Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementTechnologies & SolutionsSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

The importance of a cybersecurity framework

By Jay Ryerse
Cyber Incident Recovery
October 5, 2020

Today, managed service providers (MSPs) face challenges around the clock from threat actors on a mission to infiltrate the data that MSP clients depend on for business survival. More often than not, these clients are unfamiliar with the risks that exist and assume their MSP provides cybersecurity as part of their service. While clients may assume that MSPs own the risk, there is an obligation to discuss risk ownership with clients and prospects. 

In order to address this, cybersecurity education and culture should be the driving factor for organizations. These objectives should also include an alignment of policies, procedures, tools, pricing models, support mechanisms and incident response. Establishing and using a framework can address these tasks and take the guesswork out of planning, education and roadmaps for service providers. 

 

What is a framework? 

A framework allows for standardization of service delivery that improves efficiency and margin. Many organizations implement frameworks to establish a common language among themselves and clients. For example, frameworks allow you to align conversations with customers on what they want “good” to look like. 

 

Why is having a cybersecurity framework so important? 

When it comes to cybersecurity, a framework serves as a system of standards, guidelines, and best practices to manage risks that arise in a digital world. A cybersecurity framework prioritizes a flexible, repeatable and cost-effective approach to promote the protection and resilience of your business. 

It’s important to realize that cybersecurity helps with the growth of your business. Using a framework to align controls like local, offline, and cloud backups will improve resilience from any attack or reliance on hardware. As an MSP, the extra work of building out a process will fall onto you, but will allow you to hold your clients accountable and vice versa.  

 

How do I know which framework to start with? 

In order to decide on a framework, you need to determine which one best aligns with your client’s needs or what the industry follows. While one framework might not fit your business specifically, cross-referencing competing frameworks can help you decide what you need to focus on. 

 

4 Cybersecurity Frameworks to Know

Identifying risks and understanding the proper actions to take can be difficult, even for a larger service provider. Fortunately, both government agencies and private industry have established frameworks for cybersecurity professionals designed to identify and close security gaps. 

 

1. The NIST Cybersecurity Framework (CSF)

The NIST CSF was developed by private industry experts and members of the National Institute of Standards and Technology (NIST), a federal agency within the U.S. Department of Commerce. Using existing guidelines, standards, and practices, the NIST CSF focuses on five core functions: Identify, Protect, Detect, Respond and Recover. These categories cover all aspects of cybersecurity, which makes this framework a complete, risk-based approach to securing almost any organization. 

 

2. Center for Internet Security (CIS)

CIS, built in the late 2000s, was created by an international, grass-roots consortium to develop a framework that protects companies from cybersecurity threats. It is made up of 20 controls that are updated regularly by experts from many fields, including academia, government and industry. CIS is ideal for organizations who want to start with one step at a time. The CIS process is divided into three groups. You begin with the basics, then move into foundational, and finally, organizational. CIS is also a great option if you want an additional framework that is capable of coexisting with other, industry-specific compliance standards (such as HIPAA). 

 

3. ISO/IEC 27001

ISO 27001/27002, also known as ISO 27K, is an internationally recognized standard for cybersecurity published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). The framework assumes that organizations adopting ISO 27001 have an Information Security Management System (ISMS) in place. With that in mind, ISO/IEC 27001 requires management to systematically manage the organization’s information security risks, including threats and vulnerabilities. The framework then requires organizations to create and implement information security (InfoSec) controls that are both clear and comprehensive. The goal of these controls is to mitigate identified risks. From there, the framework recommends that organizations adopt a continuous risk management process. In order to be certified as ISO 27001-compliant, an organization must demonstrate their use of the “PDCA Cycle” to the auditor. 

 

4. MSP+ Cybersecurity Framework (CSF) 

The IT Nation Secure MSP+ Cybersecurity Framework provides the outline for a certification program for the MSP community. Based upon best practices and providing a journey of growth from baseline security elements to a repeatable and adaptive program, the MSP+ Cybersecurity Framework is designed as a resource to assess and enhance the cybersecurity posture and services provided by MSPs to their clients. The MSP+ Cybersecurity Framework is designed to serve as a verification and validation process to ensure that suitable levels of cybersecurity procedures and processes are in place along with the relevant cyber-hygiene to protect their own systems, services and data, as well as that of their clients. 

Outside the U.S., notable frameworks include Cyber Essentials (U.K.) and Essential 8 (Australia).

 

Making the Decision 

No one framework is better than the other, and each has its pros and cons. The important thing to note is that whichever framework you choose, it can help structure your offering. You should also acknowledge that this process cannot be done all at once or in one day. Focus on standardizing whichever framework aligns best for your business and your clients’ business and set a path to allow yourself to mature over time.

KEYWORDS: cyber security framework NIST cyber security framework risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Jay Ryerse, CISSP, is Vice President of Cybersecurity Initiatives at ConnectWise.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Enterprise Services
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

Internal computer parts

Critical Software Vulnerabilities Rose 37% in 2024

2025 Security Benchmark banner

Events

September 29, 2025

Global Security Exchange (GSX)

 

November 17, 2025

SECURITY 500 Conference

This event is designed to provide security executives, government officials and leaders of industry with vital information on how to elevate their programs while allowing attendees to share their strategies and solutions with other security industry executives.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • cyber_lock

    COVID-19 and the need for a national cyber director: How the response to the pandemic illustrates the importance of a leadership

    See More
  • D3FeND-NSA

    NSA funds development, release of D3FEND, a cybersecurity framework

    See More
  • Data Stream

    The Five Rings: Understanding the importance of physical security of colocation data centers as a fundamental service during COVID-19

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing