I am looking for security process models/frameworks, in which different security processes are described. Are there such models available on the Web? Are there any models in which the process of risk management is framed?
Security models are often talked about, but seldom fully developed. The closest thing I can see to what you need is the ISO17799 standard, developed from the British 7799 security model. The COBIT audit model is excellent for risk assessment.
For more information on this topic, visit these other SearchSecurity.com resources:
Security Policies Tip: Security -- the common criteria
Best Web Links: Law, Public Policy and Standards
This was first published in September 2002