Cybersecurity Framework or ISO 27001

Answer: First of all you should consider your needs:
- If you need quick wins to handle risks promptly and demonstrate the value of security, then you should start with Cybersecurity Framework, since it is better when it comes to structuring the areas of security that are to be implemented and when it comes to defining exactly the security profiles that are to be achieved.
- If you have to ensure the implementation will be well integrated to other aspects and areas of your organization, and you have time to plan and implement, then you should go first for ISO 27001, since it can provide a holistic picture for the designing of the security system and how it can be managed in the long run.
- The Cyber Security Framework is a legal issue in the United States - if you are a government agency from that country, you will need to implement it.

If your choice is to go first for Cybersecurity Framework, it is possible to integrate the implemented controls to the future implementation of ISO 27001, so you will not lose time and effort.

These articles will provide you further explanation about Cybersecurity Framework and ISO 27001:
- Which one to go with – Cybersecurity Framework or ISO 27001? https://advisera.com/27001academy/blog/2014/02/24/which-one-to-go-with-cybersecurity-framework-or-iso-27001/
- How to implement the NIST Cyber Security Framework using ISO 27001 https://info.advisera.com/27001academy/free-download/how-to-implement-nist-cyber-security-framework-using-iso-27001