Summary (Information Security Management ) Essay

Summary (Information Security Management ) - Essay Example To address those risks that are supposed to be unacceptable ISO/IEC 27001 suggests modeling and application of rational and comprehensive suite of information security controls. Comparatively, NSIT lays out on security management by identifying 17 controls organized into three categories: The Management Control section addresses security topics that can be characterized as managerial. The Operational Control section addresses security controls focusing on steps that are, broadly speaking, implemented and executed by people (as opposed to systems). The Technical Control section implicates on security controls that the computer system executes. Main advantage of NSIT document is network-based IDSs, which are usually passive devices that do not interfere with the normal operation of a network, are very secure against attack and even made invisible to many attackers. A major weakness here is, Network-based IDSs may have difficulty processing all packets in a large or busy network therefo re, may fail to recognize an attack launched during periods of high traffic. The scope of NSIT is limited as it lacks, especially in the area of time defined as â€Å"heavy traffic†.