Security standards and compliance

Best practices, baselines and frameworks

• Used to improve the controls methodologies and governance for the IT departments or the global behavior of the organization.
• Seeks to improve performance,controls and metrics
• Helps to translate the business needs to technical or operational needs.

Normative and Compliance

• Rules to follow for a specific industry.
• Enforcement for the government,industry or clients.
• Event if the company or the organization do not want to implement those controls,for compliance.

COBIT - Project manager methodologies.

ITIL - Industry best practices

ISOs - Developer recommendations.

COSO - Others

 

Roles in Information Security

1. Chief Information Security Officer (CISO)
2. Information Security Architect 
3. Information Security Consultant / specialist
4. Information Security Analyst
5. Information Security Auditor
6. Security Software Developer
7. Penetration Tester
8. Vulnerability Assessor