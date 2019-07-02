In this video, you will learn to describe the purpose of frameworks, baselines, and best practices in an effective cyber-security strategy. The last part of these session is frameworks, and there's four purposes. We're going to talk about frameworks, we're going to talk about best practices, and here are just a good differentiation between best practices, baseline frameworks, normative and compliance. So in the organization, we will have a lot of things. We'll have, for example, best practices, we will have a baseline, or we will have framework. A good example of framework is copied, or good example of best practices in some cases spraying worried bent up your business is ITIL. So those are good things, good controls that will improve, enhance your IT governance, your IT processes, your IT policies, your IP procedures. Those frameworks, those baseline, those best practices will improve the performance of your servers. For example if you go and grab the best practices for Microsoft regarding the hardening of their database server for example, you will have a best Microsoft SQL Server. You will have improved Microsoft SQL Server. But that best practice, that framework is not something that you will have to have, is nice to have. You will have a lot of good practices, you will a lot of controls, you will have a lot of good things. But if you don't have it, that's something that will not necessarily harm your business. If you don't have guidelines from Microsoft to implement the servers, if you don't have the guidelines from the Cisco to implement the Cisco devices, if you don't have the best practices from COBIT to improve your IT governance your company, you will lose your business. You will be part of any problem with your regulator or with your government. In the other corner, we have normative and compliance. The difference here is you need to implement normative, you need to have compliance if your business require that. So for example, there is nothing called HIPAA. HIPAA is normaltive that will be part of any healthcare company in United States. So you could have in your healthcare company, you could have COBIT, you can have a lot of ITIL processes. You can have all the best practices from your vendors implemented in your systems. But if you don't meet, if you don't comply with HIPAA, if you missed two processes in HIPAA, probably you won't operate in United States. You will have penalties from the US government because you are not complying with HIPAA. So that's the main difference between baselines framework and best practices, and normative and compliance. So as we mentioned, we have a lot of things. We have for example as best practices, as frameworks, methodologies that we could implement in our business to improve the way that our business deals with technology and we could mention out I've actually already mentioned a couple of those. We could mentioned COBIT, we can mention ITIL, ISOs. On cybersecurity, we have ISO 7000 series. We have COSO. We have the PMI, the Project Management Institute with a lot of project management methodologies. We have the developer recommendations, as soon as you start working with programming languages, you will have a lot of documentation, you will have a lot of information regarding the best practices that you could follow on your software in your systems to avoid any security incidence, any incidence that will harm or will destroy your software.