click below
click below
Normal Size Small Size show me how
Stds, BstPrac, Frmwr
Standards, Best Practices and Frameworks
Term | Definition |
---|---|
ISO/IEC 27000 series | International standards on how to develop and maintain an (ISMS). Goal to provide guidance to organizations on how to design, implement, and maintain policies, processes, and technologies to manage risks to sensitive information assets. |
Zachman Framework | Model for the development of enterprise architectures. Uses a two dimensional model that uses 6 basis communication interrogatives (What, How, Where, Who, When, and Why) to give a holistic understanding of the enterprise. |
TOGAF (The Open Group Architecture Framework) | Has origins in the DOD. Provides an approach to design, implement, and govern an enterprise information architecture |
DoDAF | U.S. Department of defense architecture framework that ensures that all systems, processes, and personnel work in a concerted effort to accomplish its mission. |
MODAF | Architecture framework used mainly in military support missions developed by the British Ministry of Defense |
SABSA model | Framework and methodology for enterprise security architecture and service management. Outline the questions What, Why, How, Where and When. |
COBIT | A good-practice framework created by ISACA for information technology management and IT governance. provides an implementable "set of controls over information technology and organizes them around a logical framework of IT-related processes and enablers." |
NIST SP 800-53 | "Security and privacy controls for Federal Information Systems and Organizations" which outlines controls that agencies need to put into place to be compliant with FISMA |
COSO IC | Set of internal corporate controls to help reduce the risk of financial fraud. it is a model for corporate governance. deal with corporate culture, financial accounting, BofD responsibilities, and internal communication structures. |
ITIL | Developed by the UK Governments CCTA in the 1980s. A library of volumes describing a framework of best practices for delivering IT services. |
Six Sigma | Business management strategy that can be used to carry out process improvement |
Capability Maturity Model Integration (CMMI) | Comprehensive, integrated set of guidelines for developing products and software. Has five maturity levels - Initial, Repeatable, Defined, Managed, Optimized |
NIST SP 800-88 Revision 1 | Guidelines for Media Sanitization, decribes the best practices for combating data remanence |
NIST SP 800-53A | Best practices in conducting security and privacy assessments in Federal Information Systems and Organizations. |
NIST SP 800-14 | Provides perspective at the organiztional level for creating new systems, policies or practices. |
NIST SP 800-27 Rev | Provides a structured approach to designing, developing and implementing IT security. |
Sarbanes Oxley (SOX) | Known as the "Public Company Accounting Reform and Investor Protection Act" (in the Senate) and "Corporate and Auditing Accountability, Responsibility, and Transparency Act |
ISO/IEC 27005 | Risk Management |
ISO/IEC 27001 | ISMS Requirements |
ISO/IEC 27002 | Code of practice for information security management |
OCTAVE | Security framework for determining risk level and planning defenses against cyber assaults. Leverages the experience and expertise of people within the organization. |
NIST SP 800-122 | Document to assist Federal agencies in protecting the confidentiality of PII in information systems. Explains the importance of protecting the confidentiality of PII in the context of IS and explains its relationship to privacy |
ISO/IEC 42010 | Goal of internationally standardizing the use of system architecture. A disciplined approach to system architecture allows for better quality, interoperability, extensibility, portability and security |