Thursday, October 17, 2019

Differences and Similarities between Existing Security Standards Essay

Differences and Similarities between Existing Security Standards - Essay Example As discussed before information security is essential for saving the data and assets of a business. Thus, businesses require being completely responsive for devoting additional resources to save data and information assets, as well as information security has to be a top concern for both governments and businesses (Government of the HKSAR, 2008). In addition, the ISO (International Organization for Standardization) has been offering directions and guidelines for customers, businesses, trade officials, governments and developing nations since its establishment in 1947. Additionally, all that knowledge goes into the building of innovative standards and the development and enhancement of accessible information security standards. In this scenario, the ISO 9000, the excellence management standard, is yet probably the most identifiable ISO standard to American businesses for the reason that of its influence in the United State all through the late 80’s as well as untimely 1990†™s. However, there are numerous top security standards that have been discovered with the passage of time. For instance, whole 27000 series is intended to cover numerous areas of information security as well as risk management: (JBwGroup, 2009; Government of the HKSAR, 2008) IS0 27000 – Information Security methods, basics as well as vocabulary ISO 27001 – Information Security Management System Requirements (available: 10/2005) ISO 27002 – Code of Practice (available: 06/2005) ISO 27003 – Planned ISMS Implementation ISO 27004 – Directions intended for Information Security Management Metrics as well as Measurement ISO 27005 – Guide intended for Risk Management (available 06/2008) ISO 27006 – Worldwide Accreditation Requirements (available 03/2007) However, business corporations that have adopted ISMS and attained self-governing 3rd party certification regarding their information security plans have gained a number of strategic benefi ts (JBwGroup, 2009; Government of the HKSAR, 2008). Moreover, from the above stated different information security standards I have chosen the ISO/IEC 27001. ISO- 27001 or ISO/IEC 27001:2005 is typically referred as the most excellent practice specification that facilitates businesses and corporations all through the globe to build up a best-in-class information security management system (ISMS). In addition, these security and safety standards were published jointly by the ISO (international security office) and the international electro-technical commission (IEC). In this scenario, the British standard BS7799-2 was the predecessor for ISO 27001 (IT Governance Ltd., 2011; WikiBooks, 2009; Arnason & Willett, 2008; ISO, 2011; Praxiom Research Group Limited, 2011). In this information technology based age, information and information systems are very important for the businesses. Keeping this fact in mind, ISO 27001 establishes specific needs and requirements which have to be followed , as well as against those requirements organizations’ information security management systems are audited and certified. In addition, ISO 27001 is intended to harmonies with ISO 14001:2004, ISO 9001:2008, ISO 20000 as well as various other security standards established for efficient management system integration. In this scenario, the ISO27001 standard allows the organizations to produce a structure to comply with a lot of authoritarian standards. Additionally, all the United Kingdom businesses have to obey following standards:

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.