Security frameworks are an instrumental part of helping security professionals determine the most effective security program for their organizations, including how they leverage security services from vendors and managed security services providers (MSSPs). Frameworks help practitioners identify and implement controls, as well as provide a “check the box” tracking mechanism for elements an organization identifies it needs to fortify its security posture.
Common Security Frameworks
Security frameworks help manage cybersecurity risk, and there are several out there you may be aware of:
- The NIST Framework organizes basic cybersecurity functions: Identify, Protect, Detect, Respond and Recover. A profile helps to align the functions, categories and subcategories associated with each cybersecurity function. Implementation tiers allow organizations to explore risk management practices.
- The CIS presents 18 controls, including “inventory and control of enterprise assets” and “data protection.” The overview of data protection reads: Develop processes and technical controls to identify, classify, securely handle, retain and dispose of data.
- PCI DSS exists to protect credit…
