The required article readings this week give a good discussion and look at some of the frameworks that are used to manage risk within organizations and enterprises. One of the readings this week provided an introduction and comparison of different frameworks. As with anything, there are going to be strengths and weaknesses to all approaches.
For your week 6 research paper, please address the following in a properly formatted research paper:
- Do you think that ISO 27001 standard would work well in the organization that you currently or previously have worked for? If you are currently using ISO 27001 as an ISMS framework, analyze its effectiveness as you perceive in the organization.
- Are there other frameworks mentioned has been discussed in the article that might be more effective?
- Has any other research you uncover suggest there are better frameworks to use for addressing risks?
Your paper should meet the following requirements:
- Be approximately four to six pages in length, not including the required cover page and reference page.
- Follow APA 7 guidelines. Your paper should include an introduction, a body with fully developed content, and a conclusion.
- Support your answers with the readings from the course and at least two scholarly journal articles to support your positions, claims, and observations, in addition to your textbook. The UC Library is a great place to find resources.
- Be clearly and well-written, concise, and logical, using excellent grammar and style techniques. You are being graded in part on the quality of your writing
Al-Ahmad, W., & Mohammad, B. (2013). Addressing Information Security Risks by Adopting Standards. International Journal of Information Security Science, 2(2), 28–43. http://search.ebscohost.com/
The high dependency on information technologies has exposed the companies to various risks that can have detrimental effects on the organizations if actualized. When attacks identify and exploit vulnerabilities and steal organizational data, the organization will spend finances to rectify the situation, but there is no guarantee that the organization will recover. These vulnerabilities require that organizations adopt risk assessment and management frameworks to aid in managing the risks. Al-Ahmad & Mohammad (2013) says that since risks cannot be wholly eradicated, reducing them to manageable levels is vital. Enterprises need credible security policies in managing the risks, and there are various frameworks that organizations can adopt to aid in managing security risks. Some of the frameworks are ISO 27001, Risk IT, COBIT, ITIL, and ISO 27005. The IT security frameworks are many, but this paper focuses on using ISO 27001 in organizations, a discussion on other security frameworks mentioned in the article, and a discussion on a framework that researchers have termed as the best.(1991words)