Satori selected as a representative vendor in the Gartner Market Guide for Data Security Platforms 🎉

Log In

Book a Demo
Guide: Essential Enterprise Data Protection

Cybersecurity Frameworks

In this chapter, we’ll take a deep dive into today’s leading cybersecurity frameworks and the ends they serve. The following topics will be covered:

  1. Why are Cybersecurity Frameworks Important?
  2. What is an IT Security Framework?
  3. What are Common Cybersecurity Control Frameworks? 
  4. Understanding NIST CSF Security Controls

Why are Cybersecurity Frameworks Important?

While the fragmented nature of the cybersecurity market serves the cat & mouse chase between attackers and guardians, the inevitable result is the existence of dozens of different cyber security vendors a midsize enterprise has to adopt and deploy across his supply chain and digital service delivery. This reality introduces significant complexity when it comes to running an effective enterprise information security program. Therefore, the number one purpose of Cyber security frameworks is to introduce standardization, best practices and structure around the technology implementation used for such programs.

Read More:

What is an IT Security Framework?

An IT security framework is a collection of documents and procedures that a typical enterprise can use in order to implement an information security program and put a formal structure around the varying controls mentioned above. Such a framework will typically not specify tools or vendor selections.

What are Common Cybersecurity Control Frameworks?

With the introduction of industry specific regulations such as PCI-DSS, HIPAA, SOX, Fedramp, (and others) which started in the mid 90s’, and the maturity of information security practices, we’ve seen organizations such as NIST, ISO and CSA build structure and framework around enterprise security best practices and forming a set of cyber security frameworks. Here’s a list of the most common Frameworks out there:

summary table of cyber security frameworks

Understanding NIST CSF Security Controls

The NIST Cybersecurity Framework is organized in the following hierarchical way: 5 Core Function mapped to 23 Category broken down to 108 Sub categories in the following way (excluding sub categories):activities.

Function

Category

Identify

Asset Management

Business Environment

Governance

Risk Assessment

Risk Management Strategy

Supply Chain Risk Management

Protect

Identity Management and Access Control

Awareness and Training

Data Security

Information Protection Processes and Procedures

Maintenance

Protective Technology

Detect

Anomalies and Events

Security Continuous Monitoring

Detection Processes

Respond

Response Planning

Communications

Analysis

Mitigation

Improvements

Recover

Recovery Planning

Improvements

Communications

*The full details of NIST CSF including the breakdown to the 108 sub categories can be found here

 

Interesting to note that NIST subcategories also include an Informative Reference to other 6 security frameworks: CIS CSC, COBIT, ISA 62443, ISO/IEC 27001 and NIST 800-53 making it easier for enterprises integrate different frameworks in tandem.

Read More:

Last updated on

July 1, 2020

The information provided in this article and elsewhere on this website is meant purely for educational discussion and contains only general information about legal, commercial and other matters. It is not legal advice and should not be treated as such. Information on this website may not constitute the most up-to-date legal or other information. The information in this article is provided “as is” without any representations or warranties, express or implied. We make no representations or warranties in relation to the information in this article and all liability with respect to actions taken or not taken based on the contents of this article are hereby expressly disclaimed. You must not rely on the information in this article as an alternative to legal advice from your attorney or other professional legal services provider. If you have any specific questions about any legal matter you should consult your attorney or other professional legal services provider. This article may contain links to other third-party websites. Such links are only for the convenience of the reader, user or browser; we do not recommend or endorse the contents of any third-party sites.

Advanced Technology Partner
SOC 2 TYPE II
ISO/IEC 27001
AWS Global Security
G2 High Performer Fall 2023
Snowflake Premier Technology Partner
Snowflake Horizon
Microsoft for Startups Pegasus Partner

Product

COMPARISONS

Company

Resources

AWARDS & CERTIFICATIONS

  • AWS Advanced Technology Partner
  • AWS ISV Global Accelerate
  • ISO/IEC 27001
  • G2 High Performer Winter 2024
  • G2 Leader Winter 2024
  • Microsoft for Startups Pegasus Partner
  • Snowflake Horizon Partner
  • Snowflake Premier Technology Partner
  • SOC 2 TYPE II

©2023 Satori Cyber Ltd. All rights reserved.

Twitter Linkedin-in Youtube