Article
Share Post

To ensure business continuity and propel growth, cybersecurity is no longer an option, but a vital component of your organization. Strengthening your cybersecurity posture includes many steps, one of these being adopting a cybersecurity framework.

Adopting a framework can help you improve your cybersecurity posture because they are user-friendly, budget-friendly, adaptable and because they have a proven track record. You can expect these three benefits when you adopt and implement a cybersecurity framework.

Reduce risk. The framework includes exhaustive coverage of the relevant topics to help ensure you aren’t missing something in your security program.

Save time. Regular updates to the framework mean that you don’t have to do that research to keep on top of cybersecurity threats and best-practice mitigations.

Ensure Compliance. Keeps you in alignment with the expectations of regulators and insurance companies.

Identifying the right framework for your organization is only the first step; next you need to implement and then understand the implications of deviating from the framework. Working with a managed service provider (MSP) who is familiar with multiple frameworks and with implementing them can make everything easier. You also may need assistance doing a comprehensive assessment of how your current configurations align with the framework. Contact our team at StrataDefense for a complimentary assessment or discussion for your specific needs.

What is a cybersecurity framework?

Cybersecurity frameworks outline security best practices to reduce exposure to weaknesses and vulnerabilities that hackers might exploit. Usually, the frameworks consist of multiple documents on specific aspects of a security program. They can be lengthy but are organized for easy reference.

Implementing the correct cybersecurity framework helps you defend against cyberattacks and improve data security effectively and continuously.

What are the well-known frameworks?

There are many well-known frameworks such as NIST, CIS, PCI, COBIT and CISA. The framework your network needs depends on your security needs. We’ve found the Center for Internet Security (CIS) is best suited for audited and regulated environments in banks, credit unions, and other financial institutions. CIS is often considered the gold standard, whereas a NIST framework may be better for small businesses or organizations that have not previously implemented a framework.

Can you tell me more about CIS and how my financial institution might use it?

The CIS cybersecurity framework explains the risks and consequences of cyber-attacks and provides step-by-step guides on how to improve web browser protections, data recovery capabilities, and risk management. The CIS framework contains both Benchmarks and Controls. Benchmarks are guidelines for hardening specific operation systems, middleware, software applications, and network devices. Controls are best practices for security on a wide range of systems. Benchmarks provide mapping as applicable to the Controls. (Center for Internet Security, https://www.cisecurity.org/controls/cis-controls-faq).

To give you an example from the CIS framework, consider the topic of passwords; in some ways the simplest form of security, but one where best practice for creation and use change regularly. The CIS Benchmark for passwords provides easy-to-follow, and credible guidance and policy, such that following the benchmark, you can feel confident that your password management will pass audit and regulatory review.

In the CIS Benchmark for passwords, there is a clear introduction of what passwords are, then the CIS Controls state recommendations for passwords, including password expiration, composition, filters, session lock when idle, hints, password managers, and more. The CIS Controls chart the importance of good password policies in relation to types of attacks and their frequency, and where a password policy can help or hinder you. As you continue, you’ll find in-depth explanations, notes, concerns, and recommendations for actions and quality checks to ensure your bank or credit union minimizes the effect of human error.

Banks and credit unions that implement the CIS cybersecurity framework are one step closer to improving their cyber security posture. By selecting a CIS framework for each of the technology benchmarks (100+ secure configuration guidelines for 25+ vendor product families), you are adding multiple layers of defense against an attack on your network or technology.

There may be specific features you or your industry need for adopting a framework in your cybersecurity plan. Contact our team at StrataDefense for a complimentary assessment or discussion for your specific needs. 

Matthew Hildebrandt is President and CEO of StrataDefense. With over 15-years of experience in information technology, including 7 years for two financial institutions, Matt has first-hand experience with designing network architecture to meet your institution’s strategic needs. He is also strangely energized by responding to queries from regulatory examiners.

Important Information: By visiting or clicking the above links, you’ll leave this page and some links go to a third-party website. StrataDefense does not control the content or privacy practices of the other websites and does not endorse or accept responsibility for the content, policies, activities, products, or services offered on the sites.