Skip to content
Information Security & Security Governance

Information Security & Security Governance

Information security is managed systematically around the CIA triad: Confidentiality, Integrity, and Availability.

This section covers 12 topics.

Overview
Introduction to this section and its core frameworks.
ISO/IEC 27001
An international standard specifying requirements for the Information Security Management System (ISMS) that an organization establishes and operates to protect the…
ISMS-P
A Korean certification scheme that integrates the Information Security Management System (ISMS) and the Personal Information Management System (PIMS), certifying…
NIST CSF
A framework established by the U.S. National Institute of Standards and Technology (NIST) that gives organizations a common language and structure for understanding,…
Zero Trust
A security model built on the principle of ‘Never Trust, Always Verify,’ which applies least privilege and continuous authentication to every access request,…
IAM (Identity & Access Management)
A security framework that manages an organization’s digital identities and controls access by users, systems, and applications to resources under the 3A principles —…
STRIDE
A threat modeling technique developed by Microsoft that classifies possible security threats to a software system into six categories — Spoofing, Tampering,…
Cyber Kill Chain
A framework in which Lockheed Martin applied the military kill-chain concept to cybersecurity. It defines the 7-stage attack procedure an APT (Advanced Persistent…
MITRE ATT&CK
A public knowledge base built by the MITRE Corporation that systematically classifies attacker Tactics, Techniques, and Procedures (TTPs) based on real cyberattack…
OWASP Top 10
A list of the top 10 web application security risks, published every 3-4 years by OWASP (the Open Web Application Security Project) based on analysis of vulnerability…
OWASP SAMM
A software security assurance framework developed by OWASP that organizes security activities across an organization’s entire software development process into 5…
BSIMM
A data-driven maturity model built by Synopsys (formerly Cigital) by observing and measuring the actual software security activities of hundreds of organizations…