Much like "regulations", the term "frameworks" can mean many things to different people. But for purposes of information security and regulatory compliance, look upon "frameworks" as the following:
"Organizations, associations, and other affiliated entities that have developed a consortium of standards, codes of practices, industry benchmarks, and other applicable models of specific processes and procedures relating to operational activities, information security, and other as-needed business specific requirements."
Learn more about our signature product, the Global Information Security Compliance Packet (GISCP), the world's most complete security policy packet containing over 2,850 + pages of in-depth information security policies, procedures, forms, checklists, templates, provisioning and hardening documents, and much more.
Learn more today about the GISCP by viewing sample policies, forms, hardening documents, and more.
As such, notable "frameworks" falling under this loosely defined definition in regards to information security and regulatory compliance consist of the following:
- ISO 27001
- ISO 27002
- Cloud Security Alliance (CSA)
- SANS Institute
- Open Web Application Security Project (OWASP)
- NIST SP 800 Publications
- NIST National Vulnerability Database
- Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs)
- United States Computer Emergency Readiness Team (US CERT)
- CIS Security Benchmarks Division
- Open Source Vulnerability Database
- Common Configuration Enumeration (CCG)
- Common Vulnerabilities and Exposures (CVE)
- And many others.
As you can clearly see, some of these "frameworks" are widely known (ISO 27001 and 27002, ITIL, COBIT, COSO, SANS, etc.), while many others may be new to you (CCG, CVE, etc.). Remember, this is by no means considered a comprehensive list - rather - a helpful suggestion for helping you better understanding the concept of "frameworks" and its overall relation to that of "regulations". Look upon "frameworks" as the definition implies above, and look upon "regulations" as the laws, regulations, legislation, and industry specific requirements for which business must ultimately adhere to. Clearly, one can see the overlapping relation between "frameworks" and "regulations", their similarities, but also their differences. The most important point to gain from this is that they both complement each other in a number of ways regarding regulatory compliance.
Information Security Policies | An Important Component for Today’s Compliance Mandates
More important, the all-inclusive set of policies, procedures, forms, checklists, templates, provisioning and hardening documents - and more – contained within the Global Information Security Compliance Packet (GISCP), are available for immediate download today from Flat Iron Technologies, LLC, and can help businesses with today's ever growing regulatory compliance requirements.