User Account

All Pages

What are the frameworks of information security management

Assignment Help Management Information Sys
Reference no: EM131353985

Module- Case

INFORMATION SECURITY MANAGEMENT FRAMEWORKS

Case Assignment

In the world of information security management, it is important to have a proper mindset and a handy roadmap that help you cruise through the maze of the ever-changing technology and its security issues. The following presentation suggests a simple framework for information security management.

Wang, W. PowerPoint Presentation. Information Security Management Framework.

Some of you may have been exposed to the OSI (Open System Interconnection) reference model and the TCP/IP stack for the Internet communications. Please see Fig. 3 in the OSI Reference Model for Network Protocol. Dissecting a big, complicated problem into smaller components helps solve the problem systematically. IS security is complicated. The suggested framework above follows the similar line of reasoning and provides a way of thinking to approach the problem.

Engineering, such as the design of a communication protocol, requires the clarification of a specific layer's boundaries so that the design is precise. In management or relevant behavioral studies, the context is more fluid than an engineering task. It is required to work hand-in-hand from all of the perspectives. The layered approach provides only one way of thinking, there are many alternatives how to bring pieces together. Now let us look briefly at some alternative frameworks. You only need to scan through and become familiar with some key figures/tables and get some understanding. You will revisit these articles in much details in later module(s) (e.g., mod 3) or course(s) (e.g., ITM527).

For instance, the following NIST publication introduces a tiered/layered approach for risk management. Please mainly focus on Figure 2 and 3.
NIST. (2011). Managing Information Security Risk-Organization, Mission and Information System View. National Institute of Standards and Technology Special Publication 800-39.

The framework for organization-wide Information Security Continuous Monitoring in Figure 2-1 in the following article echoes the benefit of look at the issue in tiers/layers. Its Risk Management Framework in Figure 2-2 proposes a process overview that emphasizes a dynamic process flow and values both organizational inputs (e.g., laws, policy, objectives, etc.) and architecture of business processes and information systems. Please mainly focus on these two main figures.

NIST. (2011). Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations. National Institute of Standards and Technology Special Publication 800-137.

However, Business Software Alliance introduces a framework for action on Information Security Governance that asks for who, what, and how with regards to governance. You only need to focus on Table 4 to get an overview of it. It also emphasizes that "Information security is often treated solely as a technology issue, when it should also be treated as a governance issue," which is in sync with the other framework where technology issue is only one of the several perspectives that need to be considered.

Business Software Alliance. (2016). Seizing opportunity through license compliance. Retrieved from https://globalstudy.bsa.org/2016/downloads/studies/BSA_GSS_US.pdf

The following article also covers the perspectives mentioned in the presented framework, although it doesn't use a layered approach. Please scan it through to get the main points. You should come back to this article throughout the course for the focused perspective in respective module. For this module, you only need to know what perspectives are considered.

Johnson, E., & Goetz, E., (2007). Embedding Information Security into the Organization. IEEE Security & Privacy, May/June 2007.

After you have "strategically" read the above materials, and, more importantly, thought about them critically and interconnectively, compose a 4- to 6-page paper on the topic:

Comparisons of Information Security Management Frameworks

In preparing your paper, you need to discuss the following issues, and support with arguments and examples:

• What are the benefits of having frameworks for information security management?
• What are the frameworks of information security management? Their pros and cons?
• What are the major perspectives to consider in information security management and framework choice?
• What organizational factors should be considered in the framework choice?
• You may even expand what you learned here and come up with a better framework. Give it a try, although it is not required.

Assignment Expectations

Length: Minimum 4-6 pages excluding cover page and references (since a page is about 300 words, this is approximately 1,200-1,800 words).

Attachment:- Module_Information.rar

Reference no: EM131353985

Questions Cloud

Determine what mass of mercury will vaporize : Determine what mass of mercury will vaporize in a closed container at 22°Cif it has a volume of 1.7 L of space above the liquid.
Calculate final ph resulting from the addition : Calculate final pH resulting from the addition of 5.0 mmol of strong acid to the buffer solution made from 0.150 L of 0.50 M NH4Cl and 0.100 L of 0.25 M NaOH. pKa(NH4+)=9.25.
Consider the various aspects of the definition : Think of someone in the world of sports (besides Joe Paterno) whose life connects to Aristotle's theory of the tragic hero that we discussed in our notes. Consider the various aspects of the definition and provide specific examples of how this per..
How does communication bias affect relationship selling : What is the feature-benefit strategy and how does it help you to add value? How does communication bias affect relationship selling? How can you minimize or avoid this bias?
What are the frameworks of information security management : ITM 517- What are the frameworks of information security management? Their pros and cons? What are the major perspectives to consider in information security management and framework choice?
Concentration of ammonia in the final solution : If you take a 10.0 mL portion of a 14.8 M ammonia solution and dilute it to a total volume of 0.250 L, what is the concentration of ammonia in the final solution? Provide an answer correct to 2 significant figures. For example, if you calculate th..
Which had the fastest growth of real wages : Use the CPI numbers provided on the inside back cover of this book to calculate the real wage (in 1982-1984 dollars) for each of these years. Which decade had the fastest growth of money wages? Which had the fastest growth of real wages?
Frequency of the third harmonic for the pipe : Consider a pipe with a length of 43.5 cm. If the temperature of the air is 19.5 oC and the pipe is closed in one end and open in the other, what is the frequency of the third harmonic for the pipe? Post your answer in hertz (Hz) and with 3 signifi..
Discuss an information security issue in your organization : ITM 517- Please apply your preferred framework of information security management to discuss an information security issue in your organization or in your personal life. Some examples are access control.

Reviews

Write a Review

Management Information Sys Questions & Answers

  Effect on the security concerns surrounding personal data

The proliferation of mobile devices to create or access data has had a significant effect on the security concerns surrounding personal and corporate data

  Report to richard norton ceo of software associates1

report to richard norton ceo of software associates1. prepare a variance analysis report based on the information in

  Show the role of cio in previous decades

Summarize role of CIO - Show the role of CIO in previous decades. How has that role changed? How is it expected to change in the future.

  Analyze the role of a ceo or cio in health care organization

Analyze the role of a CEO or CIO in a health care organization. Based on your knowledge and experience, determine what you believe to be a significant characteristic of effective leadership, and elaborate on its importance to the success of the or..

  Is typesdifferenciate the differente types of information

is typesdifferenciate the differente types of information systems including the rea model analize the relationship

  A purpose statement for the code of ethics

A purpose statement for the code of ethics, including why it is needed and why it is beneficial to both the organization and the employees

  Question about technologyhow is the trend toward open

question about technologyhow is the trend toward open systems connectivity and interoperability related to business use

  The effect of challenges on the use of internethow might

the effect of challenges on the use of internethow might cultural political or geoeconomic challenges affect a global

  Analyze the use of an enterprise software systems

Analyze the use of an Enterprise Software Systems (ESS) in a health care organization with regard to its effects on operational outcomes.

  Explain difference among functional processes and systems

Explain the differences among functional processes, applications, and systems. Suppose you manage golf and tennis operations activities at Fox Lake.

  Who would you need to talk to get detailed clarification

Choose a company or industry to examine risk for. If you currently are working, try and use your knowledge of your current company. Determine and list at least 3 risks, threats, vulnerabilities, and threat actions for your company of choice. For e..

  Explain how you determine credibility and appropriateness

Post a response of approximately 350-500 words in which you explain how you determine the credibility and appropriateness of a resource for an audience. Describe the criteria you use to evaluate candidate resources for your own expert consideratio..

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd