Home » Cybersecurity Framework Establsihment
Category:
Analytix cybersecurity consulting service assists organisations to establish or improve their cybersecurity programmes.
Alignment with the Ìnternational Cybersecurity Framework
These services are aimed to assist organisations to effectively develop and implement the NIST Cybersecurity Framework.
Cybersecurity Framework
We provide the technical expertise and project management capabilities needed to build an efficient and effective cybersecurity framework that will provide your organisation with a “prioritised, flexible, repeatable, performance-based, and cost- effective approach” to manage cybersecurity risk for those processes, information, and systems directly involved in the delivery of critical infrastructure services.
The scope and structure of a cybersecurity framework establishment programme can vary, and our effort expended will be tailored to the needs of your organisation, while we will ensure that the essential elements of a cybersecurity framework be established that:
- Provide a common language for understanding, managing, and expressing cybersecurity risk both internally and externally
- Can be used to help identify and prioritize actions for reducing cybersecurity risk
- Serve as a tool for aligning policy, business, and technological approaches to managing cybersecurity risks
- Can be used to manage cybersecurity risk across entire organisation
- Can establish focus on the delivery of critical services within an organization
Applicability
Different types of entities – including sector coordinating structures, associations, and organizations – can use the NIST Cybersecurity Framework for different purposes, including the creation of common cybersecurity risk scores and profiles.
Our approach to cybersecurity programme design and establishment projects is based on the principles of the NIST Cybersecurity framework, and covers the full lifecycle of Cybersecurity framework implementation that makes provision for the following seven phases:
Step 1: Prioritize and Scope—Requests that organizations scope and prioritize business/mission objectives and high-level organizational priorities. This information allows organizations to make strategic decisions regarding the scope of systems and assets that support the selected business lines or processes within the organization.
Step 2: Orient—Provides organizations an opportunity to identify threats to, and vulnerabilities of, systems identified in the Prioritize and Scope step.
Step 3: Create a Current Profile—Identifies the requirement to define the current state of the organization’s cybersecurity program by establishing a current state profile.
Step 4: Conduct a Risk Assessment—Allows organizations to conduct a risk assessment using their currently accepted methodology. The information used from this step in the process is used in Step 5.
Step 5: Create a Target Profile—Allows organizations to develop a risk-informed target state profile. The target state profile focuses on the assessment of the Framework Categories and Subcategories describing the organization’s desired cybersecurity outcomes.
Step 6: Determine, Analyze, and Prioritize Gaps—Organizations conduct a gap analysis to determine opportunities for improving the current state. The gaps are identified by overlaying the current state profile with the target state profile.
Step 7: Implement Action Plan—After the gaps are identified and prioritized, the required actions are taken to close the gaps and work toward obtaining the target state.
The NIST Cybersecurity Framework (CSF) provides an assessment mechanism that enables organisations to determine their current cybersecurity capabilities, set individual goals for a target state, and establish a plan for improving and maintaining cybersecurity programs.
Cybersecurity Professional Programme – The Cybersecurity Nexus (CSX)
ISACA has developed a new security knowledge platform and cybersecurity professional programme. The Cybersecurity Nexus (CSX), developed in collaboration with cybersecurity experts from leading companies around the world, supplies cutting-edge thought leadership, training and certification programs for professionals who are leading cybersecurity to the future.
As part of the knowledge, tools and guidance provided by CSX, ISACA has developed a guide for implementing the NIST Framework for Improving Critical Infrastructure Cybersecurity (the Cybersecurity Framework, or CSF).
CSF Components
The Framework provides a uniform guide to managing cybersecurity programme. This includes industry-driven standards, best practices and implementation measures to manage cybersecurity risks to information technology and operational technology.
The CSF is a risk-based approach to managing cybersecurity risk and is comprised of three parts:
- Framework Core
- Framework Implementation Tiers and the
- Framework Profiles.
Each CSF component reinforces the connection between business drivers and cybersecurity activities.
The Framework provides:
- A common structure for managing cybersecurity risk
- Help to identify and understand your organisation’s dependencies with its business partners, vendors, and suppliers
- A platform that will allow you to coordinate cybersecurity risk within your industry and sector for the delivery of critical infrastructure services.
The Framework places cybersecurity activities into five functions
- Identify
- Protect
- Detect
- Respond, and
- Recover.
Organisations should implement capabilities in each of these areas.
Not a Replacement for ISO 27001
The Framework complements, and does not replace, an organization’s risk management process and cybersecurity program. The organization can use its current processes and leverage the Framework to identify opportunities to strengthen and communicate its management of cybersecurity risk while aligning with industry practices. Alternatively, an organization without an existing cybersecurity program can use the Framework as a reference to establish one.
The outcomes in the Core will help your managenment to answer the following questions:
- What people, processes and technologies are essential to provide the right services to the right stakeholders?
- What do we need to do to protect those assets from the cybersecurity risks discovered in the Identify function?
- What detection capability can we implement to recognize potential or realized risk to organizational assets from identified cybersecurity risk?
- What cybersecuirty response and recovery activities are appropriate and necessary to continue operations (albeit diminished) or restore services described above?
The NIST Cybersecurity Framework provides organizations with a number of benefits which lead to a stronger cybersecurity posture. These benefits include:
- Describe their current cybersecurity posture
- Describe their target state for cybersecurity
- Identify and prioritize opportunities for improvement within the context of a continuous and repeatable process
- Assess progress toward the target state
- Communicate among internal and external stakeholders about cybersecurity risk
Train Your Team In-house
Frequently Asked Questions
Use our FAQ to quickly find the answers to the most common questions asked by customers.
Why choose us?
We have over 22 years of experience in helping businesses and employees reach their potential with advanced skills and certifications, no matter what their industry or background experience.
All our services are bespoke, which means we offer the freedom and flexibility to create a solution specific to your industry & training needs.
We can use one or more of our services to deliver the outcome required to gain the maximum results for your business.
Specialist Consultancy Services
We offer a free introductory consultation service, to get an understanding of your organisation, your working environment & your training needs.
Our expertise & experience, combined with your working knowledge, delivers results that are practical & specific to your needs.
Training That Works
We have been involved in many differing, diverse & interesting projects & we have built relationships with organisations from varying industries & sizes. Our efficient, cost-effective and engaging training courses are designed for your company and team to improve the overall business performance and equip employees with up-to-date skills and knowledge.
Talk to us today, and let us help you develop your team with our bespoke training and consultancy services.
Do you only deliver training in Johannesburg?
No, we deliver training in all 9 provinces within South Africa. We have also delivery training in several countries such as Belgium, The Kingdom of Saudi Arabia, Togo, Zambia, Rwanda, Tanzania and Swaziland.
What are the minimum and the maximum number of candidates we can train in-house?
The minimum number of candidates required for in-house training is 6. With regard to the maximum number, this depends a little on the size of the training room you have available, but we normally say between 15 – 25.
Can you tailor the course to our specific requirements?
Yes, all of our courses can be tailored to your requirements. We will aim to refer to working examples within your business or industry.
Who are your clients?
Our clients come from companies and organisations of all sizes within the public and private sector. We work in most industries and have a proven track record of delivering high levels of customer satisfaction. See some of the names we have worked with here.

Instant Purchase in 4 easy steps!
- Pay with card
- Receive an instant download link
- Click on the download link
- Files download straight to your PC