International Organization For Standardization And The International Electrotechnical Commissions

824 Words4 Pages
B. Comparison of ISO 27002, COBIT, NIST, and ITIL. B1. Discuss how each framework is most commonly used. • ISO 27002 is a framework published by the International Organization for Standardization and the International Electrotechnical Commissions. It is used to provide best practice recommendations for use by those responsible for initiating, implementing, and maintaining information security. • COBIT is a framework that supports control of IT by defining and aligning business goals with IT goals and processes. It is used to provide a group of recommended best practices for control process by providing metrics and maturity models to measure achievement and identifies the accountabilities of business and IT process owners. • NIST framework is the framework of the National Institute of Standards and Technology to use business drivers to guide cybersecurity activities and to consider cybersecurity risks as part of the organization’s risk management process. It is used to set standards that a required for federal agencies in accordance with the Federal Information Security Management Act of 2002. • ITIL is a set of practices focusing on aligning IT services with the needs of businesses. It is used to help an organization to develop a set of baselines to show compliance and measure improvement. B2. Analyze the purpose of each framework design. • ISO 27002’s purpose is to provide an all-inclusive information security management program for any organization requiring a new information security management program, or wants to improve its existing policies. • COBIT’s purpose is to provide management and business process owners with an information technology governance model that helps in delivering value from IT and understanding and m... ... middle of paper ... ... in varying degrees of detail and depth. B6. Discuss when you would choose to use each framework. • ISO 27002 is an international standard and would appeal to organizations that have a multi-national presence. Because the standards are accepted globally, this framework should always be used as a guideline to creating an information security policy. • COBIT provides guidance on business practices and should be used to plan, develop, and monitor an organizations performance. • NIST is required for United States federal government organizations to use. It should be used by any and all organizations that do business with the federal government. It is a superb foundation for small businesses to develop an information security management system. • ITIL would be used to improve management processes and make an organization more efficient, thus improving the bottom line.

More about International Organization For Standardization And The International Electrotechnical Commissions

Open Document