CIS 512 Strayer Univeristy ISO IEC 27000 Suite of Security Standards Discussion

I’m working on a computer science discussion question and need support to help me learn.

Standards are designed to ensure consistency. Without them, no structure would exist.

Go to Basic Search: Strayer University Online Library to locate and integrate at least two quality, academic resources (in addition to your textbook) on the purpose of the ISO/IEC 27000 Suite of Security Standards. You may also use government websites, such as Cybersecurity from the National Institute of Standards and Technology.

Please respond to the following in a post of at least 200 words:

• Describe the purpose of the ISO/IEC 27000 Suite of Security Standards.
• Justify the value they bring to cybersecurity.
• Provide full citations and references, formatted according to Strayer Writing Standards.
  • For assistance and information, please refer to the Strayer Writing Standards link in the left-hand menu of your course. Check with your professor for any additional instructions.

In 60 to 75 words, please respond to at least one other post. Choose to respond to those who have few or no responses.

Student’s response:Professor and Peers,

Ed here. In this week’s discussion, we’re going to dig a little bit dipper into the ISO/IEC 27000 Suite of Security Standards. Specifically, ISO stands for – International Standards Organization., while IEC stands for – International Electrotechnical commission. ISO/IEC fall into what I would refer as computer/cyber security management, which is a primal necessity, which should be considered seriously by organizations. It identifies suitable countermeasures to mitigate security risks in order to offer safety for computer and cyber resources.

What is the purpose of the ISO/IEC 27000 Suite of Security Standards?

ISO 27000 series security standards designed as ‘ISO 27000 family of standards’ or ‘ISO 27k’ are the most prominent international standards adapted by enterprises. It provides guidelines for information security and presents both physical and security practices and procedures. It includes in particular ISO 27001, ISO 27002, ISO 27005, etc. standards, which vary in scope and purpose as well as in depth, and level of detail.

Our textbook tells us on subsection 1.4 that the ISO/IEC 270001 family of standards, also known as the ISO 27000 series, is a series of best practices to help organizations improve their information security.

Additional readings tell us that the ISO/IEC 27000 Suite of Security Standards consists of 46 individual standards, including ISO 27000, which provides an introduction to the family as well as clarifying key terms and definitions (Irwin, 2020). Now, let’s take a quick look at a couple of these standards, not all.

ISO 27000 Series
ISO27001	ISMS Requirements
ISO27002	ISMS controls
ISO27003	ISMS implementation guidelines
ISO27004	ISMS Measurements
ISO27005	Risk management
ISO27006	Guidelines for ISO 27000 accreditation bodies

(Vanderburg & Johnson, 2011).

The summation of all these, is that, The ISO 27000 series provides recommendations for “establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an Information Security Management System” (http://www.27000.org).

ISO 27001

We’re told that this is the central standard in the ISO 27000 series, containing the implementation requirements for an ISMS, – which is the information security management system. In essence, the ISMS is a systematic approach to risk management, containing measures that address the three pillars of information security: people, processes and technology. I think it would be important to point out here, that ISO IEC 27001: 2013 is the only standard in the series that organizations can be audited and certified against. And that’s because it contains an overview of everything organizations must do to achieve compliance (Irwin, 2020).

ISO 27002

We’re told that this is a supplementary standard that provides an overview of information security controls that organizations might choose to implement. Organizations are only required to adopt controls that they deem relevant – something that only becomes apparent during a risk assessment. This standard contains a more comprehensive overview, explaining how each control works, what its objective is and how organizations can implement it (Irwin, 2020).

ISO 27017 and ISO 27018

These are supplementary standards that were introduced in 2015, explaining how organizations should protect sensitive information in the Cloud, especially now that a lot of organizations are moving much of their sensitive information to the cloud. 27017 is a code of practice for information security, providing extra information about how to apply controls to information stored in the Cloud. While 27018 works in essentially the same way but with extra consideration for personal data (Irwin, 2020).

The latest standard in all of these, we’re told, is the ISO 27701, which covers what organizations must do when implementing a privacy information management system (PIMS).

What is the value the ISO/IEC 27000 Suite of Security Standards bring to cybersecurity?

We can tell, professor and peers, that in course of our studies, and in real life, we’ve all come across that data breaches are one of the biggest information security risks that organizations face. Sensitive data is used across all areas of businesses these days, increasing its value for genuine and dishonest use. An unbelievable number of instances have occurred, and are continuing to occur every month, in the form of cyber criminals hacking into a database or employees losing or misappropriating information, or one country hacking into another. Wherever the data goes, the financial and reputational damage caused by a breach can be devastating. That’s why organizations are increasingly investing heavily in their defenses, using ISO 27001 as a guideline for effective security. These standards can be applied to organizations of any size and in any sector, and the framework’s broadness means its implementation will always be appropriate to the size of the business.

My discussion for week 3, professor and peers.

Ed.

References:

Stallings, W. (2019). Effective Cybersecurity: A Guide to Using Best Practices and Standards. Pearson Education (1^st

edition).

Irwin, L. (2020). What is the ISO 27000 series of standards? Retrieved from

(https://www.itgovernance.co.uk/blog/what-is-the-iso-27000-series-of-standards).

Vanderburg, E. & Johnson, N. (2011). Information Security Compliance: ISO 27000. Retrieved from

(https://www.tcdi.com/iso-27000-certification-history-overview/).

Meriah, Ines; Arfa Rabai, Latifa Ben. (2019). Comparative Study of Ontologies Based ISO 27000 Series Security

Standards. Procedia Computer Science Volume: 160 (2019) ISSN: 1877-0509 Online ISSN: 1877-0509. Retrieved from Basic Search: Strayer University Online Library: & (https://www.sciencedirect.com/science/article/pii/S187705091931662X).