I feel that we must first ask ourselves, “What is specifically cybersecurity framework?” Frame in the IT realm can literally means countless things. Cybersecurity framework provides a common language and establishes a clear set of standards for cybersecurity professionals (Cisternelli, 2023).
The goal for such framework is to reduce and mitigate cyber criminal activity. This week I have discovered seven different frameworks:
2. ISO27001 & ISO27002
For the sake of this discussion, let’s pick only two to elaborate upon, shall we?
First let’s discuss SOC2. Service Organization Control (SOC)Type 2; specifies more than 60 compliance requirements and extensive auditing processes for 3rd party systems and controls (Cisternelli, 2023).
Secondly, let’s dive into NERC-CIP North American Electric Reliability Corporation- Critical Infrastructure Protection: Designed to assists folks in the utility and power sector reduce cyber risk and ensure reliability of bulk electric systems (Cisternelli, 2023). The framework consists of a range of controls by categorizing and prioritizing systems critical assets and having recovery plans in place in the event of a cyber attack (Cisternelli, 2023). This framework must implement several vulnerability assessments to stay informed.
This is a super fun topic.
Cisternelli, E. (2023) 7 Cybersecurity Frameworks That Help Reduce Cyber Risk. BitSight; https://www.bitsight.com