COBIT 5 for Information Security is an ISACA framework for the governance and management of enterprise IT. The framework incorporates many cutting edge thought and ideas in enterprise governance and management techniques. It provides globally renown principle, practices, and analytical tools and models to help increase the trust in, and value from, information systems.
We all know that information is a major resource for any enterprise. From the time information is created to the very moment it is destroyed, IT plays a major role. IT technologies are becoming more and more advanced and have played pivotal roles in the development in enterprises, along with the social, public, and business environments. COBIT 5 assists enterprises in creating optimal value from IT by maintaining a positive balance between benefit realization and optimizing risk levels. A very important facet enables IT to be governed and managed in a holistic fashion, taking into account the full end-to-end business and IT areas of responsibility while considering the interests of internal and external stakeholders.
COBIT 5 for Information Security has a number of enablers that are suppose to be implemented throughout the enterprise environment. Working in a small company I was assisting the chief security officer with determining what specific enablers we could implement in our enterprise. Generally speaking, the size of the enterprise will determine what enablers will be implemented. The enablers are basically factors that individually determine whether something will work. In this sense, we are talking about governance and management. The enablers are:
- Principles, Policies, and Frameworks
- Processes
- Organizational Structures
- Culture, Ethics, and Behavior
- Information
- Services, Infrastructure, and Applications
- People, Skills, and Competencies
The official COBIT 5 dossier which is extremely lengthy gives broad practical applications to every enterprise. The practical applications are able to be molded to fit any enterprises operations. The way we were able to implement these applications at my company were through evaluating what weaknesses the enterprise had and where we could make it stronger.
I was specifically tasked by my security manager to draft an enablers summary which specifically outlined all the enablers along with potential issues that could be addressed for improvement. Issues were very broad through all the enablers and included problems related to access controls, data management and storage methods, the need to better communicate goals and results with stakeholders (internal and external), and the need for better and more specific policies and procedures. This proved to be a very interesting and fascinating experience for me. I got exposed to a wide array of different enterprise goals and processes, while trying to help them improve efficiency. At the end of the project we had achieved our goals. Enterprise processes were improved and data governance and management had improved by leaps and bounds. Data policies outlining sharing and retention were drafted. Any errors and mistakes in enterprise processes were now able to be traceable to individuals who were guilty in committing the mistake.
For more information about COBIT 5 for InfoSec, I highly recommend taking a look at Orbus Software’s tutorials about COBIT 5 for InfoSec. —-> COBIT 5 Orbus Software
hammad yousuf 