CAN A SINGLE SECURITY FRAMEWORK ADDRESS INFORMATION SECURITY RISKS ADEQUATELY?

There is no doubt that modern society depends heavily on information technology in nearly every facet of human activity. Organizations of all kinds are increasingly exposed to various kinds of risks, including information technology risks. There are many security standards and frameworks available to help organizations manage these risks. The question which one is best and can address the information security risks adequately warrants further investigation and research. The purpose of this research work is to highlight the challenges facing enterprises in their efforts to properly manage information security risks when adopting international standards and frameworks. To assist in selecting the best framework to use in risk management, the article presents an overview of the most popular and widely used standards. It then identifies some selection criteria and suggests an approach to proper implementation. A case study is used to prove the usefulness of the new model for selecting an appropriate security model to manage information security risks.