Cybersecurity Fundamentals
Introduction to Cybersecurity The CIA Triad & Core Principles Cyber Threat Landscape Security Frameworks & Standards Cryptography Essentials
Progress: 0%
Cybersecurity Fundamentals

Security Frameworks & Standards

45 min

Why Frameworks Matter

Security frameworks provide structured guidance, best practices, and standards for managing cybersecurity risk. They enable organizations to assess their current security posture and systematically improve it.

NIST Cybersecurity Framework (CSF)

Developed by the National Institute of Standards and Technology, the NIST CSF is the gold standard for cybersecurity risk management.

NIST CSF CORE FUNCTIONS ──────────────────────────────────────────── IDENTIFY → Asset management, risk assessment (Know what you have & its value) PROTECT → Access control, training, data security (Implement safeguards) DETECT → Continuous monitoring, anomaly detection (Identify when events occur) RESPOND → Response planning, communications (Take action when detected) RECOVER → Recovery planning, improvements (Restore capabilities after incident) ────────────────────────────────────────────

ISO/IEC 27001

The international standard for Information Security Management Systems (ISMS). It provides a systematic approach to managing sensitive company information using risk management processes.

  • Based on Plan-Do-Check-Act (PDCA) cycle
  • Contains 114 controls across 14 domains
  • Certification audited by third-party bodies
  • Recognized globally in contracts and procurement

CIS Controls v8

The Center for Internet Security (CIS) Controls are 18 prioritized actions that form a defense-in-depth approach:

  • IG1 (Basic Hygiene): Controls 1-6 — Inventory, patching, access control
  • IG2 (Standard): Controls 7-16 — Email security, logging, incident response
  • IG3 (Advanced): Controls 17-18 — Penetration testing, red team exercises

Other Important Standards

  • GDPR — EU data protection regulation; €20M+ fines for violations
  • PCI DSS — Payment Card Industry security standard
  • HIPAA — Healthcare data protection (USA)
  • SOC 2 — Service Organization Control for cloud providers
  • MITRE ATT&CK — Knowledge base of adversary tactics and techniques

📌 Practical Application

Most organizations start with NIST CSF to assess their current posture, then adopt ISO 27001 for formal certification, and use CIS Controls for technical implementation guidance.

Previous
Login to Track Progress Next