MN502 Assignment: Analysis of Five IT Security Frameworks

Verified

Added on 2022/09/18

AI Summary

This report provides an overview and comparative analysis of five key IT security frameworks: ISO, NIST, COBIT, ETSI, and RFC. It begins by defining information security frameworks and their importance in mitigating business risks. The report then delves into each framework, discussing their core principles, advantages, and disadvantages. For ISO, it highlights its comprehensive model for manufacturing organizations, emphasizing internal communication and a result-oriented approach, while also noting its high cost for small businesses. The NIST framework's focus on cybersecurity threats and its cost-effectiveness are examined. The COBIT framework's role in bridging technical issues and business risks is detailed, as is the ETSI framework's focus on device and infrastructure security in Europe. Finally, the report covers RFC's role in securing network communication. The report uses sources to support its analysis and provides a comprehensive understanding of each framework's strengths and weaknesses, making it a valuable resource for anyone seeking to understand and implement effective IT security measures.

Running head: SECURITY FRAMEWORKS AND REFERENCE ARCHITECTURES
SECURITY FRAMEWORKS AND REFERENCE ARCHITECTURES
Name of the student:
Name of the university:
Author Note:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1SECURITY FRAMEWORKS AND REFERENCE ARCHITECTURES
Table of Contents
Five IT Security Frameworks.....................................................................................................2
References..................................................................................................................................4

2SECURITY FRAMEWORKS AND REFERENCE ARCHITECTURES
Five IT Security Frameworks
As said by the authors Ammar, Russello and Crispo (2018), a framework of
Information Security is the series of documented policies, processes and procedures that
defines the standards of information management in a business to combat the risk and
vulnerability issues associated with a business. There are various security frameworks and
available such as ISO, NIST, COBIT, ETSI, RFC and many more. Saptarini, Rochimah and
Yuhana (2017) shared views on the ISO 9000 security standards that incorporates a
comprehensive model for the manufacturing organizations to excel in their operations and
provide quality products and services to their customers. The advantage of using this standard
framework is that it allows for enhanced internal communications amongst all departments,
thereby ensuring removal of various uncertainties and risks associated with the business
processes. Moreover, it focuses on a result-oriented approach that allows increasing
productivity in the manufacturing companies. However, the framework is too expensive for
the small-scale industries and they hardly incorporate benefit out of it leading to customer
dissatisfaction.
Again, Almuhammadi and Alsaleh (2017) states that the NIST framework specialises
in handling cyber security risks and was developed by the National Institute of Standards and
Technology and released in 2014. The framework does not incorporate a general approach,
only focuses on the threats of cyber security, and suggests preventive measures to avoid
them. The biggest advantage of this framework is that it is cost-effective and is affordable by
all types of organizations, small or big. Due to the advancements in technology, small schools
or offices are implementing digital methods in their system and thus can easily adapt this
framework to protect their business processes. However, the disadvantage of this framework
is that it does not set up standards for other types of risks in the organization.

3SECURITY FRAMEWORKS AND REFERENCE ARCHITECTURES
According to Mantra (2018), the Information Systems Audit and Control Association
as a tool to bridge the gap between the technical issues and the business risks of any
organization developed the COBIT framework. It comprises of four domains, which are
Planning, Delivering, Implementation and Evaluation. The COBIT model framework
provides guarantee to the business processes the integrity of the IT systems used in the
business. It is advantageous because it manages all kinds of IT issues in the business.
However, the disadvantage of utilising this framework focuses too much on controls and
metrics and lacks the security component in each stage.
The author Lonc and Cincilla (2016), states that the ETSI cyber framework is another
security agenda that is developed specifically for ensuring the security and maintenance of
devices and infrastructures in the European nations as well as worldwide. The areas of
implementing this security standardization are the next generation networks (NGN), smart
cards, algorithms and many more. The ETSI standard framework supports developing
sustainable solutions for strengthening cyber security; however, the biggest limitation of this
framework is that the single layers are not linked with each other sufficiently.
According to Liu et al. (2017), the IETF (Internet Engineering Task Force) created
the standard network protocol to secure network communication and called it RFC (Request
for Comments). The biggest advantage of this security documentation is that it enhances
security by incorporating the user administrator of the systems directly into the network for
communication purpose and hence does not require authorisation every time. However,
redistributing data through the central system is a complicated process in this communicating
protocol.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4SECURITY FRAMEWORKS AND REFERENCE ARCHITECTURES
References
[1] M. Ammar, G. Russello and B. Crispo, Internet of Things: A survey on the security of IoT
frameworks. Journal of Information Security and Applications, 38, pp.8-27, 2018.
[2] I. Saptarini, S. Rochimah and U.L. Yuhana, Security Quality Measurement Framework
for Academic Information System (AIS) Based on ISO/IEC 25010 Quality Model. IPTEK
Journal of Proceedings Series, 3(2), pp.128-135, 2017.
[3] S. Almuhammadi and M. Alsaleh, Information security maturity model for NIST cyber
security framework. Computer Science & Information Technology (CS & IT), 7(3), pp.51-62,
2017.
[4] I.G.N. Mantra, The Model of Quantifying Information Security With Cobit 5 Matrix in
Indonesia Higher Education, 2018.
[5] B. Lonc and P. Cincilla, Cooperative its security framework: Standards and
implementations progress in europe. In 2016 IEEE 17th International Symposium on A
World of Wireless, Mobile and Multimedia Networks (WoWMoM) (pp. 1-6). IEEE, 2016,
June.
[6] X. Liu, M. Zhao, S. Li, F. Zhang and W. Trappe, A security framework for the internet of
things in the future internet architecture. Future Internet, 9(3), p.27, 2017.