The Information Security Model and the guidance on this site draws heavily on two widely used methods to manage cyber security: the ISACA Information Security Managment model and the NIST Cyber Security Framework (CSF).
The ISACA Domains
for Information Security Management
Governance
Controlling your program
Establishes the cybersecurity strategy, policies, and accountability framework to align security with business objectives and regulatory requirements.
Risk Management
Managing your asset’s risk
Identifies, evaluates, and mitigates cybersecurity risks to protect assets, ensuring informed decision-making and resilience.
The Program
How you protect your business
Designs, implements, and maintains the cybersecurity program, integrating controls, resources, and best practices to safeguard the organization.
Incident Response and Recovery
How you respond and recover
Prepares for, detects, and responds to security incidents, ensuring swift containment, investigation, and recovery to minimize impact and cost.
The NIST CSF
National Institute of Standards and Technolgy
Cyber Security Framework – utilized globally.
Identify
Catalog your assets
Understand and manage cybersecurity risks by identifying assets, vulnerabilities, and business impacts.
Protect
Implement controls
Implement safeguards, such as access controls and encryption, to secure assets and maintain operations.
Detect
Monitor for activity
Continuously monitor systems to quickly identify cybersecurity events and anomalies.
Respond
Develop a response plan
Take action against detected threats, containing incidents and mitigating damage.
Recover
Build recovery capability
Restore systems, data, and services after an incident to ensure business continuity and resilience.
Govern
The right amount of control for the program
Ensures that the cyber security program aligns with business objectives, legal requirements, and risk management. It covers leadership accountability, policies, roles, and oversight to drive a strong security culture and informed decision-making.