How could a firm use each of these standards?
How could a firm use each of these standards? - How could a firm use each of these standards? introduction?? Are they redundant? Do they serve separate purposes? Which would you be likely to deploy or use, why? Could you use both?
The Risk Management Guide for Information Technology Systems is a paper that includes recommendation of the National institute of Standards and Technology.
More Essay Examples on Business Rubric
It elaborated on the duty of IT companies at recognising the security capabilities of their systems in order to be able to tackle any issue that may arise at any point in time. The concepts of risk assessment, mitigation, evaluation and assessment were sequenced in a detailed manner.
The emphasis is on delivering excellent services to their clients and this can only be possible if they can guarantee the integrity of the data which is used in running the business.
This document is very useful. It can be used to educate all the parties involved in the administration of data as a form of awareness so that they know what should be done at any point in time if they have to act.
The ISO 17799 is the International Security Standard. It is a set of rules guiding information security internationally. It is a reference document for identifying the controls needed for situations where information systems are used in industry and commerce. It was created to enhance trust in the process of doing business. It is now established as the major standard for information security but initially, it was not widely accepted due to several flaws stemming from non flexibility.
An overview of the presentation shows that this Standard is still not widely accepted although the aims and objectives are logical enough to get IT companies to be certified.
In comparison, The Risk Management Guide for Information Technology Systems is generic as it can be applied to any sector industry. The ISO 17700 on the other hand is meant for IT companies involved in commerce and industry therefore it is restricted.
IN conclusion, I think that both documents will still continue to be redundant until active effort is made to make IT companies comply with the provisions of the document. Deployment depends on the type of IT Company.