Introduction to COBIT Security Baseline

COBIT安全基线

An Introduction

Introduction to COBIT Security Baseline

http://www.77cn.com.cn

COBIT 4.1© 1996 - 2007 ITGI All rights reserved

Roger Southgate

COBIT安全基线

COBIT Security Baseline Structure48 Pages

Page 16 - 22

http://www.77cn.com.cn

COBIT 4.1© 1996 - 2007 ITGI All rights reserved

Roger Southgate

COBIT安全基线

The Challenge of Growing Expectations and Emerging Vulnerabilities vs Organisational Capability

http://www.77cn.com.cn

COBIT 4.1© 1996 - 2007 ITGI All rights reserved

Roger Southgate

COBIT安全基线

http://www.77cn.com.cn

COBIT 4.1© 1996 - 2007 ITGI All rights reserved

Roger Southgate

COBIT安全基线

INTERNAL CONTROLBusiness Controls

Business Processes

Application Controls Generic Process Controlshttp://www.77cn.com.cn

Business Applications

IT Resources and ProcessesCOBIT 4.1© 1996 - 2007 ITGI All rights reserved

General IT ControlsRoger Southgate5

COBIT安全基线

Basic CobiT Principledrive the investments in

which responds to

Business Requirements

Enterprise Information

IT Resources

to deliver

IT Processes

that are used by

http://www.77cn.com.cn

COBIT 4.1© 1996 - 2007 ITGI All rights reserved

Roger Southgate

COBIT安全基线

COBIT Security Baseline Structure48 Pages

Page 16 - 22

http://www.77cn.com.cn

COBIT 4.1© 1996 - 2007 ITGI All rights reserved

Roger Southgate

COBIT安全基线

The COBIT Security Baseline– 44 StepsPlan and OrganiseDefine the security strategy and the information architecture Define the IT Organisation and relationships Communicate management aims and direction Manage IT human resources Assess and manage IT risks

10 steps

Acquire and ImplementIdentify automated solutions Acquire and maintain application technology infrastructure Enable operation and use Manage changes Install and accredit solutions and changes

10 steps

http://www.77cn.com.cn

COBIT 4.1© 1996 - 2007 ITGI All rights reserved

Roger Southgate

COBIT安全基线

The COBIT Security Baseline– 44 StepsDeliver and SupportDefine and manage service levels Manage third-party services Ensure continuous service Manage the configuration Manage data Manage the physical environment

21 steps

Monitor and EvaluateMonitor and evaluate IT performance– assess internal control adequacy Obtain independent assurance Ensure regulatory compliance

3 steps

http://www.77cn.com.cn

COBIT 4.1© 1996 - 2007 ITGI All rights reserved

Roger Southgate

COBIT安全基线

Assess and Manage IT RisksISO/IEC 27002:2005 COBIT 4.1

8

Regularly discuss with key staff (from business and IT management) where and when security problems can adversely impact business objectives and how to protect against them. Prepare a risk management action plan to address all risks according to business risk. Establish staff understanding of the need for responsiveness and consider cost-effective means to manage the identified security risks through security controls (e.g., backup, access control, virus protection, firewalls) and insurance coverage.

4.1

PO2: 2.3 PO9: 9.1, 9.2, 9.3, 9.4 PO9: 9.5, 9.6 PO7: 7.4 AI1: 1.1, 1.2 PO9: 9.5

9 10

4.2

4.1, 4.2, 6.1,

8.2

http://www.77cn.com.cn

COBIT 4.1© 1996 - 2007 ITGI All rights reserved

Roger Southgate

COBIT安全基线

Assessment

Sample of how you can use it

http://www.77cn.com.cn

COBIT 4.1© 1996 - 2007 ITGI All rights reserved

Roger Southgate

COBIT安全基线

Planning the ActionsSample of how you can use it

http://www.77cn.com.cn

COBIT 4.1© 1996 - 2007 ITGI All rights reserved

Roger Southgate

COBIT安全基线

COBIT Security Baseline Structure48 Pages

Page 16 - 22

http://www.77cn.com.cn

COBIT 4.1© 1996 - 2007 ITGI All rights reserved

Roger Southgate

COBIT安全基线

Six Information Security Survival KitsSpecific Information Security Risks 6 Boards of Directors/ Trustees 9 Questions to Ask+ 7 Items to Action

6 Senior Executives 13 Questions to Ask+ 7 Items to Action 6 Executives 13 Questions to Ask+ 17 Items to Action 6 Managers 38 Conditions to Check 5 Professional Users 10“Dos” and 10“Don’ts” 7 Home Users 15 Non Technical Precautions+7 Technicalhttp://www.77cn.com.cn COBIT 4.1© 1996 - 2007 ITGI All rights reserved Roger Southgate14

COBIT安全基线

Information Security Survival KitsSelection of Security precautions for Non-technical Home Users Obtain guidance from qualified and reputable advisors (certified technicians) from time to time to ensure that the computer installation has no significant security flaws. If you depend on computers to do business, sign up for onsite support and ensure the availability of an on-call facility should anything go wrong. Obtain reputable security software. Protection packages can be obtained from all PC software dealers that include all the main functions necessary, e.g., antivirus, spyware, firewall and content filtering. If needed, use a specialist to ensure proper installation. Sign up for automatic updates and maintenance on the security software to ensure that the protection is current and up to date. Do not open unknown e-mail attachments, and be aware that e-mail addresses can be faked. Let the security software check all e-mails and follow the advice given by the tool. Install only official, up-to-date operating systems, security software and applications; avoid installing anything that …… 此处隐藏：4328字，全部文档内容请下载后查看。喜欢就下载吧 ……