StudyDaddy Computer Science Project 3: Business Continuity Start Here In the process of enterprise risk management, a primary element is the business continuity plan (BCP), which consists of steps to continue operations should a

Project 3: Business Continuity Start Here In the process of enterprise risk management, a primary element is the business continuity plan (BCP), which consists of steps to continue operations should a

Learning Topic

Print

Security and Audit Frameworks

Security and audit frameworks provide benchmarks for cybersecurity practitioners to audit or review systems.

Some frameworks are government-created. These frameworks are not mandatory, only recommended, and encouraged to be implemented by cybersecurity enterprises.

Most of the security and audit frameworks are created by private organizations. Those frameworks are recognized as best practices, which give credibility to the organizations following the guidelines.

Examples of best practices security and audit frameworks include: Committee of Sponsoring Organizations of the Treadway Commission (COSO); IT Infrastructure Library (ITIL); Control Objectives for Information and Related Technology (COBIT); and ISO/IEC 27002:2013.

The ISO/IEC 27002:2013 standards provide guidelines for organizational information security standards and information security management practices, including the selection, implementation and management of controls, with consideration of the organization's information security risk environment(s).

According to the website for the International Organization for Standardization (ISO), the ISO/IEC 27002:2013 was designed to be used by organizations that intend to:

  1. select controls within the process of implementing an information security management system based on ISO/IEC 27001

  2. implement commonly accepted information security controls

  3. develop their own information security management guidelines

ITIL is a collection of books published by the government of the United Kingdom. The books feature best practices that align IT services with the needs of businesses. The latest version of ITIL is version 4, and was released in Feburary 2019.

COSO was originally organized in 1985 to sponsor the National Commission on Fraudulent Financial Reporting, and eventually developed recommendations for public companies and their auditors, other regulators, and educational institutions, according to the organization's website.

COBIT, a set of best practices for IT management, was created in 1996 by the Information Systems Audit (ISA), the Control Association (ISACA), and the IT Governance Institute (ITGI).

References

Committee of Sponsoring Organizations of the Treadway Commission. (n.d.). About us. https://www.coso.org/Pages/aboutus.aspx

International Organization for Standardization (ISO). (n.d.). ISO/IEC 27002: 2013: Information technology -- security techniques -- code of practice for information security controls. http://www.iso.org/iso/catalogue_detail?csnumber=54533

Have a similar question?

Continue to edit or attach image(s).

  • Fast and convenient

    Fast and convenient

    Simply post your question and get it answered by professional tutor within 30 minutes. It's as simple as that!

  • Any topic, any difficulty

    Any topic, any difficulty

    We've got thousands of tutors in different areas of study who are willing to help you with any kind of academic assignment, be it a math homework or an article.

  • 100% Satisfied Students

    100% Satisfied Students

    Join 3,4 million+ members who are already getting homework help from StudyDaddy!