Leveraging COBIT to Implement Information Security (Part 4)

Frisken, John
October 2015
COBIT Focus;10/5/2015, p1
Academic Journal
This article is the final article of a 4-part "Leveraging COBIT to Implement Information Security" series. Part 1 covered how COBIT® 5 can be used to establish the overall framework for the collaboration of technical standards such as the IT Infrastructure Library (ITIL), ISO/IEC 27001 and SANS Critical Security Controls (SANS Top 20). Part 2 focused on using COBIT® to implement information security process controls within an ITIL system to provide protection envisaged by SANS Top 20. Part 3 outlined how to implement the Information Security Management System (ISMS) governance framework and enabling tools to manage the security programme. This article shows how the requirements for certification of the ISMS framework can be satisfied by using the approaches outlined in this 4-part series. An ISMS can be implemented according to the methods and techniques set out in ISO 27001 simply to obtain the best practice benefits established within the standard. Certification of the ISMS is an optional step designed to allow an organisation to demonstrate to third parties that its ISMS does, in fact, meet these best practices for management of information security. The story outlined in this series of articles started when the IT operations director of a major Australian utility company contacted the author to discuss how the requirements of ISO 27001, which were a requirement for the organisation, could be met efficiently without imposing high costs on the organisation, particularly with regard to evidence collection and storage. The system that was designed went even further than this and simplified the entire process of certification, making the certification process straightforward for both the organisation's management and the certifiers.


Related Articles

  • ISGcloud: a Security Governance Framework for Cloud Computing. REBOLLO, OSCAR; MELLADO, DANIEL; FERNANDEZ-MEDINA, EDUARDO // Computer Journal;Oct2015, Vol. 58 Issue 10, p2233 

    Security risks to organizations' information assets are hindering the development of cloud computing services. A comprehensive security governance process is needed to foster the massive adoption of cloud services and to facilitate the deployment of a security culture within any company. In this...

  • Leveraging COBIT to Implement Information Security (Part 3). Frisken, John // COBIT Focus;8/31/2015, p1 

    The article describes the procedure in using COBIT 5 to deploy an information security management system (ISMS). Topics discussed include COBIT 5 adopts the Plan-Do-Check-Act model on its ISMS through its internal accountability and review capabilities, open source frameworks for ISMS...

  • IS governance.  // SC Magazine: For IT Security Professionals (UK Edition);Mar/Apr2013, p8 

    The article outlines some best practice policies to address ever-changing compliance rules in information security.

  • Analysis of the ITIL Mapping with COBIT over the Business Process Continuity Management. Kozina, Melita // Computer Technology & Application;2011, Vol. 2 Issue 6, p513 

    Planning and implementation as well as increased control over the Business Continuity Management (BCM) is a complex task in the company requiring adequate resources. BCM aims to reduce risks and develops plans for restoring business activities if they are interrupted by a disaster. The purpose...

  • Seven Steps to an Effective IT Service Management Strategy. Taft, Darryl K. // eWeek;7/17/2014, p9 

    The article discusses several steps on how enterprises can successfully implement an information technology (IT) service management (ITSM) strategy. Topics discussed include the use of proven best practices from Information Technology Infrastructure Library (ITIL) and Control Objectives for...

  • GOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001. MATARACIOGLU, Tolga; OZKAN, Sevgi // International Journal of Network Security & Its Applications;Jul2011, Vol. 3 Issue 4, p111 

    In this paper, after giving a brief definition of Information Security Management Systems (ISMS), ISO 27001, IT governance and COBIT, pros and cons of implementing only COBIT, implementing only IS0 27001 and implementing both COBIT and ISO 27001 together when governing information security in...

  • Aligning Universities and Enterprises Using COBIT 5. Soares, Bruno Horta; da Silva, Miguel Mira // COBIT Focus;10/19/2015, p1 

    The article focuses on the use of Control Objectives for Information and Related Technology (COBIT), a framework created by Information Systems Audit and Control Association (ISACA) for aligning academics with professional skills. The article talks about ISACA programs including Academic...

  • Deriving Software Acquisition Process from Maturity Models--An Experience Report. Alfaraj, Hussain; Shaowen Qin // Journal of Software Engineering & Applications;Mar2010, Vol. 3 Issue 3, p280 

    The establishment of an existing practice scenario was an essential component in providing a basis for further research in the area of COTS software acquisition within the organisation. This report details the identification of means of describing the existing practice of software acquisition...

  • CHALLENGES GENERATED BY THE IMPLEMENTATION OF THE IT STANDARDS COBIT 4.1, ITIL V3 AND ISO/IEC 27002 IN ENTERPRISES. Năstase, Pavel; Năstase, Floarea; Ionescu, Corina // Economic Computation & Economic Cybernetics Studies & Research;2009, Vol. 43 Issue 3, p1 

    The article focuses on the study that provides emphasis on the significance of implementing information technology's (I.T.) best practices or standards which include COBIT, International Organization for Standardization (ISO)/International Electro-technical Commission (IEC) 27002 and ITIL to...


Read the Article


Sorry, but this item is not currently available from your library.

Try another library?
Sign out of this library

Other Topics