The ISO 27032 specification provides a framework for addressing the establishment of trust, cooperation, exchange of information and technical guidance, ensuring the formation of an integrated system that brings together stakeholders in cyberspace. The cyber security framework consists of four areas:

1. The ban

By implementing measures and controls that limit and contain the impacts of potential cyber security events

2. Protection and detection

Where controls are applied to manage security and monitor security events in order to detect and protect them

3. Response and communication

It consists of measures to mitigate the negative elements and potential breaches related to cyber security

4. Recover and learn

Through procedures to restore systems and services related to the information technology system and corrective actions to reduce the likelihood of these accidents occurring again. Methodology for building a cyber security management system (ISO / IEC 270032: 2012) The cyber security system is built through four phases: Stage one: understanding the organization Understand the products and services provided to internal and external clients, security regulatory framework and collection Security documents with technical security measures in place, provided that this process is done by reviewing:

• Operations and functions include
• Departmental organizational charts
• The relationship of sites, operations, and dependencies
• Cyber security job descriptions
• Main actions
• Data centers and computer and communication rooms
• Including physical, environmental and others
• Computer facilities.
• Hardware (servers and storage systems)
• Communication systems
• Grids and Charts
• Storage location for discs, tapes, etc.
• Physical security including access control
• Cables, heating, air conditioning and fire protection devices
• Other computer related equipment
• High availability, clustering, disaster recovery solutions, and more for every server, system, storage device, and other equipment.
• Virtualization and load balancing
• Networking (LAN, WAN, etc.) and setting up connections
• Information security policies, strategies and procedures.
• Software
• Operating systems and systems software
• Databases
• Applications
• Other programs and systems
• Archiving storage policies and procedures
• Data files
• Software
• Spin frequency
• Other existing controls and policies such as ISO 27001 (IS0 / IEC27001: 2013).
• Current local legislation and regulatory requirements.
• Current document management procedures, corrective action procedures, preventive measures, operational risk procedures and internal audit procedures (if any).

The second stage: risk analysis The risk assessment will identify the surrounding and environmental events (internal and external) that could adversely affect the organization and its facilities by disruption as well as disasters, the damages that these events could cause, and the controls needed to prevent or reduce the effects of potential loss. Here are some types of threats that you can consider.

• Natural (such as earthquakes, floods, fires, etc.)
• Technology (such as power loss, communication failure, ICT infrastructure failure, viruses, information system security, hardware failure, etc.)
• Man-made (such as sabotage, major accidents / events, human errors, terrorism, operational errors, fraud, bad project management, etc.)
• Social Risk assessment will be applied to departmental processes, focusing on processes, activities and resources (systems, work area, technology, etc.)

The purpose of the risk assessment study in cyber security management will be: Identify internal and external threats, vulnerabilities, responsibilities, and exposure that could cause disruption, temporary or permanent disruption, or loss of high-priority operations, activities, resources, systems, and applications for the organization, including but not limited to:

• Internal resilience and infrastructure reliability (such as network vulnerabilities, sites, and personnel)
• External threats such as partner failure, weather conditions, natural disasters, accidents, and sabotage
• Threats from other interconnected networks
• Identify concentrations of hazards and points of failure (including individual points of failure) and weaknesses in all resources required to continue operating for each critical activity
• Determine the likelihood (likelihood or frequency) of a threat, exposure and vulnerability to identified threats and assess their impact on network operation and services provided, taking into account identified weaknesses and vulnerabilities
• Provide a basis for the organization’s risk mitigation program and management control program and action plan.

Project risk assessment approach Once the key processes and activities important to the mission, services, resources, etc. are identified, and their business values are defined, our risk assessment approach will include the following steps:

• Step 1 – Identify and Identify Threats
• Step 2 – Identify and characterize existing protection and mitigation measures
• Step 3 – Identify and distinguish weaknesses
• Step 4 – Estimate the possibilities and consequences
• Step 5 – Assess and evaluate risks

Risk assessment considerations may include:

• Recurrence of certain types of disasters (often or rarely)
• Rapid appearance (suddenly or gradually)
• The levels of redundancy present and required throughout the organization to accommodate critical systems and functions, incorporate typical options for risk mitigation
• Avoid risks
• Accept the risks
• Control of risks

The third stage: the cyber security plan At this stage, and thanks to the work that was carried out in the previous stages, a plan will be developed that allows knowledge of the priorities and measures that must be developed to achieve cyber security requirements. This plan will face different strategies that have to be applied at different levels of the organization, including:

• Cyber security policies
• Define roles and responsibilities
• Technical controls

The main areas to be considered include

• Resource options
• Related high-level systems, technologies and infrastructure
• Major suppliers and third parties

Provide recommendations for improvements to the infrastructure, systems, applications, technologies, interfaces, architecture, network, and resources of cyber security management:

• Improved application and system availability (for example, automatic failover where evidence is located)
• Site infrastructure optimization (such as UPS, cooling, security, etc.).

The fourth stage: implementation The stage that usually requires the greatest effort, as all the procedures specified in the previous stages will be reflected and aims to oblige everyone who implements them to be proactive in security measures, with a great focus on prevention mechanisms in operations that use cyberspace. This stage will then focus on implementing Controls that must take into account the level of maturity in current security management, application of security policies, implementation of correct frameworks for information exchange, ensuring the implementation of employee awareness plans, application of electronic phishing systems, monitoring of information and communication technology, with additional controls including application control, data validation, protection from attacks and operations Server level controls, patch management, monitoring, periodic reviews and security checks. Operating system updates, antivirus, tools, and security settings.