Comparisons of Information Security Management Frameworks

1202 words 5 pages
Show More
Comparisons of Information Security Management Frameworks

Today’s economy depends on the secure flow of information within and across organizations. Thus, making information security is an issue of vital importance. A secure and trusted environment for stored and shared information greatly enhances consumer benefits, business performance and productivity, and national security. Conversely, an insecure environment creates the potential for serious damage to governments and corporations that could significantly undermine consumers and citizens. The stakes are particularly high for businesses engaged in critical activities, such as electrical power generation, banking and finance, or healthcare.

It can be very overwhelming for a …show more content…

What makes these frameworks so amazing is that there is an overlap between them so “crosswalks” can be built to show compliance with different regulatory standards. For example, ISO 27002 defines information security policy in section 5; COBIT defines it in the section "Plan and Organize"; Sarbanes Oxley defines it as "Internal Environment"; HIPAA defines it as "Assigned Security Responsibility"; and PCI DSS defines it as "Maintain an Information Security Policy." By using a common framework like ISO 27000, a company can then use this crosswalk process to show compliance with multiple regulations such as HIPAA, Sarbanes Oxley, PCI DSS and GLBA, to name a few (Granneman, J.).

The decision made to use a particular IT security framework is driven by multiple factors. The type of industry or compliance requirements can be the deciding factors. COBIT is known to be used by publicly traded companies in order to comply with Sarbanes Oxley. The magnum opus of information security frameworks is the ISO 27000 series, because it has applicability in any industry. However, it is best used where the company needs to market information security capabilities through the ISO 27000 certification. The standard required by the United States federal agencies is the NIST SP 800-53. The beauty of this framework is that it could also be used by any company to build technology specific information security plan.

Effective IT security

Related

  • Significance of Virtualization, and Cloud Computing in Virgin Atlantic
    2535 words | 11 pages

    The main concerns of being the management student are to learn great management practices and system from various organizations. Practical implication of theories and practices gained from colleges or universities must be applied to the practical world. Our knowledge will be getting a platform when it is being implemented in a real world. Virgin Atlantic is one of the successful business organizations are operating multi function services. Virgin Atlantic Airways is one of the leading airlines….

    Show More
  • Eastern foods assigment
    2521 words | 11 pages

    is facing the following challenges with regards to HRM, Accounting, Marketing and Operations Management. (a) Overview of Challenges Facing Eastern foods: Human resource Management (HRM) Human resource management is also identified as “personnel management”. There will be in detail study required of whole business for the recruitment of the new staff. There should be study of hierarchy of the management level that will be necessary to manage the operations of business. And what skills will be obligatory….

    Show More
  • Outcomes Based Practice – Underpinning Theories and Principles
    2403 words | 10 pages

    Outcomes Based Practice – Underpinning Theories and Principles Introduction If the emphasis that the Care Quality Commission (CQC) has placed on the importance of outcomes is anything to go by, providers of care and support services in today’s care environment may imperil themselves if they do not work to achieve and demonstrate desirable outcomes with and for the people they support in whatever capacity. This much is evident in the way that the CQC in its publication (Guidance about compliance….

    Show More
  • Competitive Analysis for Cisco in China
    5194 words | 21 pages

    consumers (Velte & Velte, 2004). The Chinese business environment is adaptive towards the new technologies and their development. Legal Factors: The major legal factors that may affect the performance of Cisco in China are law related to the information system. IT is integral for Cisco to impose its copyright and patents in China to compensate for the variety of IT laws and IT globalizations (China:….

    Show More
  • I T Feasibility Study
    1644 words | 7 pages

    feasibility study should provide management with enough information….

    Show More
  • Audit Risk Analysis
    2723 words | 11 pages

    Audit Risk Analysis Project – Bebe, Inc. Liberty University ACC 622 Advanced Auditing Due May 7, 2010 Table of Contents Memorandum ...................................................................................................................3 History ............................................................................................................................. 4 Product Offering ........................................................................................….

    Show More
  • International Project Management
    5861 words | 24 pages

    and rise in the concept of the importance of International Project Management has increased many folds. Project management is a discipline that applies various tools, concepts, principles, practices, activities that help in improving the profitability of organization and results in overall growth. It helps organizations working in various parts of the world in integrating there operations and achieving goals. The project management concepts are based on principles of rationality in human behavior….

    Show More
  • Health and Safety
    4295 words | 18 pages

    a specific health and social care: 4 1.2.1 Organizational Responsibilities: 4 1.2.2 Monitoring and evaluating process: 5 1.2.3 Inspecting the workplace: 5 1.2.4 Management Structure: 5 1.2.5 Representation: 6 1.3 Analysis of Health and Safety priorities: 6 1.3.1 Safety aid: 6 1.3.1.1 Walking aid: 6 1.3.1.2 Wheelchair: 6 1.3.1.2 Security system: 6 1.3.1.2.1 Door locks: 6 1.3.1.2.2 Cameras: 7 1.3.1.2.3 Gates: 7 1.3.1.2.4 Alarms: 7 1.3.1.2.5 Patrol: 7 1.3.1.3 Maintenance: 7….

    Show More
  • Intermediate Accounting Chapter 2
    18479 words | 74 pages

    CHAPTER 2 Conceptual Framework for Financial Reporting ASSIGNMENT CLASSIFICATION TABLE (BY TOPIC) Topics 1. 2. 3. 4. 5. 6. Conceptual framework– general. Objectives of financial reporting. Qualitative characteristics of accounting. Elements of financial statements. Basic assumptions. Basic principles: a. Measurement. b. Revenue recognition. c. Expense recognition. d. Full disclosure. Accounting principles– comprehensive. Constraints. Assumptions, principles, and constraints. 28, 29, 30 10 11 Questions….

    Show More
  • An Analysis of Benefit in Implementing Total Quality Management Into B2C E-Commerce.
    3534 words | 15 pages

    An analysis of benefit in Implementing Total Quality Management into B2C E-Commerce. PMAN639-Project Quality Management University of Maryland University College . . ABSTRACT Total quality management (TQM) comprises three elements; customer focus, variation and continuous improvement. Quality begins with understandings of customer’s requirements upon which the performance goal for the organization is based. Variation in quality is controlled….

    Show More

Popular Essays