Executive Summary
The increase in concern among businesses and customers about protecting their information has led to more complex security requirements, many times involving the integration of multiple approaches.
In turn, modern information security implementation projects have become even more challenging, especially information technology processes.
And, when we talk about integrating approaches, it is not a question of simply creating a single list of what each approach requires and implementing them, but rather to coordinate these requirements, through trade-offs between conflicting objectives and alternatives, and by reinforcing the common ones, so that the implemented requirements can meet the expected overall outcomes.
Therefore, before ensuring compliance with requirements, it is paramount to consider a process of integrating security practices into business activities, but strange as it may seem, there are not many readily available materials regarding integrating practices.
Our approach embraces the three areas, namely ISO 27001, the leading ISO standard for Information Security Management; COBIT, an IT management and Governance Framework; and NIST SP 800 series, a set of documents published by the United States government iro IT Technology Security, to which ISO 62443 (IoT) will be added
We will present their similarities and differences, and how they can be used together during an information security implementation project to improve information protection.
The Paper is written by Glenard O'Moore, CISO of Lifu Technologies and certified auditor on various standards
