CSIA Project 1 .docx - Project 1: Integrating NIST’s...

This preview shows page 1 - 4 out of 8 pages.

Project 1: Integrating NIST’s Cybersecurity Framework with Information TechnologyGovernance FrameworksRobert ChambersCSIA 350- 6381 Cybersecurity in Business and Industry26 January, 2020
2IntroductionInformation Security Management system is approach for managing the companiessensitive information that is to stay secure (ISO, 2013). In IT Governance the InformationSecurity Management System provides a constant standard that is needed to effectively lowerpossible cost for IT Operation compliance requirements. IT Governance will address any of theneeds of the stakeholders, any conditions as well as options that can ensure they will beevaluated for determining balanced agreed upon enterprise objectives to be achieved. IT RiskManagement finds the alignments for business processes that are vital to supporting technologysystems. It focuses on the IT governance, and the security and privacy of the investments thatcontribute to most of the missions success. It also addresses the companies risk, which willinclude challenges and opportunities. They will be integrated into the organization, and will bealigned with the portfolio view (Lainhart, Fu, & Ballister, 2016).Analysis of Standards and FrameworksISO/IEC 27000With ISO/IEC 27000, a company can comply with the standards of the ISO in order toprovide the company with the credentials that are needed to demonstrate that the company isindeed compliant with all of the requirements. Employees and clients will be given the assuranceof knowing that all of their data is safe. The standards consist of several recommendations thatcan be useful. Companies are pressured to become accustomed to the recommendations, even ifthey have no plans to get the certifications (Disterer, 2013).ISO/IEC 27001
3ISO/IEC 2001 will be a flexible approach that can enable a tightly calibrated andmonitored system. That is to evolve alongside the changing security and business impacts thatcompanies deal with on a daily basis. Their main goal is to provide formal requirements that willbring information security into management control. They will also make out all conditions forthe implementations, foundations, monitoring, appraised, maintenance, and enhancement of thecompany’s management system manages the information security risk. Any company thatintegrates ISO/IEC 27001 will be able to validate all their effort through audits by accreditedorganization (Klappir, 2019).ISO/IEC 27002Integrating ISO/IEC 27002 can establish guidelines for improving management forinformation security in companies. ISO/IEC 27002 provides a routine risk assessment to help thecompany manage strategic, operational, financial and compliance risk in the company. It alsohelps to improve the information security posture and strengthens the overall security defense.

Upload your study docs or become a

Course Hero member to access this document

Upload your study docs or become a

Course Hero member to access this document

End of preview. Want to read all 8 pages?

Upload your study docs or become a

Course Hero member to access this document

Term
Winter
Professor
N/A

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture