1. The six Functions
Govern, Identify, Protect, Detect, Respond and Recover organise the outcomes you want to achieve. CSF 2.0 added Govern to make cyber a leadership concern.
2. Build your Profiles
- Current Profile: how well you achieve each outcome today.
- Target Profile: where you need to be, based on risk.
- The gap becomes your prioritised action plan.
3. Use Tiers wisely
Tiers (1–4) gauge maturity. Pick a target Tier that matches your risk — not the maximum.
How CyberSigma helps
We build your Profiles, run the gap analysis, and map CSF outcomes to any ISO 27001 or regulatory work you already need.
This guide is educational and not legal advice. Requirements evolve — validate specifics against the current standard or regulation for your situation.
