Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Comparision of ISO with NIST and COBIT framework

This presentation takes into consideration different security aspects and compare them with the different frameworks.

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all
  • Be the first to comment

Comparision of ISO with NIST and COBIT framework

  1. 1. iFour ConsultancyComparison of Different Standards
  2. 2. In terms of Information Security - They both agree on the basic definition of information security. ISO  Preservation of confidentiality, integrity and availability of information. NIST  The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability Comparing ISO with NIST Software Outsourcing Companies in India
  3. 3. In terms of Risk management – ISO  Coordinated activities to direct and control an organization with regard to risk.  Risk management generally includes risk assessment, risk treatment, risk acceptance, risk communication, risk monitoring and risk review. NIST  The process of managing risks to agency operations, agency assets, or individuals resulting from the operation of an information system.  It includes risk assessment; cost-benefit analysis; the selection, implementation, and assessment of security controls; and the formal authorization to operate the system. Comparing ISO with NIST Software Outsourcing Companies in India
  4. 4. In terms of Risk ISO  Information Security Risk: potential that a threat will exploit a vulnerability of an asset or group of assets and thereby. cause harm to the organization  Risk: combination of the probability of an event and its consequence. NIST  The level of impact on agency operations (including mission, functions, image, or reputation), agency assets, or individuals, resulting from the operation of an information system given the potential impact of a threat and the likelihood of that threat occurring. Comparing ISO with NIST Software Outsourcing Companies in India
  5. 5. In terms of Risk Treatment/Mitigation - Different terms, same meaning ISO  Risk Treatment- Process of selection and implementation of measures to modify risk.  It is documented in a Risk Treatment Plan. NIST  Risk mitigation involves prioritizing, evaluating, and implementing the appropriate risk-reducing controls recommended from the risk assessment process.  Documented in the Risk Assessment Report and the Plan of Actions and Milestones. Comparing ISO with NIST Software Outsourcing Companies in India
  6. 6. In terms of Focus ISO  Implementation of security controls, stress on risk— management approach COBIT  Business orientation and IT governance in its entirety In terms of Paradigm ISO  Information security management system COBIT  Planning of IT Processes Comparing ISO with COBIT Software Outsourcing Companies in India
  7. 7. In terms of Scope ISO  Standalone guidance for security. COBIT  Complete IT governance of organization, including security planning. It is an integrated solution. In terms of Structure ISO  11 sections with 36 objectives which are further divided into sub-objectives COBIT  34 IT processes grouped in 4 domains: Plan and organize, Acquire and Implement, Deliver and support, Monitor Comparing ISO with COBIT Software Outsourcing Companies in India
  8. 8. In terms of Organizational model ISO  Management, IS departments. COBIT  All stakeholders In terms of Certification ISO  IS Certifiable COBIT  Is not certifiable for organizations Comparing ISO with COBIT Software Outsourcing Companies in India
  9. 9.  https://qatar.cmu.edu/media/assets/CPUCIS2010-1.pdf  http://www.federalcybersecurity.org/CourseFiles/WhitePapers/ISOvNIST.pdf References : Software Outsourcing Companies in India
  10. 10. Visit our websites :  http://www.ifour-consultancy.com  http://www.ifourtechnolab.com For more details : Software Outsourcing Companies in India
  11. 11. Software Outsourcing Companies in India

    Be the first to comment

    Login to see the comments

  • SaeedAlGarni1

    Mar. 17, 2019

This presentation takes into consideration different security aspects and compare them with the different frameworks.

Views

Total views

1,388

On Slideshare

0

From embeds

0

Number of embeds

3

Actions

Downloads

45

Shares

0

Comments

0

Likes

1

×