Confidentiality. Integrity. Availability.
A cybersecurity framework is a set of practices, policies, and procedures that help an organization to create an effective security program. Key concepts for Cybersecurity is starting with a framework. There are plenty of pre-built frameworks available to guide you based on your industry, like NIST, PCI, HIPAA, ISO and more. But before you go there, and maybe before you even pick one, you should start with the Three Rules or Three. The first set starts with Confidentiality, Availability, and Integrity. This is the fine balancing act for Cybersecurity, also known as the “bedrock principle for Cybersecurity.” There’s no such thing as perfect security, you can’t spend all resources on all three areas - so focusing on your specific business needs, and identifying which of these are most important to your business and the separate business units helps properly align Cybersecurity solutions with business outcomes.
If your an accounting firm integrity of data might be most important to you. If your an e-commerce company, then availability is critical. If you're in healthcare, confidentiality may be paramount. Start with the overall needs of the business as a whole, then drill down to the specific needs of each department or business unit. Striking the balance is also important from department to department.
