Foundational Frameworks

Last updated on November 29, 2024

Description



Cybersecurity frameworks are sets of guidelines for managing and reducing security risks. Examples of frameworks include the B.C. Defensible Security Framework and the NIST Cybersecurity Framework. Organizations use frameworks to ensure that they have the tools they need to defend themselves against cyberattacks.

CyberBC provides its clients with templates, examples, and self-assessment tools they need to align to the B.C. Defensible Security Framework, as well as expert advice and coaching on how to prevent, detect, and respond to cyberattacks.

Outcomes


 

  • Clients will be able to identify the areas of their security program that are succeeding, adequate, or need review.
  • Clients are able to prioritize these findings to meet their needs.
  • Clients are better protected against cyberattacks.
  • Organizations have a documented understanding of their organization’s risk profile.
  • Clients have access to tools and expertise available to quickly identify, analyze, and respond to security incidents and breaches.
  • Action plans are developed to manage detected cybersecurity incidents and breaches, and strategies to contain cybersecurity threats.

Resources



Defensible Security
Defensible Security is a collection of control groups you can use to help support your security program. Defensible Security helps organizations know what they need to be doing at a minimum to achieve a security posture that is defensible.

Assessment Tool (Excel)
Provides a quick and easy way for organizations to assess their security posture and view changes over time. It can also be used for executive reporting.

CIS Critical Security Controls (cisecurity.org)
The Center for Internet Security's Critical Security Controls (CIS Controls) are a prescriptive, prioritized, and simplified set of best practices that you can use to strengthen your cybersecurity posture.

ISO/IEC 27000 family (iso.org)
ISO/IEC 27001 is the world’s best-known standard for information security management systems (ISMS) and their requirements. Additional best practice in data protection and cyber resilience are covered by more than a dozen standards in the ISO/IEC 27000 family.

NIST Cybersecurity (nist.gov)
NIST develops cybersecurity standards, guidelines, best practices, and other resources to meet the needs of U.S. industry, federal agencies and the broader public. Our activities range from producing specific information that organizations can put into practice immediately to longer-term research that anticipates advances in technologies and future challenges.

 

Request Additional Resources

CyberBC offers Complementary Resources in addition to the Self-Serve resources above.

Contact information

CyberBC Mailbox
Cyber.BC@gov.bc.ca