CobiT definition:
The need to maintain the integrity of information and protect IT assets requires a security management process. This process includes establishing and maintaining IT security roles and responsibilties, policies, standards, and procedures. Security management also includes performing security monitoring and periodic testing and implementing corrective actions for identified security weaknesses or incidents. Effective security management protects all IT assets to minimise the business impact of security vulnerabilities and incidents.
Control over the IT process of
Ensure systems security
that satisfies the business requirement for IT of
maintaining the integrity of information and processing infrastructure and minimising the impact of security vulnerabilities and incidents
by focusing on
defining IT security policies, plans and procedures, and monitoring, detecting, reporting and resolving security vulnerabilities and incidents
is achieved by
- Understanding security requirements, vulnerabilities and threats
- Managing user identities and authorisations in a standardised manner
- Testing security regularly
and is measured by
- Number of incidents damaging the organisation’s reputation with the public
- Number of systems where security requirements are not met
- Number of violations in segregation of duties
Control objectives:
DS5 Ensure Systems Security
DS5.1 Management of IT Security
DS5.2 IT Security Plan
DS5.3 Identity Management
DS5.4 User Account Management
DS5.5 Security Testing, Surveillance and Monitoring
DS5.6 Security Incident Definition
DS5.7 Protection of Security Technology
DS5.8 Cryptographic Key Management
DS5.9 Malicious Software Prevention, Detection and Correction
DS5.10 Network Security
DS5.11 Exchange of Sensitive Data
Check out the links for details on the control objectives.
No related posts.