Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
17 Cards in this Set
- Front
- Back
|
British Standard 7799 (BS7799)
|
was developed in 1995 by the United Kingdom government’s Department of Trade and Industry and published by the British Standards Institution. The standard outlines how an information security management system (ISMS) (aka security program) should be built and maintained. The goal was to provide guidance to organizations on how to design, implement, and maintain policies, processes, and technologies to manage risks to its sensitive information assets.
|
|
|
ISO/IEC 27000
|
Overview and vocabulary (ISO/IEC)
|
|
|
ISO/IEC 27001
|
ISMS requirements (ISO/IEC)
|
|
|
ISO/IEC 27002
|
Code of practice for information security management (ISO/IEC)
|
|
|
ISO/IEC 27003
|
Guideline for ISMS implementation (ISO/IEC)
|
|
|
ISO/IEC 27004
|
Guideline for information security management
measurement and metrics framework (ISO/IEC) |
|
|
ISO/IEC 27005
|
Guideline for information security risk management (ISO/IEC)
|
|
|
ISO/IEC 27006
|
Guidelines for bodies providing audit and certification of
information security management systems (ISO/IEC) |
|
|
ISO/IEC 27011
|
Information security management guidelines for
telecommunications organizations (ISO/IEC) |
|
|
ISO/IEC 27031
|
Guideline for information and communications technology readiness for business continuity (ISO/IEC)
|
|
|
ISO/IEC 27033-1
|
Guideline for network security (ISO/IEC)
|
|
|
ISO 27799
|
Guideline for information security management in health
organizations (ISO/IEC) |
|
|
Zachman framework
|
is a two-dimensional model that uses six basic communication interrogatives (What, How, Where, Who, When, and Why) intersecting with different
viewpoints (Planner, Owner, Designer, Builder, Implementer, and Worker) to give a holistic understanding of the enterprise. |
|
|
The Open Group Architecture Framework
(TOGAF) |
a framework that can be used to develop the following architecture types:
Business Architecture, Data Architecture Applications Architecture, Technology Architecture Uses Architecture Development Method (ADM), which is an iterative and cyclic process that allows requirements to be continuously reviewed and the individual architectures updated as needed. |
|
|
Department of Defense Architecture Framework (DoDAF)
|
focus of this architecture framework is on command, control, communications, computers,
intelligence, surveillance, and reconnaissance systems and processes. Emphasis on interoperability |
|
|
British Ministry of Defence Architecture Framework (MODAF)
|
The crux of the framework
is to be able to get data in the right format to the right people as soon as possible. Modern warfare is complex, and activities happen fast, which requires personnel and systems to be more adaptable than ever before. Data needs to be captured and properly presented so that decision makers understand complex issues quickly, which allows for fast and hopefully accurate decisions. |
|
|
Sherwood Applied Business Security Architecture (SABSA)
|
Similar to the Zachman model.
Layered model with its first layer defining business requirements from a security perspective. Each layer of the model decreases in abstraction and increases in detail so it builds upon the others and moves from policy to practical implementation of technology and solutions. The idea is to provide a chain of traceability through the strategic, conceptual, design, implementation, and metric and auditing levels. |
