CYRIS360 Cyber Risk Framework (CRF)

Setting up and operating a successful cybersecurity program can be overwhelming, particularly for small and medium businesses. That is why CYRIS360 has created the Cyber Risk Framework (CRF), as a modular set of work packages that can customized and tailored to your own organization .

The CRF include 8 loosly coupled work packages, grouped in 3 layers :

1. Cyber Risk Governance

1.1 Program & Metrics

1.2 Policy & Compliance

1.3 Training & Awareness

2. Cyber Risk Implementation

2.1 Corporate Security

2.2 Product Security

3. Cyber Risk Operations

3.1 Offensive Security

3.2 Vulnerability Management

3.3 Incident Management

Getting Started

You can check the guide in Getting Started. This include a step-by-step guide instruction, as well as answers to frequently asked questions. If you have any question or comments, you can submit it in the Discussion section.


Want to contribute to CYRIS360 Framework ? That’s great! Please make sure you file an issue to discuss your proposal. Then you can push your proposal to a separate branch and open a pull request.

How to get your pull request accepted?

Support Us

You can show your support by:


See License file.