Framework

It is better to address the entire organization’s availability, confidentiality, integrity and authenticity (collectively: security) concerns than to test individual applications for security concerns. To that end, Microsoft offers a Security Assessment Tool, useful for even non-Microsoft environments.

• CERT OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation) is a suite of tools, techniques, and methods for risk-based information security strategic assessment and planning. Business Continuity Planning
• Information Systems Security Assessment Framework (ISSAF) seeks to evaluate the organization’s information security policies & processes to report on their compliance with IT industry standards, and applicable laws and regulatory requirements
• NIST SP 800-34 Contingency Planning Guide for Information Technology Systems (Business Continuity Planning)
• NIST SP 800-115 Technical Guide to Information Security Testing and Assessment
• The National Security Agency (NSA) InfoSec Assessment Methodology (IAM) was designed specifically for Federal Information Security Management Act (FISMA) compliance.
• Sherwood Applied Business Security Architecture (SABSA) SABSA: the What, Why, How, Who, Where and When and of Contextual, Conceptual, Logical, Physical, Component and Operational
• Zachman International Zachman Architecture Framework: the What, How, When, Who, Where, and Why of Identification, Definition, Representation, Specification, Configuration and Instantiation
• ITIL and ITSM World IT Infrastructure Library (ITIL) is a series of documents that are used to aid the implementation of a framework for IT Service Management (ITSM).
• Microsoft Security Development Lifecycle Procedures for incorporating security into software development. Tools to support steps in the lifecycle as well.