Examples of some of the global cyber risk management frameworks we have worked with are:

1. NIST Cybersecurity Framework (CSF): Developed by the National Institute of Standards and Technology, the NIST CSF is widely adopted across various sectors due to its comprehensive approach to cybersecurity. It provides guidelines for organizations to identify, protect, detect, respond to, and recover from cyber threats. The framework is flexible and can be adapted by both U.S. and international organizations, making it a popular choice for improving cybersecurity practices.

2. ISO 27001: This international standard describes best practices for an Information Security Management System (ISMS). ISO 27001 helps organizations manage the security of assets such as financial information, intellectual property, employee details, or information entrusted by third parties. Achieving accredited certification to ISO 27001 demonstrates that an organization is following information security best practices and provides an expert assessment of whether data is adequately protected.

3. CIS Critical Security Controls: The CIS Controls are a set of actionable best practices for cybersecurity, designed to prevent the most pervasive and dangerous cyber attacks. Organizations use the CIS Controls to quickly establish the protections providing the highest payoff in their attack surface. These controls are organized into 20 categories, each addressing a specific area of cybersecurity, making them a practical framework for organizations to reduce their risk of cyber attacks.

4. PCI DSS (Payment Card Industry Data Security Standard): Although not a comprehensive cybersecurity framework, PCI DSS is crucial for any organization that handles credit and debit card information. The standard outlines measures that businesses should take to secure cardholder data that is processed, stored, or transmitted. Compliance with PCI DSS is mandated by the Payment Card Industry Security Standards Council, which is formed by major credit card brands.

These frameworks are integral in guiding organizations through the complex landscape of cybersecurity threats and compliance requirements, providing structured approaches to managing and mitigating cyber risks effectively.