The CCB Cyberfundamentals Framework is a set of concrete measures to:
- protect data,
- significantly reduce the risk of the most common cyber-attacks,
- increase an organisation’s cyber resilience.
The requirements and guidance are complemented with the relevant insights included in NIST/CSF framework, ISO 27001/ISO 27002, IEC 62443 and the CIS Critical security Controls (ETSI TR 103 305-1).
The coding of the requirements corresponds with the codes used in the NIST CSF Framework. Since not all NIST CSF requirements are applicable, some codes that do exist in the NIST CSF framework may be missing.
The framework and the proportional approach of the assurance levels are validated by practitioners in the field and using anonymized real-world cyber-attack information provided by the federal Cyber Emergency Response Team (CERT.be -the operational service of the Centre for Cybersecurity Belgium).
The CCB Cyberfundamentals Framework is built around five core functions: identify, protect, detect, respond, and recover. These functions allow, regardless of the organization and industry, to promote communication around cybersecurity among both technical practitioners and stakeholders so that cyber-related risks can be incorporated into the overall risk management strategy of the organization.
- Identify:
Know important cyber threats to your most valuable assets. Essentially, you can’t protect what you don’t know exists. This function helps develop an organizational understanding of how to manage
cyber security risks related to systems, people, assets, data, and capabilities. - Protect:
The protect function focuses on developing and implementing the safeguards necessary to mitigate or contain a cyber risk. - Detect:
The purpose of the Detect function is to ensure the timely detection of cyber security events. - Respond:
The Respond function is all about the controls that help respond to cyber security incidents. The Respond function supports the ability to contain the impact of a potential cyber security incident. - Recover:
The Recover function focuses on those safeguards that help maintain resilience and restore services that have been affected by a cyber security incident.
To respond to the severity of the threat an organisation is exposed to, in addition to the starting level Small, 3 assurance levels are provided: Basic, Important and Essential.
The starting level Small allows an organisation to make an initial assessment. It is intended for microorganisations or organisations with limited technical knowledge.
The assurance level Basic contains the standard information security measures for all enterprises. These provide an effective security value with technology and processes that are generally already available. Where justified, the measures are tailored and refined.
Building on the Basic level, security measures are supplemented to protect organisations from increased cyber risks to achieve a higher level of assurance.
The assurance level Important is designed to minimise the risks of targeted cyber-attacks by actors with common skills and resources in addition to known cyber security risks.
The assurance level Essential goes a step further to also respond to the risk of advanced cyber-attacks by actors with extensive skills and resources.
Several controls require particular attention; These measures are labelled as – key measure -.
The framework is a living document and will continue to be updated and improved considering the feedback received from stakeholders, evolving risk of specific cybersecurity threats, availability of technical solutions and progressive insight.
