIST- National Institute of Standard and technology Information Technology Act ISO - International Standard for Organization ISO certification PCI DSS Standard FINRA Difference between Information Security and Cyber Security Cyber Security Vulnerability Elements of vulnerability management Social Engineering Vulnerability Assessment Vulnerability management Types of cyber security vulnerabilities Identification of security vulnerability Types of social engineering attacks Penetration Testing Penetration Testing Tools Types of penetration testing Process of Penetration Testing What is Phishing Elements of cyber security Difference between Spoofing and Phishing Difference between Network Security and Cyber Security Difference between Ethical Hacking & Cyber Security Role of artificial engineering in cyber security Cyber Forensics Definition Cyber Security job qualifications Cyber Security Prerequisites Cyber Security Identity and Access Management What is Cyber Forensics Different Types of Cybercrime Different types of cybercrime Tunneling Techniques in Cyber Security

Cyber security frameworks
2022-04-22 17:16:51

Cyber security frameworks

Introduction

"Frameworks are defined as documents that describe guidelines, rules and regulations, standards and best practices.”

A real-world framework is defined as "a structure that supports a building or other large objects."

Cyber security frameworks are designed for cyber security risk management in an organization to reduce the exposure to vulnerabilities and weaknesses of the system that hackers and other criminals may exploit. It dispenses support, structure, and foundation to organization security methodologies and efforts dealing with the tangible infrastructure of data storage, servers, etc.

Types of frameworks

The required function framework is divided into three parts.

Control frameworkProgram frameworkRisk framework
-It develops a basic strategy that provides a baseline group of security controls for the organization's cyber security department. -The implementation of security controls is being prioritized. -Organization's infrastructure and technology present state is being assessed.-It defines a complete cyber security program in which the program's security and competitive analysis is being measured. -Current state of the organization's security program is being accessed. -Managers/ executives and cyber security team communication are simplified and facilitated by program frameworks.-Risk frameworks work for risk management where a security program structure is defined for risk assessment and management. -Security measures and risk activities are prioritized. -Risk frameworks measure, quantifies and identify the organization's security risk.

Different cyber security frameworks

According to the requirement, every business opts for various cyber security frameworks, and some frequently used cyber security frameworks all over the world are:

NIST framework

NIST – National Institute of Standards and Technology was founded in 1902 as an important framework for improving critical infrastructure security, a crucial part of any technology. This framework was established during Obama Administration to protect America's critical infrastructure like power plants, dams, etc., from various cyber-attacks.

 It includes some of the strict policies that safeguard the security infrastructure in an organization.

NIST is the security standards companies, and organizations use to find, identify, protect, and respond to cyber-attacks. These also provide recovery from these attacks. NIST's five Functions and best practices are:

  • Identify

Organization assets, capabilities, data, and company systems must be managed by identifying security risks and potential weaknesses.

  • Protect

Appropriate safeguards are created or deployed by companies to control the effects of potential cyber security events and breaches.

  • Detect

Some of the company's mandatory methods or procedures are applied to detect the various security incidents faster.

  • Respond

In an organization, all the cyber security events and breaches are quickly responded to by the appropriate response plans made by cyber security experts.

  • Recover

Some of the effective plans and procedures are created by organizations to restore the services and capabilities damaged by cyber security events.

PCI DSS

PCI DSS – Payment Card Industry Data Security Standard framework is used for the online payment system in the business. This standard is used to protect users from online fraud by protecting the user's sensitive information (credit and debit card detail). The online transaction requires the bank/card detail of the user, which can be done in a secured mode so that the user feel trust in the organization as their critical data remain safe.

ISO

ISO stands for International Organization for standard, recognized internationally (worldwide), covering various cyber security techniques and best practices. It has various standards with different rules and regulations. All the companies or organizations require ISO certification in which companies demonstrate the customers, board, partners, and shareholders are doing the right things regarding managing cyber risk. ISO has various versions:

  • ISO 20000 series
  • ISO 20001
  • ISO 27001
  • ISO 27002

HIPPA (Health Insurance Portability and Accountability Act)

This framework is useful in the health industry/ business for managing confidential patient, consumer data, and privacy issues. This framework protects electronic healthcare information, including health care providers, cleaning houses, and Insurers.

CIS (Center for Internet Security Critical Security Controls)

This framework is specially designed to protect small or large businesses from cyber threats. With the increment in the use of the internet range of cyber-crime also increases, so to protect the system, this framework was developed in the late 2000s. This framework starts with basics and comprises 20 controls updated by security professionals, then moves to foundational and finishes with organizations.    

GDPR (General Data Protection Regulation)

This data protection regulation is a European Union's Framework implemented for data protection since 2018. It was mandatory for all European businesses (process and handle data). General data protection regulation does not have a certification, yet compliance is demonstrably possible. This deals with the security of user data which can’t be fetched without legitimate approval.   

Need and Importance of Cyber Security Frameworks

According to the requirement, an organization can use one or more frameworks that give cyber security managers a reliable, systematic, and standardized way to mitigate cyber risk despite all environment's complexity. Cyber security frameworks consist of policies defined by a certifying body that checks whether an organization complies with the specific framework. It abolishes the guesswork in securing digital assets.

Companies can use different frameworks to meet their different needs.

Cyber security frameworks help cyber security teams

-to address cyber security challenges

-to provide different strategies

- create and implement a well-thought plan to safeguard data, information systems, and infrastructure.

-to manage various organizations' cyber risks more intelligently.

-to make and follow correct security measures in the company that keeps organizations safe and fosters customers' trust.

Components of the cyber security framework

Here are some of the important components that play a vital role in getting leveraged by any organization.

CoreThis is the initial/starting phase of the cyber security framework.
Implementation TiersThis is the second phase of the cyber security framework in which the particular frameworks are implemented. At this phase, security analysts must be careful about the Implementation Tiers.
ProfilesThis is the third component of the cyber security framework that deals with the users complying with the framework's standard because the user are part of the system.

Implementation of the cyber security framework

To maintain business continuity, security measures should be implemented. To implement the cyber security framework organization has to follow a set of rules that falls under a particular framework. Things to take care of in implementing the framework:

-infrastructure should be secure

-no vulnerabilities in the system

-software should be updated that protect the system

Therefore, a security framework is implemented with rules or policies in the system.