Page 162 - DCAP309_INFORMATION_SECURITY_AND_PRIVACY
P. 162

Information  Security and Privacy




                    Notes          Benefits of a Security Framework

                                   1.  It offers Enterprise security that is:
                                       (a)  Consistent
                                       (b)  Constant
                                       (c)  Covers  everything.

                                   2.  Traits of good Enterprise Security are:
                                       (a)  Reliable
                                       (b)  Robust
                                       (c)  Repeatable.

                                   3.  An effectual Security Framework is:
                                       (a)  Monitored
                                       (b)  Managed
                                       (c)  Maintained.

                                   11.3.1 Introduction to ISO 27001


                                   The ISO 27001 standard was available in October 2005, fundamentally substituting the old BS7799-
                                   2 standard. It is the requirement for ISMS, an Information Security Management System. BS7799
                                   itself was a extended standing standard, first available in the nineties as a code of practice. As
                                   this developed, a second portion occurred to cover up management systems. It is this beside
                                   which documentation is decided. Today in surplus of a thousand certificates are in position,
                                   across the world.
                                   Its purpose is to identify  “the needs for establishing, implementing, operating, monitoring,
                                   reviewing, preserving and improving documented ISMS inside the context of the organization’s
                                   on the whole business risks.
                                   ISO 27001 improved the content of BS7799-2 and coordinated it with other standards. A system
                                   has been developed by a variety of certification bodies for exchange from BS7799 certification to
                                   ISO27001 certification.
                                   The purpose of the standard itself is to “offer a model for establishing, implementing, operating,
                                   monitoring, reviewing,  sustaining,  and  improving  an  Information  Security  Management
                                   System”. Concerning its adoption, this should be a tactical decision. Moreover, “The design and
                                   execution of an organization’s ISMS is influenced by their needs and aims, security needs, the
                                   process employed and the size and organization of the organization”.
                                   The standard defines its ‘process technique’ as “The application of a system of procedures within
                                   an organization, jointly with the  identification and  communications of these processes, and
                                   their management”. It employs the PDCA, Plan-Do-Check-Act model to organize the processes,
                                   and reflects the values set out in the OECG guidelines.


                                   11.3.2 COBIT

                                   The COBIT Framework offers a tool for the business procedure owner that influence the discharge
                                   of business process tasks. COBIT is an IT-centric framework intended to offer users, businesses,
                                   and auditors with a standard technique for designing, executing, and testing IT controls. This




          156                               LOVELY PROFESSIONAL UNIVERSITY
   157   158   159   160   161   162   163   164   165   166   167