SecPlusTrainer / Glossary / What are security control frameworks?
D1 · General

What are security control frameworks?

Key frameworks: NIST CSF (5 functions: Identify/Protect/Detect/Respond/Recover — voluntary, widely adopted), ISO 27001 (certifiable ISMS), CIS Controls (prescriptive 18 controls), COBIT (IT governance).
NIST CSF = principles-based, widely used in US. ISO 27001 = certifiable, international recognition. CIS Controls = prescriptive and actionable (tells you exactly what to do). Start with NIST CSF for program structure, CIS Controls for specific implementation guidance.

Related Terms

What is an access token in security? What is an account lockout policy? What is Active Directory (AD)? What is Active Directory Certificate Services (AD CS)?
← Back to Glossary Practice Questions →