Organizations worldwide are facing a significant increase in cyber threats. However, how are organizations addressing this major issue? Many rely on the use of information security frameworks. Some suggest that there are already too many frameworks to address the current cyber risk environment, and most of them provide a mere listing of what they consider “good practices”. Only a few frameworks go beyond to complement that listing, usually with extremely tough to understand descriptions, examples, or processes. Complexity is at the order of the day. Moreover, these frameworks consist of very long documents that omit to include essential topics, contradict themselves, contain redundancies, and use an awkward writing style, confusing even the most experienced reader. These weaknesses create a wide complexity barrier for those who try to implement or even analyze these frameworks. One might ask: How can we use them to manage our cyber risks if we fail to understand them?
My proposed solution to that complexity is the Information Security Unified Framework: A unified methodology that guides security professionals during the construction and implementation of security management systems. By supplementing the current well-known frameworks with a maturity model and an implementation process, it proposes a novel, clear, and straightforward approach.
The main goal is to deliver a straightforward vision for security management, mainly focused on medium to big organizations. It is intended to be used by information security professionals to provide a clear direction in their cybersecurity strategy and guide the design and implementation of information security projects and initiatives. This new framework does not center on providing a listing of best practices. Its primary focus is to provide a unique and centralized collection of good practices carefully integrated within a maturity model and an implementation process to simplify the work and ease the life of security professionals.
Currently, only the scaffolds of the unified framework have been developed. The future goals of research consist of expanding its scope and constructing the maturity model.