In almost every business, technology and data are essential components in day-to-day operations. Unfortunately, people with bad intentions work diligently to steal the data you and your business need to function. Their motivations vary, but malicious threat actors generally either want to profit from your systems and data or disrupt them, or both. Business leaders are not convinced that their companies can fully ward off or withstand a possible cyber attack.
With these fears, many companies align to industry best practices or frameworks to maintain, monitor, and disable cybersecurity risks before they occur. A cybersecurity framework is, essentially, a system of standards, guidelines, and best practices to help manage risks. They typically align to a business's security objectives, such as avoiding unauthorized system access, with controls like requiring a username and password or multi-factor authentication.
Cybersecurity frameworks take the approach to the work of securing digital assets much like a frame does to building a building or house. The framework is designed to give security managers a reliable, systematic way to mitigate cyber risk, no matter how complex the environment might be. Cybersecurity frameworks are often mandatory in specific industries, or at least strongly encouraged, for companies that want to comply with state, industry, and international cybersecurity regulations. For example, in order to handle credit card transactions, a business must pass an audit attesting to its compliance with the Payment Card Industry Data Security Standards (PCI DSS) framework.
Benefits of implementing a cyber framework include:
- Using common language, systematic approach, and unbiased cybersecurity
- Enabling long-term cybersecurity and risk management
- Creating an approach for all stakeholders between technical and business-side
- Providing flexibility and adaptability
- Preparing for future risk mitigation, regulation, and compliance requirements
There are many different cyber frameworks to work from and implementing one may depend on what your use or requirements are. However, a few are prominent and can make a big impact in the way you conduct security operations and compliance. In addition to payment card cyber frameworks such as PCI DSS, popular frameworks can help develop in-depth approaches to defense by understanding attacker tactics and techniques common frameworks such as MITRE ATT&CK or Kill Chain can help your SOC identify threats that are both to the local and external environments.
Types of frameworks
Threat and Risk Frameworks
MITRE started by documenting common cyberattack tactics, techniques, and procedures (TTPs) used against Windows enterprise networks. The MITRE MITRE ATT&CK framework became the baseline acting as a common language for offensive and defensive researchers. MITRE ATT&CK has become one of the most popular approaches to detecting threat actors and advanced persistent threats (APTs) within a corporate ecosystem. Using several hundred techniques and sub-techniques, security teams gain a deep understanding of the methods of attack. MITRE ATT&CK has quickly become the go-to framework for detection and response.
Cyber Kill Chain
Cyber Kill Chain was originally developed by Lockheed Martin in 2011 and based on the US military. Cyber Kill Chain outlines the various stages of several common cyberattacks and, by extension, the points at which the information security team can prevent, detect or intercept attackers. The Cyber Kill Chain is intended to defend against sophisticated cyberattacks, also known as advanced persistent threats (APTs), in which adversaries spend significant time surveilling and planning an attack. Most commonly these attacks involve a combination of malware, ransomware, Trojans, spoofing, and social engineering techniques to carry out their plan.
There are 7 phases to the Cyber Kill Chain:
- Phase 1: Reconnaissance
- Phase 2: Weaponization
- Phase 3: Delivery
- Phase 4: Exploitation
- Phase 5: Installation
- Phase 6: Command and Control
- Phase 7: Actions on Objective
The NIST Framework for Improving Critical Infrastructure Cybersecurity, sometimes just called the “NIST cybersecurity framework,” is, as its name suggests, intended to be used to protect critical infrastructure like power plants and dams from cyber attacks. However, its principles can apply to any organization that seeks better security. It is one of several NIST standards that cover cybersecurity.
ISO 27001 and 27002
Created by the International Organization for Standardization (ISO), ISO 27001 and ISO 27002 certifications are considered the international standard for validating a cybersecurity program — internally and across third parties. With an ISO certification, companies can demonstrate to the board, customers, partners, and shareholders that they are doing the right things to manage cyber risk. A well implemented ISO framework proves that you have mature cybersecurity practices and controls in place.
Service Organization Control (SOC) Type 2 is a trust-based cybersecurity framework and auditing standard developed by the American Institute of Certified Public Accountants (AICPA) to help verify that vendors and partners are securely managing client data. SOC2 has more than 60 compliance requirements and extensive auditing processes for third-party systems and controls. Because of its comprehensiveness, SOC2 is one of the toughest frameworks to implement — especially for organizations in the finance or banking sector who face a higher standard for compliance than other sectors.
Formerly the SANS Critical Security Controls (SANS Top 20) these are now officially called the CIS Critical Security Controls (CIS Controls). The guidelines consist of 18 (originally 20) key actions, called critical security controls (CSC), that organizations should implement to block or mitigate known attacks. The controls are designed so that primarily automated means can be used to implement, enforce, and monitor them. The security controls give no-nonsense, actionable recommendations for cyber security, written in language that’s easily understood by IT personnel.
What cyber frameworks can I put in place?
Splunk recommends following this prescriptive adoption motion: Splunk Adoption Maturity: Cyber frameworks. This guide walks you step-by-step through planning, implementing, and measuring your success with some of the frameworks discussed in this article.
These additional resources will help you implement this guidance: