Scribd
Upload
117 views6 pages

Models

This document discusses several security models: ISO 27001, COBIT, the Information Security Management Maturity Model, the Systems Security Engineering Capability Maturity Model, and the Information Technology Infrastructure Library. ISO 27001 provides requirements for an information security management system to help organizations keep information assets secure. COBIT is a framework for IT management and governance that bridges control requirements and business risks. The Information Security Management Maturity Model aims to prevent and mitigate security incidents and optimize resource use. The Systems Security Engineering Capability Maturity Model seeks to advance security engineering as a defined and measurable discipline.

Uploaded by

Shankar Bhumireddy
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
117 views6 pages

Models

This document discusses several security models: ISO 27001, COBIT, the Information Security Management Maturity Model, the Systems Security Engineering Capability Maturity Model, and the Information Technology Infrastructure Library. ISO 27001 provides requirements for an information security management system to help organizations keep information assets secure. COBIT is a framework for IT management and governance that bridges control requirements and business risks. The Information Security Management Maturity Model aims to prevent and mitigate security incidents and optimize resource use. The Systems Security Engineering Capability Maturity Model seeks to advance security engineering as a defined and measurable discipline.

Uploaded by

Shankar Bhumireddy
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 6

Security models

Types of models

• ISO 27001
• COBIT- control objective for information and related technology
• Information security management maturity model
• Systems Security Engineering Capability Maturity Model (SSE-CMM)
• Infosec Assurance Capability Maturity Model (IA-CMM)
• ITIL and the BS 15000 (Information Technology Infrastructure Library
and Information Technology service management standard)
• McCumber Cube
ISO 27001

• The ISO 27000 family of standards helps organizations keep


information assets secure.
• Using this family of standards will help your organization manage the
security of assets such as financial information, intellectual property,
employee details or information entrusted to you by third parties.
• ISO/IEC 27001 is the best-known standard in the family providing
requirements for an information security management system (ISMS).
COBIT
• Control Objectives for Information and Related Technology (COBIT) is a
framework created by ISACA for information technology (IT)
management and IT governance. It is a supporting toolset that allows
managers to bridge the gap between control requirements, technical
issues and business risks.
• ISACA first released COBIT in 1996; ISACA published the current version,
COBIT 5, in 2012.
• COBIT aims "to research, develop, publish and promote an authoritative,
up-to-date, international set of generally accepted information technology
control objectives for day-to-day use by business managers, IT
professionals and assurance professionals".
• The framework supports governance of IT by defining and aligning
business goals with IT goals and IT processes
Information security management maturity model

• The generic goals of an ISM system are to:


• • Prevent and mitigate incidents that could jeopardize the organization’s
property and the output of products and services that rely on information
systems;
• • Optimise the use of information, money, people, time and infrastructure.

• The Outputs of an ISM system are:


• • Incident prevention;
• • Incident mitigation;
• • Risk reduction;
• • Trust.
Systems Security Engineering Capability
Maturity Model
• Objective
advance security engineering as a defined, mature, and measurable
discipline Project Goal
• • Develop a mechanism to enable:
– selection of appropriately qualified security engineering providers
– focused investments in security engineering practices
– capability-based assurance
• Why the CMM approach?
• accepted way of improving process capability
• increasing use in acquisition as indicator of process capability

You might also like