The SSE-CMM is represented as a process reference model. It is concentrated upon the requirement for executing security in a system or sequence of connected systems that are the Information. The SSE-CMM is a general framework for executing security engineering inside an organization; if possible in conjunction with some manufacturing CMMs.SSE-CMM defines the goals and the activities contained in such processes, is achieved from implementing these activities and the maturity of the procedure. SSECMM does not support a guideline for a specific methodology or process to be used; its utility lies in the integration of the current processes in the ... Read More

COBIT represents Control Objectives for Information and Related Technologies. COBIT is an IT management framework developed by the ISACA to provide businesses develop, organize and execute strategies around information management and governance.The COBIT Framework provides a tool for the business process owner that affect the discharge of business process tasks. COBIT is an IT-centric framework designed to provide users, businesses, and auditors with a standard approach for designing, implementing, and testing IT controls. This framework has been created and adopted by the Big N audit houses as a solution to some IT audit, compliance, and control problems.The framework provide maturity ... Read More

ISO 27001 is the international standard that supports a framework for Information Security Management Systems (ISMS) to support continued confidentiality, integrity and availability of information and legal compliance.ISO 27001 certification is essential for protecting the most vital assets like employee and client data, brand image and other private data. The ISO standard contains a process-based approach to initiating, implementing, operating and keeping the ISMS.ISO/IEC 27001 provides requirements for organizations seeking to create, implement, maintain and continually enhance an information security management system. This framework serves as a rule towards continually reviewing the safety of the information, which will reliability and ... Read More

A methodology is a targeted build that represents specific practices, processes, and rules for accomplishment or execution of a specific task or function. There are several methodologies for information system security which are as follows −INFOSEC Assessment Methodology (IAM) − Its objective is to provide a method that can be used as a consistent control for the investigation of the INFOSEC position of automated information systems. IAM is concentrated on providing a high-level assessment of a specified, operational system for the reason of recognizing possible vulnerabilities.IAM is subdivided into three phases such as Pre-Assessment, On-Site Activities, and Post-Assessment. The Pre-Assessment ... Read More

In software development, a framework is a defined preserved mechanism in which another software project can be managed and developed. This definition seems to be promising as it hints that a framework provides more analyse and construction than a model.While a model is abstract and intangible, a framework is linked to comprehensible work. Furthermore, frameworks set suppositions and practices that are designed to directly implementation. In distinction, models provide the general direction for attaining a goal or result, but without acquiring into the refuse of practice and measures.A framework is a basic construct that describe suppositions, concepts, values, and practices, ... Read More

Information security is a set of practices designed to maintain personal data secure from unauthorized access and alteration during saving or sending from one place to another.Information security is designed and implemented to secure the print, electronic and other private, sensitive and personal information from unauthorized persons. It can be used to secure data from being misused, disclosure, destruction, modification, and disruption.An information system is a set of people, process and resources that interact to satisfy the data processing needs of an organization. During the processing, the data is collected, saved, changed and distributed in an organization. Such a system ... Read More

A security model is a computer model which can be used to identify and impose security policies. It does not need some prior formation it can be founded on the access right model or analysing computing model or computation model.A security model is a structure in which a security policy is developed. The development of this security policy is geared to a specific setting or instance of a policy. A security policy is based upon authentication, but built inside the confines of a security model. For example, designing a security model based upon authentication and authorization, one consider the 4-factor ... Read More

There are some elements of database security policy which are as follows −Acceptable Use − Anyone who has logged in to a corporate web over the last 10-15 years has likely been accepted with an acceptable use policy pop-up. The acceptable use policy represent proper and improper behavior when users access company web resources, such as restrictions on the use of company resources for non-businessassociated activities. It can also detail some monitoring the company does to provide the acceptable use policy.Scanning for Vulnerabilities − It is essential to find some vulnerabilities in a company's IT infrastructure before hackers do. Because ... Read More

Database security defines the collective measures used to protect and secure a database or database management software from unauthorized use and malicious cyber threats and attacks. Database security is a layer of information security. It is generally concerned with physical protection of data, encryption of data in storage and data remanence problem.Data security is generally defined as the confidentiality, availability and integrity of data. In another terms, it is all of the practices and processes that are in place to provide data is not being used or accessed by permitted individuals or parties. Data security provides that the data is ... Read More

Enterprise security is a multi-faceted concern that involves both the internal or proprietary business secrets of a company and the employee and user data associated to privacy laws. Enterprise security is targeted on data center, networking, and network server operations in practice, but technically start with human resources.Social engineering is the base cause of as many as two-thirds of some successful hacking attacks according to some security researchers. In social engineering attacks, weaknesses in human description, employee integrity, or personal gullibility are exploited by attackers to gain access to a web or data resources.Automated hacking attacks are script-driven and target ... Read More