In this video, you will learn to describe the purpose of frameworks, baselines, and best practices in an effective cybersecurity strategy. The last part of the session is frameworks and their purposes. We're going to talk about frameworks, we're going to talk about best practices. Here are just a good differentiation between best practices, baseline, frameworks, normative, and compliance. So in the organization, we will have a lot of things, we will have, for example, best practices, we will have a baseline or we will have framework. A good example of framework is COBIT or a good example of best practices, in some cases, framework depends of your business is I-T-I-L, ITIL. So those are good things, good controls that will improve, enhance your IT governance, your IT processes, your IT policies, your IT procedures. Those frameworks, those baselines, those best practices will improve the performance of your servers. For example, if you go and grab the best practices for Microsoft regarding the hardening of their database server for example, you will have a best Microsoft SQL Server, you will have an improved Microsoft SQL Server. But that best practice, that framework it's not something that you will have to have, it's nice to have. You will have a lot of good practices, you will have a lot of controls, you will have a lot of good things, but if you don't have it, that's it. That's something that will not necessarily harm your business. If you don't have guidelines from Microsoft to implement the servers, if you don't have the guidelines from Cisco to implement the physical devices, if you don't have the best practices from COBIT to improve your IP governance in your company, you will loose your business, you will be part of many kind of problem with your regulator, with your government. In the other corner, we have normative and compliance. The difference here is you need to implement normative, you need to have compliance if your business required that. So for example, there is something called HIPAA. HIPAA is normative that will be part of any kind of health care company in United States. So in your health care company, you could have COBIT, you could have a lot of ITIL processes, you could have all the best practices from your burn vendors implemented in your systems, but if you don't comply with HIPAA, if you missed two points, if you missed two processes in HIPAA, probably you won't operate in United States. You will have penalties from the US government because you are not complying with HIPAA. So that's the main difference between baselines, frameworks, and best practices, and normative, and compliance. So as we mentioned, we have a lot of things, we have, for example, as best practices, as frameworks, methodologies that we could implement in our business to improve the way that our business fills with technology and we could mention, actually, we already mentioned a couple of those. We could mention COBIT, we can mention ITIL, ISOs. Cyber Security we have the ISOs 27,000 series, we have COSO, we have the PMI, the Project Management Institute with a lot of project management methodologies, we have the developer recommendations. As soon as you start working with a programming languages, which you will have a lot of recommendations, you will have a lot of information regarding the best practices that you could follow on your software in your systems to avoid any kind of security incidents, any kind of incident that will harm or will destroy your software.