Page 169 - DCAP309_INFORMATION_SECURITY_AND_PRIVACY
P. 169
Unit 11: Security Models & Frameworks and Methodologies for Information System Security
3. Depict the advantages and disadvantages of security models. Notes
4. What is a framework? Illustrate the concept of security framework.
5. Elucidate the benefits and considerations of a security framework.
6. Discuss the purpose of ISO 27001 and illustrate the use of it.
7. Illustrate the perception of COBIT framework and explain the four stages included in
COBIT.
8. Enlighten how SSE-CMM is used as a common framework for executing security
engineering within an organization.
9. Make distinction between INFOSEC Assessment Methodology (IAM) and INFOSEC
Evaluation Methodology (IEM)
10. The Security Incident Policy Enforcement System (SIPES) draft displays a relatively abstract
method to addressing the difficulty of incident response management. Comment.
Answers: Self Assessment
1. models 2. abstract
3. high-level 4. beta
5. INFOSEC 6. framework
7. framework 8. COBIT
9. SSE-CMM 10. security
11. methodology 12. IAM
13. IEM
14. Security Incident Policy Enforcement System (SIPES)
15. pre-Assessment
11.8 Further Readings
Books An Introduction to Computer Security: The NIST Handbook
Managing Enterprise Information Integrity: Security, Control and Audit Issues, By IT
Governance Institute
Principles of Information Security by Michael E. Whitman and Herbert Mattord;
Risk Management Guide for Information Technology Systems
Risks of Customer Relationship Management: A Security, Control, and Audit Approach
by PricewaterHouseCoopers Llp
Security, Audit & Control Features PeopleSoft: A Technical and Risk Management
Reference Guide; 2nd Edition, by Deloitte Touche Tohmatsu Research Team; ISACA
Online link citeseerx.ist.psu.edu
LOVELY PROFESSIONAL UNIVERSITY 163
