Skip to main content


Home Cybersecurity framework

Cybersecurity framework

Cybersecurity framework definition

A cybersecurity framework provides organizations with guidelines, best practices, and standards to manage and enhance their cybersecurity. The goal of a cybersecurity framework is to help organizations identify and address potential cybersecurity risks, protect sensitive data, and mitigate threats effectively. It offers a systematic methodology to establish cybersecurity policies, procedures, and controls, aligning them with business objectives and regulatory requirements.

See also: endpoint security, internet security, offensive security, perimeter security, security policy

Examples of cybersecurity frameworks

  • NIST Cybersecurity Framework (CSF): This is a risk-based approach, that is defined by its five core functions: Identify, Protect, Detect, Respond, and Recover.
  • ISO/IEC 27001: This international standard is for establishing, implementing, maintaining, and improving an Information Security Management System (ISMS).
  • CIS Controls: The Center for Internet Security (CIS) Controls provides a list of security controls which are constantly updated to stop and deal with common cyber threats.
  • COBIT (Control Objectives for Information and Related Technologies): This framework aligns IT processes with business goals, including cybersecurity. COBIT helps organizations establish effective controls, risk management practices, and performance measurement frameworks.
  • CSA CCM (Cloud Security Alliance Cloud Controls Matrix): This framework specifically addresses cybersecurity in cloud computing environments. It provides a catalog of cloud-specific security controls and associated best practices.