A security framework is a great way to demonstrate you are adhering to industry and regulatory best practices for IT security and making informed decisions for the long-term. But before we get into the detail let’s look at what a security framework is.
What is a cybersecurity framework?
A cybersecurity framework provides a set of standards and a common language for security specialists regardless of their geographical locations or industry sector. These frameworks help understand their security postures and that of their vendors or partners.
A framework makes it much easier to define procedures and processes that are needed to assess, monitor, and mitigate cybersecurity risk. A cybersecurity framework can be a vital guide.
Cybersecurity frameworks provide a useful foundation for integrating security and risk management into your security performance management. With a framework as your guide, you’ll gain vital insight into where your highest security risk is.
There are many different frameworks, but we will look at three of these:
The Cyber Assessment Framework (CAF)
The Cyber Assessment Framework (CAF) was developed by The National Cyber Security Centre (NCSC). Many UK organizations already use CAF to help them improve their cybersecurity.
It provides a systematic and comprehensive approach to assessing the extent to which cyber risks to essential functions are being managed.
The CAF was developed to provide the following:
- a suitable framework for carrying out cyber resilience assessments.
- a framework compatible with existing cyber security guidance and standards.
- identification of effective cyber security and resilience improvement requirements.
- a core version which is sector-agnostic, but can accommodate sector-specific elements as required.
- enable the setting of meaningful target security levels for organisations to achieve.
In the UK there is also ISO 27001 and ISO 27002, created by the International Organization for Standardization (ISO). ISO 27001 and ISO 27002 certifications are considered an international standard for validating a cybersecurity program. However, ISO is a point-in-time exercise and could miss evolving risks that continuous monitoring can detect.
NIST Cybersecurity Framework
The US Improving Critical Infrastructure Cybersecurity executive order, which called for greater collaboration between the public and private sector for identifying, assessing, and managing cyber risk, resulted in the US National Institute of Standards & Technology’s (NIST) cybersecurity framework. The NIST assesses cybersecurity maturity, identifying security gaps, and meeting cybersecurity regulations.
The Cybersecurity Framework consists of three components: The Core, Implementation Tiers, and Profiles.
The Core guides organizations in managing their cybersecurity risks that is complementary with an organization’s existing cybersecurity and risk management processes.
Source: The National Institute of Standards and Technology (NIST)
The Implementation Tiers provide context on how an organization views cybersecurity risk management. The Tiers help organizations to consider the levels of their cybersecurity program and are often used as a communication tool around risk, mission priority, and budget.
The Profiles align requirements and objectives, risk appetite, and resources against the organizations desired outcomes of the Framework Core. Profiles are used to identify and prioritize opportunities for improving cybersecurity.
The Mitre ATT&CK Framework
The MITRE Corporation released ATT&CK™ in 2015, which stands for Adversarial Tactics, Techniques, and Common Knowledge.
The ATT&CK framework is an extensive knowledgebase of techniques and tactics that threat hunters and defenders use for better classification of attacks and to be able to assess an organization’s risk.
The aim of this framework is to improve post-compromise detection of actions a malicious attacker may have taken. Organizations can use the ATT&CK framework to identify any vulnerabilities in defenses and prioritize them based on the level of risk they pose. Therefore, this framework is very much a reactive tool, rather than a proactive tool.
How Can These Frameworks Help Business Continuity?
Frameworks can help with the discovery of threats, breach prevention, and response to a cyber security incident.
1) Detect and Identify
Discovering a cyber breach in a timely fashion is critical to any organization. Elements of the frameworks help organisations develop and implement effective ways to detect a cyber security breach.
However, scanning for breaches and unusual behaviour is time consuming, so automating this process helps lighten the load on security teams.
Using AI and machine learning, a Security Information & Event Management (SIEM) platform can help automate many of your cyber security processes. This frees your cyber security teams to investigate more serious potential breaches. Being alerted to a breach as soon as possible is essential in trying to minimise any damage.
Not being breached in the first place is always better than detecting a breach after the event. Protection is about implementing the appropriate safeguards and security measures to ensure critical business infrastructure and services are protected.
Response planning, mitigation, and recovery activities ensure that your cyber security program is in a state of readiness to react to an attack.
Cyber security planning impacts other areas of organizational resilience – namely business continuity and ICT continuity (or Disaster Recovery). If a cyber-attack has caused a significant IT outage, it’s vital to recover the most recent backup and ICT services as quickly as possible. The same needs to be done for all business continuity scenarios that might be affected by a breach.
It’s important that your cyber response plan links to the business continuity plan and ICT continuity plan to ensure that they will be triggered at the same time.
Frame Your Priorities
Frameworks can be intimidating to put into practice, but they can significantly strengthen your security posture and help protect you against cybercrime. activereach offers a portfolio of security solutions, professional services and testing to help you implement and improve whichever framework you are using.
Contact us or give us a call on 0845 625 9025 to discuss how activereach can assist you with a wide range of tools to support your cybersecurity framework.