The Frameworks
NIST
The NIST Framework was created through a collaboration between industry and government in the US to promote and manage cyber security related risk for the protection of critical infrastructure through a prioritised, flexible, repeatable and cost-effective Framework approach.
It has been adopted on a global basis, helping organisations to manage and reduce risks, fostering risk and cyber security management communications amongst internal and external organisational stakeholders. It is a Framework that applies to all organisations irrespective of their size, and expected to be particularly pertinent for offshore Regulated entities.
ISO27001
ISO/IEC 27001:2013, better known as ISO27001, is the international Standard that sets out the specification for an information security management system (ISMS). Its best-practice approach helps organisations manage their information security by addressing people and processes as well as technology.
The Standard helps organisations to select adequate and proportionate security controls to help protect information assets in line with increasingly rigid regulatory requirements ie. GDPR.