CSIA 350: Cybersecurity in Business & Industry - University of Maryland Global Campus

1. An introduction or overview of the role that the Information Security Management System plays as part of an organization’s IT Governance, IT Management, and Risk Management activities. The most important part of this overview is a clear explanation of the purpose and relationships between governance and management activities as they pertain to managing and reducing risks arising from the use of information technology.

2. An analysis section that provides an explanation of how ISO/IEC 27000, 27001, 27002; COBIT 5; and NIST’s CSF can be used to improve the effectiveness of an organization’s risk management efforts for cybersecurity related risks. This explanation should include:

a. An overview of ISO/IEC 27000, 27001, and 27002 that includes an explanation of the goals and benefits of this family of standards (why do businesses adopt the standards, what do the standards include / address, what are the desired outcomes or benefits).

b. An overview of COBIT 5 that includes an explanation of the goals and benefits of this framework (why do businesses adopt the framework, what does the framework include / address, what are the desired outcomes or benefits).

c. An overview of the NIST Cybersecurity Framework (CSF) which explains how businesses can use this framework to support ALL of their business functions (not just critical infrastructure operations).

d. Five or more specific examples of support to risk management for e-Commerce and supporting business operations that can be provided by implementing ISO/IEC 27000/1/2, COBIT 5, and NIST CSF.

Get assured A++ grade in eachCSIA 350: Cybersecurity in Business & Industry Assignment Help service order – Order for originally written solutions!.

1. Aims
The intention or aim of the study is the analysis of the issues that are mostly encountered in recent times, by the e-commerce companies. The issues are majorly related with the role of Information Technology on the Management, Governance. As a part of the Risk Management Advisory Services team, the major risks that arise from the attacks and threats of cyber security are to be analyzed and interpreted to save the clients and the organization as a whole.

2. Objectives

There is numerous purpose of the study and few of them are as follows:

- To develop an analysis of all the risks that can be encountered by the organization due to the potential threats of the Information technology.
- To ensure that the strategy or plan developed will reduce or minimize the risks to a larger extent that would have occurred without the study.
- To develop a good investigation towards the promotion of the frameworks related to the cyber crimes and security.

3. Introduction

Information security in today's organizations has become the realm of professionals who set up and build up equipment and software. Many companies claim that their companies are well protected by antivirus, firewalls, data encryption and password system. However, as we all know, the technical security will never be enough to prevent those interested in gaining organization assets. There are different types of actions that form a part of the management and Governance. Therefore, all of them require a separate structure for serving different objectives.

Governance ensures the stakeholders needs, decision making (De Haes et al., 2016). The major responsibility of the executive management is the planning, building, running and monitoring of the actions.

4. Literature Review

ISO/IEC 27000 FAMILY OF INFORMATION SECURITY SYSTEM

These standards are the frameworks that are known globally for supporting of the information standards of security. It helps in framing best practices towards the security management of information and data. The above series of standards were formed by the International Electro technical commission (IEC) and international organization for standardization (IOS). The applicability of the IOS 27000 family of standard is covered for all types of organizations and thus, broader in scope (Khouja et al., 2018). As technology is developing day by day, latest standards are developing to deal with the varying necessities of information security in unlike organizations and different environment.

ISO/IEC 27001

An organization certified with ISO/IEC 27001 will provide benefits in terms of external competitiveness and security of the internal systems. As per González & González (2015), it helps in exchanging the secured information along with the protection of the sensitive data and information. It helps in management of the risk and thus, fewer chances of incidents being realised. It helps in strengthening the internal organisation and improves the security of the company. Furthermore, it helps in the reduction of the need of the safety related data towards request for contract.

ISO/IEC 27002

The protection of the assets of an organization can be done easily by the security of the information. ISO 27002 securities provide assurance that they are providing the proper protection to the internal information assets using certain norm and condition in synchronization with the internationally documented standards. It provides a framework for determining the safety measures and issues in the organization. It can be a deciding factor towards negotiating in a contract.

COBIT 5

An orderly approach, language in common and easy understanding towards the challenging aspects of various organizations is provided by COBIT 5. Furthermore, it helps in the clarification of the decisions and goals of the organization for better decision making. It helps in tackling the requirements of stakeholders across the company. It also helps in realizing the optimistic and constructive prospective of the technology. It enhances the confidence to enable modernization through technology. The COBIT 5 assessment models include thirty seven processors across the management and the governance. Further, it includes things like managing the change occurred in the organization, any strategy change or running any service task (Huygh et al., 2018). COBIT 5 provides the most excellent guidelines for maintaining each process. It ensures that the process performs correctly. It also provides a set of tools, which can be very useful in setting the objectives and monitoring merits.

Overview of the NIST Cyber Security Framework

The NIST framework of cyber security is the process of creating framework profiles organizations that provides an opportunity to be familiar with areas where existing processes can be enhanced and implement new processes. It is basically a frequently used language and an organized methodology for managing cyber security risk. These profiles, when paired with frameworks it provide easy understanding to verbal communication which allows stronger communication throughout the organization; they have used tiers to verify optimal levels of risk management (Pereira et al., 2017). Organizations are in search of creating profiles that are really useful and efficient for understanding the existing cyber security that are implied in various business environments. Various plans are leveraged in prioritizing and budgeting for cyber security improvement activities. It allows an organization to acquire complete benefits of the framework by enabling cost-effective prioritization and statement of enhanced activities among organizational stakeholder. It also set a certain expectations among the suppliers and partners to improve activities among the co-workers. In addition, associated implementation plans can be leveraged as strong artefact for demonstrating due care. Organizations can create their own structure for this program that includes responsibilities, resources and scope. Organization makes backup copies of very important business data and information, and it also controls physical access to the computer and creates users accounts for each employee.

Supporting risk management in businesses

Implement security improvements which are guided by the NIST framework that is related to the profile of the organization that will lessen security incidents and also allows improvement from any incidents that might occur in the future.
Increasing awareness and concerns about the cyber related threads helps in preventing risk management for the organization as it provides critical damage to the business (Van, & De Haes, 2018).

An organization needs to understand the nature of cyber threats as it can hugely impact the business, consider cyber security as a part of large information safety as a whole by taking some orderly approach, not a piecemeal plugging of holes.

5. Recommendation

The e-commerce companies are at higher risk modes and thus, the frameworks and standards must form a part of the organizations. This can be done by creation of awareness within the organization by referring to the policies and structure of the same. There must be a survey conducted showing about the issues and resolving policies covered under the standards and policies.

The implementation of the COBIT approach helps in the step by step management approach for the adoption of the practices for forming a best practice of governance system. While, the NIST Cyber security Framework has a main focus on the specific practices of the security related issues. Each of the frameworks is referenced towards each other and hence, they complement each other at a great level. The COBIT approach looks after the process levels, under the appropriate publications of the NIST, whereas the NIST considers the approach of COBIT as the references of an informative nature. Lastly, both the frameworks and standards form a part of the holistic structure but, COBIT looks after the holistic program of GEIT. On the other hand, NIST looks after solid program of cyber safety that considers main functions like the identification, protection, detection, responsiveness and recovery of the data of the organization.

6. Conclusion

Foundation framework for cyber security management is flexible to support any organization it is applicable in many industries. Organization can create their own structure for this program that includes responsibilities. It makes backup copies of very important business data and information. It identifies assets management, building environment and risk management strategy. It brings awareness in data security, protects procedure and technology. It detects security continuous monitoring and events. It increases awareness and concerts about the cyber threads. An organization needs to understand the nature of cyber threads as it can hugely impact the business as it provides critical damage to the business.

Get readymade CSIA 350: Cybersecurity in Business & Industry Assignment Help service assignment solutions – 100% plagiarism free work document at nominal charges!

Get our University of Maryland Global Campus Assignment Help for the below mentioned courses like:-

• CSIA 535 National Cybersecurity Policy and Law Assignment Help
• CSIA 300 Cybersecurity for Leaders and Managers Assignment Help
• CSIA 413 Cybersecurity Policy, Plans, and Programs Assignment Help
• CSIA 310 Cybersecurity Processes and Technologies Assignment Help
• CSIA 485 Practical Applications in Cybersecurity Management and Policy Assignment Help
• CSIA 360 Cybersecurity in Government Organizations Assignment Help
• CSIA 520 Human Aspects in Cybersecurity: Ethics, Legal Issues, and Psychology Assignment Help
• CSIA 459 Evaluating Emerging Technologies Assignment Help
• CSIA 530 Prevention and Protection Strategies in Cybersecurity Assignment Help