Cybersecurity Frameworks
Cybersecurity frameworks are structured sets of guidelines and best practices that organizations use to manage and reduce cybersecurity risk.
Explanation
The NIST Cybersecurity Framework is the most widely referenced, organized around five core functions: Identify, Protect, Detect, Respond, and Recover. Other frameworks include ISO 27001 (information security management systems), CIS Controls (prioritized security actions), and the AICPA cybersecurity risk management reporting framework. CPAs are increasingly involved in cybersecurity through SOC for Cybersecurity examinations, which provide assurance over an entity's cybersecurity risk management program.
Key Points
- •NIST CSF: Identify, Protect, Detect, Respond, Recover
- •ISO 27001 is the international standard for information security management
- •AICPA offers SOC for Cybersecurity examination reporting
Exam Tip
Memorize the five NIST CSF core functions in order — Identify, Protect, Detect, Respond, Recover — and understand what each encompasses.
Frequently Asked Questions
Related Topics
Network Security
Network security encompasses the technologies, policies, and practices designed to protect the integrity, confidentiality, and availability of computer networks and data.
IT Risk Assessment
IT risk assessment is the process of identifying, analyzing, and evaluating risks to an organization's information technology assets, systems, and data.
Test your knowledge
Practice scenario-based questions on this topic with detailed explanations.