Project Paper

docx

School

Collin County Community College District *

*We aren’t endorsed by this school

Course

2341

Subject

Information Systems

Date

Dec 6, 2023

Type

docx

Pages

4

Uploaded by ConstableIce18077

Report
ITSY 2341 Project paper Cybersecurity remains to be a very important area for many organizations all over the world due to technology evolving every day. This creates the threat of cyber-attacks skyrocketing. In order to combat these threats, these organizations need to develop a consistent framework that will guide them to follow practices and procedures. There are two popular frameworks for this situation, and they are ISO 27000 series and NIST framework. According to a recent article by Security Boulevard (2022), comparing the NIST Cybersecurity Framework and the ISO 27000 series is crucial for organizations looking to improve their cybersecurity posture. We will compare these frameworks and provide recommendations for which would be more compatible with any organization’s needs and goals. ISO series is a framework that outlines the best procedures for Information security management systems also know as ISMS. It covers a wide scale of cybersecurity such as risk assessment, asset management, access control, incident management, and compliance. ISO framework provides a systematic approach and manages information security. Now lets talk the pros and cons of ISO. The pros of ISO is there is a reductions on losses from security incidents and fines due to any legal non conformity. There are 2 big cons that organizations may not be a fan of which is costly due to the extra work required to set it up and with this being a lengthy and costly fix people will consider this as a waste of resources and may favor NIST above all. Now, NIST is a framework that provides guidelines for managing and reducing cyber risks. The framework focuses on 5 core functions which are identify, protect, detect, respond,
and recover. Utilizing these functions makes NIST flexible and tailored to any organization’s needs. Although it may sound good right now NIST does lack the level of detail ISO has. The pros of NIST are the flexibility of the framework, superior cybersecurity system, and is built for meet any future regulatory requirements and compliance requirements. The cons are it cant properly deal with multiple third parties for cloud computing and has complications with role based access systems. After we compared the two frameworks, I would suggest to use ISO 27000 series because it can provide an organization that wants a comprehensive approach to manage information security. Despite it being costly and time consuming, the benefits outweigh the costs. The ISO framework is respected across the industry and will provide a competitive advantage. In order to implement the ISO framework, they must follow a 6-step process. The steps follow we must define the scale of the ISMS, we must conduct a risk assessment, develop a risk management plan, implement security controls, monitor, and review the ISMS after implementation, and lastly improve the ISMS routinely. Following this process and making sure you tailor to the organization’s needs. Throughout the procedure you may face challenges with including the time and resources required for implementation, the complexity of the framework and the necessity to improve and maintain the framework. The benefits of implementing the ISO include an enhanced cybersecurity, improved regulations and competitive advantage. ISO will help organizations identify vulnerabilities before they evolve to even greater issues. In conclusion, the ISO framework is the best for managing information security. Despite the time constraints and cost issues the benefits heavily outweigh the costs. But this is my bias, organizations should tailor the framework to their needs. Ultimately, ISO can help organizations better their cybersecurity posture and improve regulatory compliance.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Work Cited Siddiqui, M. (2022, June 24). NIST vs. ISO –what you need to know . Security Boulevard. https://securityboulevard.com/2022/06/nist-vs-iso-what-you-need-to-know/

Related Documents

Shaquaris Magee Chapter 4 Real World Cases Drop Box.docx
ADTA_5240_assignment_2.1_ADII.docx
Final Exam Risks Mngmnt.docx
Assignment 2 ITM210 Project Charter.docx
Case Two.pptx
W08 Tutorial Exercise.docx
midterm essay.docx
Tech Briefing.docx
Week 4 Lab 1.docx
Week 9-BigdataDataLakeDataWarehose.docx
JThomas_Clinical Documentation Worksheet_112623.docx
Email # 2 Bad News.docx