The Development Information Security Essay Example | Topics and Well Written Essays - 6250 words

The culture study Security - Essay ExampleThere are many well-known certificate department standards available, for instance, ISO, NIST, and COBAT. However, most(prenominal) of the Security Frameworks stress more on compliance requirements and controls quite than efficientness. Standards, procedures and practices provided to larger organization easily soak the SMEs. Due to lack of resources, SMEs often spend minimum amount on security and scarcely implement their resources to apply hundreds of skinny practices provided by security standards and frameworks. Furthermore, SMEs do not adapt to all the ISO security standards rather they define their own strategies in order to meet their specific security goals. It indicates the importance of providing SMEs a security framework that facilitates the task of identifying and applying security measures in accordance with their own needs and requirements. Therefore, we need to go rear to square one and design a more suitable portfolio of solutions in order to cater a broader set of organizations and circumstances. There is no single industry security standard that provides all the answers. However, a good industry standard does provide a widely accepted and proven framework. It not only defines a particular security program in order to provide a foundation for security outline but also satisfies particular needs of the organization. Such framework is derived from the development of a prioritized set of objectives and practices as suggested by literature and standards provided by ISO standards. This security framework provides steps to establish best suited Information Security Management System (ISMS) for SMEs. These ISMS are based on ISO standards which enable SMEs to see the value of security outside of technical constraints and regulatory compliance. Moreover, it helps SMEs to incorporate securitypractices, controls and procedures to align business requirements with IT security requirements. Moreover, it pro vides support for effective use of technology, central management, adaptability, flexibility, performance, interoperability and compliance on the forefront.