Home
Web Links
20 November 2008
Security Process Professional
..........
Resources for IT Audit & Security Improvement
Home
Sections
Web Links
Resources
News and Events
Who Am I
Comment
Strategy and Models
See also:
Section:
Strategy & Models
Web Link
Hits
Framework Solution for Life Cycle Security
Derived from upcoming revisions to the first IEEE standard to embed specific security guidance in the SDLC, this framework integrates best practices from ISO/IEC 17799 and ISO/IEC 15408 Common Criteria into IEEE P1074.
1176
Microsoft's SDL model
Published 3/20/2005, Microsoft's Trustworthy Computing Security Development Life Cycle embodies sound security principles into the engineering life cycle. It's most useful to vendors who can afford high budget committment to education and enforcement
242
COSO Framework
Comittittee of Sponsoring Organizations (COSO) National Commission on Fraudulent Financial Reporting. From October 1985 to September 1987, the Commission identifie causal factors that can lead to fraudulent financial reporting and steps to reduce its
167
SSE-CMM
Systems Security Engineering--Capability Maturity Model derived from ISO/IEC 21827
160
OPF
Donald Firesmith's ambitious Open Process Framework tecnology process site. Use the search facility for "security" to bring up all relevant guidance.
138
ISACA's CobiT Security Guidance
Information Systems Audit and Control Association (ISACA), author of Control Objectives for IT (CobiT) issued additions to the framework covering baseline security and specific guidelines for Sarbanes-Oxley compliance.
229
ITIL Framework
IT Infrastructure Library Framework has been updated to include security guidance and equivalency mapping with ISO/IEC 17799.
155
SEI's OCTAVE
OCTAVE® (Operationally Critical Threat, Asset, and Vulnerability EvaluationSM) is a risk-based strategic assessment and planning technique for security.
154
Six Sigma
Disciplined, data driven benchmarking and measurement method to reduce the number of defects in a product.
311
Anti-Patterns Profiles & Remediation
Wiki of Project and Mangement Anti-Patterns. These little gems help identify systemic problems in initiatives that go awry. Technical initiatives that go awry have little chance of producing secure products or supporting secure infrastructures.
143
Strategy and Models
(10)
Regulations and Compliance
(10)
Standards and Best Practices
(12)
Roles and Responsibilities
(9)
Resources and References
(16)
Tools and Techniques
(15)
Blogs
(4)
Other
(8)
[ Back ]
Web Links 
