IT Examiner School eBook

Common ISP Frameworks

 “Blueprint” for setting a standard of information security requirements which guide the organization on control implementation.  Provide unification and standardization of behaviors and procedures that organization wishes to promote.  Generic enough to be used across various industries  Examples: ISO 27001, NIST CSF, GDPR, etc.

ISO 27001 Framework 27001 specifies the following requirements for establishing, implementation, and continually improving an information security management system within the context of the organization.