vinod kumar en Cyber Security, security 11/2/2019 · 2 min de lectura · ~100

CYBER SECURITY AND ITS FRAMEWORKS

CYBER SECURITY AND ITS FRAMEWORKS

Cybersecurity

Many companies domestic or global follow several sets of rules, policies, standards, and practices to securely transfer data. This is an evolving arena. Protection of integrated systems and network interfaces is the prime objective of Cybersecurity. Regulation of unauthorized access and elimination of threats caused by hackers, malware, and viruses to the information is a challenge as the new face of Technology emerges every second and handling it responsibly requires a great gradual effort.

Future of Cybersecurity is bright and it is going to play crucial role, not only ion the business world but also in our day-to-day life. Cybersecurity will surely land you in an area where opportunities are abundant. Cybersecurity Certification plays a major role in becoming a Cybersecurity professional.

Cybersecurity framework

The framework is the structural unit as the name indicates it is the skeleton depending on which different complex variants can be built.

Cyber Security framework is the basic processes which include the rules and guidelines to be followed while designing security for information. There are several different frameworks depending on the type of company and the complexity of operation.


List of Cyber Security frameworks

NIST : National Institute of Standards and Technology.

  • Developed by the fusion of wide expertise from varied organizations for sensitive systems and privacy for civilians. Top class Cyber Security professionals thrived to formulate regulatory norms.

  • These standards were documented initially aiming for the federal government, but later most of it was followed by the private organizations also.

  • Define risk and ways to access and resolve security conflicts. The communication system was widely improved for supporting the individuals in operating the organizations.

  • Evolving measures to be taken in maintaining security standards and stop cyber attacks.

  • Identifying the threat, protecting from threat, Detecting where the threat occurred, Responding to the threat and Recovering the data are focus issues.



COBIT

Control Objectives for Information and Related Technologies.

  • It is the security framework associated with IT management system that relates to controlling the flow of information. The control structures are formulated and managed by COBIT.

  • Organizes the practices followed by IT domains and processes required for governance of business.

  • Processes are standardized and briefly described. A model for functioning and practicing the methods are made common for every organization.

  • These processes help in planning, monitoring, building and running the organization following the standard structures.

  • Gives the ability to effectively control the functionality of IT process in every management system.



ISO/IEC

These standards are filed as ISO/IEC 27001:2013 for protection of information technology, standard processes to formulate security protocols and risk management system.

These standards are set under International Standards Organization(ISO) and International Electrotechnical Commission(IEC).

  • The British Standard BS 7799 was later changed to ISO/IEC 27001:2013.

  • Global in use and serves as a guide to implement the security management standards.

  • Regulate cybersecurity norms, gaining control over access to information transfer.

  • Mandatory regulations to be implemented in IT Access management and Encryption and decryption procedures.

  • Implement security controls in the organization.

NERC

The North American Electric Reliability Corporation.

  • This corporation majorly focuses on reliability and stable performance.

  • The standards were initially applied to electric corporation grids which we later carried forward by other industries.

  • Checking for new patches in the system is done once in every 35 days. After identifying a new patch; its capacity is evaluated and its mitigation and installation activities should be completed in 35 days later to its assessment completion.

  • These protocols are employed in securing of electric systems in bulk but also    provides support for standardizing industry processes.

TCCYBER

The Technical Committee on Cyber Security.

  • Telecommunication standards were improved in the European zone initially which was then spread rapidly globalizing it.

  • Privacy and security are of major concern for which TCCYBER relates itself.

  • It maintains a global standard of Cyber Security and also does provide a center for expert help for other major ETSI committees.

  • Guiding infrastructure operators, educating the developers and end users.

  • Guidelines are available globally for free. Thus playing the main role in establishing standards and regulations in the telecommunication industry.

HITRUST CSF

The Health Information Trust Alliance.

  • Formulated by an individually operating private sector organization.

  • Focuses majorly on development and implementation of standard procedures in the business, Cyber Security, and healthcare industry.

  • Harmonizing and including other regulatory standards such as ISO, NIST, PCI, HIPAA and State laws.

  • Factors of scaling depend on type, expansion and operational behavior of an organization. Iterates and evolves control structures.

Conclusion

The choice of  Cybersecurity framework must be made by analyzing the norms tailored as per the functional complexity of an organization.