Overslaan naar inhoud

CyberFundamentals Framework

Discover how Brainframe can help you to implement and manage your CyberFundamentals compliance efforts effectively

Demo aanvragen

CyberFundamentals 

The CyberFundamentals Framework, developed by Belgium's Centre for Cybersecurity, is designed to reduce cyber risks and enhance resilience against common threats. Brainframe helps you align with some requirements of this framework by offering an Information Security Management System (ISMS). The framework is divided into levels (Small, Basic, Important, Essential) tailored to various organizational needs, enabling a step-by-step enhancement of security measures. For more information on the CyFun framework, visit their official website.


Demo aanvragen

The CyberFundamentals framework is structured around five core functions designed to provide a holistic approach to cybersecurity risk management. These functions—Identify, Protect, Detect, Respond, and Recover—work together to help organizations assess and mitigate risks, enhance resilience, and maintain operational continuity in the face of cyber threats. This structured approach ensures that both technical and non-technical stakeholders can align cybersecurity measures with broader organizational objectives, facilitating clear communication and effective decision-making across all levels.

Available packages

Small

The "Small" assurance level provides a basic starting point for organizations to evaluate their cybersecurity posture. It is specifically designed for micro-enterprises or those with minimal technical expertise, allowing them to perform an initial assessment of their current security practices and identify key areas for improvement. This level is ideal for those beginning their cybersecurity journey, providing simple and essential measures that are accessible without advanced technical knowledge

Basic

The "Basic" assurance level includes standard cybersecurity measures that are suitable for all types of enterprises. It provides essential protection by utilizing commonly available technologies and processes to enhance security. These measures are designed to deliver effective security value without requiring specialized resources, and they can be adapted and refined as needed to fit specific organizational contexts. This level is ideal for companies that want to establish a solid foundation of security practices.

Important

The "Important" assurance level aims to significantly reduce the risk of  cyber-attacks carried out by adversaries with moderate skills and resources, while addressing common cybersecurity threats. It is crafted to protect organizations from more sophisticated threats beyond those mitigated by basic security measures, providing an additional layer of defense against actors capable of launching targeted attacks. This level enhances an organization’s resilience by focusing on known risks and emerging threats.

Essential

The "Essential" assurance level takes cybersecurity further by focusing on mitigating risks from advanced cyber-attacks conducted by highly skilled and well-resourced adversaries. It is designed to protect against sophisticated threats that require a comprehensive set of security measures, ensuring that the organization is resilient against attackers with extensive capabilities. This level offers robust safeguards for defending against complex cyber-attacks, making it suitable for organizations that need the highest level of security.


CyberFundamentals Best Practices

Framework Familiarization

Familiarize yourself with the CyFun® framework, particularly its assurance levels, and align the implementation to the specific industry’s needs. you should also document the roles, responsibilities, and authorities involved in cybersecurity, covering both internal teams and third parties, ensuring proper customization and accountability in the implementation process. 

Initial assessment


Begin with an initial assessment by ensuring your organization has an up-to-date inventory of all physical devices, software, and third-party systems. You should also identify critical resources, dependencies, and roles within the supply chain to understand the business environment comprehensively.

Gap Analysis

 

Consultants should conduct a gap analysis to compare the client's current cybersecurity posture against the CyFun "Important" assurance level, including a risk assessment of hardware, software, personnel, and data. Based on the findings, they need to develop a risk management strategy, prioritizing key risks and responses, and actively involve both internal and external stakeholders in the process.

Framework Implementation

Establish cybersecurity policies that align with CyFun controls, including policies on access control, data protection, and third-party management. Implement technical safeguards, such as network segmentation, firewalls, and multi-factor authentication (MFA) for critical systems. Define and manage access permissions following the principles of least privilege and separation of duties, ensuring robust identity management and monitoring.

Training and Awareness

Consultants should ensure that the organization provides cybersecurity training for all employees, including privileged users, external stakeholders, and third-party providers, covering their roles in protecting information assets. Additionally, they should organize cybersecurity awareness campaigns and conduct simulation exercises, such as phishing drills and incident response tests, to improve awareness and enhance the organization's response capabilities.

Ongoing Assessment and Improvement

Consultants should help set up ongoing audits and vulnerability scans to continuously identify system weaknesses, with key performance indicators established to measure implementation success. They should also assist in developing incident response and recovery plans, ensuring these plans are regularly tested with all relevant stakeholders to maintain preparedness.

Compliance and Reporting

Consultants should ensure the organization complies with all legal, regulatory, and framework-specific obligations, implementing regular reviews of the risk management process. They should also provide clients with ongoing reports and updates regarding the framework's implementation status and identified risks, ensuring key decision-makers remain well-informed throughout the process.

Brainframe overzicht

Vermogensbeheer

Met Brainframe kunt u een uitgebreide inventaris van uw bedrijfsmiddelen bijhouden en deze naadloos koppelen aan de processen die ze ondersteunen. U kunt aan elk bedrijfsmiddel een kriticiteitsniveau toekennen, zodat u de belangrijkste middelen van uw organisatie effectief kunt prioriteren en beheren.

Risicobeheer​

Brainframe stelt je in staat om risico's te definiëren voor elk bedrijfsmiddel of proces, hun kriticiteitsniveau te bepalen, plannen te maken voor risicobeperking en deze te prioriteren, en biedt een uitgebreid overzicht van al je risico's in een gecentraliseerd dashboard.

Beleidsbeheer

Maak gebruik van de uitgebreide sjablonen van Brainframe om op efficiënte wijze de beleidsregels en procedures te ontwikkelen die door DORA worden vereist. Wijs specifieke rollen en verantwoordelijkheden toe aan het management en zorg ervoor dat zij actief betrokken zijn bij en verantwoording afleggen voor het beleids- en besluitvormingsproces.

Maturiteitsmanagement

Breng uw controles in kaart met hun vereisten en volg het volwassenheidsniveau van uw compliance frameworks. Dankzij de diepgaande integratie met de task manager kunt u uw voortgang laten zien en de efficiëntie van uw audits verbeteren.


Achieve CyberFundamentals 

compliance with Brainframe

While Brainframe addresses many of the requirements outlined in the CyberFundamentals framework, it does not claim full compliance with the CyFun Framework. For detailed information on how Brainframe aligns with CyberFundamentals, please contact us or visit our CyFun terms and conditions.

Self-hosted solution

Brainframe kan naadloos worden geïmplementeerd op uw infrastructuur op locatie, waardoor u volledige controle heeft over uw gegevens en systemen. Deze implementatieoptie zorgt ervoor dat u voldoet aan het interne beveiligingsbeleid en de wettelijke vereisten, terwijl het dezelfde krachtige functies en mogelijkheden biedt als de cloudgebaseerde oplossingen van Brainframe. Met on-premises implementatie kunt u het platform aanpassen aan uw unieke omgeving, zodat u verzekerd bent van optimale prestaties en integratie met bestaande infrastructuur.

Cloud solution

Brainframe is beschikbaar als cloud-gebaseerde oplossing en biedt flexibiliteit en schaalbaarheid zonder dat complex infrastructuurbeheer nodig is. Deze implementatieoptie zorgt voor een snelle implementatie en automatische updates, terwijl de hoogste niveaus van beveiliging en compliance gehandhaafd blijven. Met Brainframe in de cloud heeft u overal toegang tot het platform, wat naadloze samenwerking mogelijk maakt en ervoor zorgt dat uw organisatie veerkrachtig en up-to-date blijft met minimale overhead.

Here is how Brainframe can help you with some of the CyberFundamentals requirements:

Audit trail

Brainframe zorgt voor een uitgebreid en geautomatiseerd controlespoor door alle acties, wijzigingen en updates binnen het systeem vast te leggen. Gebruikersactiviteiten, beleidswijzigingen, risicobeoordelingen en nalevingsmaatregelen worden bijgehouden, waardoor een duidelijke documentatie met tijdstempel ontstaat. Dit gedetailleerde controletraject vereenvoudigt niet alleen interne en externe audits, maar zorgt ook voor transparantie, verantwoording en afstemming op wettelijke vereisten zoals DORA.

KPIs

Brainframe maakt uitgebreide KPI-monitoring mogelijk en biedt een gecentraliseerd dashboard voor het bijhouden van belangrijke prestatiecijfers voor verschillende afdelingen of productlijnen. Het biedt realtime inzichten voor verschillende belanghebbenden en zorgt voor duidelijk inzicht in de voortgang en prestaties. Deze gestroomlijnde aanpak vergemakkelijkt datagestuurde besluitvorming en helpt bij het afstemmen op organisatorische doelen en compliance-eisen.

Integrations

 Brainframe ondersteunt naadloze integraties met je bestaande systemen (SharePoint, JIRA, Monday.com,...)  waardoor je eenvoudig documenten en dossiers kunt importeren. Dit zorgt voor een soepele overgang door alle relevante bestanden binnen het platform te centraliseren, handmatig werk te verminderen en consistentie te behouden. Door uw huidige documentworkflows te integreren, helpt de software processen te stroomlijnen en de efficiëntie in uw organisatie te verbeteren.

Wil je meer weten?

Book a call to find out more on how we can help you achieve and manage your compliance with CyberFundamentals.

Demo aanvragen

Begin nu gratis!

Streamline your GRC work using our all-in-one management solution and get access to our network of local specialists

Start your free account