Wednesday, June 11, 2008

Overview of Security Standards

Standards help protect information. All organizations, regardless of size, need to secure their data and intellectual property. Standards provide organization management information security guidance and direction. Each standard, when applied effectively, helps an organization address security related issues. Standards represent the knowledge of a large number of experts and provide security implementation recommendations. However, by their nature, standards cannot exactly match the requirements of every organization and care must be taken when determining the appropriateness for each organization.

Various Standards
  • ITIL - Information Technology Infrastructure Library is not focused on security. Instead, it provides a foundation for managing IT infrastructure with a primary focus on service support and service delivery.
  • COBIT - Control Objectives for Information and related Technology focuses on controls that provide management with assurance that IT is operating in a controlled manner.
  • NIST - the National Institute of Science and Technology develops and issues standards, guidelines, and other publications to assist federal agencies in implementing the Federal Information Security Management Act (FISMA) of 2002 and aims to protect information and information systems.
  • ISO - the International Organization for Standardization (ISO) is the world’s largest developer of standards (over 15,000 in total), including the 27000 series focused on information security.
When combined with assessments, standards can help you identify, manage, and reduce your security risks.

Labels: , , ,