Page 168 - DCAP309_INFORMATION_SECURITY_AND_PRIVACY
P. 168
Information Security and Privacy
Notes A framework is a defined sustains structure in which another software project can be
controlled and developed.
The purpose of ISO 27001 is to identify “the needs for establishing, implementing, operating,
monitoring, reviewing, preserving and improving documented ISMS inside the context
of the organization’s on the whole business risks.
The COBIT Framework offers a tool for the business procedure owner that influence the
discharge of business process tasks.
SSE-CMM is defined as a process reference model which is concentrated upon the needs
for executing security in a system or series of connected systems that are the Information.
A methodology is a targeted build that defines particular practices, procedures, and rules
for accomplishment or execution of a particular task or function.
IAM is concentrated on offering a high-level assessment of a specified, operational system
for the reason of identifying possible vulnerabilities.
The purpose of IEM is to provide a technique for technically assessing susceptibility in
systems and to legalize the actual INFOSEC posture of those systems.
The Security Incident Policy Enforcement System (SIPES) draft displays a relatively abstract
method to addressing the difficulty of incident response management.
11.6 Keywords
COBIT: The COBIT Framework offers a tool for the business procedure owner that influence the
discharge of business process tasks.
Framework: A framework is a defined sustains structure in which another software project can
be controlled and developed.
IAM: IAM is concentrated on offering a high-level assessment of “a specified, operational system
for the reason of identifying possible vulnerabilities.
IEM: The purpose of IEM is to provide a technique for technically assessing susceptibility in
systems and to legalize the actual INFOSEC posture of those systems.
ISO 27001: The purpose of ISO 27001 is to identify “the needs for establishing, implementing,
operating, monitoring, reviewing, preserving and improving documented ISMS inside the context
of the organization’s on the whole business risks.
Methodology: A methodology is a targeted build that defines particular practices, procedures,
and rules for accomplishment or execution of a particular task or function.
Model: A model is an theoretical, conceptual build that represents processes, variables, and
associations without offering particular guidance on or practice for execution.
SIPES: The Security Incident Policy Enforcement System (SIPES) draft displays a relatively
abstract method to addressing the difficulty of incident response management.
SSE-CMM: SSE-CMM is defined as a process reference model which is concentrated upon the
needs for executing security in a system or series of connected systems that are the Information.
11.7 Review Questions
1. What is a model? Explain the concept of security models.
2. Illustrate the process of a Comprehensive Model of information system security.
162 LOVELY PROFESSIONAL UNIVERSITY
