登录查看更多内容

How can you use security frameworks to improve information governance?

由人工智能和领英社区提供技术支持

Information governance is the process of managing the creation, use, storage, and disposal of information assets in an organization. It involves defining policies, roles, and responsibilities for ensuring the quality, security, and compliance of information. However, information governance can be challenging in the face of complex and evolving threats, regulations, and business needs. How can you use security frameworks to improve information governance? In this article, you will learn about the benefits and examples of security frameworks, and how to apply them to your information systems.

此文章中的业界达人

由社区从 3 条内容中精选。了解更多

Lalit Shekhawat

Senior Manager - Infosec - Third Party Risk/ GRC /VRM - CTPRA

1 What are security frameworks?

Security frameworks are sets of standards, guidelines, and best practices for designing, implementing, and maintaining information security in an organization. They provide a common language, structure, and methodology to help align security strategy with business goals and objectives, establish a baseline for measuring and improving security performance, demonstrate compliance with external regulations and internal policies, enhance reputation and trust with stakeholders and customers, as well as reduce costs and complexity by adopting proven and consistent security practices.

添加您的观点

Lalit Shekhawat

Senior Manager - Infosec - Third Party Risk/ GRC /VRM - CTPRA
举报内容
Security frameworks are structured sets of guidelines or best practices that provide a systematic approach to managing information security. They help organizations define and prioritize the tasks required to build security into their systems. Here are a few widely recognized security frameworks: 1. ISO 27001/27002 2. NIST Cybersecurity Framework 3. CIS Critical Security Controls 4. PCI DSS 5. COBIT 6. HIPAA Security Rule

已翻译

赞

2 Examples of security frameworks

There are many security frameworks available for different purposes, industries, and regions. ISO/IEC 27000 series is a family of international standards for information security management systems (ISMS), NIST Cybersecurity Framework is a voluntary framework developed by the U.S. National Institute of Standards and Technology (NIST) to improve resilience against cyberattacks, COBIT is a framework for governance and management of enterprise IT that integrates security principles and practices into business processes, and CIS Controls is a set of 20 prioritized and actionable security controls based on the most common and effective security practices. ISO/IEC 27000 series covers various aspects of security, such as risk assessment, controls, audit, and certification; NIST Cybersecurity Framework consists of five core functions: identify, protect, detect, respond, and recover; COBIT defines four domains: plan and organize, acquire and implement, deliver and support, and monitor and evaluate; CIS Controls covers basic, foundational, and organizational security areas like inventory, configuration, access, data protection, incident response, and awareness.

添加您的观点

Lalit Shekhawat

Senior Manager - Infosec - Third Party Risk/ GRC /VRM - CTPRA
举报内容
Few widely recognized security frameworks: 1. ISO 27001/27002: ISO 27001 provides requirements for establishing, implementing, and maintaining an ISMS. 2. NIST Cybersecurity Framework: This framework provides a set of industry standards and best practices to help organizations manage and reduce cybersecurity risk. 3. CIS Critical Security Controls: It is a prioritized set of actions that collectively form a defense-in-depth set of best practices. 4. PCI DSS: It is a set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment. 5. COBIT: Control Objectives for Information and Related Technologies is a framework for IT management and governance.

已翻译

赞

3 How to choose a security framework

When selecting a security framework, there are several factors to consider, such as industry, size, scope, risk profile, and compliance obligations. You should ask yourself what your security goals and objectives are, as well as what legal and regulatory requirements apply to your information systems. Additionally, you need to be aware of the threats and vulnerabilities that affect your information assets and the resources and capabilities you have to implement and maintain security controls. Furthermore, it's important to consider the benefits and costs of adopting a security framework. You can also compare different frameworks based on their scope, maturity, flexibility, and compatibility. To evaluate how well a security framework meets your needs and expectations, you can use tools such as mapping tables, gap analysis, and benchmarking.

添加您的观点

Lalit Shekhawat

Senior Manager - Infosec - Third Party Risk/ GRC /VRM - CTPRA
举报内容
Choosing a security framework for your organization can be a complex task, as it depends on various factors. 1. Understand Your Needs: The first step is to understand your organization's specific needs and objectives. What are your key assets and how are they currently protected? What are your main security risks? What legal and regulatory requirements do you need to comply with? The answers to these questions can help you identify what you need from a security framework. 2. Consider Your Industry: Some industries have specific security standards or frameworks. For example, HIPAA, PCI DSS. 3. Evaluate the Frameworks: Look at what each framework offers and how it aligns with your needs. 4. Consider the Implementation Cost and Complexity.

已翻译

赞

4 How to implement a security framework

Implementing a security framework requires a systematic and iterative approach that involves defining the scope and boundaries of your information systems and assets, conducting a risk assessment to identify and prioritize security risks, selecting and implementing relevant security controls, monitoring the effectiveness of your security controls, and reviewing and updating your security framework periodically. All of these steps are necessary to ensure that your security environment and performance are up to date.

添加您的观点

5 How to improve information governance with a security framework

Using a security framework can help you to improve information governance in several ways, such as providing direction and guidance for your information security policies, enhancing the accountability of roles and functions, improving communication among stakeholders, strengthening the protection of information assets, and increasing the confidence of customers. A security framework can also support your information governance by enabling you to align your security with quality, privacy, and ethics principles; integrate security with lifecycle management and retention practices; and leverage security as a competitive advantage.

添加您的观点

6 Here’s what else to consider

This is a space to share examples, stories, or insights that don’t fit into any of the previous sections. What else would you like to add?

添加您的观点

Information Systems

+ 关注

给文章评分

我们借助人工智能创建了此文章。您认为这篇文章怎么样？

很棒不太好

举报此文章

查看全部

How can you use security frameworks to improve information governance?

1

2

3

4

5

6

1 What are security frameworks?

2 Examples of security frameworks

3 How to choose a security framework

4 How to implement a security framework

5 How to improve information governance with a security framework

6 Here’s what else to consider

Information Systems

给文章评分

感谢您的反馈

更多Information Systems相关文章

更多相关阅读内容

How can you use security frameworks to improve information governance?

1

2

3

4

5

6

1 What are security frameworks?

2 Examples of security frameworks

3 How to choose a security framework

4 How to implement a security framework

5 How to improve information governance with a security framework

6 Here’s what else to consider

Information Systems

给文章评分

感谢您的反馈

查看其他技能