| MESSIC
aims at evaluating IS security according to international
standards.
MESSIC comprises 4 parts: organization, architecture, administration,
audit and control.
MESSIC proposes a framework covering the whole life cycle
of information security processes:
 
Security policy and standards: requirements, major risk
analysis and action
plan.
Security architecture: general design, infrastructure and
authentication processes.
Operational security management: authorization, access control,
problem management
and reporting.
Security audit: guidelines, audit and certification.
MESSIC focuses on the risk reduction plan.
|
