ABSTRACT
Regulations, standards, and frameworks are terms that confuse even seasoned cybersecurity veterans. Many people call a control assessment a risk assessment. They are not the same. In this chapter, we will provide clarity to the similarities and the differences across regulations, standards, and frameworks while exploring the most commonly used cybersecurity control assessment frameworks.
