Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

How to Build a Cyber Security Framework


Published on

Your framework is the basis of the policies and processes of your security program. Learn how to build a security program based on your business needs, rather than compliance.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

How to Build a Cyber Security Framework

  1. 1. Building a Cyber Security Framework @CISOSHARE Copyright © 2019
  2. 2. What is a Cyber Security Framework? Copyright © 2019
  3. 3. It’s the foundation of your cyber security program. What is a Framework? Copyright © 2019
  4. 4. Your framework should bring together requirements your security program has to meet. Business Goals Regulatory Requirements Best Practices Technical Requirements Industry Requirements Copyright © 2019
  5. 5. Your framework is what all the policies and processes of your security program will be built on. What is a Framework? Copyright © 2019
  6. 6. Ready to Start? Here are our tips on building your security program framework. Copyright © 2019
  7. 7. Understand Your Cyber Security Program Goals. Copyright © 2019
  8. 8. Ask high-level stakeholders for the top 3 goals of your security program. Understand Your Goals Copyright © 2019
  9. 9. Identify demographic information about your company such as: Understand Your Goals This determines what regulatory requirements you must adhere to, like PCI, HIPAA, etc. Your industry Where you’re located What types of data you handle Copyright © 2019
  10. 10. Evaluate Your Current Environment Copyright © 2019
  11. 11. If you have a previously established framework, measure how well different aspects of your security program adhere to it. Evaluate Your Environment Copyright © 2019
  12. 12. Decide if you’re going to build a new framework or retrofit an existing one. Whatever you decide, we recommend a business-based security program, rather than a compliance-based one. Evaluate Your Environment Copyright © 2019
  13. 13. Choose the Right Framework Inputs Copyright © 2019
  14. 14. Framework Inputs This is where regulatory requirements and organizational goals come into play. Good inputs are the key to building a strong framework. Copyright © 2019
  15. 15. Framework Inputs For every input you choose, make sure it aligns with your organizational culture and management processes. Copyright © 2019
  16. 16. Framework Inputs Example: Don’t comply with ISO 27001 if it won’t benefit your business or you don’t have the resources available to carry out the compliance processes. Copyright © 2019
  17. 17. Build Framework Documentation and Management Copyright © 2019
  18. 18. Documentation and Management Building your resource management processes concurrently with your framework will make it easier to understand what resources you’ll need. Document your framework and its management process. Copyright © 2019
  19. 19. Documentation and Management What to include in your documentation? Business Roles Roles and Responsibilities Tools Step-by-Step Instructions Copyright © 2019
  20. 20. Integrate Framework Requirements into Program Elements Copyright © 2019
  21. 21. Program Elements Make sure requirements are incorporated into your charter, policies, measurement program, and processes. Copyright © 2019
  22. 22. Program Elements If you’re retrofitting your framework, make sure new requirements apply to each downstream program element. Copyright © 2019
  23. 23. Review and Monitor Your Environment Copyright © 2019
  24. 24. Monitor Your Environment Once your framework has been implemented, make sure it’s being carried out appropriately in your environment. Copyright © 2019
  25. 25. Monitor Your Environment Check requirements throughout different program elements for any contradictory statements. Copyright © 2019
  26. 26. Validate and Ratify Your Framework Copyright © 2019
  27. 27. Validate and Ratify Have a trusted security resource validate your framework and make sure it’s adopted and enforced by the company. Copyright © 2019
  28. 28. Want More Details? Download our framework checklist! @CISOSHARE Copyright © 2019
  29. 29. Based in Southern California and serving organizations globally, CISOSHARE is the leading provider of security program development, professional, and managed services for leading and rapidly-growing organizations. Learning and teaching lies at the core of CISOSHARE’s culture, focusing on educating employees and clients about information security through our services. CISOSHARE offers managed security program services, role-based services, security architecture, incident management and response, and more. About CISOSHARE @CISOSHARE Copyright © 2019 | | +1-800-203-381