This post lists some of the most popular IT frameworks that can be used by an organization to implement their information security.
You can read about related information security architecture frameworks on this post.
List of IT Security Frameworks
List of cybersecurity frameworks:
- ISO/IEC 27001
- NIST Cybersecurity Framework (CSF)
- CIS Critical Security Controls (CSC)
- ISF Standard of Good Practice (SOGP)
- SWIFT CSP
- CSA Cloud Controls Matrix (CSM)
- Architectural approaches
ISO/IEC 27001
Issued by ISO and IEC.
ISO/IEC 27001 defines the requirements for an Information Security Management System (ISMS).
Official link to ISO/IEC 27001
Latest version is ISO 27001:2013.
Official link to ISO/IEC 27001:2013
ISO/IEC 27002 adds guidelines to the IT controls in the annex 1 of 27001. It latest version is ISO/IEC 27002:2013, but it will be replaced by ISO/IEC FDIS 27002.
They all belong to the ISO/IEC 27000-series.
NIST Cybersecurity Framework (CSF)
NIST Cybersecurity Framwork (CSF) is issued by NIST (National Institution of Standards and Technology) of the United States Government.
You can read more about NIST CSF on this post.
If your organization is applying IT framework COBIT 5, you can get a certification to implement NIST CSF using COBIT 5. More info on this link.
COBIT 5 framework, issued and maintained by ISACA, is focused on IT governance and management, and it describes the common requirements that organizations should have in place surrounding their information systems. It is not included in this list as I consider it wider than just an IT security framework. More info about COBIT on this external link.
ISF Standard of Good Practice (SOGP)
The Standard of Good Practice in Information Security (SOGP) is issued by the international association Information Security Forum (ISF).
It claims it is compatible with other standards like ISO 27002 and COBIT.
SWIFT CSP
Customer Security Programme (CSP) is a cybersecurity framework issued by the organzation SWIFT.
CSP is designed specifically for financial institutions that use the SWIFT network for interbank communication and financial transactions.
One of its key components is the Customer Security Controls Framework (CSCF).
Architectural Approaches
There are several information security architecture frameworks that are described on this post.
Information security architectural approaches:
- SABSA
- OSA
You can read about enterprise architecture on this post.
Enterprise architectures:
- Zachman Framework
- TOGAF
- E2AF
- COBIT
COBIT is considered to itself an Information Security Framework as well as an Enterprise Security Framework.
You might also be interested in…
- ISO/IEC 27001 Lead Implementer Certifications
- How to get PECB ISO/IEC 27001 Lead Implementer Certification
- Information Security Architecture Framework
- Secure Development Frameworks
- Information Security Controls
External references
- ”What is the difference between NIST, CIS/SANS 20, ISO 27001 Compliance Standards?“; Kedar Ghule; Cloudanix Blog
[…] IT Security Frameworks for Organizations […]
[…] IT Security Frameworks for Organization […]
[…] can find cybersecurity frameworks that are not considered architecture frameworks on this post. The most populars of them are ISO-27000 series and NIST […]