Exploring Cyber Security Frameworks 

a male cyber security professional is at work

When creating and implementing a security system for your organization’s network it is essential to consult standards, policies, and best practices for how to do this to achieve maximum security and minimize possible weaknesses that hackers can exploit.  Luckily there are several frameworks available that provide guidelines for how to create a strong cyber security risk management system for your organization.  Selecting and implementing a framework makes it easier for an organization to establish appropriate processes and procedures for monitoring systems and reducing risks related to cyber security.  Most organizations need to adhere to one of the frameworks to comply with local, international, and industry cyber security regulations.  The Cyber and Network Security programs at Cambridge College of Healthcare & Technology can provide additional instruction on the background and importance of cyber security frameworks so students can be more prepared for making decisions about an organization’s system security.

This article will touch briefly on some of the more commonly used frameworks identified as being popular due to their comprehensive guidelines concerning mitigating cyber security risks and enhancing an organization’s overall security profile.

NIST CSF

The National Institute of Standards and Technology (NIST) provides a comprehensive collection of best practices and recommendations for organizations of all sizes to follow to help them mitigate risks in the creation of a cyber security plan.  The NIST CSF presents a broad perspective of the ways an organization can assess cyber security risks and then consequently how to face these risks for a stronger cyber security profile.  The NIST framework provides a starting point for organizations to work from and is meant to be adaptable so individual organizations can choose the specifics they want to use for implementing their cyber security program.

ISO/IEC 27001

This standard, developed jointly by the International Organization for Standardization and the International Electrotechnical Commission, outlines standards and recommendations for building an information security management system (ISMS).  It is considered to be the most important in a series of standards called the ISO/IEC 27000 series because it contains best practices for all aspects of security for an organization’s ISMS and helps the organization protect its most valuable assets while also proving to customers that their data is safe.

GDPR

The General Data Protection Regulation is one of the toughest privacy and security laws in the world.  It governs how all organizations that do business with the European Union collect and process personal data.  GDPR makes it mandatory for organizations’ websites to be transparent about how their customer information is being collected and requires that customers are given the option to consent to the collection of their data.  The main goal of the GDPR is to give consumers more control over how their data is used and to make sure that when consent is provided by the consumer their data is processed legally and remains secure.  Organizations have to prove that they are compliant with the regulations or face hefty fines for any violations.

FISMA

Originally passed as the Federal Information Security Management Act in 2002, the Federal Information Security Modernization Act establishes guidelines and standards for maintaining the security of government information and operations.  FISMA assigns responsibility to government officials for creating cost-effective information security policies for their programs and departments with the aim of maintaining confidentiality, integrity, and availability of information.  To remain FISMA compliant, agencies must follow a set of procedures including conducting continuous system monitoring and risk assessments and establishing a baseline of security controls as outlined for FISMA compliance by NIST.  

Learning More

As a cyber security professional, you will need to be well versed in rules of governance and compliance when it comes to setting up and maintaining information security systems.  Cambridge College of Healthcare & Technology offers dynamic degree programs in cyber and network security and, soon, will offer additional degree programs in cyber security and privacy that can provide students with strong foundational knowledge of these frameworks.  See what Cambridge has to offer by calling us at 1-877-206-4279 to find out more.