IT Examiner School eBook May 2025

Examples of Information Security Frameworks

• NIST Cybersecurity Framework (CSF): A risk based approach to managing cybersecurity risks. • ISO/IEC 27001: International standard for managing information security. • CIS Controls: A prioritized set of actions to defend against cyber threats. • COBIT (Control Objectives for Information and Related Technologies): Framework for managing and governing enterprise IT. • PCI-DSS (Payment Card Industry Data Security Standard): Standards for securing credit card transactions.

The Elements of Information Security

Board & Executive Oversight

Supports the mission of the organization

Requires a comprehensive and integrated approach

Protect assets of the Organization

Protections are implemented based on risk informed decision making

Interdependencies of security controls are assessed and monitored

Cultural adoption through awareness & skills training

Roles and Responsibilities are explicit