Home Contact Us Links Partner: Forte Advisors   Newsflash Sarbanes-Oxley requirements changed in December 2006 with the release of new guidance from the SEC. This could dramatically reduce the costs previously associated with  Sarbanes-Oxley compliance.   Main Menu Home ONLINE STORE SEMINAR SCHEDULE Articles & News Links Contact Us Administrator Latest News Implementing ISO 38500 LONDON, UK: ISO 38500, CobiT, SOA and IT Governance Seminars ISO 38500: A new standard for IT Governance Certified Information Security Manager (CISM) Examination Preparation Service Orientated Architecture - An Overview Popular Free CobiT Certification Free CobiT 4.1 Maturity Assessment Tool Free Online Education Free Foundation Seminars Case study: COBIT as a foundation for Information Security Management Home Articles & News Latest Case study: COBIT as a foundation for Information Security Management Case study: COBIT as a foundation for Information Security Management ABSTRACT Information security is now a business driven function involving the entire enterprise population. Most organisations have a large number of inter-enterprise connections and a wide range of technology and operational choices available for exercising (or not) security activities in each processing environment. Security and control are highly dependent on user and application activities, as well as resource protection. Selection, testing and deployment of appropriate mechanisms to supply security functions is complex. Few organisations have established the processes necessary for effective information security. THE CHALLENGE Building information protection programs around: confidentiality, stressing "need to know" as the guiding principle for implementing a security program. integrity, focusing on the "control of privilege to create, modify, store, copy or delete information or information resources." availability, based on the "business' need" to have systems, resources and data available. HOW WE HELP Through the use of a process based approach: Establish an information security Oversight Authority Define the IT activities necessary for effective information security Start with a process owner and clear process goals for information security management Identify each CobiT process that has an impact on, or is affected by, information security Assign responsibilities to define and develop existing security processes Develop process and process artefacts Build capability in information security and related activities Establish process governance over information security management Focus on delivering the outcome that business expects from information security Establish performance measures for information security Monitor process performance. LESSONS LEARNED There are a large number of IT processes that will have an impact on the effectiveness of information security. The outcome expected from information security should be first obtained from the business.   Last Updated ( Tuesday, 24 April 2007 )   < Prev   Next > [ Back ]

© 2009 IT Governance Network (providers of CobiT and ISO 38500 training in the UK).