COBIT Security Baseline: An Information. Survival Kit, 2nd Edition. IT Governance Institute. Click here if your download doesn”t start automatically. This login page is the result of either: Taping “Sign In”; Attempting to access content or functionality which requires login (such as a purchase, registration or My. An Information Security Survival Kit IT Governance Institute derived from COBIT : • Board Briefing on IT Governance, 2nd Edition—Designed to help executives.

Author: Yojind Jukora
Country: Costa Rica
Language: English (Spanish)
Genre: Politics
Published (Last): 16 October 2004
Pages: 129
PDF File Size: 17.43 Mb
ePub File Size: 17.19 Mb
ISBN: 639-9-42213-617-4
Downloads: 8535
Price: Free* [*Free Regsitration Required]
Uploader: Bralrajas


The guide is focused on a generic methodology xobit implementing IT governance, covering the following subjects: The COBIT conceptual framework is thus extended with a more specific implementation focus that is further presented in the control practices.

In total, the tables contain 39 steps toward better information security. Cyber attacks, insider threats, social media hacking: Is there clear accountability about who carries it out? For example, the Melissa virus spread baselien because it originated from a familiar address. Domains covered by such rules include privacy, retention of information, minimal system protection requirements and attestation requirements.

Ensure that there is a regularly updated and assets are complete inventory of the IT hardware and appropriately software configuration. These standards secyrity management, web services, security of cloud computing, etc. Does it determine what the consequences securiity be if the infrastructure became inoperable?

Ensure that physical protections e. Other computer platforms may be vulnerable and the user needs to monitor vulnerability reports and maintain the system. When was the last time an information security audit was performed? Establish rules for authorising changes and for evaluating their security impact.


Hard disk crashes are a common cause of data loss on personal computers. Software problems One of the most common problems when using computers is software, i. Does the risk assessment consider what information assets are subject to laws and regulations?

Consider how to protect physically transportable storage devices. Test the system or major change against 4. When depending on computers to do business, sign up for onsite support and ensure the availability of an on-call facility should anything go wrong. Therefore, security protection must keep pace with these changes.

Identify and monitor sources for keeping up to date with security patches and implement those appropriate for the enterprise infrastructure. Conduct information security audits based cobt a clear process and accountabilities, with management tracking the closure of recommendations.

IT Governance Institute – ISACA News Archive | ITWeb

Physically secure the IT facilities and assets, 7. Insist that management make security investments and security improvements measurable, and monitor and report on programme effectiveness. Cross-site scripting A malicious web developer may attach a script to something sent to a web site, such as a URL, an element in a form or a database inquiry. There is no sense in turning on the house alarm and leaving the back door open.

Billions of IT investment dollars continue to be wasted each year due to poor alignment, oversight and control of information technology IT. Implementing technical safeguards can be more complex and expensive; therefore, proven products from reputable suppliers should securitg be used and, if necessary, experts should be called on for advice.

  CP1W - TS102 PDF

Ensure that risks of dependency on security service providers have been assessed and mitigated. New guide aligning Cobit 4.

COBIT Security Baseline

Run security responsiveness programmes and conduct frequent penetration tests. Have there been intrusions? Overall, for most computer users the security objective is met when: Gaps in security are usually caused by: Guidelines on Conducting Online Businesses and Activities Electronic Secruity Ordinance — This Ordinance concerns the legal status of electronic records and digital signatures used in electronic transactions as that of their paper-based counterparts.

Threats include errors and omissions, fraud, accidents and intentional damage. It is designed to be brief, simple, straightforward and practical, with minimum theory.

Leverage their knowledge and experience for internal use. Electronic Secueity Ordinance — This Ordinance concerns the legal status of electronic records and digital signatures used in electronic transactions as that of their paper-based counterparts.

Unprotected Windows networking shares Intruders can exploit unprotected Windows networking shares in an automated way to place tools on large numbers of Windows-based computers attached to the Internet. It provides good practices across a domain and process framework and presents activities in a manageable and logical structure.

Review this in conjunction with implementing the security baseline in chapter 4.