Wednesday, November 20, 2019
The Development Information Security Essay Example | Topics and Well Written Essays - 6250 words
The Development Information Security - Essay Example There are many well-known security standards available, for instance, ISO, NIST, and COBAT. However, most of the Security Frameworks stress more on compliance requirements and controls rather than effectiveness. Standards, procedures and practices provided to larger organization easily swamp the SMEs. Due to lack of resources, SMEs often spend minimum amount on security and scarcely utilize their resources to apply hundreds of good practices provided by security standards and frameworks. Furthermore, SMEs do not adapt to all the ISO security standards rather they define their own strategies in order to meet their specific security goals. It indicates the importance of providing SMEs a security framework that facilitates the task of identifying and applying security measures in accordance with their own needs and requirements. Therefore, we need to go back to square one and design a more suitable portfolio of solutions in order to cater a broader set of organizations and circumstances . There is no single industry security standard that provides all the answers. However, a good industry standard does provide a widely accepted and proven framework. It not only defines a particular security program in order to provide a foundation for security system but also satisfies particular needs of the organization. Such framework is derived from the development of a prioritized set of objectives and practices as suggested by literature and standards provided by ISO standards. This security framework provides steps to establish best suited Information Security Management System (ISMS) for SMEs. These ISMS are based on ISO standards which enable SMEs to see the value of security outside of technical constraints and regulatory compliance. Moreover, it helps SMEs to incorporate securityà practices, controls and procedures to align business requirements with IT security requirements. Moreover, it provides support for effective use of technology, central management, adaptabilit y, flexibility, performance, interoperability and compliance on the forefront.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.