This post lists some of the most popular IT frameworks that can be used by an organization to implement their security.
List of cybersecurity frameworks:
- NIST Cybersecurity Framework (CSF)
- ISO/IEC 27001
- CIS Critical Security Controls (CSC)
List of Cybersecurity Frameworks
NIST Cybersecurity Framework (CSF)
Issued by NIST (National Institution of Standards and Technology) of the United States Government.
If your organization is applying IT framework COBIT 5, you can get a certification to implement NIST CSF using COBIT 5. More info on this link.
COBIT 5 framework, issued and maintained by ISACA, is focused on IT governance and management, and it describes the common requirements that organizations should have in place surrounding their information systems. It is not included in this list as I consider it wider than just an IT security framework. More info about COBIT on this link.
Issued by ISO and IEC.
ISO/IEC 27001 defines the requirements for an Information Security Management System (ISMS).
Latest version is ISO 27001:2013.
ISO/IEC 27002 adds guidelines to the IT controls in the annex 1 of 27001. It latest version is ISO/IEC 27002:2013, but it will be replaced by ISO/IEC FDIS 27002.
They all belong to the ISO/IEC 27000-series.
CIS Critical Security Controls (CSC)
CIS Critical Security Controls (CSC), or CIS Critical Security Controls for Effective Cyber Defense, is a series of publications with best practices related to cybersecurity. It is sometimes known as CIS 20 because it consists of 20 controls.
It is now issued by CIS (Center for Security). Previously, it was published by SANS.
Specific to security.
Very theorical and not used in real industry.
You might also be interested in…
- ISO/IEC 27001 Lead Implementer Certifications
- How to get PECB ISO/IEC 27001 Lead Implementer Certification
- Enterprise IT Security Architecture Framework
- ”What is the difference between NIST, CIS/SANS 20, ISO 27001 Compliance Standards?“; Kedar Ghule; Cloudanix Blog