Dated: 05-11-2024
Ch01. what Are the Leading Information Security Standards and Frameworks?
- A standard or framework is a blueprint or roadmap for achieving Information Security objectives
- Examples are
- ISO27001:2013 (ISMS)
- PCI DSS
- COBIT
Iso27001:2013 (ISMS)
- Specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system
- Ten short clauses
- Long annex
Mandatory Clauses
| References | Description |
|---|---|
| Clause 4 | Context of the organization |
| Clause 5 | Leadership |
| Clause 6 | Planning |
| Clause 7 | Support |
| Clause 8 | Operation |
| Clause 9 | Performance evaluation |
| Clause 10 | Improvement |
Discretionary Controls
| Reference | Description | Control Total |
|---|---|---|
| A5 | Information security policies | 2 |
| A6 | Organization of information security | 7 |
| A7 | Human resource security | 6 |
| A8 | Asset management | 10 |
| A9 | Access control | 13 |
| A10 | Cryptography | 2 |
| A11 | Physical and environmental security | 15 |
| A12 | Operations security | 14 |
| A13 | Communications security | 7 |
| A14 | System acquisition, development and maintenance | 13 |
| A15 | Supplier relationships | 5 |
| A16 | Information security incident management | 7 |
| A17 | Information security aspects of business continuity management | 4 |
| A18 | Compliance | 8 |
Pci Data Security Center (DSS)
- Designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment
- Managed by Security Standards Council
- SSC is an independent body that was created by the major payment card brands (VISA, MasterCard, American Express, Discover and JCB)
- 6 Broad Goals and 12 requirements.
Cobit
- ISACA framework for IT Governance
- COBIT 5 helps enterprises to create optimal value from IT by maintaining a balance between realizing benefits and optimizing risk levels and resource use (ISACA)
- COBIT 5 brings together five principles that allow the enterprise to build an effective governance and management framework (ISACA)
- Based on a holistic set of seven enablers that optimizes IT investment and use for the benefit of stakeholders (ISACA)
Post assessments
In the context of security frameworks, PCI DSS stands for
- Payment Card Industry Discrete Security Standard
- Private Card Industry Dual Security Standard
- Payment Card Industry Data Security Standard
- Payment Card Industry Digital Security Standard
which of the following specifies the requirements for establishing, implementing, maintaining and continually Improv-mg an information security management system.
- IS027001:2015
- IS027003:2013
- IS027001:2011
- IS027001:2013
In the context of security frameworks: SSC stands for
- Security Standard Company
- Security Standard Category
- Security Standard Council
- Software Standard Category