​Tech Tip Time!

​Class Objectives

​Learners Can:

​Vocabulary:

• Recognize uses for the three categories of cybersecurity frameworks

• Identify the correct framework to use based on an organizations needs

• Control framework

• Program framework

• Risk framework

​Engage

• There are many different cybersecurity frameworks.

• Each organization usually chooses the right one for its company.

• Consider the specific security needs of a hospital versus a school.

• Think about the unique information these two organizations protect.

​Remember...

• A security framework includes specific guidelines, standards, and best practices designed to lower security risks

  • The goal is to provide a comprehensive approach to managing an organization's cyber risks and ensuring the security of its systems and data.

• Think back to the needs of a school and a hospital. Both have valuable data they need to protect.

  • School - protect personal records of learners

  • Hospital - protect patients' personal health and medical data

Three Categories of Cybersecurity Frameworks

​Control Framework

​Imagine that you bought your very first house, and you need to put some things in place to keep it safe. You might install:

• New locks on your doors;

• Security cameras; or

• Alarm systems

​Think of keeping your computer secure like you would your home!

​Control Framework

• Control framework: focuses on the technical tools needed to keep computer systems and information safe and ensures the company meets industry security standards

• To protect data accessed through a computer, organizations might:

  • Require strong passwords;

  • Install firewalls to block certain websites and applications; or

  • Use encryption to send communications

​Program Framework

​Imagine that you are about to open your town's newest restaurant. Before you open the doors, you need a plan in place. Your plan might include:

• Deciding what to put on the menu;

• Hiring cooks and servers; and

• Setting hours of operation.

A program framework helps you organize plans like this.

​Program Framework

• Program framework: helps you organize plans that everyone in your organization follows to keep information safe

• Widespread efforts in a program framework to keep information safe might include:

  • Mandatory training on cybersecurity every 6 to 12 months;

  • Pushed updates to computers to keep the software current; and

  • Creating and testing steps for disaster recovery

​Risk Framework

Imagine that you are the supervisor of a fire department. It is your job to make sure the town is safe. You might:

• Put warning signs around town when conditions are dry;

• Go to schools to teach children about fire safety; and

• Organize community events to clear debris from properties

Risks must also be considered in cybersecurity!

​Risk Framework

• Risk framework: works to identify dangers, so they can be slowed down or stopped

• Organizations that use risk frameworks might:

  • Regularly evaluate the safety of current systems;

  • Employ monitoring tools that detect suspicious activity; or

  • Purchase cyber insurance to minimize the potential financial impacts a threat may cause.

​Framework Selection

​Understanding what is needed is critical to an organizations decision in choosing one of the three categories of cybersecurity frameworks.

​Control Framework

• Need to provide a baseline group of security controls.

• Need to prioritize the implementation of security controls.

• Need to construct a complete cybersecurity program.

• Need to measure your program's security.

​Program Framework

• Need to construct define the necessary processes for risk assessment and management.

• Need to identify, measure, and quantify the organization's security risks.

​Risk Framework

​Let's practice choosing the right framework.

Scenario 1:

An e-commerce platform is growing quickly and wants to focus on identifying and managing risks associated with its customer data and online transactions.

The company needs a framework that can help assess and prioritize cybersecurity risks and pinpoint cyberthreats before they occur.

Scenario 1:

An e-commerce platform is growing quickly and wants to focus on identifying and managing risks associated with its customer data and online transactions.

The company needs a framework that can help assess and prioritize cybersecurity risks and pinpoint cyberthreats before they occur.

Scenario 2:

A bank is looking to establish rigorous internal security applications and software to comply with industry regulations.

The bank needs a framework that will guide it on the specific security tools and measures it must use to protect bank members' data and transactions.

Scenario 2:

A bank is looking to establish rigorous internal security applications and software to comply with industry regulations.

The bank needs a framework that will guide it on the specific security tools and measures it must use to protect bank members' data and transactions.

Scenario 3:

A national energy provider is focusing on establishing a robust cybersecurity policy to ensure the security and continuity of critical information.

The company needs a framework that helps organize its security practices and policies across various departments.

Scenario 3:

A national energy provider is focusing on establishing a robust cybersecurity policy to ensure the security and continuity of critical information.

The company needs a framework that helps organize its security practices and policies across various departments.

​Let's review what we have learned!

Class Recap!

​What did we do?

​Looking ahead to 1.1.3...

• Recognized uses for the three categories of cybersecurity frameworks; and

• Identified the correct framework to use based on an organization's needs

• Learn about the NIST Cybersecurity Framework