Home
Web Links
09 September 2010
Security Process Professional
..........
Resources for IT Audit & Security Improvement
Home
Sections
Web Links
Resources
News and Events
Who Am I
Comment
Strategy and Models
See also:
Section:
Strategy & Models
Web Link
Hits
Framework Solution for Life Cycle Security
Derived from upcoming revisions to the first IEEE standard to embed specific security guidance in the SDLC, this framework integrates best practices from ISO/IEC 17799 and ISO/IEC 15408 Common Criteria into IEEE P1074.
1243
Microsoft's SDL model
Published 3/20/2005, Microsoft's Trustworthy Computing Security Development Life Cycle embodies sound security principles into the engineering life cycle. It's most useful to vendors who can afford high budget committment to education and enforcement
363
COSO Framework
Comittittee of Sponsoring Organizations (COSO) National Commission on Fraudulent Financial Reporting. From October 1985 to September 1987, the Commission identifie causal factors that can lead to fraudulent financial reporting and steps to reduce its
232
SSE-CMM
Systems Security Engineering--Capability Maturity Model derived from ISO/IEC 21827
241
OPF
Donald Firesmith's ambitious Open Process Framework tecnology process site. Use the search facility for "security" to bring up all relevant guidance.
247
ISACA's CobiT Security Guidance
Information Systems Audit and Control Association (ISACA), author of Control Objectives for IT (CobiT) issued additions to the framework covering baseline security and specific guidelines for Sarbanes-Oxley compliance.
329
ITIL Framework
IT Infrastructure Library Framework has been updated to include security guidance and equivalency mapping with ISO/IEC 17799.
225
SEI's OCTAVE
OCTAVE® (Operationally Critical Threat, Asset, and Vulnerability EvaluationSM) is a risk-based strategic assessment and planning technique for security.
222
Six Sigma
Disciplined, data driven benchmarking and measurement method to reduce the number of defects in a product.
411
Anti-Patterns Profiles & Remediation
Wiki of Project and Mangement Anti-Patterns. These little gems help identify systemic problems in initiatives that go awry. Technical initiatives that go awry have little chance of producing secure products or supporting secure infrastructures.
220
Strategy and Models
(10)
Regulations and Compliance
(10)
Standards and Best Practices
(12)
Roles and Responsibilities
(9)
Resources and References
(16)
Tools and Techniques
(15)
Blogs
(4)
Other
(8)
[ Back ]
Web Links 
