COBIT
COBIT is a framework created by ISACA for information technology (IT) management and IT Governance. It is a supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks.
http://en.wikipedia.org/wiki/COBIT
The COBIT components include:
- Framework: Organize IT governance objectives and good practices by IT domains and processes, and links them to business requirements
- Process descriptions: A reference process model and common language for everyone in an organization. The processes map to responsibility areas of plan, build, run and monitor.
- Control objectives: Provide a complete set of high-level requirements to be considered by management for effective control of each IT process.
- Management guidelines: Help assign responsibility, agree on objectives, measure performance, and illustrate interrelationship with other processes
- Maturity models: Assess maturity and capability per process and helps to address gaps.
ISO/IEC27000
The ISO/IEC 27000-series (also known as the 'ISMS Family of Standards' or 'ISO27k' for short) comprises information security standards published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).
http://en.wikipedia.org/wiki/ISO/IEC_27000-series Published standards
- ISO/IEC 27000 — Information security management systems — Overview and vocabulary [1]
- ISO/IEC 27001 — Information security management systems — Requirements
- ISO/IEC 27002 — Code of practice for information security management
- ISO/IEC 27003 — Information security management system implementation guidance
- ISO/IEC 27004 — Information security management — Measurement
- ISO/IEC 27005 — Information security risk management
- ISO/IEC 27006 — Requirements for bodies providing audit and certification of information security management systems
SABSA
SABSA is a model and a methodology for developing risk-driven enterprise information security architectures and for delivering security infrastructure solutions that support critical business initiatives.
http://en.wikipedia.org/wiki/Sherwood_Applied_Business_Security_Architecture
The SABSA Matrix applies the what (Assets), why (motivation), how (process), who (people), where (location), and when (time) to the 6 layers contextual, conceptual, logical, physical, component, and operational.
The Open Group Architecture Framework (TOGAF®) is a framework for enterprise architecture which provides a comprehensive approach for designing, planning, implementation, and governance of enterprise information architecture.
http://en.wikipedia.org/wiki/The_Open_Group_Architecture_Framework
An architecture framework is a set of tools which can be used for developing a broad range of different architectures. It should:
- describe a method for defining an information system in terms of a set of building blocks
- show how the building blocks fit together
- contain a set of tools
- provide a common vocabulary
- include a list of recommended standards
- include a list of compliant products that can be used to implement the building blocks
No comments:
Post a Comment