Since technology and, therefore, the security landscape, are constantly changing, your security provision needs to keep up. That means your top security people need a deep, nuanced understanding of your organization, including its goals, business processes, and culture. If your security people can understand what the organization really does all day, they can provide the kind of targeted, effective controls that will protect the organization well without getting in anyone's way. Even more importantly, they need to be able to explain the needs and benefits of these controls to key stakeholders simply and accurately. 

But you didn’t really come here for strategy. You want to know what these enterprise security frameworks are and what they can do for you. So here they are.

1. NIST Cybersecurity Framework 2.0

The National Institute of Standards and Technology's (NIST) framework was originally designed after an Obama administration Executive Order called for a new standard of cybersecurity for critical infrastructure entities via public and private sector collaboration. Version 1.0 specialized in protecting critical infrastructure, and version 2.0 expands that to include businesses, non-profits, and schools of all kinds and sizes.  

2. ISO/IEC 27001 & 27002

The International Organization for Standardization (ISO) is a framework that provides guidance for cyber risk management, privacy, and information security implementation. ISO certification is very much the gold standard for security frameworks. However, it’s expensive and unwieldy, and many feel the system is too slow to adapt to changing threat profiles. 

3. TOGAF

The 10th edition of The Open Group Architecture Framework (TOGAF) tries to blend proven, universal concepts and understanding of how cyber threats evolve with best practices in a variety of industries. It’s suitable for organizations of all sizes in the public, private, and defense sectors. 

4. SABSA

The Sherwood Applied Business Security Architecture (SABSA) is a family of highly related frameworks, each specializing in one or more aspects of cybersecurity and intended to be fully interoperable. The result is a process for piecing together your own security architecture that focuses on both the opportunities and risks your organization actually faces. 

5. CIS Controls 

TOGAF is architect-driven and focuses on helping you construct an enterprise security framework that supports both your stakeholders and your organization. After all, if key people feel that “security is a pain,” they won’t be very diligent about applying it. TOGAF comes as a core “TOGAF Fundamental Content” document, along with a wide range of TOGAF Series Guides, to help you adapt the core content to your niche. 

SABSA, on the other hand, is risk and opportunity-based. It’s designed to produce a security architecture that works, and that demonstrates exactly how it supports a few core business objectives. These sound very similar in intent, and indeed they are. But both processes can take you to very different places. 

To keep it simple, SABSA is more specific, targeted toward a security architecture. TOGAF is less specific, broader, and more focused on the enterprise as a whole.

Not Fun Fact: The trend of EDR tampering peaked in July 2024, as numerous ransomware groups and RAT malware families began including EDR bypass techniques. Over the year, EDR was targeted in 3.6% of all incidents.

There’s really no clear winner here. No one process, architecture, or framework is best for everyone. One size does not fit all, and never did. However, Huntress can help you choose the right approach for you and then help you implement it. 

Here's how you can start thinking of the problem, though:

Gap analysis  

Start by identifying the gaps in your current cybersecurity setup. This will tell you what kinds of strengths and expertise you need to develop or import. 

Control prioritization

This typically starts by prioritizing the gaps you've discovered. Once you know the most urgent problems, you can start addressing and remediating them in the right order. 

Ongoing measurement 

Measuring the success of an enterprise security framework is not one-and-done. The threats to your success never rest. They keep evolving, and your framework must do the same. So, it must be evaluated on a constant, rolling basis. Logging these measurements, such as with CIS 18 or NIST benchmarking, is a core component of some frameworks.

Board‑level reporting

Those measurements, once taken, must be reported to the person ultimately responsible for judging them and deciding on the next step.

Now that you’re considering taking the next step toward better cybersecurity, choosing an enterprise security framework, and creating a better cybersecurity system, Huntress is ready to help.