A cyber security framework provides national and industry security leaders a common language and a set of standards that can help them evaluate, improve, and monitor their security posture. Using a framework makes it easier to define the processes and steps organizations should take to assess, monitor, and mitigate cyber security risks. It can also help organizations evaluate the security posture of their vendors or partners, and coordinate security with third parties.
Generally speaking, cyber security frameworks are voluntary, but they can be extremely important for organizations that need to comply with regulations and industry standards that include cyber security requirements. These frameworks are an essential stepping stone on the way to achieving compliance.
This is part of our series of articles about advanced threat protection .
In this article:
A cyber security framework takes some of the guesswork out of protecting an organization’s digital assets. It provides security teams with a standardized, systematic approach to mitigating cyber risks, regardless of the scale of their IT environments.
A cyber security framework provides several important benefits:
Businesses can adapt and customize existing frameworks to their needs, or create them in-house. In general, if an organization needs to comply with regulations or industry standards, it is better off using an off-the-shelf framework that supports those compliance requirements.
Cyber security framework not only improves security, by ensuring that organizations follow appropriate security procedures, but also increases customer confidence. When an organization follows a well-known security framework, it is evident to customers that they have a robust security program and aligns expectations as to the specific security measures provided.
The National Institute of Standards and Technology (NIST) is a non-regulatory US government agency dedicated to promoting American industrial competitiveness and innovation. NIST provides various resources and standards, including a framework for “Improving Critical Infrastructure cyber security,” also known as the NIST cyber security framework.
The NIST cybersecurity framework was designed to help protect critical infrastructure, such as dams and power plants, against cyber attacks, but you can apply these principles to any organization. It offers an organized mechanism to help you identify risks and locate the assets that require protection. It also defines methods that can help protect these assets.
The framework is highly extensive. Its most basic document consists of 41 pages. Implementing the framework may require thousands of work hours and hundreds of procedures, controls, and documentation pages. However, the core principles are easy to understand. The framework offers a basic pattern for cyber defense, including:
The International Standards Organization (ISO) 27001/27002 framework (also known as ISO 27K) is an internationally recognized standard for cyber security. This framework requires organizations adopting the ISO 27001 standard to adopt the following practices:
The Center for Internet Security (CIS) is a nonprofit organization created by Eastern Europe and Asia countries. It focuses on improving cyber security readiness and response across the public and private sectors. The CIS includes the following four program divisions:
The CIS provides its members with various resources, including emails detailing cyber safety tips, online papers and guides, instructional videos, and informative podcasts. Additionally, the CIS offers cyber security policy development advice at all levels, including national and international parties.
The Service Organization Control (SOC) Type 2 was developed by the American Institute of Certified Public Accountants (AICPA) to provide a trust-based cyber security framework and auditing standard. It helps verify that partners and vendors manage client data securely.
The SOC2 framework defines over 60 compliance requirements and extensive auditing processes for third-party controls and systems. A SOC2 audit may take a year to complete, and at the end of the process, auditors issue a report that attests to the vendors’ cyber security posture.
Since SOC2 is highly comprehensive, it is also one of the most difficult frameworks to implement. Organizations in the banking or finance sector may especially struggle to implement SOC2 because they are required to meet a higher standard for compliance. Still, this framework is highly important and should serve as a central tool in third-party risk management programs.
The North American Electric Reliability Corporation—Critical Infrastructure Protection (NERC CIP) provides a set of cyber security standards for the utility and power sectors. NERC CIP was created in response to the rise in attacks on critical US infrastructure and increasing third-party risks. It aims to help reduce cyber risk and maintain the reliability of bulk electric systems.
The NERC CIP framework requires organizations to identify and mitigate risks in their supply chain. It specifies various controls to help identify and mitigate supply chain risks, including:
The Cloud Security Alliance (CSA) is a nonprofit organization that promotes research into security best practices for cloud computing and using cloud technologies to secure other forms of computing. CSA offers membership to any interested parties with the relevant expertise to contribute to cloud computing security.
CSA employs the expertise of its global members, which include industry practitioners, governments, associations, and corporations, to provide cloud security resources, such as research, certification, education, products, and events.
The organization facilitates activities and knowledge to benefit the entire cloud community. For example, it provides a forum that enables various parties to collaboratively create and maintain a trusted cloud ecosystem.
The Cyber Security and Infrastructure Security Agency (CISA) is a division of the Department of Homeland Security (DHS) responsible for defending the Internet’s infrastructure and improving its security and resilience. It helps protect against infrastructure threats originating from natural disasters, terrorist attacks, cyberwarfare, etc.
CISA constantly identifies and assesses threats to Internet infrastructure, consulting with the government as well as the private sector. It provides many resources, including threat analysis, cyber security tools, and incident response across .gov websites. CISA delivers tools for technical coordination country-wide to facilitate emergency communications between partners.
Cynet 360 is a holistic security platform that provides advanced threat detection and prevention. The platform employs cutting-edge technologies to ensure advanced threats do not slip past your security perimeter. To achieve this goal, Cynet 360 correlates data from endpoints, network analytics and behavioral analytics, and presents findings with near-zero false positives.
Block exploit-like behavior
Cynet monitors endpoints memory to identify behavioral patterns that are readily exploited, such as unusual process handle requests. These behavioral patterns lead to the vast majority of exploits, whether new or known. Cynet is able to provide effective protection against Advanced Persistent Threat (APT) attacks and more, by identifying such patterns.
Block exploit-derived malware
Cynet employs multi-layered malware protection, including sandboxing, process behavior monitoring, and ML-based static analysis. Cynet also offers fuzzy hashing and threat intelligence. This makes sure that even if an advanced threat establishes a connection with the attacker, and downloads additional malware, Cynet will stop this malware from running, thus preventing any harm from occurring.
Cynet continuously monitors user behavior, generates a real-time behavioral baseline, and provides alerts when behavior deviation is identified. This deviation in behavior may indicate a compromised user account. Additionally, Cynet provides the ability to define user activity policies, triggering an alert in case of violation.
Cynet supports the use of decoy tokens—data files, passwords, network shares, RDP and others—planted on assets within the protected environment. APT actors are highly skilled and therefore might evade detection. Cynet’s decoys lure such attackers, prompting them to reach out and reveal their presence.
Uncover hidden threats
Cynet uses an adversary-centric methodology to pinpoint threats throughout the attack chain. Cynet thinks like an adversary, identifying indicators and behaviors across endpoints, users, files, and networks. They supply a holistic account of the attack process, regardless of where the attack may try to penetrate.
Accurate and precise
Cynet utilizes a powerful correlation engine and provides its attack findings free from excessive noise and with near-zero false positives. This makes the response for security teams easier so they can attend to pressing incidents.
Choose from manual or automatic remediation. This way, your security teams can have a highly effective yet straight-forward way to disrupt, detect, and respond to advanced threats before they have the chance to do damage.
Learn more about the Cynet 360 security platform.