Reference no: EM133054950

Residency Project - Security Management Models

InfoSec models are standards that are used for reference or comparison and often serve as the stepping-off point for emulation and adoption. A methodology is simply a formal way of accomplishing a task, and is usually recommended or endorsed by an organization or group of experts in a particular field. One way to select an InfoSec methodology is to adapt or adopt an existing security management model or set of practices. A number of published InfoSec models and frameworks exist, including several options from governments and from standards organizations use.

The communities of interest accountable for the security of an organization's information assets must design a working security plan and then implement a management model to execute and maintain that plan. This effort may begin with the creation or validation of a security framework, followed by the development of an InfoSec blueprint that describes existing controls and identifies other necessary security controls.

For this project, NIST Security Publications:

(a) SP 800-12 (Rev 1)

(b) SP 800-14

(c) SP 800-18 (Rev 1)

(d) SP 800-30 (Rev 1)

(e) SP 800-34 (Rev 1)

(f) SP 800-37 (Rev 1)

(g) SP 800-39

(h) SP 800-53 (Rev 4)

(i) SP 800-53A (Rev 5)

(j) SP 800-55 (Rev 1)

(k) SP 800-61 (Rev 2)

(l) SP 800-100

(m) SP 800-184