What is a Cybersecurity Framework? (ISO 27110)

standards cybersecurity framework iso-27000 iso-27110
standards cybersecurity framework iso-27000
Deutsch
Cybersecurity Framework ISO 27110

CyberSecurity Standards: ISO/IEC TS 27110:2021

ISO and IEC

ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) are responsible for worldwide standards. National bodies that are members of ISO or IEC participate in the development of international standards through technical committees established by the respective organization for specific technical areas of activity.

Contents of ISO/IEC TS 27110:2021 (ISO 27110)

To address the challenge posed by the constant evolution of cyber threats, business groups, government agencies and other organizations are creating documents and tools called cyber security frameworks.

The goal: Protecting individual users and organizations.

These organizations that create the cybersecurity frameworks are simply called “creators”. The current range of cybersecurity frameworks and creators is diverse and varied. Organizations using these cybersecurity frameworks face the challenge of integrating different definitions and general conceptual structures into their security policies.

The goal of ISO/IEC TS 27110 is to ensure that a minimum set of concepts is used to define cybersecurity frameworks in order to reduce the burden on cybersecurity framework creators and users.

Requirements for an ISMS, or “information security management system”, are addressed in ISO/IEC 27001 (the famous ISO 27001).

The principles of ISO 27110 are:

  • Flexibility, so that multiple types of cybersecurity frameworks can exist
  • Compatibility, so that multiple cybersecurity frameworks can be aligned with each other
  • Interoperability, so that cybersecurity frameworks can be interchanged.

ISO 27110 addresses those creators of cybersecurity frameworks.

Contents of a Cybersecurity Framework

For those familiar with the NIST Cybersecurity Framework, this will look very familiar.

Identify, Protect, Detect, Respond, Recover

Identify

The activities in the Identify function provide the foundation for effective use of the cybersecurity framework.

Examples of outcome categories within this function are:

  • asset management,
  • business environment,
  • governance,
  • risk assessment,
  • and risk management strategies.

Protect

This is about developing and implementing appropriate protective measures to ensure the delivery of critical services.

The Protect function is intended to help limit or mitigate the impact of a cybersecurity event. Examples of outcome categories within this function include:

  • Identity management and access control,
  • awareness and training,
  • data security,
  • information protection processes and procedures,
  • maintenance,
  • and general protection technology.

Detect

This function is about developing and implementing appropriate activities to detect the occurrence of a cybersecurity event.

This function enables the timely detection of cybersecurity events. Examples of outcome categories within this function include:

  • Anomalies and events,
  • continuous monitoring,
  • and general detection processes.

Respond

“Respond” is about developing and implementing appropriate actions in response to a detected cybersecurity incident: how does one proceed in such an event?

What does

  • response planning,
  • communication,
  • analysis,
  • and mitigation

look like?

Recover

The recovery function enables the timely restoration of normal (business) operations to mitigate the impact of a cybersecurity incident.