The assurance level Basic contains the standard information security measures for all enterprises. These provide an effective security value with technology and processes that are generally already available. Where justified, the measures are tailored and refined.
The assurance level Important is designed to minimise the risks of targeted cyber-attacks by actors with common skills and resources in addition to known cyber security risks.
The Cyberfundamentals Framework is a set of concrete measures to:
- protect data,
- significantly reduce the risk of the most common cyber-attacks,
- increase an organisation's cyber resilience.
The framework is based on and linked with 4 commonly used cybersecurity frameworks: NIST CSF, ISO 27001 / ISO 27002, CIS Controls and IEC 62443.
It uses the functions of any cybersecurity framework.
The levels and key measures
To respond to the severity of the threat an organization is exposed to, in addition to the starting level Small, 3 assurance levels are provided: Basic, Important and Essential.
Based on our historical data, retro-fitting was done on successful cyber-attacks using anonymized data. The conclusion is that:
- measures in assurance level Basic are able to cover 82% of the attacks,
- measures in assurance level Important are able to cover 94 % of the attacks,
- measures in assurance level Essential are able to cover 100% of the attacks.
Based on these attacks, key measures were identified at each level to prioritize the countermeasures to protect against the known cyberattacks relevant for that assurance level.
To facilitate the use of the Cyberfundamentals Framework, several tools are provided to assist in the implementation of the framework:
- CyFun Selection Tool is a tool for risk assessment resulting in a well-informed selection of the appropriate Cyber Fundamentals Assurance Level.
- CyFun Self-Assessment tool is a MS Excel format tool to prepare self-assessment and includes spider diagrams to support management reporting.
- CyberFundamentals Framework mapping provides an overview of the requirements and links with the frameworks in a MS Excel-format.