Originates from BS7799 ISO/EIC 27000 Series International standard on how to develop and maintain an ISMS developed by ISO

and IEC Model for the development of enterprise architectures

Zachman framework TOGAF

Model and methodology for the development of enterprise architectures US Department of Defense architecture framework that ensures interoperability of systems to meet military mission goals Architecture framework used mainly in military support missions developed by British Ministry of Defense Model and Methodology for the development of IS enterprise architectures Set of control objectives for IT Management developed by ISACA Set of Controls to protect US Federal systems developed by NIST Set of internal corporate controls to help reduce the risk of financial fraud Processes to allow for IT service management Business Management strategy that can be used to carry out process improvement Organizational development for process improvement

DoDAF

MODAF

Security Frameworks
Security Concepts Relationships

SABSA

CobiT

SP 800-53

COSO ITIL Six Sigma

Confidentiality

Fundamental Principles of Security Security Definitions

Integrity Availability Balanced Security

Capability Maturity Model Integration

All three categories controls should provide concept Defense-In-Depth Categories Administrative Control - "Soft" control, management oriented Technical Control - "Logical" control, software and hardware components Physical Control - items put in place to protect facility, personnel and resources

Deterrent - intended to discourage attacker Preventive - intended to avoid incident from occurring -1 nattacker Correctivementeedec - fixe ceSof c