CobiT definition:
The need to maintain the integrity of information and protect IT assets requires a security management process. This process includes establishing and maintaining IT security roles and responsibilties, policies, standards, and procedures. Security management also includes performing security monitoring and periodic testing and implementing corrective actions for identified security weaknesses or incidents. Effective security management protects all IT assets to minimise the business impact of security vulnerabilities and incidents.
Control over the IT process of
Ensure systems security
that satisfies the business requirement for IT of
maintaining the integrity of information and processing infrastructure and minimising the impact of security vulnerabilities and incidents
by focusing on
defining IT security policies, plans and procedures, and monitoring, detecting, reporting and resolving security vulnerabilities and incidents
is achieved by
- Understanding security requirements, vulnerabilities and threats
- Managing user identities and authorisations in a standardised manner
- Testing security regularly
and is measured by
- Number of incidents damaging the organisation’s reputation with the public
- Number of systems where security requirements are not met
- Number of violations in segregation of duties
Control objectives:
DS5 Ensure Systems Security
DS5.1 Management of IT Security
DS5.2 IT Security Plan
DS5.3 Identity Management
DS5.4 User Account Management
DS5.5 Security Testing, Surveillance and Monitoring
DS5.6 Security Incident Definition
DS5.7 Protection of Security Technology
DS5.8 Cryptographic Key Management
DS5.9 Malicious Software Prevention, Detection and Correction
DS5.10 Network Security
DS5.11 Exchange of Sensitive Data
Check out the links for details on the control objectives.
Related posts:
- DS4 Ensure Continuous Service CobiT definition: The need for providing continuous IT services requires developing, maintaining and testing IT continuity plans, utilising offsite backup...
- PO6 Communicate Management Aims and Direction CobiT definition: Management develops an enterprise IT control framework and defines and communicates policies. An ongoing communication programme is implemented...
- AI6 Manage Changes CobiT definition: All changes, including emergency maintenance and patches, relating to infrastructure and applications within the production environment are formally...
- PO4 Define the IT Processes, Organisation and Relationships CobiT definition: An IT organisation is defined by considering requirements for staff, skills, functions, accountability, authority, roles and responsibilities, and...
- PO8 Manage Quality CobiT definition: A QMS is developed and maintained that includes proven development and acquisition processes and standards. This is enabled...
