Security Frameworks
Learn about the industry-standard security frameworks used in our assessment tool.
Our cybersecurity assessment tool is built upon leading industry frameworks to provide a comprehensive evaluation of your security posture. Each framework offers unique perspectives and controls that, when combined, provide a holistic view of your security program.
CIS Controls
The Center for Internet Security (CIS) Controls are a prioritized set of actions that collectively form a defense-in-depth approach to cybersecurity.
Key Features:
- Implementation Groups (IG1, IG2, IG3) for organizations of different sizes
- Focus on practical, actionable controls
- Regularly updated based on evolving threats
- Mapped to other frameworks including NIST CSF and ISO 27001
NIST Cybersecurity Framework
The National Institute of Standards and Technology (NIST) Cybersecurity Framework provides a policy framework of computer security guidance for organizations to assess and improve their ability to prevent, detect, and respond to cyber attacks.
Key Features:
- Five core functions: Identify, Protect, Detect, Respond, Recover
- Flexible implementation approach
- Used by organizations of all sizes across industries
- Regular updates to address emerging risks and technologies
ISO 27001
ISO/IEC 27001 is an international standard for managing information security. It specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS).
Key Features:
- Risk-based approach to information security
- Comprehensive control set covering multiple domains
- Internationally recognized certification
- Process-oriented framework for ongoing security management
OWASP Top 10
The Open Web Application Security Project (OWASP) Top 10 is a standard awareness document for developers and web application security practitioners that represents a broad consensus about the most critical security risks to web applications.
Key Features:
- Focus on web application security risks
- Updated every few years to address changing threat landscape
- Practical guidance for developers and security professionals
- Free and open community-driven project
MITRE ATT&CK
MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. It provides a common language for describing attacker behaviors.
Key Features:
- Comprehensive matrix of attack techniques
- Based on real-world observations
- Regularly updated with new threat information
- Used for threat modeling, red teaming, and defense planning
How Our Assessment Uses These Frameworks
Our assessment tool combines elements from all these frameworks to provide a practical, actionable evaluation of your security posture. Rather than requiring compliance with any single framework, we focus on the technical controls that provide real security benefits regardless of which compliance framework you need to follow.
The assessment results map your current security state to these frameworks, helping you understand both your overall security posture and your alignment with specific compliance requirements.
Compliance and Security Ecosystem
Compliance Hub Wiki
Your go-to resource for global privacy laws and compliance frameworks
Global Compliance Map
Interactive global privacy law navigator
Security Careers Help
Guidance for security professionals seeking career advancement
CISO Marketplace
Products and services for information security leaders
IR Maturity Assessment
Evaluate your incident response readiness
Cyber Insurance Calculator
Estimate your cyber insurance requirements
Fine My Data
Data privacy rights management platform
Data Breach Cost Calculator
Estimate potential costs of a data breach