Comparisons of Information Security Management Frameworks Essay

712 Words3 Pages
Trident University
Comparisons of Information Security Management Frameworks
Module 1 Case Assignment

ITM517: Information Security Overview for Managers and Policy Makers
Dr. Kiet Tuan Tran
October 20, 2012

Introduction For businesses to keep pace with the latest technology, threats and to remain in compliance with current and future regulations or policies need to have effective management of information security in their organization. Information Security Management Frameworks are based on existing accepted standards, guidelines, and collections of practices that should be implemented in an IT department. I will discuss some frameworks of information security management, their pros and cons, some major
…show more content…
The framework provides a roadmap for the implementation, evaluation and improvement of information security practices. An important feature of the information security governance framework is that it defines the roles of different members of an organization. The framework specifies what corporate executives, senior management, and CIOs/CISOs should do. The framework is also flexible enough to apply to different business models. The framework benefits are it identifies cornerstone security practices that nearly all organizations are following and makes recommendations where in an organization the responsibility falls. Some disadvantages to BSA's framework is that it is still a work in progress and it still needs to develop useful metrics that enable managers to quantify the return on investments in information security and the effectiveness of information security programs and measures (BSA).

Major Perspectives Some major perspectives that organizations should consider in their information security management is to develop a strategy / framework that is aligned with an organizations goals and objectives and its aligned with the corporate's policies. Companies need identify current and potential legal and regulatory requirements affecting information security and define roles and responsibilities for information security throughout the organization. Companies
Get Access