Essay about Mod 1 Case Assingment

1469 Words Dec 13th, 2014 6 Pages
Natividad Kolb
ITM 517 Information Security Overview for Managers and Policy Makers
Module 1 Case Assignment
Prof. James Koerlin
February 23, 2014

In this paper I will be discussing some of the benefits of having frameworks for information security management. What each of the frameworks of information security are, their pros and their cons. Which major perspectives to consider in information security management and framework choice. What organizational factors should be considered in framework choice? I will also attempt to come up with a better framework for information security.
Some of the benefits of having frameworks for information security management are, that they serve as a common ground for integrating all types
…show more content…
b) Risk can be transferred by using insurance policies by insuring that the company’s assets are protected for theft or destruction.
Audit and assurance frameworks includes assessing and comparing what is actually happening in an organization against what is actually supposed to be happening. Auditors can also be called to assess compliance with corporate security policies, standards, procedures and guidelines. Some times as contractual commitments, either as a specific audit or solely in the course of routine audit assignment.
Legal and regulatory frameworks, ensure that organizations are abiding by the requirements given by the different regulations like, FISMA, HIPPA and others. Failure to comply with the standards listed on these and other regulations can affect organizations in various ways; ranging from fines to jail time depending of the severity of the violation and the state where the violation is being committed. The some of the pros to this framework are that organizations will be more apt to follow what is required of them all the while protecting not only the customers’ sensitive informations but also the employee’s vital information.
Some of the cons to these frameworks “A secure system is one that does what it’s supposed to” (Eugene Spafford). There is no way to ensure that all systems have the same state of security. Because not all systems do the same things. Therefore each

Related Documents