information security management systems · isaca ’ W r i t i n g

Prepare a 4 page research paper which provides an analysis of the IT Governance, IT Management, and Risk Management issues and problems that might be encountered by an e-Commerce company (e.g. Amazon, e-Bay, PayPal, etc.). Your paper should also include information about governance and management frameworks that can be used to address these issues. The specific frameworks that your team leader has asked you to address are:

· ISO/IEC 27000 Family of Standards for Information Security Management Systems

· ISACA’s Control Objectives for Information Technology (COBIT) version 5

· NIST’s Cybersecurity Framework (also referred to as the “Framework for Improving Critical Infrastructure Security”)

READ THE ENTIRE ATTACHED DOCUMENT BEFORE BEGINNING

Rubric:

– Provided an excellent overview of the role that an Information Security Management System plays as part of an organization’s IT Governance, IT Management, and Risk Management activities. Provided a clear and concise explanation of the relationships between these activities. Appropriately used information from 3 or more authoritative sources.

– Provided an excellent analysis and explanation of how ISO/IEC 27000, 27001, 27002; COBIT 5; and NIST’s CSF can be integrated to improve the effectiveness of an organization’s risk management efforts for cybersecurity related risks. Appropriately used and cited information from 5 or more authoritative sources.

– Provided an excellent discussion of the use of ISO/IEC 27000/1/2, COBIT5, and NIST CSF to reduce IT related risks for e-Commerce and related business operations. Provided 5 or more examples of ways that these frameworks can support risk management efforts. Appropriately used information from 3 or more authoritative sources.

– Provided an excellent discussion illustrating how e-Commerce companies can integrate and use the ISO 27000/1/2, COBIT, and NIST CSF standards and frameworks as part of the organization’s risk management efforts. Included discussion of 5 or more areas where two or more frameworks overlap or address the same issues / problems. Appropriately used information from 3 or more authoritative sources.

– Provided an excellent summary and conclusions section which presented a summary of findings including 3 or more benefits of using ISO/IEC 27000/1/2, COBIT 5, and/or NIST CSF to support risk management in an e-Commerce organization. Appropriately used information from authoritative sources.

– Demonstrated excellence in the use of standard cybersecurity terminology to support discussion of security issues. Appropriately used 5 or more standard terms.