Save
Busy. Please wait.
Log in with Clever
or
show password
Forgot Password?
Don't have an account?  Sign up 
Sign up using Clever
or
Username is available taken
show password


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account. Your email address is only used to allow you to reset your password. See our Privacy Policy and Terms of Service.

Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.
focusNode
Didn't know it?
click below
 
Knew it?
click below
Don't Know
Remaining cards (0)
Know
0:00
edit
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

Stds, BstPrac, Frmwr

Standards, Best Practices and Frameworks

TermDefinition
ISO/IEC 27000 series International standards on how to develop and maintain an (ISMS). Goal to provide guidance to organizations on how to design, implement, and maintain policies, processes, and technologies to manage risks to sensitive information assets.
Zachman Framework Model for the development of enterprise architectures. Uses a two dimensional model that uses 6 basis communication interrogatives (What, How, Where, Who, When, and Why) to give a holistic understanding of the enterprise.
TOGAF (The Open Group Architecture Framework) Has origins in the DOD. Provides an approach to design, implement, and govern an enterprise information architecture
DoDAF U.S. Department of defense architecture framework that ensures that all systems, processes, and personnel work in a concerted effort to accomplish its mission.
MODAF Architecture framework used mainly in military support missions developed by the British Ministry of Defense
SABSA model Framework and methodology for enterprise security architecture and service management. Outline the questions What, Why, How, Where and When.
COBIT A good-practice framework created by ISACA for information technology management and IT governance. provides an implementable "set of controls over information technology and organizes them around a logical framework of IT-related processes and enablers."
NIST SP 800-53 "Security and privacy controls for Federal Information Systems and Organizations" which outlines controls that agencies need to put into place to be compliant with FISMA
COSO IC Set of internal corporate controls to help reduce the risk of financial fraud. it is a model for corporate governance. deal with corporate culture, financial accounting, BofD responsibilities, and internal communication structures.
ITIL Developed by the UK Governments CCTA in the 1980s. A library of volumes describing a framework of best practices for delivering IT services.
Six Sigma Business management strategy that can be used to carry out process improvement
Capability Maturity Model Integration (CMMI) Comprehensive, integrated set of guidelines for developing products and software. Has five maturity levels - Initial, Repeatable, Defined, Managed, Optimized
NIST SP 800-88 Revision 1 Guidelines for Media Sanitization, decribes the best practices for combating data remanence
NIST SP 800-53A Best practices in conducting security and privacy assessments in Federal Information Systems and Organizations.
NIST SP 800-14 Provides perspective at the organiztional level for creating new systems, policies or practices.
NIST SP 800-27 Rev Provides a structured approach to designing, developing and implementing IT security.
Sarbanes Oxley (SOX) Known as the "Public Company Accounting Reform and Investor Protection Act" (in the Senate) and "Corporate and Auditing Accountability, Responsibility, and Transparency Act
ISO/IEC 27005 Risk Management
ISO/IEC 27001 ISMS Requirements
ISO/IEC 27002 Code of practice for information security management
OCTAVE Security framework for determining risk level and planning defenses against cyber assaults. Leverages the experience and expertise of people within the organization.
NIST SP 800-122 Document to assist Federal agencies in protecting the confidentiality of PII in information systems. Explains the importance of protecting the confidentiality of PII in the context of IS and explains its relationship to privacy
ISO/IEC 42010 Goal of internationally standardizing the use of system architecture. A disciplined approach to system architecture allows for better quality, interoperability, extensibility, portability and security
Created by: Dks0512
Popular Computers sets

 

 



Voices

Use these flashcards to help memorize information. Look at the large card and try to recall what is on the other side. Then click the card to flip it. If you knew the answer, click the green Know box. Otherwise, click the red Don't know box.

When you've placed seven or more cards in the Don't know box, click "retry" to try those cards again.

If you've accidentally put the card in the wrong box, just click on the card to take it out of the box.

You can also use your keyboard to move the cards as follows:

If you are logged in to your account, this website will remember which cards you know and don't know so that they are in the same box the next time you log in.

When you need a break, try one of the other activities listed below the flashcards like Matching, Snowman, or Hungry Bug. Although it may feel like you're playing a game, your brain is still making more connections with the information to help you out.

To see how well you know the information, try the Quiz or Test activity.

Pass complete!
"Know" box contains:
Time elapsed:
Retries:
restart all cards