The Center for Cybersecurity Belgium (CCB) launched its Cyberfundamentals framework on 24-03-2023 to improve cybersecurity in Belgian companies. We believe it's very useful for both Belgian but also international companies. But what does it mean in practice and how can you apply it? We'll explain by answering some questions.
What is the Cyberfundamentals Framework?
In short, it's a framework with requirements to improve cybersecurity in your company. It contains concrete measures te reduce risks from the most common cyberattacks. It's comparable to existing frameworks like NIST CSF, ISO 27001 / ISO 27002, CIS Controls and IEC 62443.
Like NIST CSF, all measures are divided in 5 core functions: identify, protect, detect, respond and recover. Within each core function are different measures taken from the NIST CSF, complemented with relevant insights from the other frameworks, reviewed by practitioners and validated against data from real-life cyberattacks.
How can I apply it at my company?
The Cyberfundamentals framework defines different levels with measures.
- Small: Meant for micro-organisations or startups: the bare minimum.
- Basic: The basic level, for every SMB. Protection against automated attacks.
- Important: For larger companies or those processing sensitive data. Protects against common manual attacks.
- Essential: The highest level of security assurance. Also protects against sophisticated attackers.
The different levels make the Cyberfundamentals framework easily applicable in different kinds of organizations. It's no longer necessary to determine which measures need to be implemented first. Just start with the first level and work your way up to the desired level. There are even key measures within each level to help you prioritise your implementation. And did you know that each measure can be mapped to a NIST CSF measure? So implementing the Cyberfundamentals measures, will automatically implement NIST CSF (partially, depending on level).
How useful is the framework?
We think Cyberfundamentals is a fantastic framework, and we used it since it launched to improve cybersecurity at our customers, with great results. Because the framework is based on NIST CSF, we can be confident of the quality of its measures. But where NIST CSF (and other) frameworks are sometimes difficult to apply because of an overload of very technical documentation, the Cyberfundamentals framework succeeds in making it relatively user-friendly because of its use of levels and key measures.
The CCB has created a strong tool to improve cybersecurity in your organization, even if you're not a Belgian company. Start today with a free self-evaluation using the CCB's Excel sheet, or contact us for advice.