Professional Documents
Culture Documents
Objectives:
External Resources:
A Security Framework
Examples
Financial Reporting:
Basel II
Sarbanes-Oxley
COSO
Information Security:
BS7799 / ISO 27000 ISMS fundamentals and vocabulary, umbrella 27003 ISMS
implementation guide, 27004 ISM metrics, 27005 infosec risk management, 27006
certification agencies, 27007 audit, 27009 IS governance, 27010 critical
infrastructure
BS 7799 Part 1 ISO 17799, ISO 27002 code of practice - 133 controls, 500+ detailed
controls
COBIT 5 / COBIT 2019: A business framework for the governance and management of
enterprise IT
BSIMM:
https://www.bsimm.com/framework.html
ITIL
NOTE... (LOOK FOR THE DEEP DIVE ON SABSA, TOGAF & ZACHMAN BELOW)
Zachman
Calder-Moir
TOGAF
DoDAF
MODAF
SABSA
COSO
Supply Chain Risk Management Practices for Federal Information Systems and
Organizations SP800-161
https://www.iso.org/standard/50341.html
https://www.iso.org/isoiec-27001-information-security.html
SABSA -
=======================================================
| Business View | Contextual Architecture |
|======================|================================|
| Architect's View | Conceptual Architecture |
|======================|================================|
| Designer's View | Logical Architecture |
|======================|================================|
| Constructor's View | Physical Architecture |
|======================|================================|
| Technician's View | Component Architecture |
|======================|================================|
| Manager's View | Management Architecture |
|======================|================================|
Strategy & Planning --> Design --> Implement --> Manage & Measure
=====================================
=========================================
The Zachman Framework -