Which security framework is right for you?

Technology Insights
Which security framework is right for your business?

With significant data breaches and cyberattacks making headlines almost on a daily basis, many organisations have realised the need for more effective security measures.

Any breach or attack can result in significant harm to an organisation’s reputation and their customers, as well as resulting in regulatory fines, lawsuits and lost business.

Every security frameworks presents a different approach to how to securely manage organisational dataMany organisations from varying industries are looking for guidance when implementing a cyber security strategy. Organisations in the Energy market can follow the Australian Energy Sector Cyber Security Framework (AESCSF), however, there is not always a specific security framework for every industry.

Organisations have a variety of established frameworks from which to choose from and knowing which one to select can be overwhelming and a serious challenge.

The diversity in security frameworks is necessary to an extent, as organisations can vary significantly in size and have many different functions and many different types of data. Although, without understanding the advantages and disadvantages of each security framework, organisations cannot confidently know which one is right for them.

Below are commonly used security frameworks in Australia across various industries:

  • International Organisation for Standardisation (ISO) 27001/27002
  • National Institute of Standards and Technology cyber security framework (NIST CSF)
  • Centre for Internet Security Top 20 Critical Security Controls (CIS CSC)
  • Australian Government Information Security Manual and the Essential Eight Strategies to Mitigate Cyber Security Incidents
  • Cloud Security Alliance Cloud Controls Matrix (CSA CCM)
  • Payment Card Industry Data Security Standard (PCI DSS)

security_fraud_risk_asset_4.pngEach of these security frameworks presents a different approach to how to securely manage organisational data.

Engaging with a cyber security consultant can assist with determining which framework is the best for different types of firms, making the selection process easier and ultimately improving the security for organisations and their customers.

If you require further information about security frameworks, please get in touch with your local RSM office.

This article was adapted from an article published on the RSM US website on 15 March 2019.


Darren Booth
National Head of Cyber Security and Privacy Risk Services

Subscribe to Risk Insider to stay up to date with the latest in Technology, Fraud and Security.