Skip to Main Content
Select regional store:
Special offer! Get a free e-book when you purchase a training course online before 30 September!
COBIT® 5 for Information Security

COBIT® 5 for Information Security

SKU: 4172
Publishers: ISACA
Format: Softcover
Published: 01 Jan 0001
Availability: In Stock

The official ISACA guide to information security using the COBIT 5 framework.

This professional guide from ISACA® covers the implementation of the COBIT® 5 framework on IT governance and management in an enterprise context

Price: $80.00

Responsibility for information security lies with all enterprise stakeholders, not just CISOs, ISMs and other information security professionals. COBIT 5 for Information Security therefore is aimed at all levels, and details how COBIT 5 can be used as an umbrella framework to link information security frameworks, best practices, and standards to secure the organization's information assets.

In this manual you will be shown how the relevant frameworks, best practices, and standards for information security can be adapted to form a cohesive framework using COBIT 5.

COBIT 5 is mapped to International Standards and relevant frameworks in the appendix to the book to aid this process.

COBIT 5 for Information Security offers:

  • An up-to-date view on governance, providing the most up-to-date view on information security governance and management through alignment with COBIT 5, ISO/IEC 38500 and other IT governance initiatives. COBIT 5 for Information Security aligns with other major frameworks, standards, and models such as the ISO/IEC 27000 series, the Information Security Forum (ISF) Standard of Good Practice, and BMIS
  • A clear distinction between governance and management. COBIT 5 clarifies the role of governance and management and provides a clear distinction between them, with a revised process model reflecting this distinction and showing how they relate to each other
  • An end-to-end view. COBIT 5 for Information Security is a process model that integrates both business and IT functional responsibilities, providing a clear distinction between information security governance and information security management practices, outlining responsibilities at various levels of the enterprise, encompassing all process steps from beginning to end
  • Holistic guidance. The COBIT 5 for Information Security framework brings together comprehensive and holistic guidance on information, structures, culture, policies, and their interdependence

Full contents

Executive Summary

Target Audience
Conventions Used and Overview

Section I. Information Security

Chapter 1. Information Security Defined
Chapter 2. COBIT 5 Principles
2.1 Overview
2.2 Principle 1. Meeting Stakeholder Needs
2.3 Principle 2. Covering the Enterprise End-to-end
2.4 Principle 3. Applying a Single, Integrated Framework
2.5 Principle 4. Enabling a Holistic Approach
2.6 Principle 5. Separating Governance From Management

Section II. Using COBIT 5 Enablers for Implementing Information Security in Practice

Chapter 1. Introduction
1.1 The Generic Enabler Model
1.2 Enabler Performance Management
1.3 COBIT 5 for Information Security and Enablers
Chapter 2. Enabler: Principles, Policies, and Frameworks
2.1 Principles, Policies, and Framework Model
2.2 Information Security Principles
2.3 Information Security Policies
2.4 Adapting Policies to the Enterprise’s Environment
2.5 Policy Life Cycle
Chapter 3. Enabler: Processes
3.1 The Process Model
3.2 Governance and Management Processes
3.3 Information Security Governance and Management Processes
3.4 Linking Processes to Other Enablers
Chapter 4. Enabler: Organizational Structures
4.1 Organizational Structures Model
4.2 Information Security Roles and Structures
4.3 Accountability Over Information Security
Chapter 5. Enabler: Culture, Ethics and Behaviour
5.1 Culture Model
5.2 Culture Life Cycle
5.3 Leadership and Champions
5.4 Desirable Behaviour
Chapter 6. Enabler: Information
6.1 Information Model
6.2 Information Types
6.3 Information Stakeholders
6.4 Information Life Cycle
Chapter 7. Enabler: Services, Infrastructure and Applications
7.1 Services, Infrastructure, and Applications Model
7.2 Information Security Services, Infrastructure, and Applications
Chapter 8. Enabler: People, Skills, and Competencies
8.1 People, Skills, and Competencies Model
8.2 Information Security-related Skills and Competencies

Section III. Adapting COBIT 5 for Information Security to the Enterprise Environment

Chapter 1. Introduction
Chapter 2. Implementing Information Security Initiatives
2.1. Considering the Enterprise’s Information Security Context
2.2. Creating the Appropriate Environment
2.3. Recognizing Pain Points and Trigger Events
2.4. Enabling Change
2.5. A Life Cycle Approach
Chapter 3. Using COBIT 5 for Information Security to Connect Other Frameworks, Models, Good Practices and Standards


Appendix A. Detailed Guidance: Principles, Policies, and Frameworks Enabler
A.1 Information Security Principles
A.2 Information Security Policy
A.3 Specific Information Security Policies Driven by the Information Security Function
A.4 Specific Information Security Policies Driven by Other Functions Within the Enterprise
Appendix B. Detailed Guidance: Processes Enabler
B.1 Evaluate, Direct, and Monitor (EDM)
B.2 Align, Plan, and Organize (APO)
B.3 Build, Acquire, and Implement (BAI)
B.4 Deliver, Service, and Support (DSS)
B.5 Monitor, Evaluate, and Assess (MEA)
Appendix C. Detailed Guidance: Organizational Structures Enabler
C.1 Chief Information Security Officer
C.2 Information Security Steering Committee
C.3 Information Security Manager
C.4 Enterprise Risk Management Committee
C.5 Information Custodians/Business Owners
Appendix D. Detailed Guidance: Culture, Ethics and Behaviour Enabler
D.1 Behaviours
D.2 Leadership
Appendix E. Detailed Guidance: Information Enabler
E.1 Information Security Stakeholders Template
E.2 Information Security Strategy
E.3 Information Security Budget
E.4 Information Security Plan
E.5 Policies
E.6 Information Security Requirements
E.7 Awareness Material
E.8 Information Security Review Reports
E.9 Information Security Dashboard
Appendix F. Detailed Guidance: Services, Infrastructure, and Applications Enabler
F.1 Security Architecture
F.2 Security Awareness
F.3 Secure Development
F.4 Security Assessments
F.5 Adequately Secured and Configured Systems, Aligned With Security Requirements and Security Architecture
F.6 User Access and Access Rights in Line With Business Requirements
F.7 Adequate Protection Against Malware, External Attacks, and Intrusion Attempts
F.8 Adequate Incident Response
F.9 Security Testing
F.10 Monitoring and Alert Services for Security-related Events
Appendix G. Detailed Guidance: People, Skills and Competencies Enabler
G.1 Information Security Governance
G.2 Information Security Strategy Formulation
G.3 Information Risk Management
G.4 Information Security Architecture Development
G.5 Information Security Operations
G.6 Information Assessment and Testing and Compliance
Appendix H. Detailed Mappings



Customer Reviews

stars out of 5
(0# of Ratings:)
This website uses cookies. View our cookie policy