Introduction:
The primary objective if this paper is to elaborate the importance of security management system, its utilization as well as the risk management in an organization like PayPal. Followed by the aspects PayPal is an organization which operates the system of online payment. Hence, it has been noticed that in the operations of this organization there is a significant important of IT risk management, security management as well as the Information Technology governance (Trautman 2015). Since, the organization process is based on information technology system it is very essential to maintain high security for their money transactions this paper will elaborate the above mentioned aspects.
Cyber Security Risk Management:
ISO/IEC 27000, ISO/IEC 27001, ISO/IEC 27002-
ISO/IEC 27001 is a security standard which has been introduced to protect the organizational information. Due to the adoption of the mentioned standard an organization will adopt the capabilities of protecting their critical data from cyber criminals, it will help to reduce the chances of data breach. Thus, it can be stated that the organization with ISO/IEC 27001 standards are capable of gaining customer trust and show best security practices to their data (Evans 2016). Followed by the above security standards the ISO/IEC 27000 standard holds the capability to control the security standards of ISO/IEC 27001 with the purpose to maximize the benefits due the above mentioned security regulation. Along with the capabilities of the ISO/IEC 27000 and ISO/IEC 27001, the ISO/IEC 27002 has the responsibility to effectively gather a proper guideline for the organization which will help the organization to implement as well as to improve the IT security management of an organization (Janakiraman & Narayanan 2019). Hence, from the above discussion it has been noticed that ISO/IEC 27000 and ISO/IEC 27000 offers the regulations for cyber security and the security standard ISO/IEC 27002 collectively determines the best practices for the security standards.
COBIT 5-
Followed by the above security standards the COBIT 5 is a framework which incorporates the IT governance and security management process in an organization. The primary objective behind the incorporation of COBIT 5 is to adopt effective IT services into their business as well as it helps the organization to gather more effective information which supports the decision making process of the organization.
Followed by the data integrity, data confidentiality as well as the data availability is also significant aspects of cyber security which needs to be followed by the organization.
Recommendation:
Followed by this above security standards and frameworks the application of PAS 555 will be accurate while reducing the aspect of cyber-crime in case of any e-commerce business. Followed by this ISO/IEC 27032, ISO/IEC 27035, ISO/IEC 27031, ISO/IEC 22301 is also effective to reduce the cyber-crimes in the e-commerce business platforms by keeping their data safe (Peltier 2016).
Summary:
Hence, followed by the above discussion it can be stated that in an organization like PayPal there is a significant impact of security standards in it as it is performs financial operation. From the above discussion it has been also determined that the incorporation of ISO/IEC 27032, ISO/IEC 27035, ISO/IEC 27031, ISO/IEC 22301 and PAS 555 along with the ISO/IEC 27000, ISO/IEC 27001, ISO/IEC 27002 will be highly effective to enhance the cyber security in the nominated organization.
Reference:
Evans, L. (2016). Protecting information assets using ISO/IEC security standards. Information Management, 50(6), 28.
Janakiraman, V., & Narayanan, A. (2019). Ensuring Site Reliability through Security Controls.
Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines for effective information security management. Auerbach Publications.
Trautman, L. J. (2015). E-Commerce, cyber, and electronic payment system risks: lessons from PayPal. UC Davis Bus. LJ, 16, 261.
