Framework
Cyber Risk Framework™
NIST CSF + ISO 27005 risk discipline for the board.
Overview
A cyber risk framework translating NIST CSF and ISO 27005 into a register-grade, board-reportable cyber risk programme covering identify-protect-detect-respond-recover.
Components
- Cyber Risk Register
- Control Library
- Incident Playbooks
- Cyber Dashboard
Governance Structure
- Board oversight
- CISO ownership
- IT Risk Committee
- Third-line assurance
Methodology
01
Identify
Asset inventory, threat model and crown-jewel map.
02
Protect
Control library mapped to NIST CSF / ISO 27001.
03
Detect
SIEM/SOC integration with cyber KRIs.
04
Respond
Incident playbooks, tabletop exercises, board reporting.
Maturity Levels (shared spine)
L1
Fragile
Tooling without governance.
L2
Functional
Register live, controls mapped to NIST CSF.
L3
Disciplined
Tested playbooks, board-level KRIs.
L4
Strategic
Threat-led, continuous control validation.
L5
Resilient
Predictive, adaptive cyber resilience embedded in strategy.
Roadmap
0–30 daysIdentify
- Register live
- Crown jewels mapped
30–60 daysProtect
- Controls baselined
- Playbooks drafted
60–90 daysDetect
- KRIs live
- Tabletop exercise complete
Deliverables
- Cyber Risk Toolkit
- Cyber Risk Register
- Incident Playbooks
Knowledge Graph
Related across the Risk Centre
Across the ecosystem
Knowledge graph · 6 relations
scored by
operationalised by
ToolkitCyber Risk Toolkit™ResourceCyber Risk PolicyResourceCyber Incident Response PlaybookResourceCyber Risk Scorecard
prioritises (inverse)
IndustryPlaybookTechnology