preview

An Evaluation of Information Security and Risk Management Theories

Best Essays

An abundance of information security and risk management theories are prevalent; however, it can be difficult to identify valid and applicable theories. In the reading to follow, several information security and risk management theories are evaluated. These theories are presented and employed via various frameworks, models, and best practice guidelines. An assessment of sufficient research pertaining to these theories is addressed, along with a consideration of the challenges that arise from a lack of research.
Theories
The evolution and understanding of the importance of information security and risk management originates from the awareness for the potential of IT in business functions and as a business enabler. This was then …show more content…

Control Objectives for Information and Related Technology (COBIT). Originally published in 1996, COBIT is a globally recognized framework centered on controls pertaining to IT governance (Burch, 2008). The Information Systems Audit and Control Association (ISACA) established the framework in conjunction with the IT Governance Institute. As the framework has evolved to encompass the management of IT in addition to IT governance, COBIT 5 was unveiled in April of 2012 and declared by ISACA to be “…the only business framework for the governance and management of enterprise IT” (ISACA, 2012c). COBIT 5 for Information Security has also been developed by ISACA and is intended to be an encompassing framework to link together with other frameworks and information security best practices. Such frameworks and standards that COBIT 5 for Information Security is complemented by include ISACA’s Business Model for Information Security (BMIS), the Information Security Forum’s (ISF) Standard of Good Practice, the ISO/IEC 27000 series, NIST SP 800-53a, and PCI-DSS (ISACA, 2012a; ISACA, 2012b).
International Organization for Standardization (ISO). ISO has developed countless internationally recognized standards in conjunction with the International Electric Commission (IEC). As declared by Burch (2008):
ISO has developed more than 16,000 international standards for stakeholders such as industry and

Get Access