CYB210_Week 8 DiscussionUnderstanding the Work of the IT Governance Board_post1

Is there anything else you׳d like to ask?
Our top-rated tutors can help you.

Click here to post a question
Related Documents
1 / 3100%
Today, my objective is to brief you about the IT security management
standard, particularly the ISO 27001.
In my briefing, I’ll provide background information and the purpose of
the system. Additionally, I will also state some key considerations and
recommendations. In front of you, is a handout for this brief for your
perusal.
If you have any questions, please ask them after the briefing.
Let me start by providing you with some information on management
systems. A management system is a group of policies, procedures,
resources, and practices outlined to direct how an organization
controls the correlative areas of its business to accomplish its
objectives (Management system standards. (n.d.). The objectives can
include operational efficiency, the quality of products or services,
workplace health, and safety, to name a few (The Praxiom Research
Group Ltd. (n.d.).
I’ll now move on to a brief overview and background information on
the ISO 27001 standard.
The ISO 27001 standard is an information security management
system (ISMS) that establishes several requirements for effectively
managing the safety of an organization’s information. It outlines the
required policies and procedures to safeguard the business and
includes all the controls for managing risks necessary for IT security
management to be resilient (Irwin, 2021).
This brings me to the purpose of the ISO 27001 ISMS. It provides a
methodical outlook for governing the information security of an
organization. Additionally, it is a framework that allows a company to
manage, observe, review, and improve their information security
practices in one area and is designed to be used for certification
purposes (Irwin, 2021).
Now I’ll identify some key considerations for implementing the ISO
27001 ISMS. Three key things to note when considering an ISMS are
the system’s design, implementation, and maintenance.
c c c c - The design phase is significantly essential as it primarily
affects the implementation of the system, therefore, determining its
success or failure. During this phase, a vital thing to note is the
clarification and setting of the business objectives and ensuring that
security controls are implemented to support the ISMS. Additionally,
identifying and prioritizing the protection of key information assets
that support the business, such as hardware and electronic documents,
is paramount (Kirvan & Granneman, n.d.).
c c c c - The implementation phase requires understanding,
participation, and commitment on a cross-functional level
companywide and engagement from management to be successful
(Kirvan & Granneman, n.d.).
c c c c - Effectively maintaining the ISMS after the certification
involves establishing security controls that have quantifiable gains.
To conclude, I think the best course of action is for PBI to be in
compliance with ISO 27001. I offer this recommendation as, though it
is not mandatory, compliance with this standard will greatly benefit the
company. These benefits include financial performance improvement,
increased ability to provide consistent quality services to our guests,
and enhanced risk management protocols.
By becoming ISO 27001 certified, it shows that PBI has recognized its
risks, analyzed the implications, and implemented systemized controls
to reduce any damage to the company.
This brings me to the end of my briefing.
Thank you for your attention. I’ll now be taking any questions.
References
Irwin, L. (2021). What an ISMS is and 5 reasons your organisation
should implement one. IT Governance Blog En. Retrieved from
https://www.itgovernance.eu/blog/en/what-is-an-isms-and-why-does-
your-organisation-need-one
Kirvan, P., & Granneman, J. (n.d.). Top 10 IT security frameworks and
standards explained. SearchSecurity. Retrieved from
https://www.techtarget.com/searchsecurity/tip/IT-security-
frameworks-and-standards-Choosing-the-right-one
Management system standards. (n.d.).iso.org. Retrieved from
https://www.iso.org/management-system-standards.html
The Praxiom Research Group Ltd. (n.d.). ISO 27001 Introduction to
Information Security Management . ISO IEC 27001 2013 introduction.
Retrieved from https://www.praxiom.com/iso-27001-intro.htm
Students also viewed