Information Security Standards in the global context - 825 Words

Information Security Standards in the global context (Research Paper Sample) Content: INFORMATION SECURITY STANDARDS: DIFFERENCES AND SIMILARITIES BETWEEN EXISTING SECURITY STANDARDSName:Course Title:Course Instructor:Institution:Date Due: A security standard is a documented guideline which details security techniques to be followed by organizations in order to minimize security attacks on the information systems, the technologies and the information contained therein. This is aimed at eliminating information security compromise and ensures the availability, integrity and confidentiality of the information systems, the technologies and infrastructures used as well as the information contained in the organizations information systems. Security standards provide not only the general outlines on enhancing security but also specific techniques for implementing information system security. Security standards prescribe, at a low level, the ways through which these organizations can enforce their security policies and procedures. Some of the most recognized s ecurity standards include ISO17799, ISO27002, TCSEC, ITSEC, ITIL, COBIT, Rainbow Series, Common Criteria, BS 25999-2, IETF, GMITS and GASSP among other standards. The ISO 17799 consists of ten modules each of which is concerned with specific aspects of security. These modules are security policy, security organization, asset classification and control, personnel security, physical and environmental security, communication and operations management, access control, system development and maintenance, business continuity planning and compliance (Idaho National Laboratory, 2005). The ISO IEC 27002 is considered an improvement of the ISO 17799 and is composed of ten components which are covered from section two to fifteen. These include the management of security policy, corporate security, organizational asset, human resource security, physical and environmental security, communications and operations, information access control, information system security, information security incide nts, business continuity and compliance. The ITIL jigsaw consists of five major components the central of them being managing the system applications. This is supported by the delivering IT services, supporting these IT services, managing the IT infrastructure and underlining these with the business perspective. The main focus here in on delivering and supporting the IT services. (Hoekstra, Conradie, n.d.) The CobiT security standard is goal oriented which is underpinned in the key performance and success indicators. This is formulated in four main areas namely, planning and organization, acquisition and implementation delivery and support and monitoring the IT resources and information within the business organization (Hoekstra, Conradie, n.d.). The Standard of Good Practice for Information Security is a development by the Information Security Forum. It is business oriented with a bias in information security risks identification and management. It is aimed at complying with the ISO 27001 through defining, implementing, evaluating and enhancing security techniques suited for the organization (Information Security Forum, 2011). The BS 25999-2 is a British national standard for business continuity which is gaining popularity in other countries as well. This standard includes the four management phases namely, planning, implementing, reviewing and monitoring and improving. The focus of this standard is continuous upgrading and improving of the information systems and related infrastructure to ensure its usability. This is enshrined in human resource management, analysis of business impact and risk assessment, business continuity plan, plan and system maintenance and improvement as well as documentation of the business continuity strategy. The ISO 17799 and ISO IEC 27002 are similar in their areas of emphasis. They both focus of categorizing the various sources of security risks and threats as well as the management of the same. They both have ten components wh ich are related including human resource, physical and environmental, access control and communications and operations among other categorizations. They are however different in the sense that while the ISO 17799 stresses on the identification of security issues and challenges, the ISO IEC 27002 stresses on the management and control of the identified threats. The ITIL and CobiT security standards are similar in their emphasis on the delivery and support of IT services in the organization. In addition, these two security standards also stress on the attainment of the organizational goal. The two standards are however differing in the while CobiT recognizes that people factor in information systems; ITIL on the other hand seems to focus on the Information Technology and infrastructure making up the information systems. The Standard of Good Practice for Information Security and the BS 25999-2 are similar in that they are both focused on the continuity of the business. They also emphas ize on the recognition of the people culture by taking the management approach to security as well as the need for continuous assessment and upgrading. The focus on business continuity and people factor makes these two security standards different from other standards such as ITIL which focuses on technology and infrastructure. The existence of so many security standards can be attributed to three major factors. These include the diversity and multiplicity of security issues, the varying organizational needs and the inadequacy of the...