 |  | |
 | ||
| | |
| ||
|
URL :
 |  |  |
 | March 2002Other Security StandardsStandards and best practices are commonplace on the infosecurity landscape. In addition to ISO 17799, the following provide public- and private-sector organizations with guidance for security and risk management. Commonly Accepted Security Practices and Regulations (CASPR): Developed by the CASPR Project (www.caspr.org), this effort aims to provide a set of best practices that can be universally applied to any organization "regardless of industry, size or mission." CASPR differs from ISO 17799 in that it does delve into specific technologies, recommending fundamental principles and practices for creating a stable and secure IT environment. Control Objectives for Information and (Related) Technology (COBIT): Developed by IT auditors and made available through the Information Systems Audit and Control Association (www.isaca.org/cobit.htm), COBIT provides a framework for assessing a security program, developing a performance baseline and measuring performance over time. ISO 13335: This guideline defines a variety of security controls and outlines the framework for risk management. However, like ISO 17799, it doesn't specify the means for implementing security measures. ISO 15408/Common Criteria: This standard provides the framework for testing the effectiveness of most security systems and individual security solutions. However, it isn't intended to measure the effectiveness of an organization's overall security program. Operationally Critical Threat, Asset and Vulnerability Evaluation (OCTAVE): Made available by Carnegie Mellon's CERT Coordination Center (www.cert.org/octave), OCTAVE provides measures based on accepted best practices for evaluating security programs. Copyright 2002 TechTarget | |
 |  |  |
