Mod 1 Case Assingment
Natividad Kolb
ITM 517 Information Security Overview for Managers and Policy Makers
Module 1 Case Assignment
Prof. James Koerlin
February 23, 2014
In this paper I will be discussing some of the benefits of having frameworks for information security management. What each of the frameworks of information security are, their pros and their cons. Which major perspectives to consider in information security management and framework choice. What organizational factors should be considered in framework choice? I will also attempt to come up with a better framework for information security.
Some of the benefits of having frameworks for information security management are, that they serve as a common ground for integrating all types of information security functions. It also helps answer question of how to react to information security issues. As well as, helping identify what the important components involved in establishing and maintaining information security initiatives. Since our information faces more potential security breaches than ever before (Ma, Schmidt, Pearson, 2009 p. 58).
The information security frameworks are the following: -Governance frameworks -Security frameworks -Risk management and risk assessment frameworks -Audit and assurance frameworks -Legal and regulatory frameworks
The governance framework is very important because it gives us a road map for the application, evaluation and improvement of information security practices (Information Security Governance: Toward a Framework for Action). This frame work includes legislation, regulations, corporate structure, corporate culture and the importance of information security to the organization. It also acts as a mechanism to deliver value, mange performance and also mitigates risk. Another important fact about this framework is that it gives us a way to assign accountability for each decision and performance. It ensures that policies, procedures, management and other related management
ITM 517 Information Security Overview for Managers and Policy Makers
Module 1 Case Assignment
Prof. James Koerlin
February 23, 2014
In this paper I will be discussing some of the benefits of having frameworks for information security management. What each of the frameworks of information security are, their pros and their cons. Which major perspectives to consider in information security management and framework choice. What organizational factors should be considered in framework choice? I will also attempt to come up with a better framework for information security.
Some of the benefits of having frameworks for information security management are, that they serve as a common ground for integrating all types of information security functions. It also helps answer question of how to react to information security issues. As well as, helping identify what the important components involved in establishing and maintaining information security initiatives. Since our information faces more potential security breaches than ever before (Ma, Schmidt, Pearson, 2009 p. 58).
The information security frameworks are the following: -Governance frameworks -Security frameworks -Risk management and risk assessment frameworks -Audit and assurance frameworks -Legal and regulatory frameworks
The governance framework is very important because it gives us a road map for the application, evaluation and improvement of information security practices (Information Security Governance: Toward a Framework for Action). This frame work includes legislation, regulations, corporate structure, corporate culture and the importance of information security to the organization. It also acts as a mechanism to deliver value, mange performance and also mitigates risk. Another important fact about this framework is that it gives us a way to assign accountability for each decision and performance. It ensures that policies, procedures, management and other related management