Framework

The US Government’s National Institute for Standards and Technology, known commonly as NIST, released its updated Cybersecurity framework in February. This was the first new version in 10 years, following the 1.0 version in 2014 that was primarily aimed at protecting US critical infrastructure. The new 2.0 version is international and aimed for broad consumption: drafted in collaboration with experts across 100 countries, it should also be easier to use. Version 2.0 also introduces a new category: Govern, recognising that the world has changed since 2014, with Cyber now an enterprise risk being discussed in the boardroom. ...

COBIT is an IT Controls and Governance framework developed and maintained by ISACA. The current version is COBIT 2019. Further reading COBIT - Wikipedia

The Cyber Assessment Framework was developed by the NCSC Related National Cyber Security Centre (NCSC)

Cyber resilience frameworks provide practitioners with a structured approach to manage and mitigate cybersecurity risk, ensuring organisations can identify, respond and recover from a range of evolving threats. Frameworks such as the NIST Cybersecurity Framework (CSF) and ISO 27001, offer best practices, example controls, and guidelines to strengthen security posture, align with regulatory requirements, and build operational resilience. By adopting a suitable framework, organisations can improve governance, increase the ability to respond to incidents, safeguarding critical systems, data, and processes. ...

Information security (IS) management involves the implementation of policies, procedures and controls to protect an organisation’s information assets. Organisations will typically achieve this through the adoption of one or more information security frameworks, such as ISO 27001 or the NIST Cybersecurity framework. IS management is an increasingly important component in an organisation’s overall risk management programme. Key functions and roles involved typically include security policy development, incident response and vulnerability management. ...

NIST have published the AI Risk Management Framework (AI RMF) as a voluntary resource for organisations looking to identity the risks of implementing AI, with the goal of ensuring responsible and trustworthy AI systems. Further reading NIST AI Risk Management Framework Artificial Intelligence Risk Management Framework (AI RMF 1.0) - NIST (PDF)

The NIST Cybersecurity Framework (CSF) is a set of standards, guidelines, and best practices designed to help organizations manage and reduce cybersecurity risks. Related pages NIST Cybersecurity Framework 2.0 was released this year - NIST - 8 Dec 2024

OWASP (Open Web Application Security Project) is a non-profit organisation and online community dedicated to providing open-source solutions to help build secure web applications. Further reading OWASP Top Ten

The Standard of Good Practice for Information Security (SOGP), developed by the Information Security Forum (ISF), is a comprehensive information security framework that provides best practices and guidance for managing information security risks and ensuring resilient organisations. SOGP has been developed to be in line with similar industry frameworks. Further reading SOGP - ISF SOGP - Wikipedia