Best practices, baselines and frameworks
- Used to improve the controls methodologies and governance for the IT departments or the global behavior of the organization.
- Seeks to improve performance,controls and metrics
- Helps to translate the business needs to technical or operational needs.
Normative and Compliance
- Rules to follow for a specific industry.
- Enforcement for the government,industry or clients.
- Event if the company or the organization do not want to implement those controls,for compliance.
COBIT - Project manager methodologies.
ITIL - Industry best practices
ISOs - Developer recommendations.
COSO - Others
Roles in Information Security
- Chief Information Security Officer (CISO)
- Information Security Architect
- Information Security Consultant / specialist
- Information Security Analyst
- Information Security Auditor
- Security Software Developer
- Penetration Tester
- Vulnerability Assessor