[Kevin Mehok]

Hello Class,

I feel that we must first ask ourselves, “What is specifically cybersecurity framework?” Frame in the IT realm can literally means countless things. Cybersecurity framework provides a common language and establishes a clear set of standards for cybersecurity professionals (Cisternelli, 2023).

The goal for such framework is to reduce and mitigate cyber criminal activity. This week I have discovered seven different frameworks:

1.NIST
2. ISO27001 & ISO27002
3. SOC2
4. NERC-CIP
5. HIPAA
6. GDPR
7. FISMA

For the sake of this discussion, let’s pick only two to elaborate upon, shall we?

First let’s discuss SOC2. Service Organization Control (SOC)Type 2; specifies more than 60 compliance requirements and extensive auditing processes for 3rd party systems and controls (Cisternelli, 2023).

Secondly, let’s dive into NERC-CIP North American Electric Reliability Corporation- Critical Infrastructure Protection: Designed to assists folks in the utility and power sector reduce cyber risk and ensure reliability of bulk electric systems (Cisternelli, 2023). The framework consists of a range of controls by categorizing and prioritizing systems critical assets and having recovery plans in place in the event of a cyber attack (Cisternelli, 2023). This framework must implement several vulnerability assessments to stay informed.

This is a super fun topic.

God Bless,

Kevin

References:

Cisternelli, E. (2023) 7 Cybersecurity Frameworks That Help Reduce Cyber Risk. BitSight; https://www.bitsight.com