Chapter 1 Flashcards
Name 5 architecture frameworks
- Zachmann (what/where/when/who in columns and system archtectes, business managers etc in rows)
- TOGAF - views of business , application, technology, data
- DoDAF - systems, processes, personnel in concerted manner
- MoDAF - data in right format to right people
- SABSA - Assets, motivation, people, process, location and time in columns (similar to zachmann)
For an enterprise security architecture to be successful in development and implementation
- Strategic alignment
- Business enablment
- Process enhancement
- Security effectiveness
What are the principles that COBIT is based on
- End to end enterprise coverage
- Single integrated framework
- Holistic approach
- Separating governance from management
How many goals does COBIT have
17 enterprise goals
17 IT related goals
What does COBIT ask?
Simple question – “Why are we doing this”. This should lead to an IT Goal that is tied to an enterprise goal that is tied to a stakeholder need
What is the misconception with COBIT
It is a misconception that COBIT is purely security focussed
What does NIST 800-53 provide
Security and Privacy controls for federal information systems and organisation
How many control categories does NIST have
18 control categories, categorised into (MOT)
Management,
Operational and
Technical
How is COSO - IC Integrated Framework majorly different?
It works at strategic level instead of IT
Deals with fraud through corporate governance
How many and what are the control principles in COSO IC Integrated Framework?
17 internal control principles, grouped into 5 components
- Control environment
- Risk Assesment
- Control Activities
- Information and communication
- Monitoring activities
SOX is based on which security controls framework
COSO IC Integrated framework
What is the difference between NIST 800-53/COBIT etc and Zachmann/SABSA
former are security controls, later are enterprise architectures
CMMI Level 0
Non existent management
CMMI Level 1
Unpredictable processes
CMMI Level 2
Repeatable processes
CMMI Level 3
Defined processes
CMMI Level 4
Managed Processes
CMMI Level 5
Optimised processes
ISO 27001
ISMS requirements
27002
Code of practice for information security management
27003
ISMS implementation
27004
ISMS measurement
27005
Risk Management
27006
Certification body requirements