click below
click below
Normal Size Small Size show me how
Security Governance
Final Copy of security governance principles.
Term | Definition |
---|---|
PCI-DSS | Payment Card Industry Data Security Standard |
OCTAVE(operationally Critical Threat, Asset, and Vulnerability Evaluation | Self Directed Risk Management |
COBIT(Control Objectives for information and related Technology) | Goals for IT - Stakeholder needs are mapped down to IT related goals |
COSO (Committee Of Sponsoring Organizations) | Goals for the entire organization |
ITIL (Information Technology Infrastructure Library) | IT Service Management(ITSM) |
FRAP (Facilitated Risk Analysis Process. | Analyses one business unit, application or system at a time in a roundtable brainstorm with internal employees, Impact analyzed, threats and risks prioritized. |
ISO 27001 | : Establish, implement, control and improvement of the ISIM. Uses PDCA(Plan Do Check Act) |
ISO 27002 | from BS 7799, ISO 17799. provides practicle advice on how to implement security controls. |
ISO 27004 | provides metrics for measuring the success of your ISMS |
ISO 27005 | Standards based approach to risk management |
ISO 27799 | Directives on how to protect PHI |