SlideShare a Scribd company logo

Running Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docx

Download as DOCX, PDF
H
healdkathaleen

Running Head: CYBERSECURITY FRAMEWORK 1 CYBERSECURITY FRAMEWORK 5 Integrating NIST CSF with IT Governance Frameworks Nkengazong Tung University of Maryland University College 29 AUGUST 2019 IT governance is the processes that ensure the effective and efficient use of IT in enabling an organization to achieve its goals. In the eCommerce industry, IT governance develop structure by characterizing hierarchical detailing lines, oversight advisory groups, standards, approaches, and procedures. A well-characterized structure viably sets the working limits for the association (Moeller, 2017). It additionally sets guidelines by making or lining up with the corporate procedure and characterizing the short and long haul objectives for the association. In the eCommerce industry, it is important to note how the regulations are followed, how standards are followed by the process managers, how planning for the capacity of servers should be done, ensure all the IT assets are tracked, etc. This internal function that is self-checking the “health status” of the various process to ensure the smoother function is Governance. Comment by Michael Baker: Recommend subtitles that match rubric IT management is overseeing IT services or innovation in an organization. It has several elements, all of which focus on aligning IT goals with business objectives in a way that creates the most value of an organization. These components are IT strategy, IT service and IT asset. Some of IT management issues faced by an eCommerce company include ways to secure customers information, providing value to the company, as well as supporting business operations. To address IT management challenges faced in eCommerce, IT policies must be put in place to define various processes within the organization. A policy is a set of guidelines that define how things are done within an organization. With a well-defined policy, activities in the eCommerce industry are well outlined and making it easy to operate. Risk Management is the process used to identify, evaluate and respond to possible accidental losses in situations where the only possible outcomes are losses or no change in the status. It is an overall administration function that tries to evaluate and address the circumstances and end results of vulnerability and threat to an association (Susmann & Braman, 2016). The aim of threat management is to empower an association to advance towards its objectives and goals in the most immediate, proficient, and viable way. Risk management issues faced by an eCommerce company are loss of data, unauthorized access of data as well as system failure. To address risk management in the eCommerce industry, a comprehensive risk management plan must be developed to address possible risks that might cause harm to the system. A good risk management plan provides procedures as well as guideline on how to respond to threats and also unforeseen incidents. By having a well-laid plan, the ...

Education
1 of 18
Running Head: CYBERSECURITY FRAMEWORK 1 CYBERSECURITY FRAMEWORK 5 Integrating NIST CSF with IT Governance Frameworks Nkengazong Tung University of Maryland University College 29 AUGUST 2019 IT governance is the processes that ensure the effective and efficient use of IT in enabling an organization to achieve its goals. In the eCommerce industry, IT governance develop structure by characterizing hierarchical detailing lines, oversight advisory groups, standards, approaches, and procedures. A well-characterized structure viably sets the working limits for the association (Moeller, 2017). It additionally sets guidelines by making or lining up with the corporate procedure and characterizing the short and long haul
objectives for the association. In the eCommerce industry, it is important to note how the regulations are followed, how standards are followed by the process managers, how planning for the capacity of servers should be done, ensure all the IT assets are tracked, etc. This internal function that is self- checking the “health status” of the various process to ensure the smoother function is Governance. Comment by Michael Baker: Recommend subtitles that match rubric IT management is overseeing IT services or innovation in an organization. It has several elements, all of which focus on aligning IT goals with business objectives in a way that creates the most value of an organization. These components are IT strategy, IT service and IT asset. Some of IT management issues faced by an eCommerce company include ways to secure customers information, providing value to the company, as well as supporting business operations. To address IT management challenges faced in eCommerce, IT policies must be put in place to define various processes within the organization. A policy is a set of guidelines that define how things are done within an organization. With a well-defined policy, activities in the eCommerce industry are well outlined and making it easy to operate. Risk Management is the process used to identify, evaluate and respond to possible accidental losses in situations where the only possible outcomes are losses or no change in the status. It is an overall administration function that tries to evaluate and address the circumstances and end results of vulnerability and threat to an association (Susmann & Braman, 2016). The aim of threat management is to empower an association to advance towards its objectives and goals in the most immediate, proficient, and viable way. Risk management issues faced by an eCommerce company are loss of data, unauthorized access of data as well as system failure. To address risk management in the eCommerce industry, a comprehensive risk management plan must be developed to address possible risks that might cause harm to the system. A good risk management plan
provides procedures as well as guideline on how to respond to threats and also unforeseen incidents. By having a well-laid plan, the eCommerce industry can minimize or avoid threats by responding to them at the right time. Comment by Michael Baker: Does not match reference ISO/IEC 27000 ISO/IEC 27000 is an international security body that guides organizations in different sectors in meeting critical legislative as well as regulatory requirements related to information security. The role of this body is to ensure that organizations secure their data via effective innovation, auditing as well as employee awareness programmes. Cyber threats are among one of the biggest threats any organization face, they are dynamic hence difficult to address. These threats are conducted by hackers who manipulate computer systems for their good. ISO/IEC 27000 helps organizations in protecting their assets, determining and monitoring risks as well as having a defined plan to ensure that new security threats are attended to. This standard plays a huge role in eCommerce industry as it defines various guideline that addresses security issues within that sector. Any industry dealing with information must register with this body to ensure information security and also to meet international standards. Comment by Michael Baker: Programmers ISACA This is an international nonprofit body that focuses on the development, adoption as well as the implementation of internationally accepted information framework and processes. It provides benchmark and tools for sectors that deal with information systems. It also hosts forums that focus on various managerial issues relating to control systems and IT governance. ISACA’s coordinates various security certification programs where anyone certified under this program can operate
all over the world. This body plays a significant role in upgrading COBIT which helps the organization in different sectors to manage their information and innovation. NIST (National Institute of Standards and Technology) NIST is a government body that develops innovation, metrics as well as guidelines to enhance innovation and economic competitiveness. It provides standards and security controls for an information system, NIST standards are endorsed by the government and organizations register with this body due to the fact that it enhances best security practices across different sectors (Akpose, 2016). One of the advantages of NIST compliance is the fact that it helps in ensuring that an organization infrastructure is secure it also provides guidelines for companies to follow when attaining compliance with specific regulations such as HIPAA. Ecommerce deals with sensitive clients’ information such as their names, home address as well as social security number which can cause harm in wrong hands. To protect this information, eCommerce companies should register with NIST which can guide them towards securing their information and also their systems. Comment by Michael Baker: You are missing complete sections to include the summary. Reference Comment by Michael Baker: References should be in alphabetical order Moeller (2017). IT governance: Improving systems processes with service management, Cobit and ITIL. Hoboken IT Governance Institute. (2015). Information security governance: Rolling Meadows, IL: Author. Comment by Michael Baker: Missing inline reference Akpose, W. (2016). NIST Cybersecurity Framework: A
practitioner’s perspective. 6igma Associates. Vaseashta, A., Susmann & Braman, E. (2016). Cyber Security and Resiliency Policy Framework. IOS Press. CSIA 350: Cybersecurity in Business & IndustryProject #1: Integrating NIST’s Cybersecurity Framework with Information Technology Governance FrameworksScenario You have been assigned to your company’s newly established Risk Management Advisory Services team. This team will provide information, analysis, and recommendations to clients who need assistance with various aspects of IT Risk Management. Your first task is to prepare a 3 to 4 page research paper which provides an analysis of the IT Governance, IT Management, and Risk Management issues and problems that might be encountered by an e-Commerce company (e.g. Amazon, e-Bay, PayPal, etc.). Your paper should also include information about governance and management frameworks that can be used to address these issues. The specific frameworks that your team leader has asked you to address are: · ISO/IEC 27000 Family of Standards for Information Security Management Systems · ISACA’s Control Objectives for Information Technology (COBIT) version 5 · NIST’s Cybersecurity Framework (also referred to as the “Framework for Improving Critical Infrastructure Security”) The Risk Management Advisory team has performed some initial research and determined that using these three frameworks together can help e-Commerce companies ensure that they have processes in place to enable identification and management of information security related risks particularly
those associated with the IT infrastructure supporting online sales, payment, and order fulfillment operations. (This research is presented in the Background section below.) Your research paper will be used to extend the team’s initial research and provide additional information about the frameworks and how each one supports a company’s risk management objectives (reducing the risks arising from cyber threats and cyberattacks against information, information systems, and information infrastructures). Your research should also investigate and report on efforts to date to promote the use both frameworks at the same time. Your audience will be members of the Risk Management Services team. These individuals are familiar with risk management processes and the e-Commerce industry. Your readers will NOT have in-depth knowledge of either framework. For this reason, your team leader has asked you to make sure that you include a basic overview of these frameworks at the beginning of your paper for the benefit of those readers who are not familiar with CSF and COBIT.Background Security Controls Security controls are actions which are taken to “control” or manage risk. Security controls are sometimes called “countermeasures” or “safeguards.” For this assignment, it is important to understand that it is not enough to pick or select controls and then buy or implement technologies which implement those controls. A structure is required to keep track of the controls and their status -- implemented (effective, not effective) and not implemented. The overarching structure used to manage controls is the Information Security Management System. Information Security Management System (ISMS) An Information Security Management System is the set of policies, processes, procedures, and activities used to structure the organizational unit which is responsible for managing the
cybersecurity or information security program in a business. Companies can and do design their own structure for this program including: scope, responsibilities, and resources. Many companies, however, choose to use a defined standard to provide guidance for the structure and functions assigned to this organization. The ISO/IEC 27000 family of standards is one of the most frequently adopted and is comprised of best practices for the implementation of an information security program. The ISO/IEC 27001 standard specifies the requirements for and structure of the overall Information Security Management System and ISMS program. The ISO/IEC 27002 standard provides a catalog of security controls which can/should be implemented by the ISMS program. For additional information about the standards, please see this blog https://www.itgovernance.co.uk/blog/what-is-the-iso-27000- series-of-standards. Note: there are a number of free resources which describe the contents and purposes of the ISO/IEC 27000 family of standards. For your work in this course, you do not need access to the official standards documents (which are not freely available). Control Objectives for Information Technology (COBIT) COBIT is a framework that defines governance and management principles, processes, and organizational structures for enterprise Information Technology. COBIT includes a requirement for implementation of an Information Security Management System and is compatible with the ISO/IEC 27000 series of standards for ISMS implementation. COBIT 5 has five process areas which are specified for the Governance and Management of enterprise IT. These areas are: · Evaluate, Direct, and Monitor (EDM) · Align, Plan, and Organize (APO) · Build, Acquire, and Implement (BAI) · Deliver, Service, and Support (DSS) · Monitor, Evaluate, and Assess (MEA)
Beginning with version 5, COBIT has incorporated Information Security as part of the framework. Three COBIT 5 processes specifically address information security: APO 13 “Manage Security,” DSS04 “Manage Continuity,” and DSS05 “Manage Security Services.”[footnoteRef:1] [1: Source: http://www.isaca.org/COBIT/Documents/COBIT-5-for- Information-Security-Introduction.pdf ] NIST Cybersecurity Framework (CSF) The NIST Framework for Improving Critical Infrastructure Security, commonly referred to as the Cybersecurity Framework or CSF, was developed in collaboration with industry, government, and academia to provide a common language and common frame of reference for describing the activities required to manage cyber-related risks and, in so doing, protect and defend against cyber attacks. Unlike many NIST guidance documents, the CSF was designed specifically for businesses – to meet their needs and support attainment of business objectives. Originally designed for companies operating in the 16 critical infrastructure sectors, the CSF is now being required of federal government agencies and departments and their contractors. The Executive Summary of the NIST CSF version 1.1 provides additional background and supporting information about the purposes, goals, and objectives of the CSF. The Cybersecurity Framework is presented in three parts: · Core Functions (Identify, Protect, Detect, Respond, Recover) · Implementation Tiers (risk management processes and practices) · Profiles (specific to a business or industry – goals and desired outcomes) Commonalities between ISO/IEC 27000, COBIT, and NIST CSF There are a number of common elements between the information security frameworks defined in the ISO/IEC 27000 family of standards, the COBIT standard, and the NIST
Cybersecurity Framework. Each of these frameworks addresses risks that must be addressed by businesses that depend upon digital forms of information, information systems, and information infrastructures. Each framework presents structured lists of IT Governance and IT Management activities (processes and practices) which must be adopted and implemented in order to effectively manage risk and protect digital assets from harm or loss. Each framework also provides a list or catalog security. Each framework also provides lists of goals or objectives which must be met in order to assure the effectiveness of controls implemented to defend against cyber threats and attacks. The ISO/IEC 27001:2013 and COBIT 5 controls and process areas have been cross referenced to the NIST Cybersecurity Framework Functions, Categories, and Subcategories in the NIST CSF document.[footnoteRef:2] Table 1 below shows examples of the mapping between COBIT 5 and NIST CSF as provided in Table 2: Framework Core: Informative References in the NIST CSF document. [2: Source: https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018. pdf ] Table 1. Example Mappings from ISO/IEC 27001 to COBIT 5 Processes to NIST CSF Functions ISO/IEC 27001:2013[footnoteRef:3] [3: Names for many of the ISO/IEC 27001 controls can be found here: https://www.bsigroup.com/Documents/iso-27001/resources/BSI- ISO27001-mapping-guide-UK-EN.pdf ] COBIT 5 Process NIST CSF Function NIST CSF Category NIST CSF Subcategory A.5.1.1 APO 13.01 Identify
Governance (ID.GV) ID.GV-1 A.16.1.6 DSS 04.02 Identify Risk Assessment (ID.RA) ID.RA-4 A.6.1.1, A.7.2.1, A.15. DSS 05.04 Identify Governance (ID.GV) ID.GV-2 A.12.6.1, A.18.2.3 DSS 05.01, DSS 05.02 Identify Risk Assessment (ID.RA) ID.RA-1 Adoption and Use of IT Security Frameworks A 2016 survey conducted by Dimensional Research for Tenable[footnoteRef:4] found that over 80% of the responding organizations used an IT security or cybersecurity frameworks to structure their IT security management program. This finding was similar across all sizes of companies and across industries. Over 40% of the respondents used multiple frameworks. The NIST CSF was utilized by over 40% of the respondents – approximately the same number who adopted the ISO/IEC 27000 standards. One notable finding was that in some cases the NIST CSF adoption was required by a business partner or a federal contract. [4: Source: https://static.tenable.com/marketing/tenable-csf-report.pdf ] Research 1. Read / Review the weekly readings 2. Consult Aligning COBIT® 4.1, ITIL® V3 and ISO/IEC 27002 for Business Benefit http://www.isaca.org/Knowledge- Center/Research/Documents/Aligning-COBIT-ITIL-V3-
ISO27002-for-Business-Benefit_res_Eng_1108.pdf for additional information about the activities / controls included in ISO/IEC 27002 and COBIT. This reference should be used in conjunction with the “Informative References” listed in NIST’s Cybersecurity Framework Core definitions. 3. Review the following outlines and explanations of the ISO/IEC 27001 and 27002 standards a. ISO/IEC 27001:2013 Plain English Outline (excerpts for Information Security provisions) http://www.praxiom.com/iso- 27001-outline.htm and http://www.praxiom.com/iso-27001.htm b. ISO 27002:2013 Translated into Plain English http://www.praxiom.com/iso-27002.htm 4. Read the following analyses and articles about COBIT 5 and its information security related functions. a. COBIT 5 for Information Security (ISACA) https://www.isaca.org/COBIT/Documents/COBIT-5-for- Information-Security-Introduction.pdf b. About COBIT 5 https://cobitonline.isaca.org/about c. COBIT 5 for Risk – A Powerful Tool for Risk Management http://www.isaca.org/COBIT/focus/Pages/cobit-5-for-risk-a- powerful-tool-for-risk-management.aspx d. 9 Burning Questions about Implementing NIST Cybersecurity Framework Using COBIT 5 https://www.itpreneurs.com/blog/9- burning-questions-about-implementing-nist-cybersecurity- framework-using-cobit-5/ 5. Read the following analyses and articles about adoption of the NIST CSF a. Trends in Security Framework Adoption https://static.tenable.com/marketing/tenable-csf-report.pdf b. How to Implement NIST CSF: A 4-Step Journey to Cybersecurity Maturity https://www.rsam.com/wp- content/uploads/2018/06/Rsam_NIST_CSF_Implementation_WP -sept-2017.pdf c. 5 Steps to Turn the NIST Cybersecurity Framework into Reality https://www.securitymagazine.com/articles/88624-steps- to-turn-the-nist-cybersecurity-framework-into-reality
6. Find three or more additional sources which provide information about best practices for implementing the NIST Cybersecurity Framework Core and COBIT 5 (separately and together).Write: Use standard terminology including correctly used cybersecurity terms and definitions to write a two to three page summary of your research. At a minimum, your summary must include the following: 1. An introduction or overview of the role that the Information Security Management System plays as part of an organization’s IT Governance, IT Management, and Risk Management activities. The most important part of this overview is a clear explanation of the purpose and relationships between governance and management activities as they pertain to managing and reducing risks arising from the use of information technology. 2. An analysis section that provides an explanation of how ISO/IEC 27000, 27001, 27002; COBIT 5; and NIST’s CSF can be used to improve the effectiveness of an organization’s risk management efforts for cybersecurity related risks. This explanation should include: a. An overview of ISO/IEC 27000, 27001, and 27002 that includes an explanation of the goals and benefits of this family of standards (why do businesses adopt the standards, what do the standards include / address, what are the desired outcomes or benefits). b. An overview of COBIT 5 that includes an explanation of the goals and benefits of this framework (why do businesses adopt the framework, what does the framework include / address, what are the desired outcomes or benefits). c. An overview of the NIST Cybersecurity Framework (CSF) which explains how businesses can use this framework to support ALL of their business functions (not just critical infrastructure operations). d. Five or more specific examples of support to risk management for e-Commerce and supporting business
operations that can be provided by implementing ISO/IEC 27000/1/2, COBIT 5, and NIST CSF. 3. A recommendations section in which you provide and discuss five or more ways that e-Commerce companies can use the standards and frameworks at the same time (as part of the same risk management effort). You should focus on where the frameworks overlap or address the same issues / problems. (Use Table 2: Informative References to find overlapping functions / activities.) You are not required to identify or discuss potential pit falls, conflicts, or other types of “problems” which could arise from concurrent use of multiple guidance documents. 4. A closing section that provides a summary of the issues, your analysis, and your recommendations.Submit for Grading Submit your work in MS Word format (.docx or .doc file) using the Project #1 Assignment in your assignment folder. (Attach the file.)Additional Information 1. Consult the grading rubric for specific content and formatting requirements for this assignment. 2. Your 2-3 page white paper should be professional in appearance with consistent use of fonts, font sizes, margins, etc. You should use headings and page breaks to organize your paper. 3. Your paper should use standard terms and definitions for cybersecurity. See Course Content > Cybersecurity Concepts for recommended resources. 4. The CSIA program recommends that you follow standard APA formatting since this will give you a document that meets the “professional appearance” requirements. APA formatting guidelines and examples are found under Course Resources > APA Resources. An APA template file (MS Word format) has also been provided for your use CSIA_Basic_Paper_Template(APA_6ed,DEC2018).docx. 5. You must include a cover page with the assignment title, your name, and the due date. Your reference list must be on a separate page at the end of your file. These pages do not count towards the assignment’s page count.
6. You are expected to write grammatically correct English in every assignment that you submit for grading. Do not turn in any work without (a) using spell check, (b) using grammar check, (c) verifying that your punctuation is correct, and (d) reviewing your work for correct word usage and correctly structured sentences and paragraphs. 7. You are expected to credit your sources using in-text citations and reference list entries. Both your citations and your reference list entries must follow a consistent citation style (APA, MLA, etc.). Copyright ©2019 by University of Maryland University College. All Rights Reserved Running Head: CYBERSECURITY FRAMEWORK 1 CYBERSECURITY FRAMEWORK 5 Integrating NIST CSF with IT Governance Frameworks Nkengazong Tung University of Maryland University College 29 AUGUST 2019
IT governance is the processes that ensure the effective and efficient use of IT in enabling an organization to achieve its goals. In the eCommerce industry, IT governance develop structure by characterizing hierarchical detailing lines, oversight advisory groups, standards, approaches, and procedures. A well-characterized structure viably sets the working limits for the association (Moeller, 2017). It additionally sets guidelines by making or lining up with the corporate procedure and characterizing the short and long haul objectives for the association. In the eCommerce industry, it is important to note how the regulations are followed, how standards are followed by the process managers, how planning for the capacity of servers should be done, ensure all the IT assets are tracked, etc. This internal function that is self- checking the “health status” of the various process to ensure the smoother function is Governance. IT management is overseeing IT services or innovation in an organization. It has several elements, all of which focus on aligning IT goals with business objectives in a way that creates the most value of an organization. These components are IT strategy, IT service and IT asset. Some of IT management issues faced by an eCommerce company include ways to secure customers information, providing value to the company, as well as supporting business operations. To address IT management challenges faced in eCommerce, IT policies must be put in place to define various processes within the organization. A policy is a set of guidelines that define how things are done within an organization. With a well-defined policy, activities in the eCommerce industry are well outlined and making it easy to operate. Risk Management is the process used to identify, evaluate and respond to possible accidental losses in situations where the only possible outcomes are losses or no change in the status. It
is an overall administration function that tries to evaluate and address the circumstances and end results of vulnerability and threat to an association (Susmann & Braman, 2016). The aim of threat management is to empower an association to advance towards its objectives and goals in the most immediate, proficient, and viable way. Risk management issues faced by an eCommerce company are loss of data, unauthorized access of data as well as system failure. To address risk management in the eCommerce industry, a comprehensive risk management plan must be developed to address possible risks that might cause harm to the system. A good risk management plan provides procedures as well as guideline on how to respond to threats and also unforeseen incidents. By having a well-laid plan, the eCommerce industry can minimize or avoid threats by responding to them at the right time. ISO/IEC 27000 ISO/IEC 27000 is an international security body that guides organizations in different sectors in meeting critical legislative as well as regulatory requirements related to information security. The role of this body is to ensure that organizations secure their data via effective innovation, auditing as well as employee awareness programmes. Cyber threats are among one of the biggest threats any organization face, they are dynamic hence difficult to address. These threats are conducted by hackers who manipulate computer systems for their good. ISO/IEC 27000 helps organizations in protecting their assets, determining and monitoring risks as well as having a defined plan to ensure that new security threats are attended to. This standard plays a huge role in eCommerce industry as it defines various guideline that addresses security issues within that sector. Any industry dealing with information must register with this body to ensure information security and also to meet international standards.
ISACA This is an international nonprofit body that focuses on the development, adoption as well as the implementation of internationally accepted information framework and processes. It provides benchmark and tools for sectors that deal with information systems. It also hosts forums that focus on various managerial issues relating to control systems and IT governance. ISACA’s coordinates various security certification programs where anyone certified under this program can operate all over the world. This body plays a significant role in upgrading COBIT which helps the organization in different sectors to manage their information and innovation. NIST (National Institute of Standards and Technology) NIST is a government body that develops innovation, metrics as well as guidelines to enhance innovation and economic competitiveness. It provides standards and security controls for an information system, NIST standards are endorsed by the government and organizations register with this body due to the fact that it enhances best security practices across different sectors (Akpose, 2016). One of the advantages of NIST compliance is the fact that it helps in ensuring that an organization infrastructure is secure it also provides guidelines for companies to follow when attaining compliance with specific regulations such as HIPAA. Ecommerce deals with sensitive clients’ information such as their names, home address as well as social security number which can cause harm in wrong hands. To protect this information, eCommerce companies should register with NIST which can guide them towards securing their information and also their systems. Reference
Moeller (2017). IT governance: Improving systems processes with service management, Cobit and ITIL. Hoboken IT Governance Institute. (2015). Information security governance: Rolling Meadows, IL: Author. Akpose, W. (2016). NIST Cybersecurity Framework: A practitioner’s perspective. 6igma Associates. Vaseashta, A., Susmann & Braman, E. (2016). Cyber Security and Resiliency Policy Framework. IOS Press.

Recommended

IT Governance and Compliance: Its Importance and the Best Practices to Follow...
IT Governance and Compliance: Its Importance and the Best Practices to Follow...IT Governance and Compliance: Its Importance and the Best Practices to Follow...
IT Governance and Compliance: Its Importance and the Best Practices to Follow...GrapesTech Solutions
 
Information security management iso27001
Information security management iso27001Information security management iso27001
Information security management iso27001Hiran Kanishka
 
The Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk AssessmentThe Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk AssessmentBradley Susser
 
Standards For Wright Aircraft Corp
Standards For Wright Aircraft CorpStandards For Wright Aircraft Corp
Standards For Wright Aircraft CorpAntoinette Williams
 
Challenges in implementing effective data security practices
Challenges in implementing effective data security practicesChallenges in implementing effective data security practices
Challenges in implementing effective data security practiceswacasr
 
The security risk management guide
The security risk management guideThe security risk management guide
The security risk management guideSergey Erohin
 
The security risk management guide
The security risk management guideThe security risk management guide
The security risk management guideSergey Erohin
 
Information Security Management System: Emerging Issues and Prospect
Information Security Management System: Emerging Issues and ProspectInformation Security Management System: Emerging Issues and Prospect
Information Security Management System: Emerging Issues and ProspectIOSR Journals
 

Recommended

IT Governance and Compliance: Its Importance and the Best Practices to Follow...
IT Governance and Compliance: Its Importance and the Best Practices to Follow...IT Governance and Compliance: Its Importance and the Best Practices to Follow...
IT Governance and Compliance: Its Importance and the Best Practices to Follow...GrapesTech Solutions
 
Information security management iso27001
Information security management iso27001Information security management iso27001
Information security management iso27001Hiran Kanishka
 
The Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk AssessmentThe Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk AssessmentBradley Susser
 
Standards For Wright Aircraft Corp
Standards For Wright Aircraft CorpStandards For Wright Aircraft Corp
Standards For Wright Aircraft CorpAntoinette Williams
 
Challenges in implementing effective data security practices
Challenges in implementing effective data security practicesChallenges in implementing effective data security practices
Challenges in implementing effective data security practiceswacasr
 
The security risk management guide
The security risk management guideThe security risk management guide
The security risk management guideSergey Erohin
 
The security risk management guide
The security risk management guideThe security risk management guide
The security risk management guideSergey Erohin
 
Information Security Management System: Emerging Issues and Prospect
Information Security Management System: Emerging Issues and ProspectInformation Security Management System: Emerging Issues and Prospect
Information Security Management System: Emerging Issues and ProspectIOSR Journals
 
CompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxCompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxInfosectrain3
 
Solve the exercise in security management.pdf
Solve the exercise in security management.pdfSolve the exercise in security management.pdf
Solve the exercise in security management.pdfsdfghj21
 
A Framework For Information Security Risk Management Communication
A Framework For Information Security Risk Management CommunicationA Framework For Information Security Risk Management Communication
A Framework For Information Security Risk Management CommunicationJustin Knight
 
A MULTI-CRITERIA EVALUATION OF INFORMATION SECURITY CONTROLS USING BOOLEAN FE...
A MULTI-CRITERIA EVALUATION OF INFORMATION SECURITY CONTROLS USING BOOLEAN FE...A MULTI-CRITERIA EVALUATION OF INFORMATION SECURITY CONTROLS USING BOOLEAN FE...
A MULTI-CRITERIA EVALUATION OF INFORMATION SECURITY CONTROLS USING BOOLEAN FE...IJNSA Journal
 
Information Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsInformation Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsPECB
 
Task 2
Task 2Task 2
Task 2BIBEKCHAUDHARYBScHon
 
ISACA Cybersecurity Audit course brochure
ISACA Cybersecurity Audit course brochureISACA Cybersecurity Audit course brochure
ISACA Cybersecurity Audit course brochureThilak Pathirage -Senior IT Gov and Risk Consultant
 
ISSC471_Final_Project_Paper_John_Intindolo
ISSC471_Final_Project_Paper_John_IntindoloISSC471_Final_Project_Paper_John_Intindolo
ISSC471_Final_Project_Paper_John_IntindoloJohn Intindolo
 
rethinking marketing
rethinking marketingrethinking marketing
rethinking marketingNavneet Singh
 
Discussion 1Recommend three countermeasures that could enhance.docx
Discussion 1Recommend three countermeasures that could enhance.docxDiscussion 1Recommend three countermeasures that could enhance.docx
Discussion 1Recommend three countermeasures that could enhance.docxelinoraudley582231
 
Unit 4 standards.ppt
Unit 4 standards.pptUnit 4 standards.ppt
Unit 4 standards.pptClashWithGROUDON
 
CISSPills #3.02
CISSPills #3.02CISSPills #3.02
CISSPills #3.02Pierluigi Falcone, CISSP, CISM, CCSK, SABSA Foundation
 
Protecting business interests with policies for it asset management it-tool...
Protecting business interests with policies for it asset management it-tool...Protecting business interests with policies for it asset management it-tool...
Protecting business interests with policies for it asset management it-tool...IT-Toolkits.org
 
Mill proposes his Art of Life, but he also insists that it is not ve.docx
Mill proposes his Art of Life, but he also insists that it is not ve.docxMill proposes his Art of Life, but he also insists that it is not ve.docx
Mill proposes his Art of Life, but he also insists that it is not ve.docxhealdkathaleen
 
Milford Bank and Trust Company is revamping its credit management de.docx
Milford Bank and Trust Company is revamping its credit management de.docxMilford Bank and Trust Company is revamping its credit management de.docx
Milford Bank and Trust Company is revamping its credit management de.docxhealdkathaleen
 
milies (most with teenage children) and the Baby Boomers (teens and .docx
milies (most with teenage children) and the Baby Boomers (teens and .docxmilies (most with teenage children) and the Baby Boomers (teens and .docx
milies (most with teenage children) and the Baby Boomers (teens and .docxhealdkathaleen
 
Midterm Paper - Recombinant DNA TechnologySome scientists are conc.docx
Midterm Paper - Recombinant DNA TechnologySome scientists are conc.docxMidterm Paper - Recombinant DNA TechnologySome scientists are conc.docx
Midterm Paper - Recombinant DNA TechnologySome scientists are conc.docxhealdkathaleen
 
Midterm Study GuideAnswers need to be based on the files i will em.docx
Midterm Study GuideAnswers need to be based on the files i will em.docxMidterm Study GuideAnswers need to be based on the files i will em.docx
Midterm Study GuideAnswers need to be based on the files i will em.docxhealdkathaleen
 
Michelle Carroll is a coworker of yours and she overheard a conversa.docx
Michelle Carroll is a coworker of yours and she overheard a conversa.docxMichelle Carroll is a coworker of yours and she overheard a conversa.docx
Michelle Carroll is a coworker of yours and she overheard a conversa.docxhealdkathaleen
 
Michelle is attending college and has a part-time job. Once she fini.docx
Michelle is attending college and has a part-time job. Once she fini.docxMichelle is attending college and has a part-time job. Once she fini.docx
Michelle is attending college and has a part-time job. Once she fini.docxhealdkathaleen
 
Midterm Assignment Instructions (due 31 August)The mid-term essay .docx
Midterm Assignment Instructions (due 31 August)The mid-term essay .docxMidterm Assignment Instructions (due 31 August)The mid-term essay .docx
Midterm Assignment Instructions (due 31 August)The mid-term essay .docxhealdkathaleen
 
Milestone 2Outline of Final PaperYou will create a robust.docx
Milestone 2Outline of Final PaperYou will create a robust.docxMilestone 2Outline of Final PaperYou will create a robust.docx
Milestone 2Outline of Final PaperYou will create a robust.docxhealdkathaleen
 

More Related Content

Similar to Running Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docx

CompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxCompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxInfosectrain3
 
Solve the exercise in security management.pdf
Solve the exercise in security management.pdfSolve the exercise in security management.pdf
Solve the exercise in security management.pdfsdfghj21
 
A Framework For Information Security Risk Management Communication
A Framework For Information Security Risk Management CommunicationA Framework For Information Security Risk Management Communication
A Framework For Information Security Risk Management CommunicationJustin Knight
 
A MULTI-CRITERIA EVALUATION OF INFORMATION SECURITY CONTROLS USING BOOLEAN FE...
A MULTI-CRITERIA EVALUATION OF INFORMATION SECURITY CONTROLS USING BOOLEAN FE...A MULTI-CRITERIA EVALUATION OF INFORMATION SECURITY CONTROLS USING BOOLEAN FE...
A MULTI-CRITERIA EVALUATION OF INFORMATION SECURITY CONTROLS USING BOOLEAN FE...IJNSA Journal
 
Information Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsInformation Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsPECB
 
ISSC471_Final_Project_Paper_John_Intindolo
ISSC471_Final_Project_Paper_John_IntindoloISSC471_Final_Project_Paper_John_Intindolo
ISSC471_Final_Project_Paper_John_IntindoloJohn Intindolo
 
rethinking marketing
rethinking marketingrethinking marketing
rethinking marketingNavneet Singh
 
Discussion 1Recommend three countermeasures that could enhance.docx
Discussion 1Recommend three countermeasures that could enhance.docxDiscussion 1Recommend three countermeasures that could enhance.docx
Discussion 1Recommend three countermeasures that could enhance.docxelinoraudley582231
 
Protecting business interests with policies for it asset management it-tool...
Protecting business interests with policies for it asset management it-tool...Protecting business interests with policies for it asset management it-tool...
Protecting business interests with policies for it asset management it-tool...IT-Toolkits.org
 

Similar to Running Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docx (13)

CompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxCompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptx
 
Solve the exercise in security management.pdf
Solve the exercise in security management.pdfSolve the exercise in security management.pdf
Solve the exercise in security management.pdf
 
A Framework For Information Security Risk Management Communication
A Framework For Information Security Risk Management CommunicationA Framework For Information Security Risk Management Communication
A Framework For Information Security Risk Management Communication
 
A MULTI-CRITERIA EVALUATION OF INFORMATION SECURITY CONTROLS USING BOOLEAN FE...
A MULTI-CRITERIA EVALUATION OF INFORMATION SECURITY CONTROLS USING BOOLEAN FE...A MULTI-CRITERIA EVALUATION OF INFORMATION SECURITY CONTROLS USING BOOLEAN FE...
A MULTI-CRITERIA EVALUATION OF INFORMATION SECURITY CONTROLS USING BOOLEAN FE...
 
Information Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsInformation Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO Standards
 
Task 2
Task 2Task 2
Task 2
 
ISACA Cybersecurity Audit course brochure
ISACA Cybersecurity Audit course brochureISACA Cybersecurity Audit course brochure
ISACA Cybersecurity Audit course brochure
 
ISSC471_Final_Project_Paper_John_Intindolo
ISSC471_Final_Project_Paper_John_IntindoloISSC471_Final_Project_Paper_John_Intindolo
ISSC471_Final_Project_Paper_John_Intindolo
 
rethinking marketing
rethinking marketingrethinking marketing
rethinking marketing
 
Discussion 1Recommend three countermeasures that could enhance.docx
Discussion 1Recommend three countermeasures that could enhance.docxDiscussion 1Recommend three countermeasures that could enhance.docx
Discussion 1Recommend three countermeasures that could enhance.docx
 
Unit 4 standards.ppt
Unit 4 standards.pptUnit 4 standards.ppt
Unit 4 standards.ppt
 
CISSPills #3.02
CISSPills #3.02CISSPills #3.02
CISSPills #3.02
 
Protecting business interests with policies for it asset management it-tool...
Protecting business interests with policies for it asset management it-tool...Protecting business interests with policies for it asset management it-tool...
Protecting business interests with policies for it asset management it-tool...
 

More from healdkathaleen

Mill proposes his Art of Life, but he also insists that it is not ve.docx
Mill proposes his Art of Life, but he also insists that it is not ve.docxMill proposes his Art of Life, but he also insists that it is not ve.docx
Mill proposes his Art of Life, but he also insists that it is not ve.docxhealdkathaleen
 
Milford Bank and Trust Company is revamping its credit management de.docx
Milford Bank and Trust Company is revamping its credit management de.docxMilford Bank and Trust Company is revamping its credit management de.docx
Milford Bank and Trust Company is revamping its credit management de.docxhealdkathaleen
 
milies (most with teenage children) and the Baby Boomers (teens and .docx
milies (most with teenage children) and the Baby Boomers (teens and .docxmilies (most with teenage children) and the Baby Boomers (teens and .docx
milies (most with teenage children) and the Baby Boomers (teens and .docxhealdkathaleen
 
Midterm Paper - Recombinant DNA TechnologySome scientists are conc.docx
Midterm Paper - Recombinant DNA TechnologySome scientists are conc.docxMidterm Paper - Recombinant DNA TechnologySome scientists are conc.docx
Midterm Paper - Recombinant DNA TechnologySome scientists are conc.docxhealdkathaleen
 
Midterm Study GuideAnswers need to be based on the files i will em.docx
Midterm Study GuideAnswers need to be based on the files i will em.docxMidterm Study GuideAnswers need to be based on the files i will em.docx
Midterm Study GuideAnswers need to be based on the files i will em.docxhealdkathaleen
 
Michelle Carroll is a coworker of yours and she overheard a conversa.docx
Michelle Carroll is a coworker of yours and she overheard a conversa.docxMichelle Carroll is a coworker of yours and she overheard a conversa.docx
Michelle Carroll is a coworker of yours and she overheard a conversa.docxhealdkathaleen
 
Michelle is attending college and has a part-time job. Once she fini.docx
Michelle is attending college and has a part-time job. Once she fini.docxMichelle is attending college and has a part-time job. Once she fini.docx
Michelle is attending college and has a part-time job. Once she fini.docxhealdkathaleen
 
Midterm Assignment Instructions (due 31 August)The mid-term essay .docx
Midterm Assignment Instructions (due 31 August)The mid-term essay .docxMidterm Assignment Instructions (due 31 August)The mid-term essay .docx
Midterm Assignment Instructions (due 31 August)The mid-term essay .docxhealdkathaleen
 
Milestone 2Outline of Final PaperYou will create a robust.docx
Milestone 2Outline of Final PaperYou will create a robust.docxMilestone 2Outline of Final PaperYou will create a robust.docx
Milestone 2Outline of Final PaperYou will create a robust.docxhealdkathaleen
 
MigrationThe human population has lived a rural lifestyle thro.docx
MigrationThe human population has lived a rural lifestyle thro.docxMigrationThe human population has lived a rural lifestyle thro.docx
MigrationThe human population has lived a rural lifestyle thro.docxhealdkathaleen
 
Mid-TermDismiss Mid-Term1) As you consider the challenges fa.docx
Mid-TermDismiss Mid-Term1) As you consider the challenges fa.docxMid-TermDismiss Mid-Term1) As you consider the challenges fa.docx
Mid-TermDismiss Mid-Term1) As you consider the challenges fa.docxhealdkathaleen
 
MicroeconomicsUse what you have learned about economic indicators .docx
MicroeconomicsUse what you have learned about economic indicators .docxMicroeconomicsUse what you have learned about economic indicators .docx
MicroeconomicsUse what you have learned about economic indicators .docxhealdkathaleen
 
Michael Dell began building and selling computers from his dorm room.docx
Michael Dell began building and selling computers from his dorm room.docxMichael Dell began building and selling computers from his dorm room.docx
Michael Dell began building and selling computers from his dorm room.docxhealdkathaleen
 
Michael is a three-year-old boy with severe seizure activity. He h.docx
Michael is a three-year-old boy with severe seizure activity. He h.docxMichael is a three-year-old boy with severe seizure activity. He h.docx
Michael is a three-year-old boy with severe seizure activity. He h.docxhealdkathaleen
 
Michael graduates from New York University and on February 1st of th.docx
Michael graduates from New York University and on February 1st of th.docxMichael graduates from New York University and on February 1st of th.docx
Michael graduates from New York University and on February 1st of th.docxhealdkathaleen
 
Message Using Multisim 11, please help me build a home security sys.docx
Message Using Multisim 11, please help me build a home security sys.docxMessage Using Multisim 11, please help me build a home security sys.docx
Message Using Multisim 11, please help me build a home security sys.docxhealdkathaleen
 
Methodology of H&M internationalization Research purposeRe.docx
Methodology of H&M internationalization Research purposeRe.docxMethodology of H&M internationalization Research purposeRe.docx
Methodology of H&M internationalization Research purposeRe.docxhealdkathaleen
 
Mental Disability DiscussionConsider the typification of these c.docx
Mental Disability DiscussionConsider the typification of these c.docxMental Disability DiscussionConsider the typification of these c.docx
Mental Disability DiscussionConsider the typification of these c.docxhealdkathaleen
 
Meningitis Analyze the assigned neurological disorder and prepar.docx
Meningitis Analyze the assigned neurological disorder and prepar.docxMeningitis Analyze the assigned neurological disorder and prepar.docx
Meningitis Analyze the assigned neurological disorder and prepar.docxhealdkathaleen
 
Memoir Format(chart this)Introduction (that captures the r.docx
Memoir Format(chart this)Introduction (that captures the r.docxMemoir Format(chart this)Introduction (that captures the r.docx
Memoir Format(chart this)Introduction (that captures the r.docxhealdkathaleen
 

More from healdkathaleen (20)

Mill proposes his Art of Life, but he also insists that it is not ve.docx
Mill proposes his Art of Life, but he also insists that it is not ve.docxMill proposes his Art of Life, but he also insists that it is not ve.docx
Mill proposes his Art of Life, but he also insists that it is not ve.docx
 
Milford Bank and Trust Company is revamping its credit management de.docx
Milford Bank and Trust Company is revamping its credit management de.docxMilford Bank and Trust Company is revamping its credit management de.docx
Milford Bank and Trust Company is revamping its credit management de.docx
 
milies (most with teenage children) and the Baby Boomers (teens and .docx
milies (most with teenage children) and the Baby Boomers (teens and .docxmilies (most with teenage children) and the Baby Boomers (teens and .docx
milies (most with teenage children) and the Baby Boomers (teens and .docx
 
Midterm Paper - Recombinant DNA TechnologySome scientists are conc.docx
Midterm Paper - Recombinant DNA TechnologySome scientists are conc.docxMidterm Paper - Recombinant DNA TechnologySome scientists are conc.docx
Midterm Paper - Recombinant DNA TechnologySome scientists are conc.docx
 
Midterm Study GuideAnswers need to be based on the files i will em.docx
Midterm Study GuideAnswers need to be based on the files i will em.docxMidterm Study GuideAnswers need to be based on the files i will em.docx
Midterm Study GuideAnswers need to be based on the files i will em.docx
 
Michelle Carroll is a coworker of yours and she overheard a conversa.docx
Michelle Carroll is a coworker of yours and she overheard a conversa.docxMichelle Carroll is a coworker of yours and she overheard a conversa.docx
Michelle Carroll is a coworker of yours and she overheard a conversa.docx
 
Michelle is attending college and has a part-time job. Once she fini.docx
Michelle is attending college and has a part-time job. Once she fini.docxMichelle is attending college and has a part-time job. Once she fini.docx
Michelle is attending college and has a part-time job. Once she fini.docx
 
Midterm Assignment Instructions (due 31 August)The mid-term essay .docx
Midterm Assignment Instructions (due 31 August)The mid-term essay .docxMidterm Assignment Instructions (due 31 August)The mid-term essay .docx
Midterm Assignment Instructions (due 31 August)The mid-term essay .docx
 
Milestone 2Outline of Final PaperYou will create a robust.docx
Milestone 2Outline of Final PaperYou will create a robust.docxMilestone 2Outline of Final PaperYou will create a robust.docx
Milestone 2Outline of Final PaperYou will create a robust.docx
 
MigrationThe human population has lived a rural lifestyle thro.docx
MigrationThe human population has lived a rural lifestyle thro.docxMigrationThe human population has lived a rural lifestyle thro.docx
MigrationThe human population has lived a rural lifestyle thro.docx
 
Mid-TermDismiss Mid-Term1) As you consider the challenges fa.docx
Mid-TermDismiss Mid-Term1) As you consider the challenges fa.docxMid-TermDismiss Mid-Term1) As you consider the challenges fa.docx
Mid-TermDismiss Mid-Term1) As you consider the challenges fa.docx
 
MicroeconomicsUse what you have learned about economic indicators .docx
MicroeconomicsUse what you have learned about economic indicators .docxMicroeconomicsUse what you have learned about economic indicators .docx
MicroeconomicsUse what you have learned about economic indicators .docx
 
Michael Dell began building and selling computers from his dorm room.docx
Michael Dell began building and selling computers from his dorm room.docxMichael Dell began building and selling computers from his dorm room.docx
Michael Dell began building and selling computers from his dorm room.docx
 
Michael is a three-year-old boy with severe seizure activity. He h.docx
Michael is a three-year-old boy with severe seizure activity. He h.docxMichael is a three-year-old boy with severe seizure activity. He h.docx
Michael is a three-year-old boy with severe seizure activity. He h.docx
 
Michael graduates from New York University and on February 1st of th.docx
Michael graduates from New York University and on February 1st of th.docxMichael graduates from New York University and on February 1st of th.docx
Michael graduates from New York University and on February 1st of th.docx
 
Message Using Multisim 11, please help me build a home security sys.docx
Message Using Multisim 11, please help me build a home security sys.docxMessage Using Multisim 11, please help me build a home security sys.docx
Message Using Multisim 11, please help me build a home security sys.docx
 
Methodology of H&M internationalization Research purposeRe.docx
Methodology of H&M internationalization Research purposeRe.docxMethodology of H&M internationalization Research purposeRe.docx
Methodology of H&M internationalization Research purposeRe.docx
 
Mental Disability DiscussionConsider the typification of these c.docx
Mental Disability DiscussionConsider the typification of these c.docxMental Disability DiscussionConsider the typification of these c.docx
Mental Disability DiscussionConsider the typification of these c.docx
 
Meningitis Analyze the assigned neurological disorder and prepar.docx
Meningitis Analyze the assigned neurological disorder and prepar.docxMeningitis Analyze the assigned neurological disorder and prepar.docx
Meningitis Analyze the assigned neurological disorder and prepar.docx
 
Memoir Format(chart this)Introduction (that captures the r.docx
Memoir Format(chart this)Introduction (that captures the r.docxMemoir Format(chart this)Introduction (that captures the r.docx
Memoir Format(chart this)Introduction (that captures the r.docx
 

Recently uploaded

Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfMahmoud M. Sallam
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Celine George
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfakmcokerachita
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaVirag Sontakke
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxRaymartEstabillo3
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 

Recently uploaded (20)

Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdf
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdf
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of India
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 

Running Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docx

  • 1. Running Head: CYBERSECURITY FRAMEWORK 1 CYBERSECURITY FRAMEWORK 5 Integrating NIST CSF with IT Governance Frameworks Nkengazong Tung University of Maryland University College 29 AUGUST 2019 IT governance is the processes that ensure the effective and efficient use of IT in enabling an organization to achieve its goals. In the eCommerce industry, IT governance develop structure by characterizing hierarchical detailing lines, oversight advisory groups, standards, approaches, and procedures. A well-characterized structure viably sets the working limits for the association (Moeller, 2017). It additionally sets guidelines by making or lining up with the corporate procedure and characterizing the short and long haul
  • 2. objectives for the association. In the eCommerce industry, it is important to note how the regulations are followed, how standards are followed by the process managers, how planning for the capacity of servers should be done, ensure all the IT assets are tracked, etc. This internal function that is self- checking the “health status” of the various process to ensure the smoother function is Governance. Comment by Michael Baker: Recommend subtitles that match rubric IT management is overseeing IT services or innovation in an organization. It has several elements, all of which focus on aligning IT goals with business objectives in a way that creates the most value of an organization. These components are IT strategy, IT service and IT asset. Some of IT management issues faced by an eCommerce company include ways to secure customers information, providing value to the company, as well as supporting business operations. To address IT management challenges faced in eCommerce, IT policies must be put in place to define various processes within the organization. A policy is a set of guidelines that define how things are done within an organization. With a well-defined policy, activities in the eCommerce industry are well outlined and making it easy to operate. Risk Management is the process used to identify, evaluate and respond to possible accidental losses in situations where the only possible outcomes are losses or no change in the status. It is an overall administration function that tries to evaluate and address the circumstances and end results of vulnerability and threat to an association (Susmann & Braman, 2016). The aim of threat management is to empower an association to advance towards its objectives and goals in the most immediate, proficient, and viable way. Risk management issues faced by an eCommerce company are loss of data, unauthorized access of data as well as system failure. To address risk management in the eCommerce industry, a comprehensive risk management plan must be developed to address possible risks that might cause harm to the system. A good risk management plan
  • 3. provides procedures as well as guideline on how to respond to threats and also unforeseen incidents. By having a well-laid plan, the eCommerce industry can minimize or avoid threats by responding to them at the right time. Comment by Michael Baker: Does not match reference ISO/IEC 27000 ISO/IEC 27000 is an international security body that guides organizations in different sectors in meeting critical legislative as well as regulatory requirements related to information security. The role of this body is to ensure that organizations secure their data via effective innovation, auditing as well as employee awareness programmes. Cyber threats are among one of the biggest threats any organization face, they are dynamic hence difficult to address. These threats are conducted by hackers who manipulate computer systems for their good. ISO/IEC 27000 helps organizations in protecting their assets, determining and monitoring risks as well as having a defined plan to ensure that new security threats are attended to. This standard plays a huge role in eCommerce industry as it defines various guideline that addresses security issues within that sector. Any industry dealing with information must register with this body to ensure information security and also to meet international standards. Comment by Michael Baker: Programmers ISACA This is an international nonprofit body that focuses on the development, adoption as well as the implementation of internationally accepted information framework and processes. It provides benchmark and tools for sectors that deal with information systems. It also hosts forums that focus on various managerial issues relating to control systems and IT governance. ISACA’s coordinates various security certification programs where anyone certified under this program can operate
  • 4. all over the world. This body plays a significant role in upgrading COBIT which helps the organization in different sectors to manage their information and innovation. NIST (National Institute of Standards and Technology) NIST is a government body that develops innovation, metrics as well as guidelines to enhance innovation and economic competitiveness. It provides standards and security controls for an information system, NIST standards are endorsed by the government and organizations register with this body due to the fact that it enhances best security practices across different sectors (Akpose, 2016). One of the advantages of NIST compliance is the fact that it helps in ensuring that an organization infrastructure is secure it also provides guidelines for companies to follow when attaining compliance with specific regulations such as HIPAA. Ecommerce deals with sensitive clients’ information such as their names, home address as well as social security number which can cause harm in wrong hands. To protect this information, eCommerce companies should register with NIST which can guide them towards securing their information and also their systems. Comment by Michael Baker: You are missing complete sections to include the summary. Reference Comment by Michael Baker: References should be in alphabetical order Moeller (2017). IT governance: Improving systems processes with service management, Cobit and ITIL. Hoboken IT Governance Institute. (2015). Information security governance: Rolling Meadows, IL: Author. Comment by Michael Baker: Missing inline reference Akpose, W. (2016). NIST Cybersecurity Framework: A
  • 5. practitioner’s perspective. 6igma Associates. Vaseashta, A., Susmann & Braman, E. (2016). Cyber Security and Resiliency Policy Framework. IOS Press. CSIA 350: Cybersecurity in Business & IndustryProject #1: Integrating NIST’s Cybersecurity Framework with Information Technology Governance FrameworksScenario You have been assigned to your company’s newly established Risk Management Advisory Services team. This team will provide information, analysis, and recommendations to clients who need assistance with various aspects of IT Risk Management. Your first task is to prepare a 3 to 4 page research paper which provides an analysis of the IT Governance, IT Management, and Risk Management issues and problems that might be encountered by an e-Commerce company (e.g. Amazon, e-Bay, PayPal, etc.). Your paper should also include information about governance and management frameworks that can be used to address these issues. The specific frameworks that your team leader has asked you to address are: · ISO/IEC 27000 Family of Standards for Information Security Management Systems · ISACA’s Control Objectives for Information Technology (COBIT) version 5 · NIST’s Cybersecurity Framework (also referred to as the “Framework for Improving Critical Infrastructure Security”) The Risk Management Advisory team has performed some initial research and determined that using these three frameworks together can help e-Commerce companies ensure that they have processes in place to enable identification and management of information security related risks particularly
  • 6. those associated with the IT infrastructure supporting online sales, payment, and order fulfillment operations. (This research is presented in the Background section below.) Your research paper will be used to extend the team’s initial research and provide additional information about the frameworks and how each one supports a company’s risk management objectives (reducing the risks arising from cyber threats and cyberattacks against information, information systems, and information infrastructures). Your research should also investigate and report on efforts to date to promote the use both frameworks at the same time. Your audience will be members of the Risk Management Services team. These individuals are familiar with risk management processes and the e-Commerce industry. Your readers will NOT have in-depth knowledge of either framework. For this reason, your team leader has asked you to make sure that you include a basic overview of these frameworks at the beginning of your paper for the benefit of those readers who are not familiar with CSF and COBIT.Background Security Controls Security controls are actions which are taken to “control” or manage risk. Security controls are sometimes called “countermeasures” or “safeguards.” For this assignment, it is important to understand that it is not enough to pick or select controls and then buy or implement technologies which implement those controls. A structure is required to keep track of the controls and their status -- implemented (effective, not effective) and not implemented. The overarching structure used to manage controls is the Information Security Management System. Information Security Management System (ISMS) An Information Security Management System is the set of policies, processes, procedures, and activities used to structure the organizational unit which is responsible for managing the
  • 7. cybersecurity or information security program in a business. Companies can and do design their own structure for this program including: scope, responsibilities, and resources. Many companies, however, choose to use a defined standard to provide guidance for the structure and functions assigned to this organization. The ISO/IEC 27000 family of standards is one of the most frequently adopted and is comprised of best practices for the implementation of an information security program. The ISO/IEC 27001 standard specifies the requirements for and structure of the overall Information Security Management System and ISMS program. The ISO/IEC 27002 standard provides a catalog of security controls which can/should be implemented by the ISMS program. For additional information about the standards, please see this blog https://www.itgovernance.co.uk/blog/what-is-the-iso-27000- series-of-standards. Note: there are a number of free resources which describe the contents and purposes of the ISO/IEC 27000 family of standards. For your work in this course, you do not need access to the official standards documents (which are not freely available). Control Objectives for Information Technology (COBIT) COBIT is a framework that defines governance and management principles, processes, and organizational structures for enterprise Information Technology. COBIT includes a requirement for implementation of an Information Security Management System and is compatible with the ISO/IEC 27000 series of standards for ISMS implementation. COBIT 5 has five process areas which are specified for the Governance and Management of enterprise IT. These areas are: · Evaluate, Direct, and Monitor (EDM) · Align, Plan, and Organize (APO) · Build, Acquire, and Implement (BAI) · Deliver, Service, and Support (DSS) · Monitor, Evaluate, and Assess (MEA)
  • 8. Beginning with version 5, COBIT has incorporated Information Security as part of the framework. Three COBIT 5 processes specifically address information security: APO 13 “Manage Security,” DSS04 “Manage Continuity,” and DSS05 “Manage Security Services.”[footnoteRef:1] [1: Source: http://www.isaca.org/COBIT/Documents/COBIT-5-for- Information-Security-Introduction.pdf ] NIST Cybersecurity Framework (CSF) The NIST Framework for Improving Critical Infrastructure Security, commonly referred to as the Cybersecurity Framework or CSF, was developed in collaboration with industry, government, and academia to provide a common language and common frame of reference for describing the activities required to manage cyber-related risks and, in so doing, protect and defend against cyber attacks. Unlike many NIST guidance documents, the CSF was designed specifically for businesses – to meet their needs and support attainment of business objectives. Originally designed for companies operating in the 16 critical infrastructure sectors, the CSF is now being required of federal government agencies and departments and their contractors. The Executive Summary of the NIST CSF version 1.1 provides additional background and supporting information about the purposes, goals, and objectives of the CSF. The Cybersecurity Framework is presented in three parts: · Core Functions (Identify, Protect, Detect, Respond, Recover) · Implementation Tiers (risk management processes and practices) · Profiles (specific to a business or industry – goals and desired outcomes) Commonalities between ISO/IEC 27000, COBIT, and NIST CSF There are a number of common elements between the information security frameworks defined in the ISO/IEC 27000 family of standards, the COBIT standard, and the NIST
  • 9. Cybersecurity Framework. Each of these frameworks addresses risks that must be addressed by businesses that depend upon digital forms of information, information systems, and information infrastructures. Each framework presents structured lists of IT Governance and IT Management activities (processes and practices) which must be adopted and implemented in order to effectively manage risk and protect digital assets from harm or loss. Each framework also provides a list or catalog security. Each framework also provides lists of goals or objectives which must be met in order to assure the effectiveness of controls implemented to defend against cyber threats and attacks. The ISO/IEC 27001:2013 and COBIT 5 controls and process areas have been cross referenced to the NIST Cybersecurity Framework Functions, Categories, and Subcategories in the NIST CSF document.[footnoteRef:2] Table 1 below shows examples of the mapping between COBIT 5 and NIST CSF as provided in Table 2: Framework Core: Informative References in the NIST CSF document. [2: Source: https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018. pdf ] Table 1. Example Mappings from ISO/IEC 27001 to COBIT 5 Processes to NIST CSF Functions ISO/IEC 27001:2013[footnoteRef:3] [3: Names for many of the ISO/IEC 27001 controls can be found here: https://www.bsigroup.com/Documents/iso-27001/resources/BSI- ISO27001-mapping-guide-UK-EN.pdf ] COBIT 5 Process NIST CSF Function NIST CSF Category NIST CSF Subcategory A.5.1.1 APO 13.01 Identify
  • 10. Governance (ID.GV) ID.GV-1 A.16.1.6 DSS 04.02 Identify Risk Assessment (ID.RA) ID.RA-4 A.6.1.1, A.7.2.1, A.15. DSS 05.04 Identify Governance (ID.GV) ID.GV-2 A.12.6.1, A.18.2.3 DSS 05.01, DSS 05.02 Identify Risk Assessment (ID.RA) ID.RA-1 Adoption and Use of IT Security Frameworks A 2016 survey conducted by Dimensional Research for Tenable[footnoteRef:4] found that over 80% of the responding organizations used an IT security or cybersecurity frameworks to structure their IT security management program. This finding was similar across all sizes of companies and across industries. Over 40% of the respondents used multiple frameworks. The NIST CSF was utilized by over 40% of the respondents – approximately the same number who adopted the ISO/IEC 27000 standards. One notable finding was that in some cases the NIST CSF adoption was required by a business partner or a federal contract. [4: Source: https://static.tenable.com/marketing/tenable-csf-report.pdf ] Research 1. Read / Review the weekly readings 2. Consult Aligning COBIT® 4.1, ITIL® V3 and ISO/IEC 27002 for Business Benefit http://www.isaca.org/Knowledge- Center/Research/Documents/Aligning-COBIT-ITIL-V3-
  • 11. ISO27002-for-Business-Benefit_res_Eng_1108.pdf for additional information about the activities / controls included in ISO/IEC 27002 and COBIT. This reference should be used in conjunction with the “Informative References” listed in NIST’s Cybersecurity Framework Core definitions. 3. Review the following outlines and explanations of the ISO/IEC 27001 and 27002 standards a. ISO/IEC 27001:2013 Plain English Outline (excerpts for Information Security provisions) http://www.praxiom.com/iso- 27001-outline.htm and http://www.praxiom.com/iso-27001.htm b. ISO 27002:2013 Translated into Plain English http://www.praxiom.com/iso-27002.htm 4. Read the following analyses and articles about COBIT 5 and its information security related functions. a. COBIT 5 for Information Security (ISACA) https://www.isaca.org/COBIT/Documents/COBIT-5-for- Information-Security-Introduction.pdf b. About COBIT 5 https://cobitonline.isaca.org/about c. COBIT 5 for Risk – A Powerful Tool for Risk Management http://www.isaca.org/COBIT/focus/Pages/cobit-5-for-risk-a- powerful-tool-for-risk-management.aspx d. 9 Burning Questions about Implementing NIST Cybersecurity Framework Using COBIT 5 https://www.itpreneurs.com/blog/9- burning-questions-about-implementing-nist-cybersecurity- framework-using-cobit-5/ 5. Read the following analyses and articles about adoption of the NIST CSF a. Trends in Security Framework Adoption https://static.tenable.com/marketing/tenable-csf-report.pdf b. How to Implement NIST CSF: A 4-Step Journey to Cybersecurity Maturity https://www.rsam.com/wp- content/uploads/2018/06/Rsam_NIST_CSF_Implementation_WP -sept-2017.pdf c. 5 Steps to Turn the NIST Cybersecurity Framework into Reality https://www.securitymagazine.com/articles/88624-steps- to-turn-the-nist-cybersecurity-framework-into-reality
  • 12. 6. Find three or more additional sources which provide information about best practices for implementing the NIST Cybersecurity Framework Core and COBIT 5 (separately and together).Write: Use standard terminology including correctly used cybersecurity terms and definitions to write a two to three page summary of your research. At a minimum, your summary must include the following: 1. An introduction or overview of the role that the Information Security Management System plays as part of an organization’s IT Governance, IT Management, and Risk Management activities. The most important part of this overview is a clear explanation of the purpose and relationships between governance and management activities as they pertain to managing and reducing risks arising from the use of information technology. 2. An analysis section that provides an explanation of how ISO/IEC 27000, 27001, 27002; COBIT 5; and NIST’s CSF can be used to improve the effectiveness of an organization’s risk management efforts for cybersecurity related risks. This explanation should include: a. An overview of ISO/IEC 27000, 27001, and 27002 that includes an explanation of the goals and benefits of this family of standards (why do businesses adopt the standards, what do the standards include / address, what are the desired outcomes or benefits). b. An overview of COBIT 5 that includes an explanation of the goals and benefits of this framework (why do businesses adopt the framework, what does the framework include / address, what are the desired outcomes or benefits). c. An overview of the NIST Cybersecurity Framework (CSF) which explains how businesses can use this framework to support ALL of their business functions (not just critical infrastructure operations). d. Five or more specific examples of support to risk management for e-Commerce and supporting business
  • 13. operations that can be provided by implementing ISO/IEC 27000/1/2, COBIT 5, and NIST CSF. 3. A recommendations section in which you provide and discuss five or more ways that e-Commerce companies can use the standards and frameworks at the same time (as part of the same risk management effort). You should focus on where the frameworks overlap or address the same issues / problems. (Use Table 2: Informative References to find overlapping functions / activities.) You are not required to identify or discuss potential pit falls, conflicts, or other types of “problems” which could arise from concurrent use of multiple guidance documents. 4. A closing section that provides a summary of the issues, your analysis, and your recommendations.Submit for Grading Submit your work in MS Word format (.docx or .doc file) using the Project #1 Assignment in your assignment folder. (Attach the file.)Additional Information 1. Consult the grading rubric for specific content and formatting requirements for this assignment. 2. Your 2-3 page white paper should be professional in appearance with consistent use of fonts, font sizes, margins, etc. You should use headings and page breaks to organize your paper. 3. Your paper should use standard terms and definitions for cybersecurity. See Course Content > Cybersecurity Concepts for recommended resources. 4. The CSIA program recommends that you follow standard APA formatting since this will give you a document that meets the “professional appearance” requirements. APA formatting guidelines and examples are found under Course Resources > APA Resources. An APA template file (MS Word format) has also been provided for your use CSIA_Basic_Paper_Template(APA_6ed,DEC2018).docx. 5. You must include a cover page with the assignment title, your name, and the due date. Your reference list must be on a separate page at the end of your file. These pages do not count towards the assignment’s page count.
  • 14. 6. You are expected to write grammatically correct English in every assignment that you submit for grading. Do not turn in any work without (a) using spell check, (b) using grammar check, (c) verifying that your punctuation is correct, and (d) reviewing your work for correct word usage and correctly structured sentences and paragraphs. 7. You are expected to credit your sources using in-text citations and reference list entries. Both your citations and your reference list entries must follow a consistent citation style (APA, MLA, etc.). Copyright ©2019 by University of Maryland University College. All Rights Reserved Running Head: CYBERSECURITY FRAMEWORK 1 CYBERSECURITY FRAMEWORK 5 Integrating NIST CSF with IT Governance Frameworks Nkengazong Tung University of Maryland University College 29 AUGUST 2019
  • 15. IT governance is the processes that ensure the effective and efficient use of IT in enabling an organization to achieve its goals. In the eCommerce industry, IT governance develop structure by characterizing hierarchical detailing lines, oversight advisory groups, standards, approaches, and procedures. A well-characterized structure viably sets the working limits for the association (Moeller, 2017). It additionally sets guidelines by making or lining up with the corporate procedure and characterizing the short and long haul objectives for the association. In the eCommerce industry, it is important to note how the regulations are followed, how standards are followed by the process managers, how planning for the capacity of servers should be done, ensure all the IT assets are tracked, etc. This internal function that is self- checking the “health status” of the various process to ensure the smoother function is Governance. IT management is overseeing IT services or innovation in an organization. It has several elements, all of which focus on aligning IT goals with business objectives in a way that creates the most value of an organization. These components are IT strategy, IT service and IT asset. Some of IT management issues faced by an eCommerce company include ways to secure customers information, providing value to the company, as well as supporting business operations. To address IT management challenges faced in eCommerce, IT policies must be put in place to define various processes within the organization. A policy is a set of guidelines that define how things are done within an organization. With a well-defined policy, activities in the eCommerce industry are well outlined and making it easy to operate. Risk Management is the process used to identify, evaluate and respond to possible accidental losses in situations where the only possible outcomes are losses or no change in the status. It
  • 16. is an overall administration function that tries to evaluate and address the circumstances and end results of vulnerability and threat to an association (Susmann & Braman, 2016). The aim of threat management is to empower an association to advance towards its objectives and goals in the most immediate, proficient, and viable way. Risk management issues faced by an eCommerce company are loss of data, unauthorized access of data as well as system failure. To address risk management in the eCommerce industry, a comprehensive risk management plan must be developed to address possible risks that might cause harm to the system. A good risk management plan provides procedures as well as guideline on how to respond to threats and also unforeseen incidents. By having a well-laid plan, the eCommerce industry can minimize or avoid threats by responding to them at the right time. ISO/IEC 27000 ISO/IEC 27000 is an international security body that guides organizations in different sectors in meeting critical legislative as well as regulatory requirements related to information security. The role of this body is to ensure that organizations secure their data via effective innovation, auditing as well as employee awareness programmes. Cyber threats are among one of the biggest threats any organization face, they are dynamic hence difficult to address. These threats are conducted by hackers who manipulate computer systems for their good. ISO/IEC 27000 helps organizations in protecting their assets, determining and monitoring risks as well as having a defined plan to ensure that new security threats are attended to. This standard plays a huge role in eCommerce industry as it defines various guideline that addresses security issues within that sector. Any industry dealing with information must register with this body to ensure information security and also to meet international standards.
  • 17. ISACA This is an international nonprofit body that focuses on the development, adoption as well as the implementation of internationally accepted information framework and processes. It provides benchmark and tools for sectors that deal with information systems. It also hosts forums that focus on various managerial issues relating to control systems and IT governance. ISACA’s coordinates various security certification programs where anyone certified under this program can operate all over the world. This body plays a significant role in upgrading COBIT which helps the organization in different sectors to manage their information and innovation. NIST (National Institute of Standards and Technology) NIST is a government body that develops innovation, metrics as well as guidelines to enhance innovation and economic competitiveness. It provides standards and security controls for an information system, NIST standards are endorsed by the government and organizations register with this body due to the fact that it enhances best security practices across different sectors (Akpose, 2016). One of the advantages of NIST compliance is the fact that it helps in ensuring that an organization infrastructure is secure it also provides guidelines for companies to follow when attaining compliance with specific regulations such as HIPAA. Ecommerce deals with sensitive clients’ information such as their names, home address as well as social security number which can cause harm in wrong hands. To protect this information, eCommerce companies should register with NIST which can guide them towards securing their information and also their systems. Reference
  • 18. Moeller (2017). IT governance: Improving systems processes with service management, Cobit and ITIL. Hoboken IT Governance Institute. (2015). Information security governance: Rolling Meadows, IL: Author. Akpose, W. (2016). NIST Cybersecurity Framework: A practitioner’s perspective. 6igma Associates. Vaseashta, A., Susmann & Braman, E. (2016). Cyber Security and Resiliency Policy Framework. IOS Press.