Information Security Management and Auditing

10.

Security Frameworks and Standards

10.1.

ISO/IEC 27000 Series

10.1.1.

ISO 27001 Management System Requirements

10.1.1.1.

Context of the Organization

10.1.1.2.

Leadership and Commitment

10.1.1.3.

Planning Requirements

10.1.1.4.

Support and Operation

10.1.1.5.

Performance Evaluation

10.1.1.6.

Improvement Requirements

10.1.2.

ISO 27002 Security Controls

10.1.2.1.

Control Categories and Objectives

10.1.2.2.

Implementation Guidance

10.1.2.3.

Control Selection Process

10.1.3.

ISO 27005 Risk Management

10.1.3.1.

Risk Management Process

10.1.3.2.

Risk Assessment Methods

10.1.3.3.

Risk Treatment Options

10.1.4.

Other ISO 27000 Standards

10.1.4.1.

ISO 27003 Implementation Guidance

10.1.4.2.

ISO 27004 Measurement and Metrics

10.1.4.3.

ISO 27007 Audit Guidelines

10.2.

NIST Cybersecurity Framework

10.2.1.

Framework Core Functions

10.2.1.1.

Identify Function

10.2.1.2.

Protect Function

10.2.1.3.

Detect Function

10.2.1.4.

Respond Function

10.2.1.5.

Recover Function

10.2.2.

Framework Implementation Tiers

10.2.2.1.

10.2.2.2.

Tier 2 Risk Informed

10.2.2.3.

Tier 3 Repeatable

10.2.2.4.

Tier 4 Adaptive

10.2.3.

Framework Profiles

10.2.3.1.

Current Profile Development

10.2.3.2.

Target Profile Creation

10.2.3.3.

10.3.

COBIT Framework

10.3.1.

Governance and Management Objectives

10.3.2.

Process Reference Model

10.3.3.

Enabler Framework

10.3.4.

Implementation Guidance

10.4.

10.4.1.

10.4.2.

Foundational Controls

10.4.3.

Organizational Controls

10.4.4.

Implementation Groups

10.5.

Other Security Frameworks

10.5.1.

FAIR Risk Framework

10.5.2.

OCTAVE Risk Assessment

10.5.3.

COSO Internal Control Framework

Previous

9. Regulatory Compliance and Legal Requirements

Go to top

Next

11. Specialized Security Auditing Areas