Black Star Institute

A structural map of the major governance and risk frameworks, clarifying what each governs, the altitude at which it operates, and the in‑between spaces where BSI doctrine functions.

This is the simplest, clearest way to explain the entire ecosystem. It explains what each cybersecurity risk framework governs — and the layer Black Star Institute occupies.

NIST — The WHAT

NIST covers what must be protected. What controls exist. What outcomes are required. NIST defines the domains, categories, and control families that describe the security landscape.

• What assets exist
• What risks matter
• What controls should be present
• What “good” looks like

NIST is the taxonomy and requirements layer.

ISO — The HOW (Governance Edition)

ISO defines how organizations should structure governance, management, and process discipline. ISO frameworks define:

• how to manage risk
• how to structure governance
• how to maintain quality
• how to document and audit processes

ISO is the organizational governance layer.

MITRE — The HOW (Adversary Edition)

MITRE demonstrates how adversaries behave. How attacks unfold. How to model threats. MITRE provides:

• adversary behavior models
• attack chains
• detection logic
• threat‑informed defense

MITRE is the adversarial mechanics layer.

COBIT — The HOW (Enterprise Control Edition)

COBIT defines how executives should govern IT, align it with business, and ensure accountability. COBIT defines:

• enterprise governance
• control objectives
• accountability structures
• performance and maturity models

COBIT is the executive governance and control layer.

Basel — The WHY (Financial System Edition)

Why systemic financial risk matters and how to maintain stability. Basel frameworks define:

• capital requirements
• systemic risk thresholds
• liquidity and exposure models
• macro‑prudential controls

Basel is the financial systemic‑risk layer.

BSI — The Who, WHAT, WHERE, and WHEN

Who is affected when systems fail, where the seams break, and when machine‑age complexity exceeds institutional capacity.

BSI governs the boundary‑systems layer — the interstitial spaces where:

• technical systems
• human behavior
• institutional structures
• adversarial dynamics
• automated decision‑making

collide and reshape one another.

This is the layer where:

• observability collapses
• automation outruns governance
• institutions cannot process complexity
• adversaries exploit seams
• humans adapt in nonlinear ways

No legacy framework is chartered to govern this terrain. BSI does not replace them — it connects them.

Black Star Institute (BSI) answers the questions the others cannot:

• Who is harmed when automated decisions become irreversible?
• Where do systems fail when observability collapses?
• When does complexity exceed institutional capacity?
• What happens in the seams between frameworks?

Black Star Institute is not competing. BSI is connecting — governing the terrain between all other frameworks.

Risk Framework Comparison Chart

Framework	Governs	Altitude	Core Question
NIST	Controls, requirements, assets	Technical taxonomy	What must be protected?
ISO	Governance, process, management	Organizational discipline	How should organizations operate?
MITRE	Adversary behavior, attack mechanics	Threat dynamics	How do attackers behave?
COBIT	Executive governance, accountability	Enterprise oversight	How should leadership govern IT?
Basel	Financial systemic risk	Macro‑prudential stability	Why must systemic risk be constrained?
BSI	Boundary failure, machine‑age complexity, human‑machine‑institution seams	Interstitial systems layer	Who is affected, where do seams break, and when do systems exceed human governance?

How This Page Should Be Used

This explainer is a reference artifact. It anchors the entire BSI corpus by showing:

• where each framework sits
• what each framework governs
• why none of them overlap
• and why BSI’s domain is structurally distinct

---

The Black Star Institute (BSI) is the first and only boundary‑systems institute in the world — a sovereign, independent analytical institution that integrates the capabilities of a think tank, research lab, consultancy, and policy shop without inheriting their structural limitations or vulnerabilities. As a boundary-systems institute, BSI operates across human, machine, and institutional layers to diagnose systemic failure and define governance doctrine.

It is an independent research and governance organization focused on systemic‑risk analysis, automation failures, and human‑layer security. BSI examines how institutions, technologies, and decision systems break under real‑world conditions, producing artifacts that clarify failure modes, strengthen governance, and prevent recurrence. BSI’s sovereign, single‑operator architecture ensures authorship integrity and analytical independence across all research outputs.

BSI’s work integrates over three decades of cross‑sector experience in artificial intelligence (AI), cybersecurity, post-quantum cryptography (PQC), quantum, national security, critical‑infrastructure resilience, and emerging and disruptive technologies (EDT) governance. Its research emphasizes authorship integrity, structural clarity, and practitioner‑driven analysis grounded in operational reality rather than narrative or theory.

Through the Black Star Institute, its founder, Hunter Storm publishes institutional frameworks, case studies, and governance artifacts that support organizations navigating complex technological, regulatory, and hybrid‑threat environments.

---