Standards & Control Frameworks Flashcards
Explain FMEA
Failure Mode and Effect Analysis
Functions>Function Failures>Assess Failures>Failure Effects
Simple Systems
Explain COSO
Developed by Committee of Sponsoring Organizations of the Treadway Commission
Reduce the risk of Financial Fraud
Corporate Governance
Explain CMMI
Capability Maturity Model Integration
Process Improvement Model
Explain Octave
Operationally Critical Threat, Asset, and Vulnerability Evaluation
Developed by Carnegie Mellon University
People inside the organization, assisted by a workshop facilitator, conduct the assessment
Wide Scope
Three Phases:
Identifies Staff Knowledge, Assets, & Threats
Identifies Vulnerabilities & Evaluates Safeguards
Conducts Risk Analysis
Explain Cobit
Control OBjectives for Information and related Technology Developed by ISACA (Information Systems Audit and Control Association Four Domains: Plan and Organize Acquire and Implement Deliver and Support Monitor and Evaluate 34 Processes
Explain Six Sigma
Developed by Motorola
Improve process quality, reducing defects and waste
Explain ITIL
Information Technology Infrastructure Library
Developed by UK
Framework for providing best services in IT Service Management
Five Service Management Practices
Explain CRAMM
Central Computing and Telecommunications Agency Risk Analysis and Management Method Developed by United Kingdom Sold by Sieman Three stages: Define Objectives Assess Risks Identify Countermeasures
SABSA
Model and methodology for development of information security enterprise architectures.
Explain ISO 17799
IT-Security Techniques-Code of Practice for ISM
Was BS 7799 Part 1 (BS7799 Part 2 was renumbered 27001)
Had 11 areas
Renumbered to 27002
Explain Fault Tree Analysis
Complex Systems
Explain FRAP
Facilitated Risk Analysis Process
Qualitative, narrow scope