3 Primary Frameworks
NIST Cyber Security Framework
National Institute of Standards and Technology (NIST) is a cybersecurity model commonly used by organizations in the US. Establishing and communicating your organization’s tolerance for risk is key to increase program maturity, in accordance to this model. The NIST framework also accounts for the rapidly changing nature of cybersecurity threats, and advises its followers to continuously adjust their monitoring techniques and remediation strategies to match the ongoing threat environment.
The NIST cybersecurity model follows five key phases to reaching a mature security management program:
Identify - In the first phase, organizations establish a business-wide approach to cybersecurity management, including an understanding of the current risks to the network, what sensitive information lives throughout the organization, and what critical business operations exist that need to be protected from cybersecurity threats
Protect - The next step in building program maturity according to NIST’s cybersecurity model is to organize and define the defenses necessary to protect the identified critical pieces of your security program.
Detect - This phase is probably what most organizations dive right into when it comes to cybersecurity program management, including establishing the most effecti ..