Page 158 - DCAP309_INFORMATION_SECURITY_AND

Page 158 - DCAP309_INFORMATION_SECURITY_AND_PRIVACY

P. 158

Information Security and Privacy Mithilesh Kumar Dubey, Lovely Professional University

Notes Unit 11: Security Models & Frameworks and
Methodologies for Information System Security

CONTENTS

Objectives
Introduction
11.1 Introduction to Security Models
11.2 Terminology
11.3 Frameworks
11.3.1 Introduction to ISO 27001

11.3.2 COBIT
11.3.3 SSE-CMM
11.4 Methodologies for Information System Security
11.4.1 INFOSEC Assessment Methodology (IAM)
11.4.2 INFOSEC Evaluation Methodology (IEM)
11.4.3 Security Incident Policy Enforcement System (SIPES)
11.5 Summary
11.6 Keywords
11.7 Review Questions

11.8 Further Readings

Objectives

After studying this unit, you will be able to:
 Understand the concept of security models and frameworks

 Discuss the models ISO 27001, COBIT, and SSE-CMM
 Understand methodologies of information system security such as IAM, IEM and SIPES

Introduction

A model is an theoretical, conceptual build that represents processes, variables, and associations
without offering particular guidance on or practice for execution. A framework is a defined
sustains structure in which another software project can be controlled and developed. In this
unit you will understand the concept of security models and frameworks. A methodology is a
body of practices, procedures, and regulations accessed by those who work in a discipline or
connect in an inquiry. You will understand various methodologies for information system
security such as IAM, IEM, and SIPES.

11.1 Introduction to Security Models

Information Security Models overpass the gap among security policy declarations (which clarify
which clients should have access to data) and the operating system execution (which permits an

152 LOVELY PROFESSIONAL UNIVERSITY

153 154 155 156 157 158 159 160 161 162 163