Sistema de blogs Diarium
Universidad de Salamanca
Pablo Gallardo's Blog
My professional web log about IT, Cybersecurity & Project Management

IT Security Frameworks for Organizations

This post lists some of the most popular IT frameworks that can be used by an organization to implement their security.

List of cybersecurity frameworks:

  • NIST Cybersecurity Framework (CSF)
  • ISO/IEC 27001
  • CIS Critical Security Controls (CSC)


List of Cybersecurity Frameworks

NIST Cybersecurity Framework (CSF)

Issued by NIST (National Institution of Standards and Technology) of the United States Government.

Official link

If your organization is applying IT framework COBIT 5, you can get a certification to implement NIST CSF using COBIT 5. More info on this link.

COBIT 5 framework, issued and maintained by ISACA, is focused on IT governance and management, and it describes the common requirements that organizations should have in place surrounding their information systems. It is not included in this list as I consider it wider than just an IT security framework. More info about COBIT on this link.


ISO/IEC 27001

Issued by ISO and IEC.

ISO/IEC 27001 defines the requirements for an Information Security Management System (ISMS).

Official link to ISO/IEC 27001

Latest version is ISO 27001:2013.

Official link to ISO/IEC 27001:2013

ISO/IEC 27002 adds guidelines to the IT controls in the annex 1 of 27001. It latest version is ISO/IEC 27002:2013, but it will be replaced by ISO/IEC FDIS 27002.

They all belong to the ISO/IEC 27000-series.


CIS Critical Security Controls (CSC)

CIS Critical Security Controls (CSC), or CIS Critical Security Controls for Effective Cyber Defense, is a series of publications with best practices related to cybersecurity. It is sometimes known as CIS 20 because it consists of 20 controls.

It is now issued by CIS (Center for Security). Previously, it was published by SANS.

Official link


Specific to security.
Very theorical and not used in real industry.


You might also be interested in…

External references


About pmgallardo

I studied Computer Science at University of Salamanca. Since then, I have been working first as developer and then as SAP consutant. This blog is about problems I dealt when using computers, and more important, the solutions I found. Whenever I am on an issue and suddenlly I have a flash that leads me to a solution, I document my discoveries in a post.

, , , , , , , , , , , , , , , , , , , , , , , , , , ,

No comments yet.

Leave a Reply


Política de privacidad
Studii Salmantini. Campus de excelencia internacional