Three frameworks are relevant as far as the processes of maintaining cybersecurity and avoiding risks for e-commerce are concerned. They are ISO/IEC 27000, 27001, 27002, COBIT 5, and NIST’s CSF. The ISO/IEC 27000 series is an international standard for best practices for the overall ISMS, making use of controls and activity sequences (Aminzade, 2018). ISO/IEC 27001 includes seven sections with requirements to be met if an organization wishes to achieve compliance with ISO standards. For instance, one should contextualize organizational needs, provide rigorous planning and support for ISMS, and evaluate security (Praxiom Research Group, 2020).
ISO/IEC 27002 is broader and concerns such points as cryptography policy and supplier relationship (Praxiom Research Group, 2020). Businesses adopt the framework family due to its established nature, allowing for general guidance, and to gain trust from their partners and customers, who might be familiar with the name (Humphreys, 2016). The desired outcomes and benefits are numerous, including information confidentiality, systemic detection of vulnerabilities, minimization of IT risks, reduction of security breaches, and a competitive edge (Humphreys, 2016). Overall, the framework series guarantees established guidelines and constant support.
Control Objectives for Information Technology (COBIT) is another framework under consideration, and its objectives can specifically target enterprises. It includes requirements for implementing an ISMS and aligns with other frameworks (Ahmed, 2017). COBIT 5 contains five process areas: “Evaluate, Direct, and Monitor,” “Align, Plan, and Organize,” “Build, Acquire, and Implement,” “Deliver, Service, and Support,” and “Monitor, Evaluate, and Assess” (Mohanan & Menon, 2016).
Businesses adopt this framework due to its optimizing costs and IT value provision through effective and innovative use as well as compliance with relevant legislation, agreements, policies, and standards (Chatterji, 2016). These steps allow an organization to deploy effective management that ensures more clarity on creating a governance system for business needs (Almeida et al., 2018). The framework’s open-source model allows for continuous feedback, and its customizability leads to faster updates and enhancements (Chatterji, 2016). Thus, COBIT addresses the secure, legal, and innovative aspects of operating an ISMS and reflects the flexibility necessary for a business.
The NIST CS framework is relatively recent and notable for its innovative nature. While its primary purpose is to address critical cybersecurity risks through the five categories (identify, protect, detect, respond, and recover), it can also maintain transaction privacy for all stakeholders involved (IBM Cloud Education, 2020). Additionally, the framework analyzes the business environment and manages an organization’s assets, which can occur regardless of actual threats (IBM Cloud Education, 2020). NIST’s CSF also supports cyber-physical systems, which are gradually being integrated into the business sphere (Burns et al., 2018). Altogether, NIST has important supportive functions co-existing with the defensive ones and aims for future developments.
The frameworks can function independently or in a sequence to address risks and support business operations. For instance, COBIT 5 and NIST can cooperate in a risk management process, where the latter will assess the situation and the former will respond to it (Supriyadi & Hardani, 2018). Any framework is capable of identifying the threat’s category and level, although NIST can be particularly useful for businesses. The ISO/IEC 27002 series is instrumental in ensuring human resources security, so employees will not be concerned with their data being stolen or manipulated (Sulistyowati et al., 2020).
Meanwhile, NIST can cover other parties, including customers, suppliers, and shareholders (IBM Cloud Education, 2020). COBIT 5 can ensure benefits delivery and determine financial aspects of IT enterprise, compensating for the absence of those objectives in other frameworks. All frameworks also contribute to enhancing an organization’s management functions, so e-commerce may find its standard-defined ISMS useful for operation outside of maintaining security. Thus, the industry may make use of the frameworks mainly for various cybersecurity issues and operations, but they can be beneficial for overall business too.
The three frameworks have overlapping functions and complementing features, so using them simultaneously may enhance cybersecurity. For example, all of them address asset management and business environment, so they can be applied to compensate for COBIT 5’s inability to distinguish between business and operation controls (Noor & Ghazanfar, 2016). As mentioned prev
Struggling with online classes or exams? Get expert help to ace your coursework, assignments, and tests stress-free!