Scribd
Upload
13 views11 pages

Intro To Cyber 2

The document discusses several cybersecurity frameworks: - A cybersecurity framework provides standards, guidelines and best practices to manage digital risks. It matches security objectives like access control with technical controls. - A control framework protects data within an organization's IT infrastructure with comprehensive security protocols against threats. The NIST 800-53 framework contains all possible security controls. - Program and risk frameworks help assess security programs and risks, prioritize activities, and structure efficient security management. Frameworks like NIST CSF and ISO 27001 define processes for identification, protection and response.

Uploaded by

Michael Wagxy
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
13 views11 pages

Intro To Cyber 2

The document discusses several cybersecurity frameworks: - A cybersecurity framework provides standards, guidelines and best practices to manage digital risks. It matches security objectives like access control with technical controls. - A control framework protects data within an organization's IT infrastructure with comprehensive security protocols against threats. The NIST 800-53 framework contains all possible security controls. - Program and risk frameworks help assess security programs and risks, prioritize activities, and structure efficient security management. Frameworks like NIST CSF and ISO 27001 define processes for identification, protection and response.

Uploaded by

Michael Wagxy
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 11

CYBER SECURITY

FRAMEWORK

#CyberFam
@2023
Cybersecurity Framework

• A cybersecurity framework is, essentially, a system of


standards, guidelines, and best practices to manage
risks that arise in the digital world.

• They typically match security objectives, like avoiding


unauthorized system access with controls like
requiring a username and password.
CONTROL FRAMEWORK
• A control framework is a set of controls that protects data
within the IT infrastructure of a business or other entity.
The control framework acts as a comprehensive security
protocol that protects against fraud or theft from a
spectrum of outside parties, including hackers and other
kinds of cyber-criminals.

• Example: National Institute of Science and Technology


(NIST) 800-53 is a comprehensive control framework. It
contains every possible security control you might want
to implement
PURPOSE OF THE CONTROL FRAMEWORK

• Develop a basic strategy for security team


• Provide baseline set of controls
• Assess current technical state
• Prioritize control implementation
PROGRAM FRAMEWORK
• A program framework allows you to conduct high-quality,
efficient editing of your security activities.

• Example1:ISO 27001,This consists of the policies, procedures,


processes, and activities beyond the technical controls that you
should implement to have a robust program.
• Example2: NIST Cybersecurity Framework (CSF). It defines five
high level functions: Identify, Protect, Detect, Respond, And
Recover.
• These five functions decompose the complex world Of security
into simple categories that Model the high-level lifecycle of all
security activities.
PURPOSE OF PROGRAM FRAMEWORK

• Assess state of security program


• Build comprehensive security program
• Measure program security/ competitive analysis
• Simplify communication between security team and
business leaders
RISK FRAMEWORK

•A risk framework helps security leaders


assess and manage risk in a way that
resonates with the business.

•Example:NIST 800-30, NIST RMF, ISO


27005, COSO ERM.
PURPOSE OF RISK FRAMEWORK

•Define key process steps to assess/manage


risk

•Structure program for risk management


Identify, measure, and quantify risk

•Prioritize security activities


OWASP FRAMEWORK
• The OWASP Security Knowledge Framework is an open source
web application that explains secure coding principles in
multiple programming languages.

• The goal of OWASP-SKF is to help you learn and integrate


security by design in your software development and build
applications that are secure by design.

•https://secureby.design/auth/login
(admin = us & test-skf = pwd)
OSINT Framework

https://osintframework.com/

#CyberFam
@2023
Thank you

Questions!!
#CyberFam
@2023

You might also like