Helping organizations to better understand and improve their management of cybersecurity risk


Exploring cybersecurity frameworks

Several cybersecurity frameworks have been developed to address the unique aspects of cyberthreats faced by various industry sectors, including the following21:

This framework, created by the National Institute of Standards and Technology (NIST), provides implementation details for managing cybersecurity in the manufacturing environment.


This framework was developed by the Federal Communications Commission (FCC) to assist small businesses in developing and maintaining policies for protecting critical business data.

This initiative was developed by the U.S. Securities and Exchange Commission’s (SEC) Office of Compliance Inspections and Examinations (OCIE) to assess the cybersecurity preparedness of investment firms.

This framework, published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), specifies an information security management system (ISMS) for managing information risks effectively.


This broad framework was developed by the Federal Financial Institutions Examination Council (FFIEC) to ensure that financial institutions have accurate threat information to protect themselves and their customers from cyberattacks.

The only way to harness increasing endpoint diversity is to wrap servers, mobile devices, kiosks, HVAC, industrial systems, cameras and even automobiles into the endpoint security maturity model.