13. Explain a basic cyber security framework (AC 3.2)

In this question I'll explain a basic cyber security framework. My example will be the NCSC's 10 Steps to Cyber Security A brief explanation of what a cyber security framework is: It's like a blueprint that organisations can follow to be cyber safe. It's a set of guidelines, best practices, standards and policies. It's basically a 'how to cyber' for organisations. The NCSC's 10 Steps to Cyber Security is specifically designed for medium to large organisations. Risk management - Take a risk based approach to securing your data and systems Knowing what cyber related risks you, as the organisations, are facing is the first step in this framework. It's important to identify threats, understand vulnerabilities, and set up policies and procedures to manage those risks. "Assess the risks to your organisation's information and systems with the same vigour you would for legal, regulatory, financial or operational risks." Engagement and training - Collaboratively build security that works for people in your organisation This step is about making sure everyone in the organisation understands cyber security. This should involve having easy to understand security policies and regular training of everyone in the organisation. From the newest apprentices to the most senior employees. Good cyber security education helps protect themselves, the systems they use and the whole organisation. Asset management - Know what data and systems you have and what business need they support You need to keep an extensive list of all your assets, this includes computers, software, servers and data. You should also understand their purpose and importance. Many systems tend to grow over time, so it's a good idea to keep record of any new addition, it's purpose within the organisation. "Understanding when your systems will no longer be supported can help you to better plan to upgrades and replacements " Architecture and configuration - Design, build, maintain and manage systems securely Good security needs to be built in into your systems and services from the very beginning. It's about designing a secure system and having every part configured correctly and updated regularly. This can reduce the need for costly rework in the future. With this you'll be "able to manage your systems securely, and maintain their security over time." Vulnerability management - Keep your systems protected throughout their lifecycle This step will keep your organisation protected in cyberspace. It's important to stay on top of publicly disclosed vulnerabilities, that are relevant to your systems, as that's the major source of attacks. So it's important to install security updates as soon as possible to protect your organisation. Vulnerability management will help you determine which vulnerabilities are more serious, so you can focus on those. Identity and access management - Control who and what can access your systems and data This step is about privileges, Multi-Factor Authentication(MFA), and security monitoring. Only authorised users should have access to the relevant IT resources. It's good to keep in mind different kind of users such as full and part time staff, contractors, volunteers, students and visitors. MFA should be a consideration for all accounts. MFA is the safest method of authenticating and will keep the accounts safe. Security monitoring is another important part of this step. It can help you with identifying malicious behaviour, especially if authentication and authorisation event are logged and monitored too. Design your control system in a way, where you can trace all actions of one person/account within the system. Data security - Protect data where it is vulnerable This step involves protecting sensitive information. This can either be when 'it's data at rest' or 'data at transit' (this means data stored on your system and data transmitted over networks respectively). Another thing to consider is data that's at the 'end of life'. That's when data needs to be deleted, and this step will help you in deleting sensitive data in a way, that's in no way recoverable. Data security means you need to think about encryption, secure storage. Logging and monitoring - Design your systems to be able to investigate incidents Set up your systems to record all that happens on your network and devices. Monitor these logs and look for any suspicious activity. This is how you will be able to detect attack early and most importantly, you will understand how they happen. This will improve your defence for the future attacks. Incident management - Plan your response incidents in advance Even with after you've followed every step in this guide, incidents still happen. This step will help you prepare a plan for an incident happens. A good incident management plan will help you to quickly contain an attack, recover data and learn from this to prevent similar attacks in the future. Supply chain security - Collaborate with your suppliers and partners This last step about is less about your organisation and more about everyone that interacts with your organisation. It's about having "more effective relationships with your suppliers and partners", clear understanding of what parts of security you are responsible and what's suppliers responsibility. It's about knowing exactly who is in your supply chain, this will help you build a list of the partners and suppliers of highest priority in terms of risk. This may help you should one of them be attacked, as that can be just as damaging to you as it is to them.