A security framework can essentially provide an outline of the steps needed to be taken in order to effectively implement security with an organization. Governance is a set of responsibilities and practices exercised by the board and executive management with the goal of providing strategic direction.It is the executive management's responsibility to provide strategic direction, ensure the accomplishment of objectives, oversee threat risks are appropriately managed.
2. Where can a security administrator find information on established security frameworks?
A security administrator can go find information on an established security framework by looking at the security blueprint that is either adopted or adapted to by organizations.
3. What is the ISO 27000 series of standards? Which individual standards make up the series?
The ISO 27000 series is the most widely referenced security models in the information technology-code of practice for information security management. ISO 27001: for creating information security management systems (ISMS).
4. What are the inherent problems with ISO 17799, and why hasn't the United States adopted it? What are the recommended alternatives?
The global information security community has not defined any justification for a code of practice as was identified in the ISO 17799. ISO 17799 lacked the necessary measurement precision of a technical standard. There is no reason to believe that ISO 17799 was more useful than any other approach. The ISO 17799 was not as complete as other framework.
5. What documents are available from the NIST Computer Resource Center, and how can they support the development of a security framework?
Other approaches are described in the many documents available from the Computer Security Resource Center of the