ISO/IEC 27001 Research COBIT Overview in Computer Science - 2200 Words

ISO/IEC 27001: COBIT Overview in Computer Science (Essay Sample) Content: Computer Science.Name:Instructorà ¢Ã¢â€š ¬s Name:Institution:Date:Outline.COBIT Overview.ISO/IEC 27001 and 27002 Overview.Comparisons of COBIT and ISO/IEC 27001 and 27002.Summary of Findings.COBIT Overview.The value of information technology for many companies is placed on an extremely high pedestal and yet it is not fully understood by many. Accomplished business enterprises recognize the need for the use of information technology systems to support their business operations within the company. The ever growing need of assurance about the management of information technology risks and the increased need for the control of information have made gained room as elemental roles of governance in organizations.Control Objectives for Information and Related Technologies, or COBIT is a framework that was developed for the purposes of acting as a framework to merge business and information technology in an efficient manner by helping business executives realize the importanc e of I.T and making them aware of the risks that it entails. It is also to manage any existing or emergent Information Technology (I.T.) risks, meeting the needs of I.T governance and maintenance of the integrity of information systems in a business (I.T.I, 2007).The first version was released to the market in 1996 with the main aim of developing and promoting an effective and authoritative information control system that is internationally accepted and recognized by business leaders and professionals. COBIT entails processes to manage I.T. processes within an organization. All the processes are combined with process inputs, outputs, activities, objectives of these processes and the performance measures necessary for the evaluation of the business operations and processes (I.T.I, 2007).COBIT links the business or operation goals together with I.T. objectives and goals. In doing this, it helps provide models of evaluating and measuring achievement along with the identification of the responsibilities of the owners of both processes related to the business and I.T (I.T.I, 2007). The COBIT process is subdivided into four categories or domains these are planning and organization, acquisition and implementation, delivery and support and finally, monitoring and evaluation. COBIT is integrated with other detailed I.T. standards to develop an encompassing framework of best practice models, governance and business needs (I.T.I, 2007).Through its framework, COBIT, therefore, manages its information in the seven distinct ways to meet and satisfy business objectives. Firstly, information needs to be relevant to the business process and must be delivered in a timely manner while, in usable form, this is effectiveness. Secondly, the information needs to be provided through the most efficient use of business resources in order to avoid wastefulness. Confidentiality also needs to be maintained by concealing information from unauthorized persons. The information also needs to be accurate and reflective of the business operations. COBIT also makes information available when it is required by the business, therefore, ensuring smooth running of the business process. Compliance is also necessary to ensure that the business process abides to any contractual agreement both within and outside the company. Finally, it helps attain the reliability that the business needs to ensure effective governance of the business processes (I.T.I, 2007).The main advantages of using COBIT to run the I.T processes of a business are that, firstly, it is highly effective to use on high level processes. It also provides a common language for business executives and I.T. professionals, therefore, making discussions about emergent issues in business and system processes relatively easier. The increased efficiency of the business processes also leads to the optimization of running costs for the business. Finally, there is clear ownership of the business responsibilities because all p arties have clearly identified roles in the business process (I.T.I, 2007). This too enhances productivity and efficiency due to the reduction of redundancies and replication of efforts in the business process.COBIT essential function is, therefore, to provide a stop gap between the operational managers needs to execute functions and processes and the executives need to govern the information and ensure its security.ISO/IEC 27001 and 27002 Overview.The ISO 27000 series is a group of information security standards that is published by the International Organization for Standardization (I.S.O) and the International Electrotechnical Commission (I.E.C), and as such is an internationally recognized information security standard. The system essentially makes recommendations on best practices for information security systems that are used by organizations around the world. It operates on the premise that the prevention of information security breaches is preferable to the identifying syste m faults after the loss of information (Information Security, 2011).The systems have a broad scope or outlook that covers areas such as privacy, confidentiality and technical security matters. The systems are versatile in the application and are suitable for small, midsized and large organizations (Information Security, 2011). The assessment of possible information security risks and vulnerabilities is necessary to help determine the system that best suits the enterprise.The ISO/IEC 27001 is part of the series and was published in 2005. It is designed to bring information security wholly under management control by mandating specific requirements. These requirements include the systematic evaluation of the organization's security risks, vulnerabilities and possible impacts of attacks on the information system (Information Security, 2011). The design and implementation of information security controls to address those risks that have been identified and great or unacceptable. Finally , the adoption of a management process that ensures that the information security controls effectively meet the information security requirements of the organization at all times (Information Security, 2011).The ISO/IEC 27002 is also part of the series of information security management systems. It bears subtle differences from the ISO/IEC 27001 in that its emphasis lays in best practices. The most salient difference between the two is that ISO/IEC 27002 provides a list of best practices that can be implemented and produce tangible results on the protection of an information system (Information Security, 2011).The two, however, work complement each other and are usually taken and employed together in an organization. This is quite simply because the management framework provided for in ISO/IEC 27001 is required by ISO/IEC 27002 to make it coherent and stop it from seeming disjointed in practice and rejected by enterprise management. Conversely, ISO/IEC 27001 needs the best practices of ISO/IEC 27002 to make implementation by top management possible in the first place. This co-dependence, therefore, makes the two systems inseparable (I.S.AR, 2011).The benefits of using the ISO/IEC 27000 series are abundant in relation to information system management security. The first benefit is that the identification, mitigation, management and improvement of information security systems will be carried out in a planned and organized manner. Secondly, by using the internationally recognized system of information system management security, the best practices will be documented and embedded into practice. This will earn the enterprise international acceptance (Information Security, 2011). Third, organization commitment to information security practices will ensure the proper allocation of resources and identification of roles and responsibilities. The next benefit is that information will be protected from any unauthorized persons who wish to access it. This also contributes significantly to the overall organization security. Finally, intellectual property rights are better protected by the intricate design and best practices that the ISO/IEC series has to offer organizations and enterprises alike (I.S.A.R, 2011).Comparisons of COBIT and ISO/IEC 27001 and 27002.COBIT and ISO/IEC 27001 and 27002 have similarities, contrasts as well as aspects of information technology that one handles better than the other.Similarities.The similarities in between COBIT and the ISO/IEC 27000 series is that both systems deal with information technology controls in business processes of the enterprises in which they are used. Both these products are designed to strengthen the security of an enterpriseà ¢Ã¢â€š ¬s information and keep it inaccessible from any unauthorized persons wishing to access the information (I.S.A.R, 2011).Next, both products have been created based on past experience in information security management systems. They have both had preceding versions si nce their initial conceptions up to today. Each successive version has been more comprehensive than the last based on the information gathered about potential information security vulnerabilities and loop holes that can be exploited by intruders (Arora, 2011). They are continuously refined and perfected to be more competitive in the market and more helpful to the consumers. In effect, each successive version is a more effective information security solution than the last.Contrasts.The first contrast originates from their production. COBIT is a framework created by ISACA for information technology management and IT Governance whereas ISO/IEC 27001 and 27002 are part of the growing ISO/IEC 27000 family of standards, is an Information Security Management System (ISMS) standard developed by the International Organization for Standardization (ISO) and THE International Electrotechnical Commission (IEC) (I.S....

Simple Experiment Analyze The Reaction Of The Society - 1375 Words

Simple Experiment: Analyze The Reaction Of The Society (Research Paper Sample) Content: Professors NameStudents NameCourseDateBreaking Social NormNorms are social expectations that act as a guide to human behavior. Standards explain why people do whatever or behave in a particular way in certain situations. Some norms are enforceable by law for instance norm against killing. It is also important to note that some social norms are regarded as so bad to violate for instance norm against assault while other are not necessarily strict such as folkways norms. Treves notes that norms are significant since they are the basis on which the acceptable conduct is determined (121). Additionally, social norms assist in the prediction of the behavior of individuals without being exposed to the random and chaotic human behavior. Notwithstanding, norms help people arrive in a decision under given circumstances. Browne adds that the norms are also responsible for the way humans interact with each other without conflict since they understand each other well (79).Norms are critical in the society since they give rise to social norms. Social norms are undocumented guidelines on how to act. According to Treves, the concept of norms is significance in understanding the influence of the society in general (138). Norms are responsible for the definition of appropriate behaviors to respective groups that exist in the society. It is also significant to note that social norms set order in the community since human beings need some forces to guide their relationships hence a sense of understanding.Norms give rise to cultural norms which guide the behavior of individuals from a given community. Cultural norms vary among communities to conform to the cultural beliefs of the members of the given community. Kathy suggests that members of a given culture act according to the norms of that community for that culture to be in existence and function (189). Norms are also related to folkways. Folkways are norms that are developed as a result of casual interaction henc e repetition and routine of the interactions. They are socially approved behaviors in the society. According to Browne, they can also be defined as ways of life of individuals in a given community (201). Of equal significance to note is that folkways are the basic forms of social norms. Besides, folkways result from natural forces. However, violation of folkways does not result in adverse effects on other members of the society. This social norm does not lead to undesirable social issues however the members of the community do not encourage a violation of such norms. Folkways are regarded as informal norms since they develop and change within a short period.On the other hand, mores are strict norms since they are responsible for determination of the right and wrong actions. Mores are also social norms that are generated through interaction. By studying the norms, people acquire the directives of their sanctions. It is worth noting that mores are regarded to as moral practice and rep resents acts that conform to the customary belief of a group of people. Additionally, Browne indicates that mores are informal but are more serious than the folkways (159).Violation of mores leads to adverse impacts on the social order and possibility that other members of the society will also be affected are high. They are customary undocumented laws, for instance, having an intimate relationship with women before marriage is unacceptable by the society. Lastly, Browne claims that taboos are strongly negative norms and it is a behavior that is highly discouraged in the society and its violation may lender one an outcast of the given society (124). Taboos can be categorized into bodily function taboos and dietary taboos. Some of the taboos associated with the body are belching and defecation. On the other hand, Kathy notes that dietary taboos include cold food in Chinese culture as expectant women are not supposed to eat cold food during months close to giving birth (79). According to Browne, violation of these norms calls for serious sanctions to individuals committing such violations (213).Description of the experimentOne of the norms that the people in the society hold is the code of dressing in different situations. Factors such as modesty, weather and gender dictated the appropriate attire to be worn. Therefore, I decided to break this norm by wearing light clothes instead of on regular clothes when my friends and I went for dinner. The outfit was quite immodest and too light for the freezing weather and was also unfit to put on in a restaurant.I, therefore, noted that this was a serious violation of the norm of dressing. This is a folkways norm that is generated in the society through repetition of actions by man. The violation of this norm does not pose a threat to the members of the society hence does not create a serious problem. The custom has developed in the daily way of living thus conforming to the individuals unconsciously.The reaction of the p eopleEveryone stared at me with a questioning glance. Other mocked me by congratulating me on my mode of dressing. Additionally, other people were perplexed and couldnt stop looking at me however they did not have visible reactions. A lot of people complimented my outfit claiming that they liked it. Despite some positive feedback I still felt uncomfortable with the outfit. I become the center of attention at the restaurant after breaking the norm. My friends did not want to be associated with me anymore with some moving to other tables.AnalysisThe people had a variety of reasons since norms are accepted ways of doing things and therefore doing things that are contrary to the norms leads to rejection of the action as people expect individuals to act within the limits of the norms set in society. The people behaved unusually as deviance calls for negative sanctions. Negative sanctions are the actions people do to indicate that they do not agree with the deviance. This explains why so many people looked at me with a questioning and shocking looks suggesting that they were strictly disapproving my actions. The act of my friends moving to other tables indicated that I was embarrassing them and therefore preferred to keep off to avoid the embarrassment. The people who complimented me for my mode of dressing were mocking me and wanted me to feel embraced due to the outfit.According to Kathy, norms are responsible for social control that enforces c...