Information Security & Security Governance
Information Security & Security Governance
Information security is managed systematically around the CIA triad: Confidentiality, Integrity, and Availability.
This section covers 12 topics.
Introduction to this section and its core frameworks.
An international standard specifying requirements for the Information Security Management System (ISMS) that an organization establishes and operates to protect the…
A Korean certification scheme that integrates the Information Security Management System (ISMS) and the Personal Information Management System (PIMS), certifying…
A framework established by the U.S. National Institute of Standards and Technology (NIST) that gives organizations a common language and structure for understanding,…
A security model built on the principle of ‘Never Trust, Always Verify,’ which applies least privilege and continuous authentication to every access request,…
A security framework that manages an organization’s digital identities and controls access by users, systems, and applications to resources under the 3A principles —…
A threat modeling technique developed by Microsoft that classifies possible security threats to a software system into six categories — Spoofing, Tampering,…
A framework in which Lockheed Martin applied the military kill-chain concept to cybersecurity. It defines the 7-stage attack procedure an APT (Advanced Persistent…
A public knowledge base built by the MITRE Corporation that systematically classifies attacker Tactics, Techniques, and Procedures (TTPs) based on real cyberattack…
A list of the top 10 web application security risks, published every 3-4 years by OWASP (the Open Web Application Security Project) based on analysis of vulnerability…
A software security assurance framework developed by OWASP that organizes security activities across an organization’s entire software development process into 5…
A data-driven maturity model built by Synopsys (formerly Cigital) by observing and measuring the actual software security activities of hundreds of organizations…