tashatuvango - Fotolia
Every cybersecurity framework is different. Thus, each describes core components in its own way. That said, they're all built on similar principles, and they are used to achieve similar cybersecurity goals. While a specific cybersecurity framework goes into far greater detail in how it is constructed and designed, it loosely revolves around a continuous lifecycle process consisting of the following four key stages.
- Identify and document cybersecurity goals. This component is used to identify the cybersecurity goals an organization wants to achieve. Identified goals will be different for each organization. They are mostly dependent on the business's level of cybersecurity competency, overall business intent and whether the organization must meet specific goals due to regulatory requirements.
- Set guidelines designed to achieve cybersecurity goals. In this stage of a cybersecurity framework, a detailed list of functions, processes and actions are created that serve to achieve the goals outlined in the identification stage. This stage should also contain steps to prioritize goals and define roles and responsibilities for each defined objective.
- Implement cybersecurity processes. This is the action stage of the framework, where each goal is implemented within the enterprise infrastructure. Communication is crucial in this stage as applied cybersecurity processes often involve multiple areas or departments.
- Monitor and communicate results. Lastly, the implemented objectives are monitored, documented and reviewed to ensure the cybersecurity framework processes are effective. Results are appropriately communicated to the organization, and steps are taken to continuously improve existing processes and objectives.
Dig Deeper on Risk assessments, metrics and frameworks
Related Q&A from Andrew Froehlich
LoRa vs. 5G technologies differ in terms of cost, use cases and technology types. However, LoRa and 5G may complement each other well for IoT ... Continue Reading
IT leaders determining which UC devices and endpoints to support organizationwide should look for a UC-certified label, which is an indicator of ... Continue Reading
While network security focuses on solely protecting networks, cloud security provides protection for networks, servers, containers, apps and more. Continue Reading