Tuesday, October 4, 2016

Security Program Development

Security Program Development

ISO/IEC 27000 Series : International standards on how to develop and maintain an ISMS developed by ISO and IEC.

Enterprise Architecture Development:

  1.     Zachman Framework : Model for the development of enterprise architectures developed by John Zachman.
  2.     TOGAF : Model and methodology for the development of enterprise architectures developed by The Open Group.
  3.     DoDAF : U.S. Department of Defense architecture framework that ensures interoperability of systems to meet military mission goals.
  4.     MODAF : Architecture framework used mainly in military support missions developed by the British Minsitry of Defence.
  5.     SABSA Model : Model and methodology for the development of information security enterprise architectures.
   
Security Controls Development:

  1.     COBIT 5 : A business framework to allow for IT enterprise management and governance that was developed by Information Systems Audit and  Control Association (ISACA).
  2.     NIST SP 800-53 : Set of controls to protect U.S. federal systems developed by the National Institute of Standards and Technology.
  3.     COSO Internal Control-Integrated Framework : Set of internal corporate controls to help reduce the risk of financial fraud developed by the committee of Sponsoring Organizations (COSO) if the Treadway Commission.

Process Management Development:

  1.     ITIL : Processes to allow for IT Service management developed by the United Kingdom's Office of Government Commerce.
  2.     Six Sigma : Business management strategy that can be used to carry out the process improvement.
  3.     Capability Maturity Model Integration (CMMI) : Organizational development for process improvement developed by Carnegie Mellon University. (I.R.D.M.O) - Initial, Repeatable, Defined, Managed, Optimized

   
ISO/IEC 27000 Series
  1.     ISO/IEC 27000 Overview and vocabulary
  2.     ISO/IEC 27001 ISMS requirements
  3.     ISO/IEC 27002 Code of practice for information security management
  4.     ISO/IEC 27003 ISMS implementation
  5.     ISO/IEC 27004 ISMS measurement
  6.     ISO/IEC 27005 Risk Management
  7.     ISO/IEC 27006 Certification body requirements
  8.     ISO/IEC 27007 ISMS auditing
  9.     ISO/IEC 27008 Guidance for auditors
  10.     ISO/IEC 27011 Telecommunications organizations
  11.     ISO/IEC 27014 Information security governance
  12.     ISO/IEC 27015 Financial sector
  13.     ISO/IEC 27031 Business continuity
  14.     ISO/IEC 27032 Cybersecurity
  15.     ISO/IEC 27033 Network security
  16.     ISO/IEC 27034 Application security
  17.     ISO/IEC 27035 Incident management
  18.     ISO/IEC 27037 Digital evidence collection and preservation
  19.     ISO/IEC 27799 Health organizations