Читать книгу Networking All-in-One For Dummies - Lowe Doug, Doug Lowe - Страница 69

It’s tempting to think that all you need to do to secure your network is install a firewall, run antivirus software on all your computers, and back up all your data. Those are important first steps, but cybersecurity is much bigger than a checklist of things to do.

In fact, cybersecurity should be baked into your IT systems from the ground up. Every aspect of your system designs should take cybersecurity into account, not as an afterthought but from the very beginning. That includes your servers, storage platforms, desktop computers, network infrastructure (including switches, routers, firewalls, cables, and wireless networks), mobile devices, operating systems, software, and anything else that’s part of your IT environment.

It’s a daunting task, but fortunately you’re not alone in figuring out how to make cybersecurity a top priority in your IT organization. Plenty of resources are available to you — including standardized frameworks that can help you plan and implement your security environment.

There are plenty of cybersecurity frameworks to choose from. In fact, the top hit on a recent Google search for “cybersecurity frameworks” was a website that listed the 23 top cybersecurity frameworks. That’s a lot to choose from. Although most of these frameworks are similar, there are subtle differences.

Here are five of the most popular cybersecurity frameworks you may want to investigate:

 NIST: The NIST Cybersecurity Framework is probably the most commonly used framework in the United States. It’s governed by the National Institute of Standards and Technology (NIST). (For more information about this popular framework, refer to “The NIST Cybersecurity Framework,” later in this chapter.)

 ISO/IEC 270: This is the most popular international cybersecurity framework. For more information, browse to https://iso.org/isoiec-27001-information-security.html.

 ISA 62443: The International Society of Automation (https://isa.org) sponsors a series of standards known as ISA 62443, which comprise a flexible framework for managing security. For more information, see www.isa.org/technical-topics/cybersecurity/cybersecurity-resources.

 CIS-20: The Center for Internet Security (CIS) is an organization that provides a list of 20 cybersecurity controls that can be used as a framework for organizing your cybersecurity measures. For more information, see www.cisecurity.org/controls/cis-controls-list.

 COBIT: Sponsored by the Information Systems Audit and Control Association (ISACA), COBIT (which stands for Control Objectives for Information and Related Technologies) is one of the more popular cybersecurity frameworks. For more information, head to www.isaca.org/resources/cobit.