Information Security Standards and Models
Examples of the evolution of information security activities date back to coded messages in ancient times. The modern information security and assurance industry did not begin to establish uniform practices and standards until the late 1980s.
One example of an early effort is the creation of ISC2, which involved a group of information security practitioners coming together to establish certification criteria for security professionals.
The federal government and a number of standards organizations such as NIST and ISO have developed examples of information security standards. Those reviewing the available standards will find that there is significant agreement among them as to approaches and models that support the work of information security.
Use the study materials and engage in any additional research needed to fill in knowledge gaps. Then discuss the following:
Identify an example of information security standards that appears to have taken a leadership position in setting standards for the industry.
Outline the framework and objectives of a security standards organization, including whether the standards are intended for a particular sector within information security.
Describe how security professionals who work in the private sector might determine which information security standards and models are most appropriate for implementation in the context of a specific organization.