Management of Information Security, 2
Chapter 6 : Security Management Models and Practices
What is an information security framework? How does it relate to the information
IS framework is the outline of the more thorough blueprint, which sets out the model to
be followed in the creation of the design, selection, and the initial and ongoing
implementation of all subsequent security controls, including information security
policies, security education and training programs, and technological controls.
What is a security model? How might an information security professional use such a
A security model is a generic blueprint offered by a service organization. A security
professional may choose one (proprietary/free) that is flexible, scalable, robust, and
sufficiently defined, and use this model to create a customized security plans.
Which information security model evolved from the BS 7799 model? What does it
ISO/IEC 17799. It includes guidelines and general principles for initiating, implementing,
maintaining, and improving information security management in an organization
What is an alternative model to the BS 7799 model (and its successors)? What does it
NIST SP 800-12,14,18,26,30. Computer security, GAP and practices for securing
information technology systems, guide for developing security plans, self-assessments,
How many sections does the ISO/IEC 17799 include? What is the first of these sections?
11 sections, 133 possible controls, Security Policy.