Wait a second!
More handpicked essays just for you.
More handpicked essays just for you.
CoBit Management System Framework
Don’t take our word for it - see why 10 million students trust us with their essay needs.
Recommended: CoBit Management System Framework
Part B. Comparison of the ISO 27002, COBIT, NIST, and ITIL frameworks.
1. Common Usage of the Framework
ISO 27002: This framework is commonly used by organizations that are interested in deploying and managing an information security management system (ISMS) based on best practices.
COBIT: This business framework is often used as a comprehensive IT management and governance framework. It helps with security and regulatory compliance, such as Sarbanes-Oxley.
NIST: The federal information systems and organizations require FIPS Special Publication 800-53 to be in compliance with the security and privacy controls mandated by the U.S. government.
ITIL: It is a popular framework, used worldwide, to deliver Information Technology (IT) services that are based on best practices that can help organizations improve productivity and attain efficiency.
…show more content…
Purpose of the Framework
ISO 27002: The purpose of ISO 27002 is to provide necessary guidance to organizations that are interested in developing an information security program. It uses best practices to improve dependability on information security when dealing with inter-organizational relationships. (COBIT Mapping of ISO, 2006, pg. 18).
COBIT: The purpose of COBIT is to develop a framework for IT governance control that is not only current but accepted globally by the IT professionals and company executives. (COBIT Mapping of NIST, 2007, pg. 7).
NIST: The purpose of NIST SP800-53 is to provide U.S. government agencies directives for identifying security controls for information systems. The rules and recommendations apply to all parts of an information system that deal with storing, managing, or communicating government data. (COBIT Mapping of NIST, 2007, pg. 18).
ITIL: The purpose of ITIL is to design a low-cost, efficient, vendor-neutral standard for IT services that is based on best practices, improves customer satisfaction, and can be deployed in stages.
3. Strengths of the
This project must meet the requirements of DoD security policies and standards for delivery of the technology services. The first requirement we are to discuss is Federal Information Security Management Act (FISMA) which is a United States legislation that defines a comprehensive framework to protect government information, operations and assets against natural or man-made threats. FISMA assigned the National Institute of Standards and Technology (NIST), the responsibility of defining standards and security procedures to be followed and must be complied. There are nine processes NIST outlines to be in compliance with FISMA:
ISO 9001 is a quality management standard that helps a company or an organisation to continually monitor quality across all operations. As an internationally recognised quality standard, it outlines ways to achieve, as well as
Physical and environmental security programs are generally considered to be a collection of mechanisms and controls put into place that help ensure the availability of information technology capabilities. These programs protect an organization from fire, flood, theft, power failure, intentional, and even unintentional damage through negligence. Implementation of these programs at the organizational level can take place in a number of ways but most organizations choose to follow the application of a body of standards, usually set forth by an organization such as the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Once such body of standards put forth by ISO/IEC is 27002, Information technology – Security techniques – Code of practice for information secur...
The HBWC business objectives should be included in the Information Security Management System (ISMS) as this document will represent the organizations approach in designing, implementing, and auditing the company 's information system security objectives. In order for the ISMS to be applicable and appropriate to the organization, an examination of the business objectives of the company is required. This step is necessary to understand the needs to the organization when designing these objectives.
With the increasing use of emerging technologies and the associated information security threat threshold, Ohio University has adopted the NIST 800-53 security control framework to support their regulatory compliance efforts. NIST 800-53 is being implemented to provide a comprehensive set of security controls. This control framework is responsible for instituting minimum requirements that meet approved standards and guidelines for information security systems. It provides a baseline for managing issues relating to mobile and cloud computing, insider threats, trustworthiness and resilience of their information systems. NIST defines the standards and guidelines to be adhered to meet the cyber security control that align to FISMA expectations.
Information Security Management System (ISMS) plan offers a systematic process for designing, implementing, maintaining, and auditing an organization’s information system security objectives using Plan-Do-Check-Act (PDCA) process. If a qualified security professional is not employed to continually monitor and review ISMS plan, its effectiveness will tend to deteriorate.
SMEs must implement control objectives for compliance and improved security, but have limited means to do so. The ISACA study prioritizes the most important IT controls so that SMEs can get on top of their control game.
Recently, IT governance has been a mainly factor for fulfill business need from investing in IT area. In addition, Sarbanes-Oxley Act (SOX) mentioned IT governance issues for enhancing internal contro...
Information Technology (IT) is a foundation for conducting business today. It plays a critical role in increasing productivity of firms and entire nation. It is proven that firms who invested in IT have experienced continued growth in productivity and efficiency. Many companies' survival and even existence without use of IT is unimaginable. IT has become the largest component of capital investment for companies in the United States and many other countries.
All Modern IT departments of any size need to do more with less, even as expectations for greater IT service responsiveness to innovativeness demands rise. In addition, the IT departments face increasing challenges with dealing with increased scrutiny to comply with new requirement for the ITIL evaluation model. The following chapter will outline the aim of this project to which aimed at evaluating SAGE IRELAND Service Desk. A number of specific objectives will be examined to present the reader with an understanding of the SAGE IRELAND Service Desk software; it’s compliance to the ITIL evaluation model, how the knowledge gained is used to optimise and improve the service and what impact it has on the company and its customers. The aims and objectives of this project will be described and stated.
Lawrence, P. (2006, December). Frameworks of IT and IS. Lecture presented at the BUAD 683 : Information & Knowledge Management, Orange County Campus, CA.
5.0 HOW IT ACT AS ENABLER- IT BECOME AN ENABLER FOR THE COMPANY STRATEGY Information technology (IT) is the use of any computers, storage, networking and other physical devices, infrastructure and processes to create, process, store, secure and exchange all forms of electronic data. IT includes several layers of physical equipment (hardware), virtualization and management or automation tools, operating systems and applications (software) used to perform essential functions. IT becomes enabler technology is an equipment or methodology that, alone in combination with associated technologies, provides the means to generate giant leaps in performance and capabilities of the user. Walmart have several information systems that used to run the
Answer: The overall partnership between IT and the business at Hefty was strong and dependent on each other. Hefty had to take help from IT in order to be in the competitive market. They had to use different mode of IT to promote and grow their business. For example, Hefty wanted to use mobile apps for promotion of their products. IT had previously helped Hefty to do book keeping very efficiently and quickly. IT made it possible for then to keep records of data and also to save the data from viruses. It tried to understand the strategy of the business in order to perform better and help the business in
The first thing that we must consider about Information Security is that there is not a final destination at which we can arrive. IT Security is an ongoing set of processes and activities that requires attention and expertise on a daily basis. It is important to understand that systems are not secured by themselves and it is our responsibility to maintain and improve them periodically as required. It is of vital importance to establish the appropriate mechanisms and requirements in order to support the company’s CIA triad. The following report will provide you guidance about auditing and hardening techniques applied though the 7 Domains by utilizing IT Security Best Practices.
. ISO 14001 is a management standard, it is not a performance or product standard. The underlying purpose of ISO 14001 is that companies will improve their environmental performance by implementing ISO 14001, but there are no standards for performance or the level of improvement. It is a process for managing company activities that impact the environment.