There are lots of frameworks to help you define, organize, implement, and improve security. Initiatives like the Control Objectives for Information and Related Technology (COBIT), the US National Institute of Standards and Technology (NIST) Cybersecurity Framework, and the International Organization for Standardization (ISO) 27K all provide frameworks to guide security program thinking. They are frameworks, because they provide extensive guidance on everything from funding to security incident response readiness.