What’s a security framework?

Our industry loves to take somewhat simple concepts and complicate them with confusing names and acronyms.  One example that came up in a recent conversation with a client was regarding the phrase “security framework”.  When the client first heard the term, their first reaction was that it sounded both complex and expensive.  However, if done well, a security framework doesn’t have to be either.

In simple terms, a security framework is a defined approach that intends to make computing as free from security risks and privacy threats as possible.  Suite3 has defined a simple security framework which we apply to our clients with three main goals:

Manage our clients’ IT assets, and their performance

Secure our clients’ IT environments at the perimeter

Protect our clients’ data

Any business that operates in Massachusetts that stores personal information as defined within MA 201 CMR 17.00 has certain responsibilities regarding data security. There are many security frameworks available which dive much more deeply into organizational structure, controls, and governance of IT, and often include items such as incidence response plans to cyber attacks.  In this case, our framework can work well as a subset of a greater framework which includes these administrative aspects as well as our technical aspects.