Words: 500
I will discuss some frameworks of information security management, their pros and cons, some major perspectives to consider in information security management and the benefits of Information security management frameworks. Information Security Management Frameworks NIST SP 800-137 and 800-39 introduces an organization-wide Information Security Continuous Monitoring (SCM) and Risk Management framework. SCM Is a strategy that uses a three-tiered approach (organization level, mission / business level and information system level).
SCM helps maintain ongoing awareness of information security and ensures that organizational security practice reflects the organization’s risk tolerance and helps ensure that accurate, up-to-date information is available to enable timely risk management decisions through the use of automation, SCM strategy might not take Into account all the controls thus presenting an Incomplete picture of an organization’s security status and risk. Automation may not take all controls into account that cannot be automated still need to be monitored and assessed.
These controls that cannot be automated still need to be considered in making the right risk / security decision. Another disadvantage is that risk scores may not be comprehensive due to having no information on certain risks. Also, 1 OFF Monsoon, L. , 14 December 2010). Business Software Alliance introduces a framework called the Information Security Governance Framework. The framework provides a roadman for the implementation, evaluation and improvement of information security practices.
An important feature of the information security governance framework is that it defines the roles of efferent members of an organization. The framework specifies what corporate executives, senior management, and CICS/Solos should do. The framework is also flexible enough to apply to different business models. The framework benefits are it identifies cornerstone security practices that nearly all organizations are following and makes recommendations where in an organization the responsibility falls.
Some disadvantages to Boa’s framework is that it is still a work in progress and it still needs to develop useful metrics that enable managers to quantify the return on investments in information security and the effectiveness of information security programs and measures (BAS). Major Perspectives Some major perspectives that organizations should consider in their information security management is to develop a strategy / framework that is aligned with an organizations goals and objectives and its aligned with the corporate policies.
Companies need identify current and potential legal and regulatory requirements affecting information security and define roles and responsibilities for information security throughout the organization. Companies should also establish internal and external reporting and communication channels and have full support from their senior management to support their information security (ISAAC).
Conclusion Benefits of having a framework for information security management is that it creates a secure and organized working environment, protects information assets, reduces internal and external security breaches, integrates disaster recovery / business continuity, helps detect an incident occurring and measure its effects, responds to an incident to minimize business damage, and ensures that organizations complies with rules, laws, policies and regulations.