Compliance: Difference between revisions

From HORSE - Holistic Operational Readiness Security Evaluation.
Jump to navigation Jump to search
 
(10 intermediate revisions by the same user not shown)
Line 42: Line 42:
[[Information and Communications:|'''Information and Communications''']]<br>
[[Information and Communications:|'''Information and Communications''']]<br>
[[Monitoring:|'''Monitoring''']]<br>
[[Monitoring:|'''Monitoring''']]<br>
 
<br>
==NIST: National Institute of Standards and Technology Publications==
==NIST: National Institute of Standards and Technology Publications==
[[Media:NISTSP800-30.pdf | SP 800-30''']]<br>
[[Media:NISTSP800-37.pdf | SP 800-37''']]<br>
[[Media:NISTSP800-37.pdf | SP 800-37''']]<br>
[[Media:NISTSP800-53.pdf | SP 800-53''']]<br>
[[Media:NISTSP800-53.pdf | SP 800-53''']]<br>
Line 51: Line 52:


===FIPS: Federal Information Processing Standards===
===FIPS: Federal Information Processing Standards===
[[Media:FIPS199.pdf | FIPS 199]]<br>
[[Media:FIPS200.pdf | FIPS 200]]<br>
<br>


==FISMA: Federal Information Security Management Act: [[FISMA]]==
==FISMA: Federal Information Security Management Act: [[FISMA]]==
<br>
==DOI: [[Department of Insurance:|Department of Insurance]]==
<br>


==DOI: [[Department of Insurance:|Department of Insurance]]==
==HIPAA: [[HIPAA | Health Insurance Portability and Accountability Act]]==
<br>


==PCI: [[PCI:|Payment Card Industry - AKA - VISA CISP]]==
==PCI: [[PCI:|Payment Card Industry - AKA - VISA CISP]]==
 
<br>
==FFIEC [[FFIEC:| Federal Financial Institutions Examination Council]]==
==FFIEC [[FFIEC:| Federal Financial Institutions Examination Council]]==
 
<br>
==BSA: [[Bank Secrecy Act:| Bank Secrecy Act and Anti-Money Laundering]]==
==BSA: [[Bank Secrecy Act:| Bank Secrecy Act and Anti-Money Laundering]]==
<br>
<br>

Latest revision as of 21:27, 18 January 2015

COBIT 4.0 Domains:

Planning and Organization
Acquisition and Implementation
Delivery and Support
Monitor and Evaluate

ISO 27002 Domains:

Risk Assessment and Treatment
Security Policy
Organizing Information Security
Asset Management
Human Resources Security
Physical and Environmental Security
Communications and Operations Management
Access Control
Information Systems Acquisition, Development and Maintenance
Information Security Incident Management
Business Continuity Management
Compliance

ITIL IT Infrastructure Library:

Service Level Management
Financial Management
Capacity Management
Availability Management
Continuity Management
Security Management
Service Desk Management
Incident Management
Problem Management
Configuration Mangement
Change Management
Release Management

COSO Enterprise Risk Management Framework Domains:

Internal Environment
Objective Setting
Event Identification
Risk Assessment
Risk Response
Control Activities
Information and Communications
Monitoring

NIST: National Institute of Standards and Technology Publications

SP 800-30
SP 800-37
SP 800-53
SP 800-53A
SP 800-59
SP 800-60

FIPS: Federal Information Processing Standards

FIPS 199
FIPS 200

FISMA: Federal Information Security Management Act: FISMA


DOI: Department of Insurance


HIPAA: Health Insurance Portability and Accountability Act


PCI: Payment Card Industry - AKA - VISA CISP


FFIEC Federal Financial Institutions Examination Council


BSA: Bank Secrecy Act and Anti-Money Laundering




COBIT and COSO Framework Process Overview