In today’s digital age, cybersecurity has become a critical concern for organizations of all sizes. For enterprise architects, developing and implementing robust cybersecurity frameworks is essential to ensure compliance with regulatory requirements, and safeguard the integrity of IT systems. According to global data breaches, in 2024 there were more than 35 billion known records breached so far in 9,478 publicly disclosed incidents.
Enterprise architects use cybersecurity frameworks to provide a structured approach to managing risks, identifying vulnerabilities, and establishing protocols for incident response. Popular cybersecurity frameworks include NIST, SABSA, Essential Eight, COBIT and TOGAF.
What are cybersecurity frameworks?
Cybersecurity frameworks provide guidelines and standards which help organizations manage and reduce security risks. They provide a systematic approach for identifying, protecting, detecting, responding to, and recovering from cyber threats. These frameworks focus on security policies and procedures, technical controls, risk management, regulatory compliance, incident response and adaptation to emerging threats.
Which are the popular cybersecurity frameworks?
NIST 2.0
NIST Cyber Security Framework (CSF) was developed by the US National Institute of Standards and Technology. Version 1.0 was released in 2014 and Version 2.0 in early 2024. The NIST framework provides a set of guidelines and a flexible, risk-focused approach to cybersecurity which can be customized for each specific enterprise.
NIST CSF 2.0 is designed to assist organizations of any size and sector including government, healthcare, finance, and energy. Gartner has estimated that over 50 per cent of organizations already use NIST. In the ABACUS enterprise architecture tool, NIST CSF 2.0 is available alongside a wide range of standards and frameworks.
Below is an ABACUS dashboard showing a NIST CSF current state view:
Watch our 5-min guide for an overview of the NIST cybersecurity framework.
NIST for Enterprise and Security Architects
SABSA
SABSA stands for Sherwood Applied Business Security Architecture. The SABSA framework offers a structured approach to tackling complex security concerns and provides guidance for aligning architecture with business value. It integrates well with TOGAF, ArchiMate and ITIL.
More about the benefits of SABSA
Essential Eight
The Essential Eight cybersecurity framework was developed by Australian Cyber Security Centre (ACSC). It is designed to help organizations in protecting themselves against cyber threats.
Essential Eight offers a streamlined approach to cybersecurity by focusing on a focused set of preventative measures and mitigation strategies. Its targeted approach makes it easier for organizations to implement and maintain. Essential Eight is built around 8 Categories and 29 Controls (while NIST features 108 Mitigation Strategy Categories and 1,177 Security Controls).
Implementing Essential Eight with Your Enterprise Architecture
COBIT
COBIT was developed by professional membership organization ISACA and it is one of the most widely used IT management frameworks. It assists professionals with the the challenges they encounter in aligning IT goals with broader business objectives while ensuring efficient risk management, regulatory compliance, and value creation. The framework offers a holistic perspective on governance and management within the IT domain, helping organizations balance IT-related risks and benefits.
COBIT 2019 is available in ABACUS
TOGAF 10
The Open Group Architecture Framework (TOGAF) is the most widely used enterprise architecture framework. It provides a common language and methodology for Enterprise Architecture, Business Architecture, Information Systems Architecture and Technology Architecture. TOGAF includes security concepts throughout its Architecture Development Method (ADM). This allows organizations to integrate security into their overall enterprise architecture planning.
Which cybersecurity framework to use
Each cybersecurity framework offers unique strengths and focuses on different aspects of security and architecture.
The optimal choice will depend on your organization’s specific needs and maturity level. Consider factors such as industry regulations, organizational size, existing security practices and the skills and experience of your team. Ask yourself whether a combination of frameworks might provide the most effective approach.
Additional considerations when selecting a framework may include:
- Alignment with business objectives
- Scalability and adaptability
- Integration with existing processes and tools
- Level of detail and specificity
- Support and resources available
How to use and implement cybersecurity frameworks
Frameworks are popular because they offer built-in templates and best practices which help organisations to be better positioned to respond to cybersecurity threats.
With ABACUS, Architects can select and customize or combine EA standards, frameworks and metamodels using simple “right-click” and “drag-and-drop” commands.
By integrating cybersecurity into enterprise architecture, businesses can fortify their infrastructure against cyber threats, bolstering overall security, ensuring business continuity, and fostering stakeholder trust.