Skip to content

SFIA 4.0 development project

Sections
Personal tools
You are here: Home » Strategy & planning » Business/IS strategy and planning » Information security risk management

Information security risk management

SFIA 3: Definition

The management of, and provision of expert advice on, the selection, design, justification, implementation and operation of information security controls and management strategies to maintain the confidentiality, integrity, availability, accountability and relevant compliance of information systems
Information security risk management Information security risk management: Level 6
 
Information security risk management Information security risk management: Level 5
 
Information security risk management Information security risk management: Level 4
 
Information security risk management Information security risk management: Level 3
 

More Detail Should Be Helpful

Posted by mokuenamc at 2008-05-26 06:18 PM
Without being prescriptive, I would suggest that SFIA asks for and gives examples, e.g. in dealing with (a) information security, reference could be made to parts of or the whole of the ISO/IEC 27002 2005 Information Security Standard; (b) development, reference could be made to PRINCE2 or similar methodology.

An inventory of methods, standards or best practice used in different regions of the world could be listed.

Buried...

Posted by AndreasSFIA at 2008-06-17 10:03 PM
I'm not sure this should be buried as low down as this under Business/IS strategy and planning and Risk Management is a set of activity that crosses over it.
 
 
Powered by Plone

This site conforms to the following standards: