Comparisons of Information Security Management Frameworks free essay sample

For businesses to keep pace with the latest technology, threats and to remain in compliance with current and future regulations or policies need to have effective management of information security in their organization. Information Security Management Frameworks are based on existing accepted standards, guidelines, and collections of practices that should be implemented in an IT department. I will discuss some frameworks of information security management, their pros and cons, some major perspectives to consider in information security management and the benefits of information security management frameworks. Information Security Management Frameworks NIST SP 800-137 and 800-39 introduces an organization-wide Information Security Continuous Monitoring (ISCM) and Risk Management framework. ISCM is a strategy that uses a three-tiered approach (organization level, mission / business level and information system level). ISCM helps maintain ongoing awareness of information security and ensures that organizational security practice reflects the organization’s risk tolerance and helps ensure that accurate, up-to-date information is available to enable timely risk management decisions through the use of automation. We will write a custom essay sample on Comparisons of Information Security Management Frameworks or any similar topic specifically for you Do Not WasteYour Time HIRE WRITER Only 13.90 / page ISCM strategy might not take into account all the controls thus presenting an incomplete picture of an organizations security status and risk. Automation may not take all controls into account that cannot be automated still need to be monitored and assessed. These controls that cannot be automated still need to be considered in making the right risk / security decision. Another disadvantage is that risk scores may not be comprehensive due to having no information on certain risks. Also, automated tools may lead to a false sense of security among an organization (Johnson, L. , 14 December 2010). Business Software Alliance introduces a framework called the Information Security Governance Framework. The framework provides a roadmap for the implementation, evaluation and improvement of information security practices. An important feature of the information security governance framework is that it defines the roles of different members of an organization. The framework specifies what corporate executives, senior management, and CIOs/CISOs should do. The framework is also flexible enough to apply to different business models. The framework benefits are it identifies cornerstone security practices that nearly all organizations are following and makes recommendations where in an organization the responsibility falls. Some disadvantages to BSAs framework is that it is still a work in progress and it still needs to develop useful metrics that enable managers to quantify the return on investments in information security and the effectiveness of information security programs and measures (BSA). Major Perspectives Some major perspectives that organizations should consider in their information security management is to develop a strategy / framework that is aligned with an organizations goals and objectives and its aligned with the corporates policies. Companies need identify current and potential legal and regulatory requirements affecting information security and define roles and responsibilities for information security throughout the organization. Companies should also establish internal and external reporting and communication channels and have full support from their senior management to support their information security (ISACA). Conclusion Benefits of having a framework for information security management is that it creates a secure and organized working environment, protects information assets, reduces internal and external security breaches, integrates disaster recovery / business continuity, helps detect an incident occurring and  measure its effects, responds to an incident to minimize business damage, and ensures that organizations complies with rules, laws, policies and regulations. Corporations will need to find, tailor, and implement an information security management framework that works for them in order to gain the benefits that are listed above because not all current frameworks that are out there are not a one size fit all solution.