Below are the most widely used cybersecurity frameworks and organizations, grouped by purpose.

---

1. Application Security & Web Security

OWASP

Open Web Application Security Project Focus: Application security.

Key resources:

• OWASP Top 10
• ASVS
• Testing Guide
• Top 10 for LLM Applications

Used heavily by security engineers, QA, and DevSecOps teams.

---

2. Threat Modeling Frameworks

STRIDE (by Microsoft)

Threat classification model:

• Spoofing
• Tampering
• Repudiation
• Information Disclosure
• Denial of Service
• Elevation of Privilege

Used during architecture design.

---

PASTA

Process for Attack Simulation and Threat Analysis Risk driven, attacker focused model.

---

LINDDUN

Privacy focused threat modeling framework.

---

3. National & International Standards Bodies

NIST

National Institute of Standards and Technology

Key frameworks:

• NIST Cybersecurity Framework
• NIST SP 800-53
• Risk Management Framework

Used by enterprises and governments.

---

ISO / IEC

Standards:

• ISO/IEC 27001
• ISO 27002
• ISO 27005

Certification driven security governance.

---

4. Enterprise Risk & Governance

ISACA

Frameworks:

• COBIT
• CRISC guidance

Focus: Governance, audit, and risk management.

---

CIS

CIS Controls CIS Benchmarks

Very practical hardening guidance.

---

5. Incident & Threat Intelligence

MITRE – ATT&CK Framework

Knowledge base of attacker tactics and techniques.

Used for:

• Detection engineering
• Red teaming
• SOC maturity

---

FIRST

Incident response collaboration community.

---

6. Cloud Security

Cloud Security Alliance

CSA Cloud Controls Matrix STAR certification

---

7. Payment & Industry Specific

PCI Security Standards Council

PCI DSS Required for payment processing.

---

8. DevSecOps & Secure SDLC

• OWASP SAMM
• BSIMM
• Microsoft SDL

---

Quick Comparison