COBIT DSDFSFSDFASDFSADFSDFSDFVSDFASDFSADFASDFSFGDHG. GEDFGDFGD
JohnnyPlasten
11 views
32 slides
Jun 20, 2024
Slide 1 of 32
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
About This Presentation
peo
Slide Content
Agenda COBIT 5 Product Family Information Security COBIT 5 content Chapter 2. Enabler: Principles, Policies and Frameworks . Chapter 3. Enabler : Processes Chapter 4. Enabler : Organisational Structures Chapter 5. Enabler: Culture, Ethics and Behaviour Chapter 6. Enabler : Information Chapter 7. Enabler : Services , Infrastructure and Applications Chapter 8. Enabler: People, Skills and Competencies Appendices Appendix A. Detailed Guidance: Principles, Policies and Frameworks Enabler Appendix B. Detailed Guidance : Processes Enabler Appendix C. Detailed Guidance : Organisational Structures Enabler Appendix D. Detailed Guidance: Culture, Ethics and Behaviour Enabler Appendix E. Detailed Guidance: Information Enabler Appendix F. Detailed Guidance : Services , Infrastructure and Applications Enabler Appendix G. Detailed Guidance: People, Skills and Competencies Enabler Appendix H. Detailed Mappings
Product Family
COBIT 5 Principles
Information Security ISACA defines information security as something that: Ensures that within the enterprise, information is protected against disclosure to unauthorised users (confidentiality), improper modification (integrity) and non-access when required (availability). Confidentiality means preserving authorised restrictions on access and disclosure, including means for protecting privacy and proprietary information. Integrity means guarding against improper information modification or destruction, and includes ensuring information non- repudiation and authenticity . Availability means ensuring timely and reliable access to and use of information.
Capability
COBIT 5 Enablers
Enabler : Principles , Policies and Framework 2.1 Principles, Policies and Framework Model 2.2 Information Security Principles 2.3 Information Security Policies 2.4 Adapting Policies to the Enterprise’s Environment 2.5 Policy Life Cycle
Enabler : Principles , Policies and Framework
Appendix A
Appendix A I nformation security policy Access control policy Personnel information security policy Physical and environmental information security policy Incident management policy Business continuity and disaster recovery policy Asset management policy Rules of behaviour (acceptable use) Information systems acquisition , software development and maintenance policy Vendor management policy Communications and operation management policy Compliance policy Risk management policy
Enabler : Process 3.1 The Process Model 3.2 Governance and Management Processes 3.3 Information Security Governance and Management Processes 3.4 Linking Processes to Other Enablers
Appendix B Process
Appendix B Process
Appendix B Process
Appendix B Process
Appendix B Process
Enabler : Organisational Structures 4.1 Organisational Structures Model 4.2 Information Security Roles and Structures 4.3 Accountability Over Information Security
Appendix C
Appendix C
Enabler : Culture, Ethics and Behaviour 5.1 Culture Model 5.2 Culture Life Cycle 5.3 Leadership and Champions 5.4 Desirable Behavior
Appendix D
Enabler : Information 6.1 Information Model 6.2 Information Types 6.3 Information Stakeholders 6.4 Information Life Cycle
Appendix E
Enabler : Services , Infrastructure and Applications 7.1 Services, Infrastructure and Applications Model. 7.2 Information Security Services, Infrastructure and Applications
Appendix F Provide a security architecture . Provide security awareness . Provide secure development (development in line with security standards). Provide security assessments . Provide adequately secured and configured systems, in line with security requirements and security architecture. Provide user access and access rights in line with business requirements. Provide adequate protection against malware, external attacks and intrusion attempts. Provide adequate incident response. Provide security testing . Provide monitoring and alert services for security-related events.
Appendix F
Appendix F
Enabler : People, Skills and Competencies 8.1 People, Skills and Competencies Model 8.2 Information Security-related Skills and Competencies
Appendix G
Appendix H ISO/IEC 27000 series provides a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an ISMS: Security- and risk-related processes in the EDM, APO and DSS domains Various security-related activities within processes in other domains Monitoring and evaluating activities from the MEA domain The ISF 2011 Standard of Good Practice for Information Security is based on the ISF Information Security Model four main categories: information security governance, information security requirements, control framework, and information security monitoring and improvement . Guide for Assessing the Information Security Controls in Federal Information Systems and Organisations , NIST—The purpose of this guide is to provide direction with regard to information security controls for executive agencies of the US government
Tags
Download
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 11
- Slides 32
- Age 529 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
45 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
45 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
36 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
33 views
21
Know for Certain
DaveSinNM
19 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
23 views