What is the Cyberfundamentals framework?

business1 year ago2 minutes read
Picture of author Olivier Sels

The Center for Cybersecurity Belgium (CCB) launched its Cyberfundamentals framework on 24-03-2023 to improve cybersecurity in Belgian companies. We believe it's very useful for both Belgian but also international companies. But what does it mean in practice and how can you apply it? We'll explain by answering some questions.

The NIST CSF functions wheel: identify, protect, detect, respond and recover.

What is the Cyberfundamentals Framework?

In short, it's a framework with requirements to improve cybersecurity in your company. It contains concrete measures te reduce risks from the most common cyberattacks. It's comparable to existing frameworks like NIST CSF, ISO 27001 / ISO 27002, CIS Controls and IEC 62443.

Like NIST CSF, all measures are divided in 5 core functions: identify, protect, detect, respond and recover. Within each core function are different measures taken from the NIST CSF, complemented with relevant insights from the other frameworks, reviewed by practitioners and validated against data from real-life cyberattacks.

How can I apply it at my company?

The Cyberfundamentals framework defines different levels with measures.

  • Small: Meant for micro-organisations or startups: the bare minimum.
  • Basic: The basic level, for every SMB. Protection against automated attacks.
  • Important: For larger companies or those processing sensitive data. Protects against common manual attacks.
  • Essential: The highest level of security assurance. Also protects against sophisticated attackers.

The different levels make the Cyberfundamentals framework easily applicable in different kinds of organizations. It's no longer necessary to determine which measures need to be implemented first. Just start with the first level and work your way up to the desired level. There are even key measures within each level to help you prioritise your implementation. And did you know that each measure can be mapped to a NIST CSF measure? So implementing the Cyberfundamentals measures, will automatically implement NIST CSF (partially, depending on level).

How useful is the framework?

We think Cyberfundamentals is a fantastic framework, and we used it since it launched to improve cybersecurity at our customers, with great results. Because the framework is based on NIST CSF, we can be confident of the quality of its measures. But where NIST CSF (and other) frameworks are sometimes difficult to apply because of an overload of very technical documentation, the Cyberfundamentals framework succeeds in making it relatively user-friendly because of its use of levels and key measures.

The CCB has created a strong tool to improve cybersecurity in your organization, even if you're not a Belgian company. Start today with a free self-evaluation using the CCB's Excel sheet, or contact us for advice.


Follow us on

Perform a SAMM assessment

Free

Improve security

Easy to use

Related articles

business
March 27, 2023

If your company develops software then the answer is always: yes, you need an appsec program. But what is an appsec program and why do you…

A diagram of how to protect application secrets, showing them being injected in the deployment process. Developers do not have access to application secrets or the production environment.
A cloud of key aspects related to the 'organize basic data protections' practice
Our mission

Secuma helps technology companies develop more secure applications. We encourage and guide the integration of security best practices in the entire Software Development Lifecycle, improving the security of your applications and stopping issues from becoming incidents.

Company

infosecuma.be
Sels Software & Security BV
Hoogputstraat 22B
3690 Zutendaal
Belgium
BE0748911858

Geregistreerd dienstverlener voor de KMO portefeuille

DV.A249876


Thank you for visting Secuma |
Pictures courtesy of Unsplash