Information Security Management and Auditing

  1. Security Frameworks and Standards
    1. ISO/IEC 27000 Series
      1. ISO 27001 Management System Requirements
        1. Context of the Organization
          1. Leadership and Commitment
            1. Planning Requirements
              1. Support and Operation
                1. Performance Evaluation
                  1. Improvement Requirements
                  2. ISO 27002 Security Controls
                    1. Control Categories and Objectives
                      1. Implementation Guidance
                        1. Control Selection Process
                        2. ISO 27005 Risk Management
                          1. Risk Management Process
                            1. Risk Assessment Methods
                              1. Risk Treatment Options
                              2. Other ISO 27000 Standards
                                1. ISO 27003 Implementation Guidance
                                  1. ISO 27004 Measurement and Metrics
                                    1. ISO 27007 Audit Guidelines
                                  2. NIST Cybersecurity Framework
                                    1. Framework Core Functions
                                      1. Identify Function
                                        1. Protect Function
                                          1. Detect Function
                                            1. Respond Function
                                              1. Recover Function
                                              2. Framework Implementation Tiers
                                                1. Tier 1 Partial
                                                  1. Tier 2 Risk Informed
                                                    1. Tier 3 Repeatable
                                                      1. Tier 4 Adaptive
                                                      2. Framework Profiles
                                                        1. Current Profile Development
                                                          1. Target Profile Creation
                                                            1. Gap Analysis
                                                          2. COBIT Framework
                                                            1. Governance and Management Objectives
                                                              1. Process Reference Model
                                                                1. Enabler Framework
                                                                  1. Implementation Guidance
                                                                  2. CIS Controls
                                                                    1. Basic Controls
                                                                      1. Foundational Controls
                                                                        1. Organizational Controls
                                                                          1. Implementation Groups
                                                                          2. Other Security Frameworks
                                                                            1. FAIR Risk Framework
                                                                              1. OCTAVE Risk Assessment
                                                                                1. COSO Internal Control Framework

                                                                              Previous

                                                                              9. Regulatory Compliance and Legal Requirements

                                                                              Go to top

                                                                              Next

                                                                              11. Specialized Security Auditing Areas