7eCSMTM SEVEN ELEMENTS CYBERSECURITY FRAMEWORK

GLESEC’s Seven Elements Cyber Security Model is a conceptual representation of the state of cyber security and cyber compliance of a client along with an alignment to a framework tproactively and responsibly address the client’s cyber security needs.

It is a non-technical representation of the state of cyber-security and cyber-compliance.

It addresses the most important parameters of cyber-security that senior management need to be aware of.

It produces an alignment of all the aspects of cyber-security and cyber-compliance from the top management to technical management.

It maps with all the GLESEC services and with NIST standards.

glesec-seven-elements

The elements are a cohesive, representative and connected components that work with each other in a meaningful way as described below.

risk

RISK

RISK is the foundational element of our model and it draws from the THREATS, VULNERABILITY and ASSETS Elements. An intelligent combination of GLESEC services allow for a measure of RISK which is identified, assessed and reported on GLESEC’s Orchestration platform (GMP).

threats

THREATS

GLESEC defines THREATS as the actions of Adversaries or Actors that can cause an impact to the organization. The Threat Element responds to the question of the level of threats your organization is being exposed to.

vulnreabilities

VULNERABILITIES

The Vulnerability Element of our model responds to the question, how vulnerable is your organization. This is based on testing the organization’ systems as part of a continuous lifecycle process to ensure proper handling of the identified vulnerabilities in a collaborative and effective way between the organization’s technology team and the one of GLESEC and reporting on GLESEC’s Orchestration platform (GMP).

compliance

COMPLIANCE

We built the model to create a balance between cyber-security and cyber-compliance. In this respect, the Compliance element is very important in order to provide the visibility to parameters that can respond to the level of alignment the client’s organization has to a certain standard or best-practice.

For COMPLIANCE we understand the testing, monitoring and alerting of deviations to the controls of specific set of standards.

Validation

validation

The VALIDATION Element responds to the question of the effectiveness of the security controls that the organization has deployed.

VALIDATION is defined as the testing using multiple attack vectors’ simulation of the defenses of an organization in a continuous fashion and/or as an immediate threat is identified.

assets

ASSETS

We define ASSETS as: (a) Systems connected to the network, (b) Applications installed in the organization. The identified assets (or baselined) should be classified according to the impact to the organization.

“We cannot protect what we don’t know exists, therefore, discovery of assets (systems and applications) is critical to having a sound cyber security practice”

access

ACCESS

We use the term ACCESS to define the monitoring and control of access to systems and applications including privileged users or administrators and privileged accounts and multi-factor authentication.