IT Security Frameworks for Organizations

This post lists some of the most popular IT frameworks that can be used by an organization to implement their information security.

You can read about related information security architecture frameworks on this post.

List of IT Security Frameworks

List of cybersecurity frameworks:

  • ISO/IEC 27001
  • NIST Cybersecurity Framework (CSF)
  • CIS Critical Security Controls (CSC)
  • ISF Standard of Good Practice (SOGP)
  • CSA Cloud Controls Matrix (CSM)
  • Architectural approaches

ISO/IEC 27001

Issued by ISO and IEC.

ISO/IEC 27001 defines the requirements for an Information Security Management System (ISMS).

Official link to ISO/IEC 27001

Latest version is ISO 27001:2013.

Official link to ISO/IEC 27001:2013

ISO/IEC 27002 adds guidelines to the IT controls in the annex 1 of 27001. It latest version is ISO/IEC 27002:2013, but it will be replaced by ISO/IEC FDIS 27002.

They all belong to the ISO/IEC 27000-series.

NIST Cybersecurity Framework (CSF)

NIST Cybersecurity Framwork (CSF) is issued by NIST (National Institution of Standards and Technology) of the United States Government.

You can read more about NIST CSF on this post.

Official link

If your organization is applying IT framework COBIT 5, you can get a certification to implement NIST CSF using COBIT 5. More info on this link.

COBIT 5 framework, issued and maintained by ISACA, is focused on IT governance and management, and it describes the common requirements that organizations should have in place surrounding their information systems. It is not included in this list as I consider it wider than just an IT security framework. More info about COBIT on this external link.

ISF Standard of Good Practice (SOGP)

The Standard of Good Practice in Information Security (SOGP) is issued by the international association Information Security Forum (ISF).

It claims it is compatible with other standards like ISO 27002 and COBIT.

Official link


Customer Security Programme (CSP) is a cybersecurity framework issued by the organzation SWIFT.

CSP is designed specifically for financial institutions that use the SWIFT network for interbank communication and financial transactions.

One of its key components is the Customer Security Controls Framework (CSCF).

Official link

Architectural Approaches

There are several information security architecture frameworks that are described on this post.

Information security architectural approaches:

  • OSA

You can read about enterprise architecture on this post.

Enterprise architectures:

  • Zachman Framework
  • E2AF

COBIT is considered to itself an Information Security Framework as well as an Enterprise Security Framework.

You might also be interested in…

External references


Leave a Reply

Your email address will not be published. Required fields are marked *