CALL US 647-847-4660

Uzado's Blog

Everything you need to know about cybersecurity tools, news, and standards

The Ultimate Guide to Security Frameworks and Governance Models


There are various frameworks that IT departments can institute to mitigate incidents and reduce any downtime caused from those incidents, including: ITSM, COBIT, Six Sigma, Microsoft Operations Framework, TOGAF and ITIL. Incidents are defined as: any event which disrupts, or could disrupt, a service. An event is defined as: any action or occurrence (good or bad) that transpires on software or hardware at any given point.

What is ITSM:

This acronym stands for “Information Technology Service Management.” At the heart of the IT service management paradigm is a focus on accountability and integration. This means standardizing processes and procedures across an organization, and integrating networks and service delivery. The result is a strategic approach to designing, delivering, managing, and improving the way IT is used within an organization. ITSM brings a business perspective to IT departments, working to ensure the right people, processes, and technologies are in place to help the business meet its goals.

What is COBIT (Control Objectives for Information and Related Technologies):

The business orientation of COBIT consists of linking business goals to IT goals, providing metrics and maturity models to measure their achievement, and identifying the associated responsibilities of business and IT process owners.

The process focus of COBIT is illustrated by a process model that subdivides IT into four domains (Plan and Organize; Acquire and Implement; Deliver and Support; and Monitor and Evaluate) and 34 processes in line with the responsibility areas of plan, build, run, and monitor. It is positioned at a high level and has been aligned and harmonized with other, more detailed IT standards and good practices such as COSO, ITIL, BiSL, CMMI, TOGAF and PMBOK. COBIT acts as an integrator of these different guidance materials, summarizing key objectives under one umbrella framework that link the good practice models with governance and business requirements.

It helps enterprises of all sizes:

  • Maintain high-quality information to support business decisions
  • Achieve strategic goals through the effective and innovative use of IT
  • Achieve operational excellence through reliable, efficient application of technology
  • Maintain IT-related risk at an acceptable level
  • Optimize the cost of IT services and technology
  • Support compliance with relevant laws, regulations, contractual agreements and policies

What is Six Sigma:

Six Sigma is a statistical reference that implies that there will be no defects as far as six standard deviations from the mean (or 99.99966% of products will be defect-free). It seeks to improve the quality of the output of a process by identifying and removing the causes of defects and minimizing variability in manufacturing and business processes. Each Six Sigma project carried out within an organization follows a defined sequence of steps and has specific value targets, for example: reduce process cycle time, reduce pollution, reduce costs, increase customer satisfaction, and increase profits.

In cybersecurity, Six Sigma refers to the downtime from incidents. For example, if you have 10 million events, only 34 of those events will result in incidents. By focusing on processes and workflows, operations can be systemized to minimize any errors – or in this case, events.

What is Microsoft Operations Framework:

Microsoft Operations Framework (MOF) is a collection of best practices, principles, and models that provide comprehensive technical guidance for achieving mission critical production system reliability, availability, supportability, and manageability for solutions and services built on Microsoft products and technologies. MOF provides the fundamentals of operations methodology and a framework for IT operations. Product-specific operations guides, such as the "SQL Server Operations Guide", provide detailed operations information specific to the server products.

Their framework is based on the following stages:

  • Store – Put content in file systems, version-control systems, or other types of repositories. Integrated application development systems store varied Web content in the file system that replicates the hierarchical structure of the Web site.
  • Stage – Assemble all content, if you have a separate staging environment, after the content has been thoroughly tested and before you move the content to the production environment.
  • Test – Test the finished content. For example, testing should include identifying broken and missing links, identifying pages that load slowly, load testing, component testing, database access testing, script testing, and performance testing. You should perform comprehensive, final integration testing in a test/staging environment that is the same as the production environment. Developers must make sure that database connections are valid for the test/staging environment and the production environment.
  • Deploy and Replicate Content – Put new content into production. Make sure that you move all content, including middle-tier components and transactional packages, to the live system.
  • Monitor and Update – Monitor your production site and update the content when it is required. The content management process does not end when you put content in the production environment. You must continuously monitor and update content to keep the site current and working correctly.
  • Remove and Archive – Remove unwanted or out-of-date content from the production environment and archive it for a predetermined length of time.
  • Analyze – Analyze the site and user traffic continuously.

What is TOGAF (The Open Group Architecture Framework):

The Open Group Architecture Framework (TOGAF) is a framework for enterprise architecture that provides an approach for designing, planning, implementing, and governing an enterprise information technology architecture. TOGAF is a high-level approach to design. It is typically modeled at four levels: Business, Application, Data, and Technology. It relies heavily on modularization, standardization, and already existing, proven technologies and products.

An architecture framework is a set of tools which can be used for developing a broad range of different architectures. It should:

  • describe a method for defining an information system in terms of a set of building blocks
  • show how the building blocks fit together
  • contain a set of tools
  • provide a common vocabulary
  • include a list of recommended standards
  • include a list of compliant products that can be used to implement the building blocks

What is ITIL:

The Information Technology Infrastructure Library (ITIL) is a set of best practices for IT service management that focuses on aligning IT services with the needs of the businesses who employ them. To achieve this, the framework utilizes processes, tasks, procedures, and checklists that can be used by virtually any business; they’re designed to be versatile and flexible to standardize IT service across organizations, and even across industries. It allows an organization to set a baseline of IT knowledge to plan for growth, implement ideas, and measure changes.

For more information about Security Frameworks and Governing Models, contact Uzado or click below for a demo!

Request A Demo



Recent Posts

Subscribe to Email Updates