Preview

Comparisons of Information Security Management Frameworks

Satisfactory Essays
Open Document
Open Document
721 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
Comparisons of Information Security Management Frameworks
Trident University
Comparisons of Information Security Management Frameworks
Module 1 Case Assignment

ITM517: Information Security Overview for Managers and Policy Makers
Dr. Kiet Tuan Tran
October 20, 2012

Introduction For businesses to keep pace with the latest technology, threats and to remain in compliance with current and future regulations or policies need to have effective management of information security in their organization. Information Security Management Frameworks are based on existing accepted standards, guidelines, and collections of practices that should be implemented in an IT department. I will discuss some frameworks of information security management, their pros and cons, some major perspectives to consider in information security management and the benefits of information security management frameworks.
Information Security Management Frameworks NIST SP 800-137 and 800-39 introduces an organization-wide Information Security Continuous Monitoring (ISCM) and Risk Management framework. ISCM is a strategy that uses a three-tiered approach (organization level, mission / business level and information system level). ISCM helps maintain ongoing awareness of information security and ensures that organizational security practice reflects the organization’s risk tolerance and helps ensure that accurate, up-to-date information is available to enable timely risk management decisions through the use of automation. ISCM strategy might not take into account all the controls thus presenting an incomplete picture of an organization's security status and risk. Automation may not take all controls into account that cannot be automated still need to be monitored and assessed. These controls that cannot be automated still need to be considered in making the right risk / security decision. Another disadvantage is that risk scores may not be comprehensive due to having no information on certain risks. Also, automated



References: NIST (2011), Managing Information Security Risk -- Organization, Mission and Information System View, National Institute of Standards and Technology Special Publication 800-39. NIST (2011), Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations. National Institute of Standards and Technology Special Publication 800-39. Johnson, L. A. (14 December 2010) Information Security Continuous Monitoring (Ongoing Monitoring in Support of Organizational Risk Management. http://csrc.nist.gov/groups/SMA/forum/documents/Forum-121410-Continuous-Monitoring-AJohnson.pdf Business Software Alliance (BSA). Information Security Governance: Toward a Framework for Action. ISACA. Defining Information Security Management Position Requirements. http://raw.rutgers.edu/docs/wcars/20wcars/ISACA/CONTECSI/Defining%20Info%20Sec%20Management.pdf

You May Also Find These Documents Helpful

  • Better Essays

    Cmgt400 Week 3

    • 1752 Words
    • 8 Pages

    Whitman, M., & Mattord, H. (2010). Management of Information Security (third ed.). Pittsburgh, PA: Cengage Learning.…

    • 1752 Words
    • 8 Pages
    Better Essays
  • Better Essays

    Whitman, M. E., & Mattord, H. J. (2010). Management of information security (3rd ed.). Boston, MA: Course Technology.…

    • 1432 Words
    • 5 Pages
    Better Essays
  • Powerful Essays

    Kudler Security Report

    • 8349 Words
    • 34 Pages

    References: Whitman, M., & Mattord, H. (2010). Management of Information Security (3rd ed.). Retrieved from https://ecampus.phoenix.edu/content/eBookLibrary2/content/eReader.aspx?…

    • 8349 Words
    • 34 Pages
    Powerful Essays
  • Better Essays

    Whitman, M. E., & Mattord, H. J. (2010). Management of information security (3rd ed.). Boston, MA: Course Technology/Cengage Learning.…

    • 1167 Words
    • 4 Pages
    Better Essays
  • Better Essays

    Unit 5 Assignment 1

    • 1355 Words
    • 6 Pages

    * ensuring awareness of information security threats and concerns, and the necessary steps to mitigate those threats; and…

    • 1355 Words
    • 6 Pages
    Better Essays
  • Powerful Essays

    Cyber-security demands are ever increasing in the field of Information Technology with the globalization of the internet. Disruptions due to cyber-attacks are affecting the economy, costing companies billions of dollars each year in lost revenue. To counter this problem corporations are spending more and more on infrastructure and investing to secure the cyber security vulnerabilities which range anywhere from software to hardware to networks and people that use them. Due to the complexity of information systems that interact with each other and their counter parts, the requirement to meet specific cyber security compliances have become a challenging issues for security professionals worldwide. To help with these issues, security professionals have created different standards and frameworks over the years for addressing this growing concern of vulnerabilities within enterprise systems and the critical information they hold (“Critical Security Controls,” n.d.).…

    • 3199 Words
    • 8 Pages
    Powerful Essays
  • Good Essays

    Kim, D., & Solomon, M. G. Part 1: The Need for Information Security. In Fundamentals of Information Systems Security. Jones & Bartlett…

    • 299 Words
    • 2 Pages
    Good Essays
  • Satisfactory Essays

    Week 4 Assignment 3

    • 316 Words
    • 2 Pages

    Cited: (2012). Request for Proposals for Information Security Assessment Services (isas). Sudburry, MA: Jones & Bartlett Learning.…

    • 316 Words
    • 2 Pages
    Satisfactory Essays
  • Best Essays

    Information Security Policy

    • 3396 Words
    • 14 Pages

    References: Merkow, Mark & Breithaupt, Jim. (2006). Information Security: Principles and Practices. Published by Prentice Hall. Retrieved August 19, 2011…

    • 3396 Words
    • 14 Pages
    Best Essays
  • Powerful Essays

    National Institute of Standards and Technology. (2010). Guide for Assessing the Security Controls in Federal Information System (NIST 800-53a). Washington, D.C.: US Government Printing Office. http://csrc.nist.gov/publications/nistpubs/800-53-Rev3/sp800-53-rev3-final_updated-errata_05-01-2010.pdf…

    • 1273 Words
    • 6 Pages
    Powerful Essays
  • Powerful Essays

    Areas similar to standards discussed Overview of the corporate philosophy on security Documents the Introduction and Purpose of the Information security policy of Chicago It provides a reasonable framework that helps the reader to understand the intent of the document…

    • 2909 Words
    • 12 Pages
    Powerful Essays
  • Good Essays

    Iscm Strategic Plan

    • 1276 Words
    • 6 Pages

    are often requested by organization officials such as the Risk Executive, CIO, CISO, and AO as well as by external Federal entities such as DHS and OMB, because they provide a holistic view of the security posture of the organization and measure the effectiveness of the program. The ISCM Program team will define metrics and security controls that align with their information security goals and identify improvements to the security posture of the systems. Metrics and controls should include security-related information from security status monitoring and security status assessments and support risk-based decision making. Moreover, the measurement and reporting schedule will need to be adjusted accordingly as the program matures and as additional requirements are identified. Current ECMO metrics as outlined in the table below will serve as a starting point. The ISCM integrated project team will continue to develop relevant and measurable metrics that support reporting through an executive level CDM dashboard. Additional information on security controls can be found in Appendix B. The dashboard will summarize security metrics and reporting while continuously providing trend analysis for the organization, and give management the ability to see the progress or regression of a given system within the cybersecurity continuous monitoring…

    • 1276 Words
    • 6 Pages
    Good Essays
  • Satisfactory Essays

    Firms need to establish a good set of both general and application controls for their information systems. A risk assessment evaluates information assets, identifies control points and control weaknesses, and determines the most cost-effective set of controls. Firms must also develop a coherent corporate security policy and plans for continuing business operations in the event of disaster or disruption. The security policy includes polices for acceptable use and identity management. Comprehensive and systematic MIS auditing helps organizations determine the effectiveness of security and controls for their information systems.…

    • 261 Words
    • 2 Pages
    Satisfactory Essays
  • Good Essays

    ISM3321 M4A1

    • 916 Words
    • 4 Pages

    1. How can a security framework assist in the design and implementation of a security infrastructure? What is information security governance? Who in the organization should plan for it?…

    • 916 Words
    • 4 Pages
    Good Essays