October 2022
Intermediate to advanced
398 pages
14h 14m
English
The terms standard and framework have distinct differences and should not be used interchangeably. A standard is typically more rigid than a framework. A standard will typically outline a specific way of achieving a control objective. For example, a standard may say an application must use a complex password of at least eight characters.
A framework tends to provide broad guidance and allows flexibility on how to achieve the control objectives. A framework is designed to be applied across multiple situations and allows for more judgment. Part of the intent of a framework is to ensure that all core risk topics are considered and appropriately applied. For example, a framework may say that administrative ...
Read now
Unlock full access