tashatuvango - Fotolia
Every cybersecurity framework is different. Thus, each describes core components in its own way. That said, they're all built on similar principles, and they are used to achieve similar cybersecurity goals. While a specific cybersecurity framework goes into far greater detail in how it is constructed and designed, it loosely revolves around a continuous lifecycle process consisting of the following four key stages.
- Identify and document cybersecurity goals. This component is used to identify the cybersecurity goals an organization wants to achieve. Identified goals will be different for each organization. They are mostly dependent on the business's level of cybersecurity competency, overall business intent and whether the organization must meet specific goals due to regulatory requirements.
- Set guidelines designed to achieve cybersecurity goals. In this stage of a cybersecurity framework, a detailed list of functions, processes and actions are created that serve to achieve the goals outlined in the identification stage. This stage should also contain steps to prioritize goals and define roles and responsibilities for each defined objective.
- Implement cybersecurity processes. This is the action stage of the framework, where each goal is implemented within the enterprise infrastructure. Communication is crucial in this stage as applied cybersecurity processes often involve multiple areas or departments.
- Monitor and communicate results. Lastly, the implemented objectives are monitored, documented and reviewed to ensure the cybersecurity framework processes are effective. Results are appropriately communicated to the organization, and steps are taken to continuously improve existing processes and objectives.
Dig Deeper on Risk assessments, metrics and frameworks
Related Q&A from Andrew Froehlich
Making it easier for companies to deploy a SIP trunk was just part of Twilio's strategy. It was Twilio SIP trunking pricing that really changed the ... Continue Reading
As remote work becomes increasingly normal, IT teams must decide which remote access technologies will benefit employees more. VPN and cloud services... Continue Reading
NG911 standards mean more accurate location tracking for emergency calls on IP-based communications systems, and more efficient response by police, ... Continue Reading