Don’t worry, you are not alone! There are several industry-led security frameworks developed to help businesses manage the increasing cyber risk. It’s not uncommon to see many security professionals struggle implementing these industry leading frameworks such as ISO 27000 and NIST Cyber Security Framework (CSF). Both these frameworks can be massive and complex but yet very effective if and when done right.

At Thinknology, we are passionate about industry frameworks and understand the complexity when working and implementing these in businesses. We also understand when it comes to frameworks it’s not to say one-size-fits-all; especially when we work in large enterprises it might make sense to implement one of the industry leading frameworks likeISO 27000 and NIST CSF but that might not be the case for a small and medium size business (SMB). In a SMB environment it might be best to look at the Centre of Internet Security (CIS) Critical Security Controls, often known as “Top 20”.

It should also be noted that the Province of British Columbia has devised their own “Defensible Security Framework” to offer a much easier to digest framework for both private and public bodies.