Comparisons of Information Security Management Frameworks Essay

1225 WordsDec 14, 20145 Pages
Comparisons of Information Security Management Frameworks Today’s economy depends on the secure flow of information within and across organizations. Thus, making information security is an issue of vital importance. A secure and trusted environment for stored and shared information greatly enhances consumer benefits, business performance and productivity, and national security. Conversely, an insecure environment creates the potential for serious damage to governments and corporations that could significantly undermine consumers and citizens. The stakes are particularly high for businesses engaged in critical activities, such as electrical power generation, banking and finance, or healthcare. It can be very overwhelming for a…show more content…
The International Standards Organization developed the ISO 27000 series. This series provides a very broad information security framework that can be applied to all types and sizes of organizations. It can be thought of as the information security equivalent of ISO 9000 quality standards for manufacturing, and even includes a similar certification process. It is broken up into different sub-standards based on the content. For example, ISO 27000 consists of an overview and vocabulary. The new ISO 27000 standards are in the works to offer specific advice on cloud computing, storage security and digital evidence collection. ISO 27000 is broad and can be used for any industry, but the certification lends itself to cloud providers looking to demonstrate an active security program (Granneman, J.). The U.S. National Institute of Standards and Technology (NIST) has been building an extensive collection of information security standards and best practices documentation. The NIST Special Publication 800 series was first published in 1990 and has grown to provide advice on just about every aspect of information security. Although not specifically an information security framework, NIST SP 800-53 is a model that other frameworks have evolved from. U.S. government agencies utilize NIST SP 800-53 to comply with the Federal Information Processing Standard's (FIPS) 200 requirements. Even though it is specific to government agencies, the NIST
Open Document