Information Security Frameworks

By February 5, 2021 No Comments

* Guilherme Almeida

a information security framework it is a series of processes that are used to define policies and procedures around the implementation and continuous management of information security controls in a corporate environment.

These charts are basically a “model” for building an information security program to manage risks and reduce vulnerabilities. Information security professionals can use these structures to define and prioritize the tasks necessary to improve security in an organization.

NIST Framework

 The framework of NIST security, also called in English NIST Cyber Security Framework, provides a framework, based on existing standards, guidelines and practices for private sector in the United States to better manage and reduce cyber security risk. The NIST Cybersecurity Framework consists of three main components:

Core: a set of desired cybersecurity activities and results, using common language that is easy to understand. It guides organizations in managing and mitigating cybersecurity risks.

Profile: the exclusive alignment of an organization with its organizational requirements and objectives, appetite for risk and resources with the desired results of the core of the structure. Profiles are used primarily to identify and prioritize opportunities to improve security standards.

Tiers: Provides context on how an organization views cybersecurity risk management.

CIS Framework

Center for Internet Security, Inc. (CIS®) is a community-driven, nonprofit organization responsible for CIS controls and CIS benchmarks ™, globally recognized best practices for protecting IT systems and data.

The CIS is home to the Multi-State Information Analysis and Sharing Center® (MS-ISAC®), a trusted resource for preventing, protecting, responding and recovering from cyber threats to U.S. state, local, tribal and territorial government entities, and the Election Infrastructure Information Analysis and Sharing Center® (EI-ISAC®), which supports the rapidly changing cybersecurity needs of US cybersecurity offices. It is possible to bring significant results to the company and avoid risks and losses in corporations because the lack of protection of data and information in a company or corporation has a negative impact on these issues.


 From the aspects verified in the last topics, it is already possible to assert the importance of an information security framework that helps the manager to contemplate such sector with the best protection practices.

This intelligence is essential to establish layers of information security, which fight from small attacks to more daring attempts at hacker invasions or even possible malicious conduct by a malicious employee.

* Guilherme Almeida is Cybersecurity Manager at Safeway

Regarding the [SAFEWAY]

SAFEWAY is an Information Security company, recognized by its customers for offering high value added solutions through Information Security projects that fully meet business needs. During these years of experience, we have proudly accumulated several successful projects that have earned us credibility and prominence in our clients, which constitute in large part the 100 largest companies in Brazil.

Today through more than 22 strategic partnerships with global manufacturers and our SOC, SAFEWAY is considered a one stop shopping with the best technology solutions, processes and people.

Let's make the world a safer place to live and do business!