ITM 537 Module 2 Case

Module 2 - Case

INFORMATION SECURITY FRAMEWORKS AND STANDARDS IN THE GLOBAL CONTEXT

Assignment Overview

The original security evaluation standards were developed by the U.S. Department of Defense (DoD) in the early 1980s in the form of Trusted Computer systems Evaluation Criteria (TSSEC), commonly referred to as the Orange Book. Given the importance and usefulness of TCSEC, other countries such as Canada, U.K., Germany, and France developed their own. Later in 1990, the European Commission harmonized the security evaluation efforts of individual countries by establishing the European equivalent of TCSEC, the Information Technology Security Evaluation Criteria (ITSEC). More recently, in 2007, in an effort to create a repository for network and information security standardization efforts in Europe for security vendors, service providers, developers, and researchers, a portal sponsored by the International Communications Union (ITU) . This portal is being updated and provides great information on standards.

In this case assignments, you are required to go over the "required" readings available in background material about security standards. You are also encouraged to browse the optional material for other relevant material.

When you've read the required articles and conducted additional research on the optional readings and other readings you find interesting, please compose a short (3-4 pages without counting the cover and references) paper on the topic:

What information standard(s) should your company follow and why?

Some of security standards available are ISO27002, ISO17799, Rainbow Series, TCSEC, ITSEC, Common Criteria, IETF, GMITS, GASSP, OECD, and the 800-series.

Below are some questions for you to think about to help you get started:

• Select an organization that you want to focus on in this assignment (it could be your own or just any company that you know about).
• Provide a comprehensive definition of security standards
• Make sure you refer to ISO17799 (ISO17799 has been replaced by ISO27001 and 27002 but you may refer to ISO17799 since that is the one that has more material available online).
• What are the most important categories or standards that you would recommend your company to follow and why? In your justification describe the type of company you are referring to.

Remember, you do not have to explicitly answer these questions in your assignment. You should think about these questions and then integrate your thoughts into a well-organized answer to the primary question.

For writing help, refer to the Trident University International Student Guide to Writing a High-Quality Academic Paper

Assignment Expectations

Length: Follow the number of pages required in the assignment excluding cover page and references. Each page should have about 300 words.

Your assignment will be evaluated based on the Rubric.