Critical Comparasion of Isf and Cobit

By: Jon • Research Paper • 2,578 Words • January 25, 2010 • 905 Views

Page 1 of 11

Join now to read essay Critical Comparasion of Isf and Cobit

PROBLEM STATEMENT

This document serves the purpose of critically comparing the ISF Standards of Good Practise and the ISO 17799. This paper will include, amongst other issues areas of correspondence, areas of difference, usability and readability

INTRODUCTION

With constant reports in the media of hacked sites, denial of service attacks, computer espionage and newly discovered vulnerabilities in applications and hardware, it is impossible for the management of any organization to ignore the likelihood of a security incident occurring. Over the last few years concerns to protect the organizationвЂ™s assets and minimize liability has grown substantially, of recent it has become managementвЂ™s personal responsibility to implement effective information security controls.

The majority of organizations will typically have some security controls in place, often a mix of technology (e.g. firewalls and anti-virus software) and documented policies (e.g. Password Policy, Email and Internet Usage Policy). The real challenge is developing these into an integrated Information Security Management System that will support the organizationвЂ™s key business processes and strategic objectives as well as protect the electronic assets of the company and mitigate any risks that will result in an unfavorable situation for the company.

Why use a standard one may ask but there are few organizations nowadays who do not have links from their internal systems to the Internet, and who cannot identify outsiders, such as competitors or criminals, who may wish to exploit the information on their systems to their advantage. Thus without a standard approach to an area as diverse and as vital as information security it is unlikely that the organization will consider all aspects of security and not be at risk from a security incident that may seriously damage their business. That is where use of standards is crucial, they will provide guidelines on dealing with the diverse aspect of information security and consider all aspects of information security.

Adoption of these standards is currently seen as the best way for an organization to address information security in a systematic and comprehensive way by using industry best practice standards as a baseline. It is worth noting the use of the standards as a baseline, simply because the standards are merely guidelines and will not protect you from all security risks, but will reduce the probability of known risks from occurring.

There are two leading international best practices for Information security governance, The ISF standard of good practice and ISO 17799. This paper will outline what these standards are and through explanation of these standards, show with clear visibility some of the similarities, discrepancies and shortfalls and advantages of following these international Guidelines, and also will determine its ability to be complimentary to other best practices such as Cobit, or Itil.

ISO 17799

ISO 17799 is a вЂ?Code of Practice for Information Security ManagementвЂ™, which is an International Standard providing best practice guidance on security controls that should be considered for implementation within an organization. This is the вЂ?Code of PracticeвЂ™ for information security management, which details the recommended security measures and practices that support the controls in ISO 27001.

As it is a вЂ?Code of PracticeвЂ™, organizations cannot be certified against ISO

17799. Certification is only possible against ISO 27001, with ISO 17799 used as the basis for the selection of the most suitable security measures for each control. ISO 17799 is not a detailed specification of requirements and makes this clear in the preface, stating, вЂ?The guidance and recommendations provided throughout this Standard should not be quoted as if they were specifications.вЂ™ Often more detailed technical standards and guidance are necessary to support the implementation.

ISO 17799 aims to be as comprehensive as possible in identifying the range of controls needed for most situations where information systems are used. These measures include practices, procedures or mechanisms which may protect against threats, reduce vulnerabilities, limit the impact of an incident or protect against risks in an alternative method.

The structure of ISO 17799 involves the standard containing 11 security control clauses and 39 security categories and a introductory clause introducing risk assessment and treatment. Each of these clauses contains a number of main security categories

Continue for 10 more pages » • Join now to read essay Critical Comparasion of Isf and Cobit and other term papers or research documents

Read full document Save

Download as (for upgraded members)

txt

pdf

docx

Essay Preview

prev next

Report this essay

Related Essays

Critical Analysis of "the Necklace" Short Story

Critical Analysis of "The Necklace" Short Story The short story, The Necklace, by Guy De Maupassant, follows the life of a woman and her husband

1,064 Words | 5 Pages
Critical Analysis of "the Minister's Black Veil"

Critical Analysis of "The Minister's Black Veil" The small, early American town that the story "The Minister's Black Veil" takes place in is a quite

416 Words | 2 Pages
Critically Evaluation of Porter's Five Forces, Value Chain Analysis, Balanced Scored Card

Critically evaluation of Porter's five forces, Value Chain Analysis, Balanced Scored Card Given the demands of today's competitive and dynamic environment, it is quite challenging

4,269 Words | 18 Pages
A Critical Analysis of Hamlet

Why is Shakespeare considered to be one of the greatest playwrights of his time? Shakespeare lived in the Elizabethan era and had to write for

1,751 Words | 8 Pages