Cobit 5 For Information Security

COBIT 5 provides a comprehensive framework that assists enterprises in achieving their objectives for the governance and management of enterprise IT. COBIT 5 enables IT to be governed and managed in a holistic manner for the entire enterprise, taking into account the full end-to-end business and IT functional areas of responsibility, considering IT-related interests of internal and external stakeholders.

Written for IT service managers, consultants and other practitioners in IT governance, risk and compliance, this practical book discusses all the key concepts of COBIT®5, and explains how to direct the governance of enterprise IT (GEIT) using the COBIT®5 framework. The book also covers the main frameworks and standards supporting GEIT, discusses the ideas of enterprise and governance, and shows the path from corporate governance to the governance of enterprise IT.

Information is a key resource for all enterprises. From the time information is created to the moment it is destroyed, technology plays a significant role in containing, distributing and analysing information. Technology is increasingly advanced and has become pervasive in enterprises and the social, public and business environments.

The cost and frequency of cybersecurity incidents are on the rise, is your enterprise keeping pace? The numbers of threats, risk scenarios and vulnerabilities have grown exponentially. Cybersecurity has evolved as a new field of interest, gaining political and societal attention. Given this magnitude, the future tasks and responsibilities associated with cybersecurity will be essential to organizational survival and profitability. This publication applies the COBIT 5 framework and its component publications to transforming cybersecurity in a systemic way. First, the impacts of cybercrime and cyberwarfare on business and society are illustrated and put in context. This section shows the rise in cost and frequency of security incidents, including APT attacks and other threats with a critical impact and high intensity. Second, the transformation addresses security governance, security management and security assurance. In accordance with the lens concept within COBIT 5, these sections cover all elements of the systemic transformation and cybersecurity improvements.

"This practical guidance was created for enterprises using or considering using cloud computing. It provides a governance and control framework based on COBIT 5 and an audit program using COBIT 5 for Assurance. This information can assist enterprises in assessing the potential value of cloud investments to determine whether the risk is within the acceptable level. In addition, it provides a list of publications and resources that can help determine if cloud computing is the appropriate solution for the data and processes being considered."--

Building on the COBIT 5 framework, this guide focuses on assurance and provides more detailed and practical guidance for assurance professionals and other interested parties at all levels of the enterprise on how to use COBIT 5 to support a variety of IT assurance activities.

Featuring numerous case examples from companies around the world, this second edition integrates theoretical advances and empirical data with practical applications, including in-depth discussion on the COBIT 5 framework which can be used to build, measure and audit enterprise governance of IT approaches. At the forefront of the field, the authors of this volume draw from years of research and advising corporate clients to present a comprehensive resource on enterprise governance of IT (EGIT). Information technology (IT) has become a crucial enabler in the support, sustainability and growth of enterprises. Given this pervasive role of IT, a specific focus on EGIT has arisen over the last two decades, as an integral part of corporate governance. Going well beyond the implementation of a superior IT infrastructure, enterprise governance of IT is about defining and embedding processes and structures throughout the organization that enable boards and business and IT people to execute their responsibilities in support of business/IT alignment and value creation from their IT-enabled investments. Featuring a variety of elements, including executive summaries and sidebars, extensive references and questions and activities (with additional materials available on-line), this book will be an essential resource for professionals, researchers and students alike