ABSTRACT
This chapter provides a comparative assessment of existing models and frameworks for cybersecurity. The aim is to relate the practice of risk management within the larger collection of standard processes that have been developed to implement organizational cybersecurity. Risk control is an important aspect of ensuring organization-wide security. However, the risk management process is only one element of the potential set of standardized processes that might be utilized in a
secure organization, as shown in Figure 2.1. Other generic areas include secure access control models, such as the Bell-LaPadula Model and the Biba Integrity Model, or the strategic policy and procedure infrastructure frameworks, such as the International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 27000 family of Information Security Management Systems standards. Additionally, there are focused area-specific models such as the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework 2.0, and the NIST Framework for Improving Critical Infrastructure Cybersecurity (NIST CSF).
