tashatuvango - Fotolia
Every cybersecurity framework is different. Thus, each describes core components in its own way. That said, they're all built on similar principles, and they are used to achieve similar cybersecurity goals. While a specific cybersecurity framework goes into far greater detail in how it is constructed and designed, it loosely revolves around a continuous lifecycle process consisting of the following four key stages.
- Identify and document cybersecurity goals. This component is used to identify the cybersecurity goals an organization wants to achieve. Identified goals will be different for each organization. They are mostly dependent on the business's level of cybersecurity competency, overall business intent and whether the organization must meet specific goals due to regulatory requirements.
- Set guidelines designed to achieve cybersecurity goals. In this stage of a cybersecurity framework, a detailed list of functions, processes and actions are created that serve to achieve the goals outlined in the identification stage. This stage should also contain steps to prioritize goals and define roles and responsibilities for each defined objective.
- Implement cybersecurity processes. This is the action stage of the framework, where each goal is implemented within the enterprise infrastructure. Communication is crucial in this stage as applied cybersecurity processes often involve multiple areas or departments.
- Monitor and communicate results. Lastly, the implemented objectives are monitored, documented and reviewed to ensure the cybersecurity framework processes are effective. Results are appropriately communicated to the organization, and steps are taken to continuously improve existing processes and objectives.
Dig Deeper on Risk assessments, metrics and frameworks
Related Q&A from Andrew Froehlich
Infosec pros need to mitigate traditional cyberthreats, as well anticipate sophisticated, emerging threats. Learn how to build a threat management ... Continue Reading
Advances in security tools are changing threat management processes. Learn how infosec pros are utilizing UTM platforms, AI and threat intelligence ... Continue Reading
The role of CISO in network security goes beyond risk management. It also requires understanding compliance regulations and business needs, as well ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.