A security framework is a structured set of guidelines, standards, and best practices that organizations use to manage cybersecurity risk systematically. Rather than building a security program from scratch, organizations adopt frameworks that provide proven structures and measurable criteria for security program maturity.
The NIST Cybersecurity Framework organizes security activities into five functions: Identify, Protect, Detect, Respond, Recover. ISO 27001 provides requirements for an information security management system. CIS Controls offer prioritized defensive actions. Organizations often use multiple frameworks simultaneously.
CISSP Relevance
Security frameworks are central to Domain 1 (Security and Risk Management). CISSP candidates must understand major frameworks, how they relate to each other, and how security professionals use frameworks to design programs and satisfy regulatory requirements.
External reference: NIST Cybersecurity Framework
Related terms: Governance, Compliance