Integrating NIST CSF with IT Governance Frameworks
Nkengazong Tung
University of Maryland University College
29 AUGUST 2019
IT governance is the processes that ensure the effective and efficient use of IT in enabling an organization to achieve its goals. In the eCommerce industry, IT governance develop structure by characterizing hierarchical detailing lines, oversight advisory groups, standards, approaches, and procedures. A well-characterized structure viably sets the working limits for the association (Moeller, 2017). It additionally sets guidelines by making or lining up with the corporate procedure and characterizing the short and long haul objectives for the association. In the eCommerce industry, it is important to note how the regulations are followed, how standards are followed by the process managers, how planning for the capacity of servers should be done, ensure all the IT assets are tracked, etc. This internal function that is self-checking the “health status” of the various process to ensure the smoother function is Governance. Comment by Michael Baker: Recommend subtitles that match rubric
IT management is overseeing IT services or innovation in an organization. It has several elements, all of which focus on aligning IT goals with business objectives in a way that creates the most value of an organization. These components are IT strategy, IT service and IT asset. Some of IT management issues faced by an eCommerce company include ways to secure customers information, providing value to the company, as well as supporting business operations. To address IT management challenges faced in eCommerce, IT policies must be put in place to define various processes within the organization. A policy is a set of guidelines that define how things are done within an organization. With a well-defined policy, activities in the eCommerce industry are well outlined and making it easy to operate.
Risk Management is the process used to identify, evaluate and respond to possible accidental losses in situations where the only possible outcomes are losses or no change in the status. It is an overall administration function that tries to evaluate and address the circumstances and end results of vulnerability and threat to an association (Susmann & Braman, 2016). The aim of threat management is to empower an association to advance towards its objectives and goals in the most immediate, proficient, and viable way. Risk management issues faced by an eCommerce company are loss of data, unauthorized access of data as well as system failure. To address risk management in the eCommerce industry, a comprehensive risk management plan must be developed to address possible risks that might cause harm to the system. A good risk management plan provides procedures as well as guideline on how to respond to threats and also unforeseen incidents. By having a well-laid plan, the eCommerce industry can minimize or avoid threats by responding to them at the right time. Comment by Michael Baker: Does not match reference
ISO/IEC 27000
ISO/IEC 27000 is an international security body that guides organizations in different sectors in meeting critical legislative as well as regulatory requirements related to information security. The role of this body is to ensure that organizations secure their data via effective innovation, auditing as well as employee awareness programmes. Cyber threats are among one of the biggest threats any organization face, they are dynamic hence difficult to address. These threats are conducted by hackers who manipulate computer systems for their good. ISO/IEC 27000 helps organizations in protecting their assets, determining and monitoring risks as well as having a defined plan to ensure that new security threats are attended to. This standard plays a huge role in eCommerce industry as it defines various guideline that addresses security issues within that sector. Any industry dealing with information must register with this body to ensure information security and also to meet international standards. Comment by Michael Baker: Programmers
ISACA
This is an international nonprofit body that focuses on the development, adoption as well as the implementation of internationally accepted information framework and processes. It provides benchmark and tools for sectors that deal with information systems. It also hosts forums that focus on various managerial issues relating to control systems and IT governance. ISACA’s coordinates various security certification programs where anyone certified under this program can operate all over the world. This body plays a significant role in upgrading COBIT which helps the organization in different sectors to manage their information and innovation.
NIST (National Institute of Standards and Technology)
NIST is a government body that develops innovation, metrics as well as guidelines to enhance innovation and economic competitiveness. It provides standards and security controls for an information system, NIST standards are endorsed by the government and organizations register with this body due to the fact that it enhances best security practices across different sectors (Akpose, 2016). One of the advantages of NIST compliance is the fact that it helps in ensuring that an organization infrastructure is secure it also provides guidelines for companies to follow when attaining compliance with specific regulations such as HIPAA. Ecommerce deals with sensitive clients’ information such as their names, home address as well as social security number which can cause harm in wrong hands. To protect this information, eCommerce companies should register with NIST which can guide them towards securing their information and also their systems. Comment by Michael Baker: You are missing complete sections to include the summary.
Reference Comment by Michael Baker: References should be in alphabetical order
Moeller (2017). IT governance: Improving systems processes with service management, Cobit and ITIL. Hoboken
IT Governance Institute. (2015). Information security governance: Rolling Meadows, IL: Author. Comment by Michael Baker: Missing inline reference
Akpose, W. (2016). NIST Cybersecurity Framework: A practitioner’s perspective. 6igma Associates.
Vaseashta, A., Susmann & Braman, E. (2016). Cyber Security and Resiliency Policy Framework. IOS Press.