Security Program Development

Security Program Development

ISO/IEC 27000 Series : International standards on how to develop and maintain an ISMS developed by ISO and IEC.

Enterprise Architecture Development:

    1.     Zachman Framework : Model for the development of enterprise architectures developed by John Zachman.
    2.     TOGAF : Model and methodology for the development of enterprise architectures developed by The Open Group.
    3.     DoDAF : U.S. Department of Defense architecture framework that ensures interoperability of systems to meet military mission goals.
    4.     MODAF : Architecture framework used mainly in military support missions developed by the British Minsitry of Defence.
    5.     SABSA Model : Model and methodology for the development of information security enterprise architectures.
          
      Security Controls Development:

        1.     COBIT 5 : A business framework to allow for IT enterprise management and governance that was developed by Information Systems Audit and  Control Association (ISACA).
        2.     NIST SP 800-53 : Set of controls to protect U.S. federal systems developed by the National Institute of Standards and Technology.
        3.     COSO Internal Control-Integrated Framework : Set of internal corporate controls to help reduce the risk of financial fraud developed by the committee of Sponsoring Organizations (COSO) if the Treadway Commission.

          Process Management Development:

            1.     ITIL : Processes to allow for IT Service management developed by the United Kingdom's Office of Government Commerce.
            2.     Six Sigma : Business management strategy that can be used to carry out the process improvement.
            3.     Capability Maturity Model Integration (CMMI) : Organizational development for process improvement developed by Carnegie Mellon University. (I.R.D.M.O) - Initial, Repeatable, Defined, Managed, Optimized

                  
              ISO/IEC 27000 Series
                1.     ISO/IEC 27000 Overview and vocabulary
                2.     ISO/IEC 27001 ISMS requirements
                3.     ISO/IEC 27002 Code of practice for information security management
                4.     ISO/IEC 27003 ISMS implementation
                5.     ISO/IEC 27004 ISMS measurement
                6.     ISO/IEC 27005 Risk Management
                7.     ISO/IEC 27006 Certification body requirements
                8.     ISO/IEC 27007 ISMS auditing
                9.     ISO/IEC 27008 Guidance for auditors
                10.     ISO/IEC 27011 Telecommunications organizations
                11.     ISO/IEC 27014 Information security governance
                12.     ISO/IEC 27015 Financial sector
                13.     ISO/IEC 27031 Business continuity
                14.     ISO/IEC 27032 Cybersecurity
                15.     ISO/IEC 27033 Network security
                16.     ISO/IEC 27034 Application security
                17.     ISO/IEC 27035 Incident management
                18.     ISO/IEC 27037 Digital evidence collection and preservation
                19.     ISO/IEC 27799 Health organizations

                Comments

                Popular posts from this blog

                OIM 11g R2 PS2 : SOA Approval Workflow Sample

                OHS 12c (12.1.3) webgate deployment and configuration

                Oracle Identity Manager (OIM) Interview Questions