Which cybersecurity framework is the best one to use for an organization? This is one of the most frequently asked questions when embarking on the cybersecurity journey. Often, the answer falls quite unsatisfyingly along the explanatory lines about how there is no one-size-fits-all solution, and how there are advantages and disadvantages to each. The hardest part for the cybersecurity professional is the thought that the only way to figure it out is to study each framework, and then see which one applies best. That is a monumental undertaking, and it frequently results in a person suffering from confirmation bias, whereas they just chose one that with which they are slightly familiar, and then find supporting evidence to convince the C-Suite that it is the best one for the organization.
Now, as a result of the efforts of the Central Bank of Egypt (CBE), a lot of the work has been made easier. The Egypt Financial Cybersecurity Framework uses the most common, and well-respected frameworks into one unified source. Rather than attempting to cross-reference all the frameworks to each other, the CBE choses the best practices from each, creating a new document for use in the financial sector. In doing so, the CBE identified key areas of focus to tailor a cybersecurity framework to the unique requirements of the Egyptian financial sector.
The graphics that are provided in the CBE framework offer a brilliant snapshot of the highlights of all the sources. Five key functions are mapped to controls. The framework also includes definitions and responsibilities for various roles, as well as team memberships.
This framework will serve as the foundational guidance for cybersecurity capability development within this critical sector. This is the kick-off of a larger-scale effort by the CBE to build a robust and sustainable cybersecurity ecosystem within the financial sector. Security controls are specified throughout the framework and serve as the primary measure of compliance. Baselining and hardening involve completing prudent and specific tasks to reduce an organization’s attack surface.
One of the stronger aspects of the CBE framework is that it does not disrupt the established methods of implementing the required controls. Along those lines, established tools can be used to fulfill the needs of the framework.
Tripwire Enterprise Policy Manager proactively hardens systems by assessing configurations against internal and external security standards, benchmarks and industry regulations and continuously assesses changes against security, policy and compliance requirements for “good” vs. “bad” change and “policy drift”.
Tripwire Enterprise Policy Manager provides the broadest range of policies and platforms in the industry, encompassing all of the frameworks that are included in the CBE Framework, as well as UAE NESA, Qatar NIA, Saudi ECC, HIPAA, NERC CIP, SOX, COBIT, DISA STIGs and many others.
Tripwire Enterprise maps perfectly to the CBE Framework’s requirements and controls.
Identity and Access Management
Identity and Access Management aims to provision or revoke access for users and systems to operate on the organization’s enterprise. A secondary purpose of IAM is to ensure that users are only granted the minimal level of access needed to perform core job functions.
Data Protection and Privacy
Data Protection and Privacy ensures the availability, integrity, and confidentiality of data. Data protection measures focus on safeguarding client and business data, intellectual property, and personally identifiable information, whether that data belongs to employees, clients, or both.
The function of Application Security is to reduce systemic risk exposure inherent in many software applications that are required to support business operations. Application Security focuses on safeguarding applications from exploitation by adversaries throughout an application’s life.
The objective of Endpoint Security is to protect servers, desktops, and workstations that employees, third parties, and contractors use to connect to the organization’s network. Implementing Endpoint Security using comprehensive standards and technical controls can prevent:
- Malware infections
- Command and Control activity
- Data exfiltration
- Ransomware/Data destruction
- Privilege escalation
- Lateral movement
Network Security focuses on protecting data and information in transit, ensuring proper network visibility, limiting network access to only authorized endpoints, and taking corrective actions on discovered malicious activity. Implementing comprehensive network security standards and technical controls can prevent many threats, including, unauthorized access, network reconnaissance, malware infections, command and control activity, data exfiltration, and ransomware/Data destruction activity.
Digital Channels supports security controls needed to protect against threats to today’s technology and those on the horizon as society shifts towards a digital and largely cashless economy. These are particularly relevant to the financial industry, guarding against a variety of financial crimes, such as fraud, identity theft, money laundering and terror financing.
Cloud Security aims to address unique risks posed by using Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), or Software-as-a-Service (SaaS) cloud computing offerings. Cloud Security addresses the following threats:
- Unauthorized access
- Data privacy
- Lateral movement between and within cloud tenants
- Virtualization vulnerabilities
- Expansive attack surface
Data Integrity Monitoring
The CBE framework requires integrity monitoring to be deployed to detect changes across the assets to regularly review the changes and alert and report to the security operations team for unauthorized changes. Tripwire is the inventor of file integrity monitoring that has the unique, built-in capability to reduce noise by providing multiple ways of determining a low-risk change from a high-risk change as part of assessing, prioritizing, and reconciling detected changes. Auto-promoting the many business-as-usual changes reduces the noise so IT has more time to investigate changes that may truly impact security and introduce risk.
Tripwire has taken its original host-based intrusion detection tool to detect changes to files and folders, and expanded it into a robust File Integrity Monitoring (FIM) solution, able to monitor detailed system integrity: files, directories, registries, configuration parameters, DLLs, ports, services, and protocols. Additional enterprise integrations, including SIEM, provide granular endpoint intelligence that supports threat detection, generating rich event data with business-context to determine what requires immediate investigation, enable better correlations and alerting workflows.
While the CBE cybersecurity framework is intentionally detailed, it would be unrealistic, if not entirely foolhardy to use it beyond the borders of Egypt. It is merely too far for most countries to embrace as an authority. This is unfortunate, and one could only hope that this changes over time. However, regardless of this hesitancy of global recognition, it should be added to every cybersecurity professional’s list of reliable guidance.
To learn more about the Egyptian financial cybersecurity framework, click here.