The Secure Controls Framework™ (SCF) focuses on internal controls. These are the cybersecurity & data privacy-related policies, standards, procedures, technologies and associated processes that are designed to provide reasonable assurance that business objectives will be achieved and undesired events will be prevented, detected and corrected. The concept is to address the broader People, Processes, Technology and Data (PPTD) that are what controls fundamentally exists to govern.
Using the SCF should be viewed as a long-term tool to not only help with compliance-related efforts but to ensure cybersecurity & data privacy principles are properly designed, implemented and maintained. The SCF helps implement a holistic approach to protecting the Confidentiality, Integrity, Availability and Safety (CIAS) of your data, systems, applications and other processes. The SCF can be used to assist with strategic planning down to tactical needs that impact the people, processes and technologies directly impacting your organization.
Ideally, the SCF can be used to address the “who, what where, when, why and how” for cybersecurity and data privacy at the strategic, operational and tactical levels within your organization!
This document is designed for cybersecurity & data privacy practitioners to gain an understanding of how the SCF is intended to be usedin their organization.
This “best practices” guide covers the following topics:
- Level setting what the SCF is and what it is not;
- Integrated Controls Management (ICM) approach to GRC;
- Leveraging the Cybersecurity & Data Privacy Capability Maturity Model (C|P-CMM);
- Leveraging the Cybersecurity & Data Privacy Risk Management Model (C|P-RMM); and
- Recommendations to tailor the control set for your needs to operationalize the SCF.
Views: 3
