Cybersecurity Framework Implementation

The NIST Framework for Improving Critical Infrastructure Security, commonly referred to as the Cybersecurity Framework or CSF, was developed in collaboration with industry, government, and academia to provide a common language and common frame of reference for describing the activities required to manage cyber-related risks and, in so doing, protect and defend against cyber attacks[1].

[1] Source: https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf

Confronting Sources of Cybersecurity https://www.bestacademicexperts.com/confronting-challenges-cikr-cybersecurity/

Task

Use standard terminology including correctly used cybersecurity terms and definitions to write a two to three page summary of your research. At a minimum, your summary must include the following:

1. An introduction or overview of the role that the Information Security Management System plays as part of an organization’s IT Governance, IT Management, and Risk Management activities. The most important part of this overview is a clear explanation of the purpose and relationships between governance and management activities as they pertain to managing and reducing risks arising from the use of information technology.
2. An analysis section that provides an explanation of how ISO/IEC 27000, 27001, 27002; COBIT 5; and NIST’s Cybersecurity Framework can be used to improve the effectiveness of an organization’s risk management efforts for cybersecurity-related risks. This explanation should include:
   1. An overview of ISO/IEC 27000, 27001, and 27002 that includes an explanation of the goals and benefits of this family of standards (why do businesses adopt the standards, what do the standards include / address, what are the desired outcomes or benefits).
   2. An overview of COBIT 5 that includes an explanation of the goals and benefits of this framework (why do businesses adopt the framework, what does the framework include / address, what are the desired outcomes or benefits).
   3. An overview of the NIST Cybersecurity Framework (CSF) which explains how businesses can use this framework to support ALL of their business functions (not just critical infrastructure operations).
   4. Five or more specific examples of support to risk management for e-Commerce and supporting business operations that can be provided by implementing ISO/IEC 27000/1/2, COBIT 5, and NIST CSF.
3. A recommendations section in which you provide and discuss five or more ways thate-Commerce companies can use the standards and frameworks at the same time (as part of the same risk management effort). You should focus on where the frameworks overlap or address the same issues / problems. (Use Table 2: Informative References to find overlapping functions / activities.) You are not required to identify or discuss potential pit falls, conflicts, or other types of “problems” which could arise from concurrent use of multiple guidance documents.
4. A closing section that provides a summary of the issues, your analysis, and your recommendations.