Which cybersecurity framework is the best one to use for an organization?  This is one of the most frequently asked questions when embarking on the cybersecurity journey.  Often, the answer falls quite unsatisfyingly along the explanatory lines about how there is no one-size-fits-all solution, and how there are advantages and disadvantages to each.  The hardest part for the cybersecurity professional is the thought that the only way to figure it out is to study each framework, and then see which one applies best.  That is a monumental undertaking, and it frequently results in a person suffering from confirmation bias, whereas they just chose one that with which they are slightly familiar, and then find supporting evidence to convince the C-Suite that it is the best one for the organization.

Now, as a result of the efforts of the Central Bank of Egypt (CBE), a lot of the work has been made easier.  The Egypt Financial Cybersecurity Framework uses the most common, and well-respected frameworks into one unified source.  Rather than attempting to cross-reference all the frameworks to each other, the CBE choses the best practices from each, creating a new document for use in the financial sector. In doing so, the CBE identified key areas of focus to tailor a cybersecurity framework to the unique requirements of the Egyptian financial sector.

The graphics that are provided in the CBE framework offer a brilliant snapshot of the highlights of all the sources. Five key functions are mapped to controls.  The framework also includes definitions and responsibilities for various roles, as well as team memberships. 

This framework will serve as the foundational guidance for cybersecurity capability development within this critical sector. This is the kick-off of a larger-scale effort by the CBE to (Read more...)