• National Vulnerabilities Database (NVD) published by NIST provides the framework for searching for known vulnerabilities. https://nvd.nist.gov/

• The National Institute of Standards and Technology (NIST) Cybersecurity Framework (https://nist.gov/cyberframework) is a relatively new addition to the IT governance space and distinct from other frameworks by focusing exclusively on IT security, rather than IT service provision more generally. It is developed for a US audience and focuses particularly on US government, but its recommendations can be adapted for other countries and types of organizations.

• The International Organization for Standardization (ISO) has produced a cybersecurity framework in conjunction with the International Electrotechnical Commission (IEC). The framework was established in 2005 and revised in 2013. Unlike the NIST framework, ISO 27001 must be purchased (https://iso.org/standard/54534.html.) ISO 27001 is part of an overall 27000 series of information security standards.

• The Sherwood Applied Business Security Architecture (SABSA) maintained by the SABSA Institute (https://sabsa.org), is a methodology for providing information assurance aligned to business needs and driven by risk analysis. The SABSA methodology is designed to be applicable to different types of organizations and scalable for use on small-scale projects through to providing overarching enterprise information assurance. The methodology is applied using a lifecycle model of strategy/planning, design, implementation, and management/measurement.

• The Control Objectives for Information and Related Technologies (COBIT) is an overall IT governance framework with security as a core component. The framework was first published in 1996 and version 5 was released in 2012. COBIT is published by ISACA and like the ISO is a commercial product, available through APMG International (https://apmg-international.com/pro