Question

In: Computer Science

List the names AND titles of 5 (five) frameworks (or approaches) that are implemented by enterprises...

List the names AND titles of 5 (five) frameworks (or approaches) that are implemented by enterprises for cyber risk management compliance

Solutions

Expert Solution

It is a series of documentation, agreed and understood policies, procedures, and processes that define how information is managed in business, to lower risk and vulnerability, and increase confidence in an ever-connected world.

There are around 250 different types of security frameworks used globally, which is developed to suit a wide variety of businesses and sectors.

Here are the most common 5 frameworks that are implemented by enterprises for cyber risk management compliance:

1. International Standards Organisation (ISO)

2. Protective Security Requirements (PSR)

3. Australian Signals Directorate (ASD)

4. Control Objectives for Information and Related Technology (COBIT)

5. National Institute of Standards and Technology (NIST)

6. Industry-Specific Standards

1. International Standards Organisation (ISO):- One of the most widely known security standards, this is a mature framework focused on information security. It's very comprehensive and broad, and also can be used across a wide range of types and sizes of businesses. It is developed by the International Standards Organisation (ISO), it is the security equivalent of the ISO 9000 quality standards for manufacturers and operational excellence.

As it is tried and tested, countries often use it as a basis on which to create a manual about security and what to do.

However, like many of the ISO standards, it can be a bit daunting and many smaller organizations are put off by the effort required to gain accreditation and the perception that it can be difficult to implement.

2. Protective Security Requirements (PSR):- It describes baseline and minimum mandatory security standards for government departments and agencies. It forms an important part of the New Zealand Security Intelligence Service’s Protective Security Requirements (PSR) framework, which sets out the Government's expectations for managing personnel, information and physical security.

As it’s a New Zealand document, it’s a popular starting point for Kiwi companies, and it has been made publicly available to allow greater access, increase awareness, improve transparency, and to share good practice.

3. Australian Signals Directorate (ASD):- Not a standard as such, the Australian Signals Directorate (ASD) is a set of controls or strategies that, if implemented correctly, could mitigate up to 85% of the most common information security attack techniques.

The Essential 8 are part of a larger set of strategies that make up the ASD Strategies to Mitigate Cyber Security Incidents. These are based on the ASD’s experience in responding to real-world attacks and in performing vulnerability assessments and penetration testing of Australian Government agencies. The ASD state that the Essential 8 are so effective, they consider them to be the cyber-security baseline for all organizations.

4. Control Objectives for Information and Related Technology (COBIT):- COBIT is a high-level framework focused on identifying and mitigating risk. It was developed for IT governance professionals to reduce technical risk, but it’s evolved into a standard to align IT with business goals. What it lacks is informative practical advice. While it’s not as widely followed as others, COBIT is mostly used within the finance industry to comply with standards such as Sarbanes-Oxley, but if your business wants to adopt a formal risk management framework, it’s also worth considering.

5. NAtional Institute of Standards and Technology (NIST):- The NIST framework has evolved over 20 years and could be seen as the father figure for others. It contains a wide-ranging collection of information security standards and best practices. It is mature and very comprehensive and is very good for large enterprises, as well as those with a US connection. It can be aligned to the ISO standards, such as ISO 9000 quality management. Because NIST contains a lot of practical guidance, it can also be adapted relatively easily to smaller and non-US organizations.

6. Industry-Specific Standards:- In addition to the common frameworks above, there are also a number of industry-specific standards such as PCI DSS (for credit card handling), HIPAA (US legislation to safeguard health/medical information) and HISO (the NZ health information security framework) as well as any number of local regulations such as the European GDPR and the NZ Privacy Act. Adopting one of the more general security frameworks above may not make you fully compliant with these specific standards or regulations, but they will go a long way to helping you achieve compliance.

Security frameworks are vital for future success, and the decision about which to adopt should not be left to your IT team; boards and senior management need to be fully involved and responsible. That’s because information security is a business risk issue, not an ‘IT problem’, and should be addressed at the executive level of your organisation.


Related Solutions

List the names of five parts of your first line of defense IN DETAIL.
List the names of five parts of your first line of defense IN DETAIL.
The italicized list below includes scientific names (binomial names) for 5 different organisms. To complete this...
The italicized list below includes scientific names (binomial names) for 5 different organisms. To complete this assignment prepare a document using the textbook (Chapter 1, Diversity of Life) and credible websites as sources (refer to Introductory assignments: Website Credibility for guidelines) that (1) explains the concept and importance of a scientific name- 5 pts., (2) briefly describes each of the following organisms, including the common name- 2 pts. each, (3) assigns each organism to the appropriate domain and kingdom- 1...
Write a program that uses Python List of strings to hold the five student names, a...
Write a program that uses Python List of strings to hold the five student names, a Python List of five characters to hold the five students’ letter grades, and a Python List of four floats to hold each student’s set of test scores. The program should allow the user to enter each student’s name and his or her four test scores. It should then calculate and display each student’s average test score and a letter grade based on the average....
Ethical Framework: Pick two frameworks from this list and define the frameworks and give an example...
Ethical Framework: Pick two frameworks from this list and define the frameworks and give an example of each one. Here are your choices: 1. Utilitarianism, 2. Right Based Ethics, 3. Duty Based Ethics, 4. Justice Based Ethics, 5. Virtual based ethics
1. Briefly describe how a drying agent works. List the names and chemical formulas for five...
1. Briefly describe how a drying agent works. List the names and chemical formulas for five typical drying agents. 2. Elemental bromine (Br2)reacts with 3-hexene to form 3,4-dibromohexane. a. Write out the balanced equation for this reaction. b. If 11.5 g of 3-hexene is reacted with 8.8 g Br2, what is the theoretical yield of 3,4- dibromohexane? c. If you did the reaction described in (c) and isolated 15.9 g of 3,4- dibromohexane, what is the percent yield for the...
Du Pont System of Ratio Analysis 1a) List the intuitive interpretations (names of the five components...
Du Pont System of Ratio Analysis 1a) List the intuitive interpretations (names of the five components of the Return on Equity in the Du Pont System of Ration Analysis. b) State whether a firms tax burden ratio will be higher or lower if it pays less taxes relative to pretax profit and give reason for your answer. c) State whether a firms interest-burden ratio will be higher or lower if it pays more Interest relative to Earnings Before Interest and...
Specify FIVE (5) types of rules that authorities have implemented for protect the public and economy...
Specify FIVE (5) types of rules that authorities have implemented for protect the public and economy from financial panic attacks (financial panic) and explain how these rules can protect it people and economics from financial panic attacks.
. List 5 strategies or approaches to deal with conflicts and provide brief explanation for each.
. List 5 strategies or approaches to deal with conflicts and provide brief explanation for each.
Creating a list/tuple 3.Given a list of tuples containing student first names and last names e.g....
Creating a list/tuple 3.Given a list of tuples containing student first names and last names e.g. (“John”, “Doe”) that represents a class. Ask the user for a students first and last name and check if that student is a member of the class.
What are some of the names for rules have been implemented in situations where taxpayer in...
What are some of the names for rules have been implemented in situations where taxpayer in one country has a deduction but the recipient does not have taxable income where its received? List 3 examples - can be inbound or outbound.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT