CSIA 350 Project 1 - Integrating NIST CSF with IT Governance Frameworks v2020_OlufemiAkinyemi.docx

This preview shows page 1 - 4 out of 10 pages.

Running Head:ISO/IEC 27000, 27001, 2002; COBIT 5; AND NIST’S CSF1ISO/IEC 27000, 27001, 2002; COBIT 5; and NIST’s CSFOlufemi AkinyemiJune 2, 2020
ISO/IEC 27000, 27001, 2002; COBIT 5; AND NIST’S CSF2IntroductionIn today's global media attention, the emphasis has been on the proliferation of securitybreaches that affects the business across the world. Such security failures result in considerableexpenses that lead to significant financial losses, at the same time damaging brand reputation andconsumer trust. As such, there is a need for organizations to move towards a more proactive andholistic approach to addressing security threats and managing the security requirements in thecurrent information-driven economy (Radack, 2011). Therefore, enterprises need to have a strongIT governance that is anchored on strong IT risk management as a measure of restoring privacyprotection, security, and confidence.Additionally, the Information Security Management System(ISMS) role as part of IT governance plays an essential role not only in IT management but alsoin the risk management activities. For instance, the use of ISMS enables organizations to managetheir security assets, such as employee details, intellectual property, and financial information(Haqaf & Koyuncu, 2018). It also helps the organization to secure information entrusted to it bythe third party. When using the ISMS, it is essential to note that the aspects of IT governance, ITmanagement, and risk management are inter-related.For instance, while IT governance ismainly focused on facilitating the strategic decisions made by the organization, IT managementplaces emphasis on the operational excellence of the IT functionality. Similarly, IT governanceand risk management activities are also interrelated. For instance, while IT governance placesemphasis on developing a framework that identifies the mechanism needed to create value, riskmanagement activities focus on helping the organization to not only design but also implementoperational models that manage the technology risks (Hopkin, 2018).The organization's security effectiveness is as good as its operations. However, adoptingone management system does not holistically address the security needs of the organization.
ISO/IEC 27000, 27001, 2002; COBIT 5; AND NIST’S CSF3Therefore, there will be three systems implemented to work holistically in the view ofinformation governance and management. The three information systems are NIST's CSF,COBIT 5, and ISO/IEC 27000, 27001, 27002. The system will be used in a bid to ensure that thesecurity of the e-commerce website complies with the information security as required by thestakeholder's governance (Soomro et al. 2016). Moreover, the management system will alsoprovide the ability to govern and also offer management on the end-to-end outlook on theorganization's information security.

Upload your study docs or become a

Course Hero member to access this document

Upload your study docs or become a

Course Hero member to access this document

End of preview. Want to read all 10 pages?

Upload your study docs or become a

Course Hero member to access this document

Term
Fall
Professor
N/A

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture