Differences and Similarities between Existing Security Standards - Essay Example

?DIFFERENCES AND SIMILARITIES BETWEEN EXISTING SECURITY STANDARDS Differences and similarities between existing security standards Affiliation Date PAPER 1 Information security plays a significant role in saving the precious assets of a corporation. Though, there is no particular method which could assure hundred percent safety and security of data, as a result there is a critical need for a set of standards or principles to help make sure a sufficient level of safety is achieved, resources are utilized effectively, and the most excellent safety practices are implemented. As discussed before information security is essential for saving the data and assets of a business. Thus, businesses require being completely responsive for devoting additional resources to save data and information assets, as well as information security has to be a top concern for both governments and businesses (Government of the HKSAR, 2008). In addition, the ISO (International Organization for Standardization) has been offering directions and guidelines for customers, businesses, trade officials, governments and developing nations since its establishment in 1947. Additionally, all that knowledge goes into the building of innovative standards and the development and enhancement of accessible information security standards. In this scenario, the ISO 9000, the excellence management standard, is yet probably the most identifiable ISO standard to American businesses for the reason that of its influence in the United State all through the late 80’s as well as untimely 1990’s. However, there are numerous top security standards that have been discovered with the passage of time. For instance, whole 27000 series is intended to cover numerous areas of information security as well as risk management: (JBwGroup, 2009; Government of the HKSAR, 2008) IS0 27000 – Information Security methods, basics as well as vocabulary ISO 27001 – Information Security Management System Requirements (available: 10/2005) ISO 27002 – Code of Practice (available: 06/2005) ISO 27003 – Planned ISMS Implementation ISO 27004 – Directions intended for Information Security Management Metrics as well as Measurement ISO 27005 – Guide intended for Risk Management (available 06/2008) ISO 27006 – Worldwide Accreditation Requirements (available 03/2007) However, business corporations that have adopted ISMS and attained self-governing 3rd party certification regarding their information security plans have gained a number of strategic benefits (JBwGroup, 2009; Government of the HKSAR, 2008). Moreover, from the above stated different information security standards I have chosen the ISO/IEC 27001. ISO- 27001 or ISO/IEC 27001:2005 is typically referred as the most excellent practice specification that facilitates businesses and corporations all through the globe to build up a best-in-class information security management system (ISMS). In addition, these security and safety standards were published jointly by the ISO (international security office) and the international electro-technical commission (IEC). In this scenario, the British standard BS7799-2 was the predecessor for ISO 27001 (IT Governance Ltd., 2011; WikiBooks, 2009; Arnason & Willett, 2008; ISO, 2011; Praxiom Research Group Limited, 2011). In this information technology based age, information and information systems are very important for the businesses. Keeping this fact in mind, ISO 27001 establishes specific needs and requirements which have to be followed, as well as against those requirements organizations’ information security management systems are audited and certified. In addition, ISO 27001 is intended to harmonies with ISO 14001:2004, ISO 9001:2008, ISO 20000 as well as various other security standards established for efficient management system integration. In this scenario, the ISO27001 standard allows the organizations to produce a structure to comply with a lot of authoritarian standards. Additionally, all the United Kingdom businesses have to obey following standards: (IT Governance Ltd., 2011; WikiBooks, 2009; Arnason & Willett, 2008; ISO, 2011; Praxiom Research Group Limited, 2011) Data Protection Act 1998 Telecommunications Regulations Act 1998 The Human Rights Act 1998 Computer Misuse Act 1990 The Copyright, Designs and Patent Act 1998 The Regulation of Investigatory Powers Act 2000 The Freedom of Information Act 2000 (UK public sector). Thus, ISO 27000 is the most excellent choice for the better corporation business management (IT Governance Ltd., 2011; WikiBooks, 2009; Arnason & Willett, 2008; ISO, 2011; Praxiom Research Group Limited, 2011). PAPER 2 This paper presents a detailed analysis of three consulting firms that offer services of security auditing. For this reason I have selected below given websites: http://www.mavensecurity.com/ http://www.questconsultants.com.pk/iso27001.html http://www.niiconsulting.com/ Name of the tool Brief description of the program and what it claims to do Specific business needs being addressed by program and value delivered by it Your reasons why you decided to check it out (first impression) Your overall evaluation of it, to the degree that you can judge; is it something you'd use?  Why? (Please comment also on the effectiveness of the demo itself) Information Security Management Tool http://www.mavensecurity.com/  First company is Maven Security Consulting which offers services of security assessment and training. (Maven Security Consulting, Inc., 2011).  Maven Security Consultants have expertise of serving companies of almost all the types and sizes, recognize and mitigate their risks. (Maven Security Consulting, Inc., 2011).  Maven experience as well as customer focuses shine throughout all the stages of an agreement, from the application procedure to the reporting and mitigation stages (Maven Security Consulting, Inc., 2011).  Maven Security Consultants are offering a great deal of effective security management facilities those are highly applicable. Here we can ensure effective capability and security of our corporate. http://www.questconsultants.com.pk/iso27001.html Second firm which I have chosen is Quest Consultants. It offers services for all the available standards established in the globe.  These standards exist for information security management, quality management, environmental management, food safety management, health & safety standards, software management and garment & apparel business standards. In addition, Quest Consultants clients comprise both public and private sector businesses.  Additionally, Quest Consultants has established panels of professionals to deal with the security related issues of other firms (QUEST CONSULTANTS, 2011). http://www.niiconsulting.com/ The third firm that I have chosen is NII Consulting. It is a dedicated as well as well-recognized supplier of services, solutions and products in information governance, compliance space and risk management. (NII Consulting, 2011).  In addition, NII Consulting professionals are successful in establishing a mark for themselves with extremely satisfied clients all through the world supported by corporate offices in India and Middle East. (NII Consulting, 2011).  As an ISO 27001-certified firm, company powerfully positioned to recognize client requirements as well as deliver the right answers to their compliance needs. (NII Consulting, 2011).  Moreover, NII Consulting has succeeded to get the honor at many national and international forums and conferences (NII Consulting, 2011). Summary and conclusions from a user and organizational level  From the analysis of above given web sites I came to know that the information security has turned out to be a vital need to every corporation. Every business and organization desires to establish superior security and efficiency standards. Cumulative learning  Security consultants are offering an excellent support for the better assessment of corporate security needs and specify most excellent security solutions for corporate information security management. In this way, organizations can improve their efficiency. References Arnason, S. T., & Willett, K. D. (2008). Introduction to International Standards Organization Security Standards. Retrieved November 27, 2011, from http://www.infosectoday.com/Articles/27001.htm Government of the HKSAR. (2008, February). AN OVERVIEW OF INFORMATION SECURITY STANDARDS. Retrieved November 28, 2011, from http://www.infosec.gov.hk/english/technical/files/overview.pdf ISO. (2011). ISO/IEC security standards. Retrieved November 25, 2011, from http://www.iso.org/iso/iss_international-security-standards.htm IT Governance Ltd. (2011). ISO 27001 & Information Security. Retrieved November 26, 2011, from http://www.itgovernance.co.uk/iso27001.aspx#Free JBwGroup. (2009, April). Evolution of an International Information Security Standard. Retrieved November 27, 2011, from http://www.jbwgroup.com/documents/JBWGroup-EU-InfoSecHistoryV2-N2.0.pdf Maven Security Consulting, Inc. (2011). Security Consulting. Retrieved November 27, 2011, from http://www.mavensecurity.com/ NII Consulting. (2011). NII Consulting. Retrieved November 26, 2011, from www.niiconsulting.com Praxiom Research Group Limited. (2011). ISO IEC 27002 2005. Retrieved November 26, 2011, from http://www.praxiom.com/iso-17799-2005.htm QUEST CONSULTANTS. (2011). Quest Consultants. Retrieved November 14, 2011, from http://www.questconsultants.com.pk/clients.html WikiBooks. (2009). Security Architecture and Design/Print Version. Retrieved November 25, 2011, from http://en.wikibooks.org/wiki/Security_Architecture_and_Design/Print_Version Read More