Frameworks, Standards, and Models Flashcards
ISO 27005
Risk Management Framework
ISO 15288
Systems engineering standard covering processes and life cycle stages
ISO 15408
Common Criteria
ISO 27002
Framework for security controls
ISO 27001
Standard for ISMS
COBIT
IT Security Best Practices
Fraud Prevention Framework
COSO
COSO
Risk Management controls framework
COBIT 5
5 key principles for governance and management of enterprise IT
ISO 9000 series
Quality management techniques
SOC 1
Internal controls over financial reporting
SOC 2
Technical assessment
SOC 2 evaluates
CIA
Privacy
Security
Which SOC report is public?
SOC 3
SOC 2 Type 1
Evaluates design of security controls at a point in time
SOC 2 Type 2
Assesses control effectiveness over a period of time (3-6 months)
TSP/TSC
SOC 2
SOC X Type 1
Design
SOC X Type 2
Testing of controls
SOC evaluates
Trusted Service Principles
TCSEC only recognized in…
the US
ITSEC is recognized in…
Europe only
Regionalized product evaluation models (2)
ITSEC
TCSEC
Zachman framework
Give holistic view of the enterprise.
Understand complex architecture
SABSA
Risk driven security architecture
CMMI
Process
ISO 21827
CMMI
CMMI 1-2
Reactive
CMMI 2-3
Biggest jump
CMMI 3-5
Proactive
Service mark
Type of trademark
Key word for CMMI
Appraisal (not certification)
