Assignment: Cybersecurity in Business & Industry
Project: Integrating NIST's Cybersecurity Frameworkwith Information Technology Governance Frameworks
Scenario
You have been assigned to your company's newly established Risk Management Advisory Services team. This team will provide information, analysis, and recommendations to clients who need assistance with various aspects of IT Risk Management.
Your first task is to prepare a 3 to 4 page research paper which provides an analysis of the IT Governance, IT Management, and Risk Management issues and problems that might be encountered by an e-Commerce company (e.g. Amazon, e-Bay, PayPal, etc.). Your paper should also include information about governance and management frameworks that can be used to address these issues. The specific frameworks that your team leader has asked you to address are:
• ISO/IEC 27000 Family of Standards for Information Security Management Systems
• ISACA's Control Objectives for Information Technology (COBIT) version 5
• NIST's Cybersecurity Framework(also referred to as the "Framework for Improving Critical Infrastructure Security")
The Risk Management Advisory team has performed some initial research and determined that using these three frameworks together can help e-Commerce companies ensure that they have processes in place to enable identification and management of information security related risks particularly those associated with the IT infrastructure supporting online sales, payment, and order fulfillment operations. (This research is presented in the Background section below.) Your research paper will be used to extend the team's initial research and provide additional information about the frameworks and how each one supports a company's risk management objectives (reducing the risks arising from cyber threats and cyberattacks against information, information systems, and information infrastructures). Your research should also investigate and report on efforts to date to promote the use both frameworks at the same time.
Your audience will be members of the Risk Management Services team. These individuals are familiar with risk management processes and the e-Commerce industry. Your readers will NOT have in-depth knowledge of either framework.For this reason, your team leader has asked you to make sure that you include a basic overview of these frameworks at the beginning of your paper for the benefit of those readers who are not familiar with CSF and COBIT.
Background
Security Controls
Security controls are actions which are taken to "control" or manage risk. Security controls are sometimes called "countermeasures" or "safeguards." For this assignment, it is important to understand that it is not enough to pick or select controls and then buy or implement technologies which implement those controls. A structure is required to keep track of the controls and their status -- implemented (effective, not effective) and not implemented. The overarching structure used to manage controls is the Information Security Management System.
Write:
Use standard terminology including correctly used cybersecurity terms and definitions to write a two to three page summary of your research. At a minimum, your summary must include the following:
1. An introduction or overview of the role that the Information Security Management System playsas part of an organization's IT Governance, IT Management, and Risk Management activities. The most important part of this overview is a clear explanation of the purpose and relationships between governance and management activities as they pertain to managing and reducing risks arising from the use of information technology.
2. An analysis section that provides an explanation of how ISO/IEC 27000, 27001, 27002; COBIT 5; and NIST's CSF can be used to improve the effectiveness of an organization's risk management efforts for cybersecurity related risks. This explanation should include:
a. An overview of ISO/IEC 27000, 27001, and 27002 that includes an explanation of the goals and benefits of this family of standards (why do businesses adopt the standards, what do the standards include / address, what are the desired outcomes or benefits).
b. An overview of COBIT 5 that includes an explanation of the goals and benefits of this framework (why do businesses adopt the framework, what does the framework include / address, what are the desired outcomes or benefits).
c. An overview of the NIST Cybersecurity Framework (CSF) which explains how businesses can use this framework to support ALL of their business functions (not just critical infrastructure operations).
d. Five or more specific examples of support to risk management for e-Commerce and supporting business operations that can be provided by implementing ISO/IEC 27000/1/2, COBIT 5, and NIST CSF.
3. A recommendations section in which you provide and discuss five or more ways thate-Commerce companies can use the standards and frameworks at the same time (as part of the same risk management effort). You should focus on where the frameworks overlap or address the same issues / problems. (Use Table 2: Informative References to find overlapping functions / activities.) You are not required to identify or discuss potential pit falls, conflicts, or other types of "problems" which could arise from concurrent use of multiple guidance documents.
4. A closing section that provides a summary of the issues, your analysis, and your recommendations.
Format your assignment according to the following formatting requirements:
1. The answer should be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides.
2. The response also includes a cover page containing the title of the assignment, the student's name, the course title, and the date. The cover page is not included in the required page length.
3. Also include a reference page. The Citations and references should follow APA format. The reference page is not included in the required page length.
Attachment:- Project-Integrating-NIST's-Cybersecurity-Frameworkwith-IT-Governance-Frameworks.rar