Cyber-frameworks come in many variations – the main ones are NIST CSF, CIS, ISO, COBIT (ISACA), PCI, FedRAMP, CMMC – each with their own twist.
Cyber-frameworks come in many variations – the main ones are NIST CSF, CIS, ISO, COBIT (ISACA), PCI, FedRAMP, CMMC – each with their own twist.
Frameworks are extensive, often complex and require ‘cyber-security expert and/or consultancy’ guidance. Frameworks are used as A) control- and steering-tool and B) by the security-industry for evaluating Cyber-security exposure (risk, likelihood, impact (mainly financial) and to suggest mitigation actions.
Organisations try to mitigate uncertainty, and these frameworks have grown, developed and adapted to IT-risk over 30-40 years. The last 5-10 years they have been challenged. Not only because they’ve grown in complexity, but also because the numbers of cyber-threats are exploding and now facing approx. 1,000 different KNOWN attack vectors, and according to the FBI and industry surveys, Cyber- criminals can ‘break in’ in less than 20 minutes – the slowest take less than 4 hours.