14. Evaluate a cyber security framework (AC 3.3)

We'll look at some of the advantages and disadvantages of NCSC's 10 steps framework. Advantages: It's only ten steps as opposed to the Centre for Internet Security's security framework which is eighteen steps. This makes NCSC's framework more approachable to less experienced cyber professionals, or smaller companies. This framework is by the National Cyber Security Centre, this may be a high selling point for people who trust the UK government as opposed to other frameworks designed by unknown bodies. It's a well structured document, each step broken down into benefits of said step, clearly defined goals, and plenty of information about each topic, keyword and acronym. There are also 2 supporting videos as well as pdfs with more information and infographics. Disadvantages: It's been almost 4 years, since it's been last reviewed (11 May 2021), and as cyberspace is an ever evolving sphere it may be out of date on some of it's guidance. It's written for Cyber security professionals, so it non technical people might find it difficult to understand. You can make the point that this framework is intended for medium to large organisation, who presumably will have their own cyber security professionals, but that doesn't always have to be the case. It's around 15k words. This can be both an advantage and disadvantage. It means that there should be sufficient details and instructions for organisation to protect themselves in cyberspace. It also means, it's a long piece of document, which can be off putting to people, who don't think cyber security is a priority.