This post lists some of the most popular IT frameworks that can be used by an organization to implement their security.
List of cybersecurity frameworks:
- ISO/IEC 27001
- NIST Cybersecurity Framework (CSF)
- CIS Critical Security Controls (CSC)
- ISF Standard of Good Practice (SOGP)
- SWIFT CSP
- CSA Cloud Controls Matrix (CSM)
- Architectural approaches
List of Cybersecurity Frameworks
ISO/IEC 27001
Issued by ISO and IEC.
ISO/IEC 27001 defines the requirements for an Information Security Management System (ISMS).
Official link to ISO/IEC 27001
Latest version is ISO 27001:2013.
Official link to ISO/IEC 27001:2013
ISO/IEC 27002 adds guidelines to the IT controls in the annex 1 of 27001. It latest version is ISO/IEC 27002:2013, but it will be replaced by ISO/IEC FDIS 27002.
They all belong to the ISO/IEC 27000-series.
NIST Cybersecurity Framework (CSF)
NIST Cybersecurity Framwork (CSF) is issued by NIST (National Institution of Standards and Technology) of the United States Government.
If your organization is applying IT framework COBIT 5, you can get a certification to implement NIST CSF using COBIT 5. More info on this link.
COBIT 5 framework, issued and maintained by ISACA, is focused on IT governance and management, and it describes the common requirements that organizations should have in place surrounding their information systems. It is not included in this list as I consider it wider than just an IT security framework. More info about COBIT on this link.
CIS Critical Security Controls (CSC)
CIS Critical Security Controls (CSC), or CIS Critical Security Controls for Effective Cyber Defense, is a series of publications with best practices related to cybersecurity. It was informally known as CIS 20 because it consisted of 20 controls, but that is no longer the case.
It is now issued by CIS (Center for Security). Previously, it was published by SANS.
ISF Standard of Good Practice (SOGP)
The Standard of Good Practice in Information Security (SOGP) is issued by the international association Information Security Forum (ISF).
It claims it is compatible with other standards like ISO 27002 and COBIT.
SWIFT CSP
Customer Security Programme (CSP) is a cybersecurity framework issued by the organzation SWIFT.
CSP is designed specifically for financial institutions that use the SWIFT network for interbank communication and financial transactions.
One of its key components is the Customer Security Controls Framework (CSCF).
CSA Cloud Controls Matrix (CCM)
CSA Cloud Controls Matrix (CCM) is a cybersecurity control framework for cloud computing. It is developed by Cloud Star Alliance (CSA).
Architectural Approaches
There are several security architecture frameworks that are described on this post.
Some of the most popular architectural approaches are:
- Zachman Framework
- TOGAF
- COBIT
- SABSA
COBIT is considered to itself an Information Security Framework as well as an Enterprise Security Framework.
You might also be interested in…
- ISO/IEC 27001 Lead Implementer Certifications
- How to get PECB ISO/IEC 27001 Lead Implementer Certification
- Enterprise IT Security Architecture Framework
- Secure Development Frameworks
- Information Security Controls
External references
- ”What is the difference between NIST, CIS/SANS 20, ISO 27001 Compliance Standards?“; Kedar Ghule; Cloudanix Blog
[…] IT Security Frameworks for Organizations […]
[…] IT Security Frameworks for Organization […]
[…] can find cybersecurity frameworks that are not considered architecture frameworks on this post. The most populars of them are ISO-27000 series and NIST […]