ISO/IEC 27000 Series : International standards on how to develop and maintain an ISMS developed by ISO and IEC.
Enterprise Architecture Development:
- Zachman Framework : Model for the development of enterprise architectures developed by John Zachman.
- TOGAF : Model and methodology for the development of enterprise architectures developed by The Open Group.
- DoDAF : U.S. Department of Defense architecture framework that ensures interoperability of systems to meet military mission goals.
- MODAF : Architecture framework used mainly in military support missions developed by the British Minsitry of Defence.
- SABSA Model : Model and methodology for the development of information security enterprise architectures.
Security Controls Development:
- COBIT 5 : A business framework to allow for IT enterprise management and governance that was developed by Information Systems Audit and Control Association (ISACA).
- NIST SP 800-53 : Set of controls to protect U.S. federal systems developed by the National Institute of Standards and Technology.
- COSO Internal Control-Integrated Framework : Set of internal corporate controls to help reduce the risk of financial fraud developed by the committee of Sponsoring Organizations (COSO) if the Treadway Commission.
Process Management Development:
- ITIL : Processes to allow for IT Service management developed by the United Kingdom's Office of Government Commerce.
- Six Sigma : Business management strategy that can be used to carry out the process improvement.
- Capability Maturity Model Integration (CMMI) : Organizational development for process improvement developed by Carnegie Mellon University. (I.R.D.M.O) - Initial, Repeatable, Defined, Managed, Optimized
ISO/IEC 27000 Series
- ISO/IEC 27000 Overview and vocabulary
- ISO/IEC 27001 ISMS requirements
- ISO/IEC 27002 Code of practice for information security management
- ISO/IEC 27003 ISMS implementation
- ISO/IEC 27004 ISMS measurement
- ISO/IEC 27005 Risk Management
- ISO/IEC 27006 Certification body requirements
- ISO/IEC 27007 ISMS auditing
- ISO/IEC 27008 Guidance for auditors
- ISO/IEC 27011 Telecommunications organizations
- ISO/IEC 27014 Information security governance
- ISO/IEC 27015 Financial sector
- ISO/IEC 27031 Business continuity
- ISO/IEC 27032 Cybersecurity
- ISO/IEC 27033 Network security
- ISO/IEC 27034 Application security
- ISO/IEC 27035 Incident management
- ISO/IEC 27037 Digital evidence collection and preservation
- ISO/IEC 27799 Health organizations