StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Comparisons of Information Security Management Frameworks - Research Paper Example

Cite this document
Summary
From the paper "Comparisons of Information Security Management Frameworks" it is clear that choosing a specific IT security framework can be informed by more than one dynamic with the form of industry or the requirements of compliance being some of the deciding aspects. …
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER95.3% of users find it useful
Comparisons of Information Security Management Frameworks
Read Text Preview

Extract of sample "Comparisons of Information Security Management Frameworks"

Topic: Comparisons of Information Security Management Frameworks Benefits of having frameworks for information security management Information management security frameworks are developed founded on a structured set of independent recommendations, processes as well as practices predominantly from the Information Security Management System Standard (ISO 27001). The framework seeks to make sure that information assets are safeguarded from illegal access or modification regardless of whether it is in storage, under processing or on transit. It further seeks to safeguard against any denial of service to the users with permission or provision of services to unauthorized users including the procedures needed to identify, document and deal with these threats. Frameworks are based on existing standards that have been accepted as well as guidelines and sets of practices that reflect the conduct of an initial community of organizations that perform highly(Hřebíček, Schimak&Denzer, 2011). Governments along with business organizations have an ability to implement frameworks with the practices they prefer or are supposed to use for their market sectors and the entire country. Some of the benefits of possessing frameworks for information security management include the fact that they create a secure and well-arranged working environment while at the same time protecting information and information assets. Having frameworks for information security management also assists in the reduction of internal and external breaches in security, creating confidence among the employees and customers when dealing with the operations of the business and integrating recovery from disasters in order to ensure continuity of the business(Gantz&Philpott, 2013). Further benefits include prevention of information security incidences from taking place and detection of incidences from occurring. In the event that incidences take place, the frameworks for information security management are able to measure the impact of the incidences and respond to them in order to minimize the resulting damage. Additionally, they are able to embed continuous improvement in processes associated with information security while complying with rules and regulations. Frameworks of information security management Information security frameworks are a sequence of standard procedures that are employed in defining policies and processes associated with the execution and continuous running of information security controls in an venture setting. The frameworks are essentially a plan for the creation of an information security plan with the aim of managing risks and reducing any vulnerability. Professionals in information security can employ these frameworks in their definition and prioritization of tasks that are needed to create security in an organizational setting(Layton, 2007). Frameworks are usually tailor-made to deal with particular information security issues in the same way that building plans are specifically meant to meet the needed specifications and uses. There are various frameworks including those developed for particular industries along with differing regulatory compliance objectives. They also exist in varying levels of difficulty and magnitude, but there exists a huge degree of overlap in overall security theories as every one of them continues to evolve. Frameworks examples Control Objectives for Information and Related Technology COBIT was established in the nineties by ISACA, which is an autonomous organization of experts in IT governance. Presently, ICASA offers various certifications like the Certified Information Security Manager as well as the renowned Certified Information Systems Auditor(Tashi&Ghernaouti-Helie, 2011). This framework began predominantly focusing on the reduction of methodological risks in firms but has progressed lately with COBIT 5 to encompass the integration of IT with goals that are strategic to the business. It is the most ordinarily employed framework in the endeavor to gain compliance with the guidelines set out by Sarbanes-Oxley. ISO 27000 series of standards The International Standards Organization developed ISO 27000 series that was designed to provide a very wide information security framework which could be employed to all forms and magnitudes of firms. It may be considered as the information security equal of ISO 9000 standards of quality used in the manufacturing industry while even including a comparable certification procedure (Winkler, 2011). It is categorized into various sub-standards founded in the contents, for instance, ISO 27000 is comprised of a general idea and terminology while the ISO 27001 provides a definition of the necessities for the program. The ISO 27002 evolved from BS7799, which is a British standard and provides a definition of the set steps required in an information protection setting and program. Numerous more standards as well as best practices are included in the ISO 27000 series, for instance, ISO 27799 that creates a definition of information security in healthcare that may be beneficial to the organizations that need to comply with HIPAA guidelines. There are newer ISO 27000 standards that are being created to provide particular advice in the areas of cloud computing, security storage as well as collection of digital evidence. The ISO 27000 standard is wide and can be employed in any industry; however, the providers of cloud computing services seeking to establish an vigorous security plan can use the certification. NIST SP 800 Series of standards The National Institute of Standards and Technology in the US has been creating a huge collection of standards associated with information security as well as a documentation of best practices. The Special Publication 800 series of the NIST was published for the first time in the nineties and had progressed to avail advice on almost all aspects pertaining to information security. Though it is not particularly an information security framework, the NIST 800-53 model has informed the evolution of other frameworks. Various agencies of the US government use NIST SP 800-53 in their compliance with the 200 requirements of the Federal Information Processing Standards. Regardless of the fact that it is particular to agencies of the government, the framework can be utilized in all industries and is not supposed to be unnoticed by organizations seeking to develop an information security system. Major perspectives to consider in information security management and framework Choosing a specific IT security framework can be informed by more than one dynamic with the form of industry or the requirements of compliance being some of the deciding aspects. The companies, which are publicly traded, prefer sticking with the COBIT framework so that they can more easily achieve compliance with Sarbanes Oxley. On the other hand, the ISO 27000 series is the masterpiece as far as frameworks for information security are concerned as they are applicable in any industry, however the process of implementing them is long and involving(Johnson, 2011). Nonetheless, it can be appropriately used where the organization is supposed to market information security competences through the ISO 27000 certification. Further, the NIST SP 800-53 is the standard needed by the federal agencies of the US but may also be applicable in organizations that’s seek to create an information security plan that is particular to technologies. They can assist a security expert in his or her organization and management of information security programs. References Gantz, S., &Philpott, D. (2013). FISMA and the risk management framework.Boston: Syngress. Hřebíček, J., Schimak, G., &Denzer, R. (2011). Environmental software systems.Berlin: Springer. Johnson, R. (2011). Security policies and implementation issues.Sudbury, Mass.: Jones & Bartlett Learning. Layton, T. (2007). Information security.Boca Raton: Auerbach Publications. Tashi, I., &Ghernaouti-Helie, S. (2011). Information security evaluation. Lausanne, Switzerland: EPFL Press. Winkler, J. (2011). Securing the cloud.Burlington, MA: Elsevier. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Information security management framework Research Paper”, n.d.)
Information security management framework Research Paper. Retrieved from https://studentshare.org/information-technology/1686577-information-security-management-framework
(Information Security Management Framework Research Paper)
Information Security Management Framework Research Paper. https://studentshare.org/information-technology/1686577-information-security-management-framework.
“Information Security Management Framework Research Paper”, n.d. https://studentshare.org/information-technology/1686577-information-security-management-framework.
  • Cited: 0 times

CHECK THESE SAMPLES OF Comparisons of Information Security Management Frameworks

The Zachman Framework

Enterprise reengineering has already become one of the most popular objects of information systems research.... The beginning of the 1980s was marked with the rapid advancement of information technologies and systems.... The Zachman framework “comprises descriptive representations that are essential to successful management of enterprises and future development of information systems” (Zachman, 1993).... The Zachman framework exemplifies a successful attempt to revolutionize enterprise architecture principles and solve the centuries old problem of inefficient enterprise architecture, which hinders the development of relevant business frameworks....
6 Pages (1500 words) Essay

Protection of the Cyberspace in Small and Medium Enterprise Systems

Countries work with special strategies to facilitate cyberspace security.... Implementing the security system is a joint comparison of Homeland security and the National Strategy.... The policies are set to engage the global population to engage in implementing security levels in the cyberspace.... This comes as an initiative of every country to implement security details in cyberspace they own operate and control....
9 Pages (2250 words) Assignment

Information Security Management Frameworks

Instructor Date Comparisons of two information security management frameworks The purpose of this program plan is to outline an efficient framework that will guide the health care industry in enhancing their cyber security and obtaining an appropriate but cost effective insurance cover.... It defines essential elements of effective information security program without infringing the borders of law and other regulations governing it.... This include important steps like assessing the risks both imminent and long term, having a structure responsible for information security and assigning the responsibilities, setting up personnel policies related to security and finally monitoring the security program the company will formulate....
4 Pages (1000 words) Essay

Information Security Risks

The information security requirements that these frameworks have is going to be researched and any an attempt to assign it to the general categories of information security risks will be made to facilitate an easier management ... ith the passing time, the importance of information security is increasing multi-fold especially for financial institutions.... This paper ''information security Risks'' objectives are the identification of the information security threat to contemporary global financial organizations....
8 Pages (2000 words) Essay

Managing Information Security Risks in Global Financial Institutions

The information security requirements that these frameworks have is going to be researched and any attempt to assign it to the general categories of information security risks will be made, in order to facilitate an easier management Results: 'Achieving information security is extremely complicated and requires the combination of technical resources and management procedures.... With the passing time, the importance of information security is increasing multi-fold, especially for financial institutions....
8 Pages (2000 words) Research Proposal

Access Control Methods in Information Security

With these types of controls, access is granted as per one's allowed extent of exposure to information security systems.... As is evident with the masculinity of information technology as the contemporary means of capturing and storing information, access control systems must exist to protect information and information technology systems.... Better put, this method will only grant the custodial management and the owner the privileges of managing the access controls....
6 Pages (1500 words) Coursework

Assessing Spatial Data Infrastructures Using Management Model

This literature review "Assessing Spatial Data Infrastructures Using management Model" presents various spatial data infrastructure performance.... This paper will use the management Model evaluation framework to evaluate and compare land administration systems between Australia and Switzerland.... management Model evaluation framework explains that land is a natural resource that requires sustainable use and development in order to benefit the general population....
8 Pages (2000 words) Literature review

Security and Risk Management Issues

The paper "Security and Risk management " is a delightful example of an assignment on management.... Risk management is an essential aspect of an institution because it allows the administration to make effective decisions to combat the menace.... Understanding risk management and the components that entail assessing it is the most significant factor for an institution.... The paper "Security and Risk management " is a delightful example of an assignment on management....
10 Pages (2500 words) Assignment
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us