The Cyber Security Framework guides overall Cyber Security Program at CPA Global by utilizing business drivers and considering cyber security risks as part of overall risk management process. It also provides governance and structure to cyber security management by assembling cyber security policies, standards, guidelines, and practices.
Cyber Security Framework applies equally to all CPA Global office locations and users worldwide, including employees, contractors, vendors, service providers, partners, affiliates, and third parties.
Cyber security Framework guides the overall cyber security program at CPA Global with the objective to:
The Framework relies on leading cyber Security standards (NIST, ISO 27001 etc.) and guidelines to enable adoption of established, effective cyber security practices. Also, the Framework is technology neutral and promotes extensibility and technical innovation.
Key Performance Indicators
The key performance indicators of Cyber Security Framework are:
Cyber Scurity framework is structured into four core components as per the following:
I. Organizational Parameters:
Organizational Parameters comprise of components that ensure Cyber Security Program is aligned to business strategy, objectives, enterprise risks, compliances and client/market requirements etc. Organizational parameters establish the alignment of cyber security initiatives with business requirements through Organizational Drivers, Enterprise Risk Management and Cyber Risk Reporting.
II. Cybersecurity Governance:
Cybersecurity Governance monitors operationalization of developed policies and procedures. It ensures processes are in place to support compliance of cybersecurity initiatives with applicable privacy laws, regulations and to assess implementation of the framework. The two bodies responsible for cyber security governance are cyber security council and cyber security team.
III. Cyber Security Principles:
Cyber Security Principles that guide the implementation of cybersecurity activities by organizing information, enabling risk management, addressing threats and continuous learning from cyber threats/events are Identify, Detect, Protect, Respond and Recover. Key activities covered under each principle includes:
This includes execution of cybersecurity principles, related cyber activities to ensure adequate security posture is maintained and existing cyber capacities are enhanced. Cyber Assurance includes Secured Development, Hosting, Operations and Maintenance, Information Security Management System (ISMS), SOC2 Attestations, Security Testing and Cyber Security Risk Assessment and KPIs reporting.
Cyber Transformation includes business need, requirement based self-assessment to assess and develop current and target cyber security maturity levels, prioritization of cyber security improvement areas and Cyber Security Roadmap.