top of page

Common Frameworks

Here are some of the most common and well-known frameworks in cybersecurity, categorized by area.

Governance, Risk Management, and Compliance (GRC)

  • NIST Cybersecurity Framework (NIST CSF): A voluntary framework that provides guidelines for managing cybersecurity risks.

​

  • ISO/IEC 27001: An international standard for establishing, implementing, maintaining, and continually improving an information security management system (ISMS).

​

  • COBIT: A framework for developing, implementing, monitoring, and improving IT governance and management practices.

Application Security

  • OWASP Top Ten: A list of the ten most critical web application security risks, providing guidance for developers.

​

  • NIST SP 800-53: Security and privacy controls for federal information systems and organizations, including application security.

Network Security

  • NIST SP 800-115: Technical guidelines for conducting penetration testing and security assessments.

​

  • ISO/IEC 27033: A standard that provides guidelines for network security.

Security Operations

  • MITRE ATT&CK: A knowledge base of adversary tactics and techniques based on real-world observations, used for threat modeling and incident response.​

​

  • SANS Critical Security Controls: A set of best practices for securing IT systems and data against cyber threats.

Identity and Access Management (IAM)

  • NIST SP 800-63: Guidelines for digital identity management, including authentication and federation.

​

  • ISO/IEC 29115: An international standard for identity management and assurance.

Data Protection and Privacy

  • GDPR (General Data Protection Regulation): A regulation in EU law on data protection and privacy for individuals.

​

  • CCPA (California Consumer Privacy Act): A state statute intended to enhance privacy rights and consumer protection for residents of California.

Incident Response

  • NIST SP 800-61: A guide for developing and implementing incident response capabilities.

​

  • FIRST (Forum of Incident Response and Security Teams) Framework: Provides guidance for incident response teams to handle cybersecurity incidents effectively.

Cloud Security

  • Cloud Security Alliance (CSA) Security Guidance: A set of best practices for securing cloud computing environments.

​

  • NIST SP 800-144: Guidelines on security and privacy in public cloud computing.

bottom of page