For businesses to keep pace with the latest technology, threats and to remain in compliance with current and future regulations or policies need to have effective management of information security in their organization. Information security management Frameworks are based on existing accepted standards, guidelines, and collections of practices that should be implemented in an IT department. I will discuss some frameworks of information security management, their pros and cons, some major perspectives to consider in information security management and the benefits of information security management frameworks.
Information Security Management Frameworks NIST SP 800-137 and 800-39 introduces an organization-wide Information Security Continuous Monitoring (ISCM) and risk management framework. ISCM is a strategy that uses a three-tiered approach (organization level, mission / business level and information system level).
ISCM helps maintain ongoing awareness of information security and ensures that organizational security practice reflects the organization’s risk tolerance and helps ensure that accurate, up-to-date information is available to enable timely risk management decisions through the use of automation.
The Term Paper on The Need for Information Security Management for Small to Medium Size Enterprises
Defending Against Internet-Based Attacks8 Industrial Espionage and Business Intelligence Gathering9 Personnel Issues in Information Security9 Physical Security Issues in Information Security10 Cyber Forensic Incident Response10 Conclusion11 References11 Abstract Small to Medium Size Enterprises (SMEs) contribute greatly to the economy in many countries despite the many challenges that they face. ...
ISCM strategy might not take into account all the controls thus presenting an incomplete picture of an organization’s security status and risk. Automation may not take all controls into account that cannot be automated still need to be monitored and assessed. These controls that cannot be automated still need to be considered in making the right risk / security decision. Another disadvantage is that risk scores may not be comprehensive due to having no information on certain risks.
Also, automated tools may lead to a false sense of security among an organization (Johnson, L. , 14 December 2010).
Business Software Alliance introduces a framework called the Information Security Governance Framework. The framework provides a roadmap for the implementation, evaluation and improvement of information security practices. An important feature of the information security governance framework is that it defines the roles of different members of an organization. The framework specifies what corporate executives, senior management, and CIOs/CISOs should do.
The framework is also flexible enough to apply to different business models. The framework benefits are it identifies cornerstone security practices that nearly all organizations are following and makes recommendations where in an organization the responsibility falls. Some disadvantages to BSA’s framework is that it is still a work in progress and it still needs to develop useful metrics that enable managers to quantify the return on investments in information security and the effectiveness of information security programs and measures (BSA).
Major Perspectives Some major perspectives that organizations should consider in their information security management is to develop a strategy / framework that is aligned with an organizations goals and objectives and its aligned with the corporate’s policies. Companies need identify current and potential legal and regulatory requirements affecting information security and define roles and responsibilities for information security throughout the organization.
The Business plan on Information Systems And Management: Decision Making In Business Organizations
Introduction:Barletta’s Fine Foods (BFF) Ltd operates from King’s Norton in south Birmingham and supply food products to various retail outlets and restaurants. The company has performed well in the past and has ambitious growth plans for the near future, however there are problems in various functional departments of the company that have hindered its growth. Top management is ...
Companies should also establish internal and external reporting and communication channels and have full support from their senior management to support their information security (ISACA).
Conclusion Benefits of having a framework for information security management is that it creates a secure and organized working environment, protects information assets, reduces internal and external security breaches, integrates disaster recovery / business continuity, helps detect an incident occurring and measure its effects, responds to an incident to minimize business damage, and ensures that organizations complies with rules, laws, policies and regulations. Corporations will need to find, tailor, and implement an information security management framework that works for them in order to gain the benefits that are listed above because not all current frameworks that are out there are not a one size fit all solution.
