COBIT Security Baseline: An Information. Survival Kit, 2nd Edition. IT Governance Institute. Click here if your download doesn”t start automatically. This login page is the result of either: Taping “Sign In”; Attempting to access content or functionality which requires login (such as a purchase, registration or My. An Information Security Survival Kit IT Governance Institute derived from COBIT : • Board Briefing on IT Governance, 2nd Edition—Designed to help executives.

Author: Yogore Gagul
Country: Suriname
Language: English (Spanish)
Genre: Marketing
Published (Last): 23 June 2016
Pages: 329
PDF File Size: 20.51 Mb
ePub File Size: 6.44 Mb
ISBN: 999-9-91122-681-1
Downloads: 49388
Price: Free* [*Free Regsitration Required]
Uploader: Mishura

Power failure and surges Power problems e. Ensure that the organisation is not dependent on one individual for any key security task i. Prepare a risk management action cobt to address the most significant risks. Document procedures and maintaining and train staff.

No other right or permission is granted with respect to this work. Ensure that physical protections e.

COBIT helps meet these multiple needs of management by bridging the gaps among business risks, control needs and technical issues. Ensure that incident management coit are defined and in effect to ensure that relevant security incidents access control violations, viruses, illegal use of software, hacking, etc.

For large enterprises, protection will be a major task with a layered series of safeguards such as physical security measures, background checks, user identifiers, passwords, smart cards, biometrics and firewalls.

Liite 5. Standardit

New guide aligning Cobit 4. Paul Dorey, director, digital business security, BP Plc.

It is designed to be brief, simple, straightforward and practical, with minimum theory. If you need to open an unknown e-mail attachment, save it and scan it with the antivirus ediiton possibly disconnect from the network—before opening. Consider using software backup tools. Require a report of security progress and issues for the audit committee. The option is enabled by default, but a user may choose to disable this option to have file extensions displayed by Windows.


Has management identified all information customer data, strategic plans, research results, etc. WebTrust program — Under this program, a WebTrust seal at the website means the baesline is complied to WebTrust principles including, on-line privacy, security, business practices and transaction integrity, availability and WebTrust for Certification Authorities.

COBIT Security Baseline

Figure 21—Accidents Disk failure Availability is one of the three key elements of information. Conduct information security audits based on a clear process and accountabilities, with management tracking the closure of recommendations.

ISACA also sponsors international conferences, publishes the Information Systems Control Journal, and develops international information systems auditing and control standards. Many recent abseline use these social engineering techniques to spread. Subject data to a variety of controls to check data remain for integrity accuracy, completeness and complete, accurate validity during input, processing, storage and and valid during distribution.

Insist that management make security investments and security improvements measurable, and monitor and report on programme effectiveness. However, implementing good security does not necessarily mean investing large amounts of time or expense. Would the board members recognise a security incident when they saw one?

Consider testing how the security after sufficient functions integrate with existing systems. Ensure that critical business processes and supporting infrastructures are resilient to failure. Recognising the need for better security guidance, this booklet has been developed to provide essential advice and practical tools to help protect computer users from these risks.


Baseeline off the computer or disconnect it from the network when it is not in use. Unprotected Windows networking shares Intruders can exploit unprotected Windows networking shares in an automated way to place tools on large numbers of Windows-based computers attached to the Internet. Summary of Technical Security Risks Regulatory compliance is top concern in The survey shows that there is a growing focus on enterprise-based IT management and IT governance.


Do not run programs of unknown origin and be aware that when thinking of sending them on to others—however appealing they may be—they may contain malicious software.

Gaps in security are usually caused by: Electronic Secueity Ordinance — This Ordinance concerns the legal status of electronic records and digital signatures used in electronic transactions as that of their paper-based counterparts.

What would be the consequences? Ensure that information security is part of the overall IT life cycle. Common mitigation methods include using surge suppressors and uninterruptible power supplies UPS. The organisation’s white paper details how the increasing popularity of mobile devices poses a significant threat.