Integrating NIST’s Cybersecurity Framework with Information Technology Governance Framework

Integrating NIST’s Cybersecurity Framework with Information Technology Governance Framework

Work type: Research paper

Format:       APA

Pages:         4 pages ( 1100 words, Double spaced

Academic level:    Undergrad. (yrs 3-4)

Subject or discipline:     Technology

Title: Integrating NIST’s Cybersecurity Framework with Information Technology Governance Framework

Number of sources:        3

Paper instructions:

Write:

Use standard terminology including correctly used cybersecurity terms and definitions to write a three to four page summary of your research. At a minimum, your summary must include the following:

  1. An introduction or overview of the role that the Information Security Management System plays as part of an organization’s IT Governance, IT Management, and Risk Management activities. The most important part of this overview is a clear explanation of the purpose and relationships between governance and management activities as they pertain to managing and reducing risks arising from the use of information technology.
  2. An analysis section that provides an explanation of how ISO/IEC 27000, 27001, 27002; COBIT 5; and NIST’s CSF can be used to improve the effectiveness of an organization’s risk management efforts for cybersecurity related risks. This explanation should include:
  3. An overview of ISO/IEC 27000, 27001, and 27002 that includes an explanation of the goals and benefits of this family of standards (why do businesses adopt the standards, what do the standards include / address, what are the desired outcomes or benefits).
  4. An overview of COBIT 5 that includes an explanation of the goals and benefits of this framework (why do businesses adopt the framework, what does the framework include / address, what are the desired outcomes or benefits).
  5. An overview of the NIST Cybersecurity Framework (CSF) which explains how businesses can use this framework to support ALL of their business functions (not just critical infrastructure operations).
  6. Five or more specific examples of support to risk management for e-Commerce and supporting business operations that can be provided by implementing ISO/IEC 27000/1/2, COBIT 5, and NIST CSF.
  7. A recommendations section in which you provide and discuss five or more ways that e-Commerce companies can use the standards and frameworks at the same time (as part of the same risk management effort). You should focus on where the frameworks overlap or address the same issues / problems. (Use Table 2: Informative References to find overlapping functions / activities.) You are not required to identify or discuss potential pit falls, conflicts, or other types of “problems” which could arise from concurrent use of multiple guidance documents.

4. A closing section that provides a summary of the issues, your analysis, and your recommendations.