Se rendre au contenu

CyberFundamentals Framework

Discover how Brainframe can help you to implement and manage your CyberFundamentals compliance efforts effectively

Demandez une démo

CyberFundamentals 

The CyberFundamentals Framework, developed by Belgium's Centre for Cybersecurity, is designed to reduce cyber risks and enhance resilience against common threats. Brainframe helps you align with some requirements of this framework by offering an Information Security Management System (ISMS). The framework is divided into levels (Small, Basic, Important, Essential) tailored to various organizational needs, enabling a step-by-step enhancement of security measures. For more information on the CyFun framework, visit their official website.


Demandez une démo

The CyberFundamentals framework is structured around five core functions designed to provide a holistic approach to cybersecurity risk management. These functions—Identify, Protect, Detect, Respond, and Recover—work together to help organizations assess and mitigate risks, enhance resilience, and maintain operational continuity in the face of cyber threats. This structured approach ensures that both technical and non-technical stakeholders can align cybersecurity measures with broader organizational objectives, facilitating clear communication and effective decision-making across all levels.

Available packages

Small

The "Small" assurance level provides a basic starting point for organizations to evaluate their cybersecurity posture. It is specifically designed for micro-enterprises or those with minimal technical expertise, allowing them to perform an initial assessment of their current security practices and identify key areas for improvement. This level is ideal for those beginning their cybersecurity journey, providing simple and essential measures that are accessible without advanced technical knowledge

Basic

The "Basic" assurance level includes standard cybersecurity measures that are suitable for all types of enterprises. It provides essential protection by utilizing commonly available technologies and processes to enhance security. These measures are designed to deliver effective security value without requiring specialized resources, and they can be adapted and refined as needed to fit specific organizational contexts. This level is ideal for companies that want to establish a solid foundation of security practices.

Important

The "Important" assurance level aims to significantly reduce the risk of  cyber-attacks carried out by adversaries with moderate skills and resources, while addressing common cybersecurity threats. It is crafted to protect organizations from more sophisticated threats beyond those mitigated by basic security measures, providing an additional layer of defense against actors capable of launching targeted attacks. This level enhances an organization’s resilience by focusing on known risks and emerging threats.

Essential

The "Essential" assurance level takes cybersecurity further by focusing on mitigating risks from advanced cyber-attacks conducted by highly skilled and well-resourced adversaries. It is designed to protect against sophisticated threats that require a comprehensive set of security measures, ensuring that the organization is resilient against attackers with extensive capabilities. This level offers robust safeguards for defending against complex cyber-attacks, making it suitable for organizations that need the highest level of security.


CyberFundamentals Best Practices

Framework Familiarization

Familiarize yourself with the CyFun® framework, particularly its assurance levels, and align the implementation to the specific industry’s needs. you should also document the roles, responsibilities, and authorities involved in cybersecurity, covering both internal teams and third parties, ensuring proper customization and accountability in the implementation process. 

Initial assessment


Begin with an initial assessment by ensuring your organization has an up-to-date inventory of all physical devices, software, and third-party systems. You should also identify critical resources, dependencies, and roles within the supply chain to understand the business environment comprehensively.

Gap Analysis

 

Consultants should conduct a gap analysis to compare the client's current cybersecurity posture against the CyFun "Important" assurance level, including a risk assessment of hardware, software, personnel, and data. Based on the findings, they need to develop a risk management strategy, prioritizing key risks and responses, and actively involve both internal and external stakeholders in the process.

Framework Implementation

Establish cybersecurity policies that align with CyFun controls, including policies on access control, data protection, and third-party management. Implement technical safeguards, such as network segmentation, firewalls, and multi-factor authentication (MFA) for critical systems. Define and manage access permissions following the principles of least privilege and separation of duties, ensuring robust identity management and monitoring.

Training and Awareness

Consultants should ensure that the organization provides cybersecurity training for all employees, including privileged users, external stakeholders, and third-party providers, covering their roles in protecting information assets. Additionally, they should organize cybersecurity awareness campaigns and conduct simulation exercises, such as phishing drills and incident response tests, to improve awareness and enhance the organization's response capabilities.

Ongoing Assessment and Improvement

Consultants should help set up ongoing audits and vulnerability scans to continuously identify system weaknesses, with key performance indicators established to measure implementation success. They should also assist in developing incident response and recovery plans, ensuring these plans are regularly tested with all relevant stakeholders to maintain preparedness.

Compliance and Reporting

Consultants should ensure the organization complies with all legal, regulatory, and framework-specific obligations, implementing regular reviews of the risk management process. They should also provide clients with ongoing reports and updates regarding the framework's implementation status and identified risks, ensuring key decision-makers remain well-informed throughout the process.

Aperçu de Brainframe

Gestion des actifs

Brainframe vous permet de maintenir un inventaire complet de vos actifs, en les associant de manière transparente aux processus qu'ils soutiennent. Il vous permet d'attribuer un niveau de criticité à chaque actif, ce qui vous permet de hiérarchiser et de gérer efficacement les ressources clés de votre organisation.

Gestion des risques​

Brainframe vous permet de définir vos risques pour chaque actif ou processus, de déterminer leur niveau de criticité, de planifier et de prioriser leur mitigation, et offre une vue globale pour suivre tous vos risques dans un tableau de bord centralisé.

Gestion des politiques

Tirez parti des modèles complets de Brainframe pour élaborer efficacement les politiques et procédures exigées par DORA. Attribuer des rôles et des responsabilités spécifiques à la direction, en veillant à ce qu'elle participe activement au processus d'élaboration de la politique et de prise de décision et qu'elle en soit responsable.

Gestion de la maturité

Mappez vos contrôles avec leurs exigences et suivez le niveau de maturité de vos cadres de conformité. Grâce à l'intégration poussée avec le gestionnaire de tâches, vous pouvez montrer vos progrès et améliorer l'efficacité de vos audits.


Achieve CyberFundamentals 

compliance with Brainframe

While Brainframe addresses many of the requirements outlined in the CyberFundamentals framework, it does not claim full compliance with the CyFun Framework. For detailed information on how Brainframe aligns with CyberFundamentals, please contact us or visit our CyFun terms and conditions.

Self-hosted solution

Brainframe peut être mis en œuvre de manière transparente sur votre infrastructure sur site, offrant un contrôle total sur vos données et vos systèmes. Cette option de déploiement garantit la conformité avec les politiques de sécurité internes et les exigences réglementaires, tout en offrant les mêmes fonctions et capacités puissantes que les solutions Brainframe basées sur le cloud. Avec la mise en œuvre sur site, vous pouvez adapter la plateforme à votre environnement unique, en garantissant des performances optimales et l'intégration avec l'infrastructure existante.

Cloud solution

Brainframe est disponible en tant que solution basée sur le cloud, offrant flexibilité et évolutivité sans nécessiter une gestion complexe de l'infrastructure. Cette option de déploiement garantit une mise en œuvre rapide et des mises à jour automatiques, tout en maintenant les plus hauts niveaux de sécurité et de conformité. Avec Brainframe dans le nuage, vous pouvez accéder à la plateforme de n'importe où, ce qui permet une collaboration transparente et garantit que votre organisation reste résiliente et à jour.

Here is how Brainframe can help you with some of the CyberFundamentals requirements:

Piste d'audit

Brainframe assure une piste d'audit complète et automatisée en enregistrant toutes les actions, modifications et mises à jour effectuées dans le système. Il suit les activités des utilisateurs, les modifications des politiques, les évaluations des risques et les mesures de conformité, en fournissant une documentation claire et horodatée. Cette piste d'audit détaillée simplifie non seulement les audits internes et externes, mais garantit également la transparence, la responsabilité et l'alignement sur les exigences réglementaires telles que DORA.

KPIs 

Brainframe permet un suivi complet des indicateurs clés de performance, en fournissant un tableau de bord centralisé pour le suivi des indicateurs clés de performance à travers les départements ou les lignes de produits. Il offre des informations en temps réel aux différentes parties prenantes, garantissant une visibilité claire des progrès et des performances. Cette approche rationalisée facilite la prise de décision fondée sur les données et contribue à maintenir l'alignement sur les objectifs de l'organisation et les exigences de conformité.

Intégrations

 Brainframe prend en charge les intégrations transparentes avec vos systèmes existants (SharePoint, JIRA, Monday.com), ce qui vous permet d'importer facilement des documents et des dossiers. Cela garantit une transition en douceur en centralisant tous les fichiers pertinents au sein de la plateforme, en réduisant le travail manuel et en maintenant la cohérence. En intégrant vos flux de documents actuels, le logiciel contribue à rationaliser les processus et à améliorer l'efficacité au sein de votre organisation.

Vous souhaitez en savoir plus ?

Book a call to find out more on how we can help you achieve and manage your compliance with CyberFundamentals.

Demandez une démo

Commencez gratuitement maintenant !

Streamline your GRC work using our all-in-one management solution and get access to our network of local specialists

Start your free account