I’ve been using the RINE-TOAD framework as a structure to provide security solutions (it’s a mnemonic I use to memorize the 8 security domains defined in CISSP). When creating a security solution or when providing input into a project that requires a security component we can use several frameworks: generally the right framework to use depends on the type of situation. In security these could be CISSP, SABSA, ISO27K, SANS, etc. Learning through experience will help you deploy the right framework. For a security problem you should use a security framework.


What not to use? Using a SWOT or PESTEL framework doesn’t make much sense for a security solution as these are more marketing/business focussed.