OCU C)ISSO A Discussion Lesson 05
- This topic has 9 replies, 8 voices, and was last updated 1 week, 5 days ago by
.
-
Posts
-
-
-
For this lesson, I chose to focus on NIST Cybersecurity Framework and ISO.IEC 27001, since both are widely used to strengthen an organizations security posture. The NIST CSF is built around five core functions which are identity, protect, respond and recover. It gives organizations a clear roadmap for understanding risks, setting controls and improving security overtime. One thing i appreciate about NIST is that it is flexible and can be adapted to different environment,, whether government or private sector. ISO 27001 on the other hand, is an international standard that focuses on building information security management system. It emphasis continuous improvement, documentation and management. Organizations that follow ISO 27001 often seek certification to show that their security practices meet global standards. Both frameworks complement each other by promoting structured security processes and stronger risk awareness.
-
I agree with your explanation of the NIST CSF and ISO 27001. Both frameworks help organizations understand risks and develop robust security processes. I like that NIST is adaptable and straightforward, while ISO 27001 emphasizes documentation and long-term improvements. Using both together can significantly enhance an organization’s overall security posture.
-
I like that you emphasized the complementary nature of NIST CSF and ISO 27001. Your point about the emphasis on certification by ISO is particularly relevant, as third-party validation often drives organizations to make sure their security disciplines are healthier. Another thing that reinforces your argument is the fact that NIST offers the hands-on roadmap, while ISO offers the formal structure. You clearly explained their relationship in the next paragraph and showed why so many organizations have success using them together.
-
-
I would start with the Zachman Framework, a structured approach to organizing and viewing an entire enterprise. It helps organizations understand how their systems, processes, and data fit together. The framework uses different perspectives, such as planner, owner, designer, and builder, to make sure nothing important is overlooked. Zachman is described as a framework that enhances clarity by breaking complex systems into smaller, more understandable pieces, helping teams communicate effectively and align their goals.
The second framework is ITIL (Information Technology Infrastructure Library). ITIL aims to improve IT service management by providing best practices for delivering reliable and efficient services. The book and video explain how ITIL helps organizations standardize processes such as service portfolio management, financial management, and strategy for IT services. ITIL also focuses on aligning IT with business goals, improving service quality, and reducing unnecessary costs. By following these structured processes, organizations can respond to issues more quickly and ensure that services remain stable and consistent for users.
-
Your explanation of the Zachman Framework really emphasized how it gives clarity to complex systems. The way you tied the various perspectives-planner, owner, designer, and so on-back to teamwork was helpful. I also appreciate how you compared this with ITIL’s focus on service quality. Zachman organizes the architecture, ITIL organizes the operations. The two serve very different purposes but complement one another, and your post captured that balance effectively.
-
-
Two frameworks include TOGAF (The Open Group Architecture Framework) and CIMM (Continuous Information Monitoring and Management)
The key features of CIMM are continuous monitoring, risk assessment, corrective and preventive actions to maintain security and compliance as well as audits and reporting. CIMM is for realtime oversight and management of security
TOGAF provides the alignment of IT strategy with business goals, encourages standardization and supports risk management. It is used to ensure IT supports business objectives.
-
Hello Joesph,
Both TOGAF and CIMNM strengthen an organizations security and strategy. CIMM focuses on continuous monitoring, risk assessments and keeping systems compliant, while TOGAF aligns IT with business goals and standardized processes. Together they help improve oversight, reduce risk and support better decision making across the organization. -
You drew a very nice comparison between TOGAF and CIMM. The fact that TOGAF focuses on aligning architecture with business goals is essential in strategic planning, while continuous monitoring by CIMM fills in the operational gap of making sure security is ongoing. I like how you added corrective and preventive actions-those are at the heart of resiliency in an environment. Your post showed clearly how the two frameworks deal with both long-term structure and real-time protection.
-
-
I chose to focus on COBIT and ITIL. Two conceptual frameworks that work together to strengthen governance, service delivery, and strategic alignment of an organization’s information systems. Both frameworks are widely recognized; however, their approach in terms of the maturity of an organization differs from each other at many levels.
COBIT is a governance and management framework from ISACA that centers on aligning IT operations with overall business objectives. Unlike security-specific frameworks such as NIST, COBIT focuses on ensuring that information systems deliver measurable value. It provides detailed control objectives, performance metrics, and maturity models that help leaders assess whether their IT practices are supporting business goals, managing risk effectively, and remaining compliant with regulations. As indicated by ISACA (2019), COBIT is based on five core principles: meeting stakeholder needs, covering the whole enterprise, and separating governance from management. What this means is that COBIT is particularly helpful for those organizations that want consistency, accountability, and clarity concerning decision-making structures around IT. It’s not just about “how to secure systems”; rather, it is about how to make technology serve the mission of the organization in a measurable and governable way.
Where COBIT focuses on governance, ITIL focuses on service management-guaranteeing that the IT services are reliable, efficient, and user-oriented. ITIL organizes its practices around the lifecycle of services: planning, designing, transitioning, operating, and continual improvement of services. One of the greatest advantages of ITIL is its emphasis on processes that are standardized, such as incident management, change management, and service-level agreements. These practices minimize downtime, avert unexpected disruptions, and facilitate communication between IT teams and users. According to Axelos, 2020, ITIL is inherently designed to be adaptable; thus, organizations can scale it up or down depending on their size and complexity. When used in conjunction with COBIT, ITIL provides the operational discipline required to support the governance that COBIT outlines. Together, they create a balanced ecosystem wherein COBIT sets the direction and oversight while ITIL ensures the everyday work of IT runs smoothly and works consistently for the organization.
-
- You must be logged in to reply to this topic.
