How do I design cyber security framework for my organization?
To define required cyber security in organization, one need to consider compliance & actual necessities.
Compliance can be GDPR, DPDP, RBI, SEBI, IRDA, AICTE/UGC etc.
Both requires data protection from internal and external threats + assets protection.
More or less all cyber security framework suggests following steps:
1. Prepare: Define and implement comprehensive Cyber Security Framework. Define
roles and responsibilities.
2. Identify: Understand compliance, requirements, problem areas and its solutions.
3. Protect: Implement solutions to protect digital assets.
4. Detect: In case of breach, identify impact, detect problem area.
5. Respond: On detection, how organization will respond to prevent any breach –
define roles and solutions.
6. Recover: In case of breach, how organization will restore operations & prevent
misuse of breach.
7. Report: Methods and tools to report to authority
Line of Defence:
1. CISO / Cyber Security Manager
2. Centrally Managed, Centralised Data Repository
3. Data Backup and Disaster Recovery
4. Firewall and VPN
5. VAPT
6. Data Leak Prevention, Encryption
7. Identity Management, Access Management, ZTNA
8. Anti Malware (with EDR/XDR/MDR)
9. Asset Management, Patch Management, MDM
10. Anti Phishing Simulation & Cyber Security Training