Why you need an enterprise security framework
On the one hand, realize the "communication" between business and technology, so that related business and security technology correspond
On the other hand, realize modular management, so that the personnel responsible for a certain module can talk about relevant topics, and at the same time, the emergency response can also be checked in time.
Enterprise Architecture Development Model
Enterprise Security Control Model
The CobiT model, the International Institute of Auditors (ISACA) and the governance association ITGI jointly developed the target set.
Enterprise architecture is organized, and system architecture is computerized
Plan and organize, acquire and realize, deliver and support, monitor and evaluate
corporate governance model
COSO model, a committee initiated by anti-fraud financial related.
Control environment, risk assessment, control activities, information and communication, monitoring
COSO is an enterprise governance model and CobiT is an IT governance model.
Process Management Model
The ITIL model, the best practice implementation standard for IT service management.
CMMI model, capability maturity model integration.
Disorganized, repeatable, documented, monitorable, automated
Reference: Lin very related video