Cybersecurity Framework
Identify
Asset Management
Business Environment
Governance
Risk Assessment
Risk Manage
Protect
Awareness Control
Awareness and Training
Data Security
Information Protection and Procedures
Protective Technology
Detect
Anomalies and Events
Continuous Monitoring
Detection Processes
Respond
Responsive Planning
Communications
Analysis
Mitigation
Improvements
Recover
Recovery Planning
Continuous Improvements
Communications
Strategic Decisions
Iterative Processes
Cybersecurity Systems Delivery Methodology
Establish (Plan)
Implement and Operation (Do)
Monitor and Review (Check)
Maintain and Improve (Act)
Plan Phase
- Develop cybersecurity requirements based on customer requirements
- Understand operational processes
- Assess gaps versus risks
- Identify performance gaps
- Develop strategy options (as per ISO27001)
Do Phase
- Document Business, Services, Knowledge and Management processes
- Implement new strategies
- Implement/update existing strategies
- Execute training and awareness activities
Check Phase
- On Going
- Monitor process findings
- Measure performance
- Annual Review
- Test and exercise existing strategies
- Review and audit by internal and external groups
Act Phase
- Management reviews program
- Management adjusts program as per client’s requirements
- Management directs improvement measures