Information Security Management Frameworks
Module 1 - Case
Information Security Management Frameworks
Case Assignment
In the world of information security management, it is important to have a proper mindset and a handy roadmap that help you cruise through the maze of the ever-changing technology and its security issues. The following presentation suggests a simple framework for information security management.
Wang, W. PowerPoint Presentation. Information Security Management Framework.
Some of you may have been exposed to the OSI (Open System Interconnection) reference model and the TCP/IP stack for the Internet communications. Please see Fig. 3 in the OSI Reference Model for Network Protocol. Dissecting a big, complicated problem into smaller components helps solve the problem systematically. IS security is complicated. The suggested framework above follows the similar line of reasoning and provides a way of thinking to approach the problem.
Engineering, such as the design of a communication protocol, requires the clarification of a specific layer's boundaries so that the design is precise. In management or relevant behavioral studies, the context is more fluid than an engineering task. It is required to work hand-in-hand from all of the perspectives. The layered approach provides only one way of thinking, there are many alternatives how to bring pieces together. Now let us look briefly at some alternative frameworks. You only need to scan through and become familiar with some key figures/tables and get some understanding. You will revisit these articles in much details in later module(s) (e.g., mod 3) or course(s) (e.g., ITM527).
For instance, the following NIST publication introduces a tiered/layered approach for risk management. Please mainly focus on Figure 2 and 3.
NIST. (2011). Managing Information Security Risk—Organization, Mission and Information System View. National Institute of Standards and Technology Special Publication 800–39.
The framework for organization-wide Information Security Continuous Monitoring in Figure 2-1 in the following article echoes the benefit of look at the issue in tiers/layers. Its Risk Management Framework in Figure 2-2 proposes a process overview that emphasizes a dynamic process flow and values both organizational inputs (e.g., laws, policy, objectives, etc.) and architecture of business processes and information systems. Please mainly focus on these two main figures.
NIST. (2011). Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations. National Institute of Standards and Technology Special Publication 800–137.
However, Business Software Alliance introduces a framework for action on Information Security Governance that asks for who, what, and how with regards to governance. You only need to focus on Table 4 to get an overview of it. It also emphasizes that "Information security is often treated solely as a technology issue, when it should also be treated as a governance issue," which is in sync with the other framework where technology issue is only one of the several perspectives that need to be considered.
Business Software Alliance. Information Security Governance: Toward a Framework for Action.
The following article also covers the perspectives mentioned in the presented framework, although it doesn't use a layered approach. Please scan it through to get the main points. You should come back to this article throughout the course for the focused perspective in respective module. For this module, you only need to know what perspectives are considered.
Johnson, E., & Goetz, E., (2007). Embedding Information Security into the Organization. IEEE Security & Privacy, May/June 2007.
After you have "strategically" read the above materials, and, more importantly, thought about them critically and interconnectively, compose a 4- to 6-page paper on the topic:
Comparisons of Information Security Management Frameworks
In preparing your paper, you need to discuss the following issues, and support with arguments and examples:
• What are the benefits of having frameworks for information security management?
• What are the frameworks of information security management? Their pros and cons?
• What are the major perspectives to consider in information security management and framework choice?
• What organizational factors should be considered in the framework choice?
• You may even expand what you learned here and come up with a better framework. Give it a try, although it is not required.
Assignment Expectations
Length: Minimum 4–6 pages excluding cover page and references (since a page is about 300 words, this is approximately 1,200–1,800 words).
Assignment-driven criteria (25 points): Demonstrates clear understanding of the subject and addresses all key elements of the assignment.
Critical thinking (10 points): Demonstrates mastery conceptualizing the problem. Shows analysis, synthesis, and evaluation of required material.
Scholarly writing (5 points): Demonstrates writing proficiency at the academic level of the course; addresses the Learning Outcomes of the assignment.
Quality of references (4 points) and assignment organization (3 points): Uses relevant and credible sources to support assertions. Assignment is well organized and follows the structure of a well-written paper.
Citing sources (3 points): Uses in-text citations and properly formats references in APA style.
• Please use original writing (No Plagerism)
• Please use American URLs than can be easily verified on the web on the reference page.
• Please include the page numbers in the references
Student:
Professor:
Course title:
Date:
Information Security Management Frameworks
Information security management frameworks are basically a sequence of documented processes utilized in defining procedures and policies around the execution and management of information security controls within an organizational context. In this paper, the benefits of having frameworks for information security management (ISM) are described exhaustively. The different frameworks of ISM are identified including their advantages and disadvantages. Furthermore, the main perspectives that need to be taken into account before choosing ISM and framework are described. Equally important, the organizational factors which need to be considered when choosing the ISM framework are described.
Benefits of having frameworks for information security management
Frameworks for ISM help to protect the information of an organization. Protecting the information of an organization is crucial for the smooth operation and successful management of the organization. In essence, having these frameworks will help the organization to effectively manage and protect its valuable data as well as information assets. Security frameworks basically comprise a variety of documents which provide recommendation on topics that pertain to information systems security particularly with regard to planning, executing, auditing as well as managing of information security practices (Kuligowski, 2011, p. 5). Frameworks for ISM are a blueprint that can be used to build an information security program for managing risk and reducing vulnerabilities. These frameworks could be used in defining and prioritizing the tasks that are needed to build security into an organization.
It is worth mentioning that frameworks are usually tailored to solve particular information security problems. There are frameworks which were created for particular industries and various regulatory compliance goals. These frameworks help protect information assets from unauthorized modification of or access to information, be it in transit, processing or storage. A security management framework provides an outline for defining, discussing, planning, implementing, tracking and reporting on security issues that pertain to the organization (Arnason & Willett, 2012, p. 14). They also help in protecting against the provision of service to unauthorized persons or denial of service to authorized persons and includes measures for detecting, documenting and countering such threats.
Frameworks for information security management and their pros and cons
ISO 27000 Series
This framework for information security management was created by the International Standards Organization and offers an extensive information security framework which could be applied to organizations of all sizes and types. Basing on content, this framework is divided into various sub-standards. For instance, ISO 27000 comprises vocabulary and an overview, whereas ISO 27001 basically defines the program’s requirements only (International Standards Organization, 2014, p. 20). Moreover, ISO 27002 defines the operational steps that are required in an information security program. In addi...
π Other Visitors are Viewing These APA Case Study Samples:
- Case Study Analysis: American Airlines Flight 1912 pages/β550 words | 3 Sources | APA | Technology | Case Study |
- Case Study Analysis: TWA Flight 8002 pages/β550 words | 5 Sources | APA | Technology | Case Study |
- Belief & Culture: Build Awareness4 pages/β1100 words | 4 Sources | APA | Technology | Case Study |
- Growth of PV Efficiencies and Why3 pages/β825 words | No Sources | APA | Technology | Case Study |
- Software Development Models2 pages/β550 words | 2 Sources | APA | Technology | Case Study |
- Case Study Analysis: Japan Airlines Flight 1232 pages/β550 words | 5 Sources | APA | Technology | Case Study |
- How Technology Advancement has influenced Computer Ethics3 pages/β825 words | 2 Sources | APA | Technology | Case Study |