Zum Inhalt springen

CyberFundamentals Framework

Discover how Brainframe can help you to implement and manage your CyberFundamentals compliance efforts effectively

Request demo

CyberFundamentals 

The CyberFundamentals Framework, developed by Belgium's Centre for Cybersecurity, is designed to reduce cyber risks and enhance resilience against common threats. Brainframe helps you align with some requirements of this framework by offering an Information Security Management System (ISMS). The framework is divided into levels (Small, Basic, Important, Essential) tailored to various organizational needs, enabling a step-by-step enhancement of security measures. For more information on the CyFun framework, visit their official website.


Request demo

The CyberFundamentals framework is structured around five core functions designed to provide a holistic approach to cybersecurity risk management. These functions—Identify, Protect, Detect, Respond, and Recover—work together to help organizations assess and mitigate risks, enhance resilience, and maintain operational continuity in the face of cyber threats. This structured approach ensures that both technical and non-technical stakeholders can align cybersecurity measures with broader organizational objectives, facilitating clear communication and effective decision-making across all levels.

Available packages

Small

The "Small" assurance level provides a basic starting point for organizations to evaluate their cybersecurity posture. It is specifically designed for micro-enterprises or those with minimal technical expertise, allowing them to perform an initial assessment of their current security practices and identify key areas for improvement. This level is ideal for those beginning their cybersecurity journey, providing simple and essential measures that are accessible without advanced technical knowledge

Basic

The "Basic" assurance level includes standard cybersecurity measures that are suitable for all types of enterprises. It provides essential protection by utilizing commonly available technologies and processes to enhance security. These measures are designed to deliver effective security value without requiring specialized resources, and they can be adapted and refined as needed to fit specific organizational contexts. This level is ideal for companies that want to establish a solid foundation of security practices.

Important

The "Important" assurance level aims to significantly reduce the risk of  cyber-attacks carried out by adversaries with moderate skills and resources, while addressing common cybersecurity threats. It is crafted to protect organizations from more sophisticated threats beyond those mitigated by basic security measures, providing an additional layer of defense against actors capable of launching targeted attacks. This level enhances an organization’s resilience by focusing on known risks and emerging threats.

Essential

The "Essential" assurance level takes cybersecurity further by focusing on mitigating risks from advanced cyber-attacks conducted by highly skilled and resourced adversaries. It is designed to protect against sophisticated threats that require a comprehensive set of security measures, ensuring that the organization is resilient against attackers with extensive capabilities. This level offers safeguards for defending against complex cyber-attacks, making it suitable for organizations that need the highest level of security.


CyberFundamentals Best Practices

Framework Familiarization

Familiarize yourself with the CyFun® framework, particularly its assurance levels, and align the implementation to the specific industry’s needs. you should also document the roles, responsibilities, and authorities involved in cybersecurity, covering both internal teams and third parties, ensuring proper customization and accountability in the implementation process. 

Initial assessment


Begin with an initial assessment by ensuring your organization has an up-to-date inventory of all physical devices, software, and third-party systems. You should also identify critical resources, dependencies, and roles within the supply chain to understand the business environment comprehensively.

Gap Analysis

 

Conduct a gap analysis to compare your current cybersecurity posture against the CyFun "Important" assurance level, including a risk assessment of hardware, software, personnel, and data. Based on the findings, develop a risk management strategy, prioritizing key risks and responses, and actively involve both internal and external stakeholders in the process.

Framework Implementation

Establish cybersecurity policies that align with CyFun controls, including policies on access control, data protection, and third-party management. Implement technical safeguards, such as network segmentation, firewalls, and multi-factor authentication (MFA) for critical systems. Define and manage access permissions following the principles of least privilege and separation of duties, ensuring robust identity management and monitoring.

Training and Awareness

Ensure that the organization provides cybersecurity training for all employees, including privileged users, external stakeholders, and third-party providers, covering their roles in protecting information assets. Organize cybersecurity awareness campaigns and conduct simulation exercises, such as phishing drills and incident response tests, to improve awareness and enhance the organization's response capabilities.

Ongoing Assessment and Improvement

Set up ongoing audits and vulnerability scans to continuously identify system weaknesses, with key performance indicators established to measure implementation success. Assist in developing incident response and recovery plans, ensuring these plans are regularly tested with all relevant stakeholders to maintain preparedness.

Compliance and Reporting

Ensure the organization complies with all legal, regulatory, and framework-specific obligations, implementing regular reviews of the risk management process. Provide ongoing reports and updates regarding the framework's implementation status and identified risks, ensuring key decision-makers remain well-informed throughout the process.

Brainframe overview

Asset Management

Brainframe enables you to maintain a comprehensive inventory of your assets, seamlessly mapping them to the processes they support. It allows you to assign a criticality level to each asset, ensuring you can effectively prioritize and manage your organization's key resources. 

Risk Management

Brainframe allows you to define your risks for each asset or process, determing their criticality level, plan for and prioritize their mitigation, and offers a comprehensive view to track all your risks in a centralized dashboard.

Policy Management

Leverage Brainframe's comprehensive templates to efficiently develop the policies and procedures mandated by CyberFundamentals. Assign specific roles and responsibilities to management, ensuring their active involvement and accountability in the policy creation and decision-making process. 

Maturity Management

Map your controls to their requirements and track your compliance frameworks' maturity level. Thanks to the deep integration with the task manager, you can show your progress and improve your audit efficiency.


Achieve CyberFundamentals 

compliance with Brainframe

While Brainframe addresses many of the requirements outlined in the CyberFundamentals framework, it does not claim full compliance with the CyFun Framework. For detailed information on how Brainframe aligns with CyberFundamentals, please contact us or visit our CyFun terms and conditions.

Self-hosted solution

 Brainframe can be seamlessly implemented on your on-premises infrastructure, providing full control over your data and systems. This deployment option ensures compliance with internal security policies and regulatory requirements, while offering the same powerful features and capabilities of Brainframe’s cloud-based solutions. With on-premises implementation, you can tailor the platform to your unique environment, ensuring optimal performance and integration with existing infrastructure.

Cloud solution

 Brainframe is available as a cloud-based solution, offering flexibility and scalability without the need for complex infrastructure management. This deployment option ensures quick implementation and automatic updates, while maintaining the highest levels of security and compliance. With Brainframe in the cloud, you can access the platform from anywhere, enabling seamless collaboration and ensuring that your organization stays resilient and up-to-date with minimal overhead.

Here is how Brainframe can help you with some of the CyberFundamentals requirements:

Audit trail

Brainframe ensures a comprehensive and automated audit trail by recording all actions, changes, and updates made within the system. It tracks user activities, policy modifications, risk assessments, and compliance measures, providing clear, time-stamped documentation. This detailed audit trail not only simplifies internal and external audits but also ensures transparency, accountability, and alignment with standards like CyberFundamentals.

KPIs

Brainframe enables comprehensive KPI monitoring, providing a centralized dashboard for tracking key performance metrics across departments or product lines. It offers real-time insights to ensure clear visibility into progress and performance. This streamlined approach facilitates data-driven decision-making and helps maintain alignment with organizational goals and compliance requirements.

Integrations

 Brainframe supports seamless integrations with your existing systems (SharePoint, JIRA, Monday.com,...)  allowing you to easily import documents and records. This ensures a smooth transition by centralizing all relevant files within the platform, reducing manual work, and maintaining consistency. By integrating your current document workflows, the software helps streamline processes and enhance efficiency across your organization.

Interested in knowing more?

Book a call to find out more on how we can help you achieve and manage your compliance with CyberFundamentals.

Request demo

Start for free now! 

Streamline your GRC work using our all-in-one management solution and get access to our network of local specialists

Start your free account