The top five cyber security frameworks

Phil Spencer

In this article:

Cyber security frameworks provide an excellent basis for building your cyber strategy and increasing your security maturity. Here are our recommendations for five of the best frameworks to get started with.

Cyber Essentials

Backed by the UK Government, Cyber Essentials aims to provide straightforward steps that any organisation can take to improve its security against the most common cyber threats.

The framework is a great starting point for any business trying to create a solid cyber strategy for the first time, with a strong focus on establishing a picture of security level and getting the basics right. A Cyber Essentials certification is required for many contracts in the public sector.

Cyber Essentials Plus

Once you have a Cyber Essentials Certification, you can take things a step further with the Plus route. This builds on the straightforward approach of the baseline framework to deliver more advanced security measured.  Gaining a Cyber Essentials Plus certification requires hands-on technical verification.

Find out more

ISO/IEC 27000 series

The ISO/IEC family is one of the most reliable standards of security for yourself and your customers.  There are more than a dozen of these frameworks covering the implantation of different processes. 27001 is one of the best starting points as it focuses on systematically examining your security risks and accounting for threats and impacts before moving on to implement controls to reduce the risk.

Find out more


COBIT (Control Objectives for Information and Related Technologies) is a longstanding framework created by ISACA nearly 25 years ago. The framework covers all the most important processes needed for effective IT management. It is a useful general resource, but the most recent release COBIT 5 has a heavy emphasis on information security, particularly when it comes to addressing the changing enterprise permitter in the wake of factors like BYOD and remote working.  

Find out more


Originating in the US, the NIST Cybersecurity Framework was created for private sector organisations but has seen heavy adoption by governments worldwide. NIST provides a solid framework for preventing, detecting, and responding to a range of the most common cyber attacks.

Find out more


A little different from the others on this list, MITRE ATT@CK is more of a knowledge base than a set framework. Based on real-world experience, it offers a series of matrices providing information on the most common attack tactics, and advice on addressing them. You can focus on any point of the cyber kill chain, or skip to specific targets and attack types to effectively create your own custom framework.

Find out more

Ready to take the next step? Get in touch with our expert and learn how Connectis can help you secure your business today.