A Framework is a structure usually used to solve complex issues.
An information security Framework is a specification of a model to be followed during the design, selection, and initial and ongoing implementation of all subsequent security controls, including information security policies, security education, and training.
Information Security Framework is set of agreed policies that is made by top officials and information security experts which contain the procedure of how insecurity issues can be lowered by outlining major issues that must be taken care of. It enable security agent(s) to have more cognitive and intelligent about the security situation of an organization.
