Comparisons of Information Security Management Frameworks

1202 words 5 pages
Comparisons of Information Security Management Frameworks

Today’s economy depends on the secure flow of information within and across organizations. Thus, making information security is an issue of vital importance. A secure and trusted environment for stored and shared information greatly enhances consumer benefits, business performance and productivity, and national security. Conversely, an insecure environment creates the potential for serious damage to governments and corporations that could significantly undermine consumers and citizens. The stakes are particularly high for businesses engaged in critical activities, such as electrical power generation, banking and finance, or healthcare.

It can be very overwhelming for a
…show more content…

What makes these frameworks so amazing is that there is an overlap between them so “crosswalks” can be built to show compliance with different regulatory standards. For example, ISO 27002 defines information security policy in section 5; COBIT defines it in the section "Plan and Organize"; Sarbanes Oxley defines it as "Internal Environment"; HIPAA defines it as "Assigned Security Responsibility"; and PCI DSS defines it as "Maintain an Information Security Policy." By using a common framework like ISO 27000, a company can then use this crosswalk process to show compliance with multiple regulations such as HIPAA, Sarbanes Oxley, PCI DSS and GLBA, to name a few (Granneman, J.).

The decision made to use a particular IT security framework is driven by multiple factors. The type of industry or compliance requirements can be the deciding factors. COBIT is known to be used by publicly traded companies in order to comply with Sarbanes Oxley. The magnum opus of information security frameworks is the ISO 27000 series, because it has applicability in any industry. However, it is best used where the company needs to market information security capabilities through the ISO 27000 certification. The standard required by the United States federal agencies is the NIST SP 800-53. The beauty of this framework is that it could also be used by any company to build technology specific information security plan.

Effective IT security


  • Significance of Virtualization, and Cloud Computing in Virgin Atlantic
    2535 words | 11 pages
  • Eastern foods assigment
    2521 words | 11 pages
  • Outcomes Based Practice – Underpinning Theories and Principles
    2403 words | 10 pages
  • Competitive Analysis for Cisco in China
    5194 words | 21 pages
  • I T Feasibility Study
    1644 words | 7 pages
  • Audit Risk Analysis
    2723 words | 11 pages
  • International Project Management
    5861 words | 24 pages
  • Health and Safety
    4295 words | 18 pages
  • Intermediate Accounting Chapter 2
    18479 words | 74 pages
  • An Analysis of Benefit in Implementing Total Quality Management Into B2C E-Commerce.
    3534 words | 15 pages