COBIT Security Baseline: An Information. Survival Kit, 2nd Edition. IT Governance Institute. Click here if your download doesn”t start automatically. This login page is the result of either: Taping “Sign In”; Attempting to access content or functionality which requires login (such as a purchase, registration or My. An Information Security Survival Kit IT Governance Institute derived from COBIT : • Board Briefing on IT Governance, 2nd Edition—Designed to help executives.

Author: Akik Grom
Country: Belgium
Language: English (Spanish)
Genre: Life
Published (Last): 24 October 2004
Pages: 320
PDF File Size: 18.77 Mb
ePub File Size: 3.39 Mb
ISBN: 526-1-88023-686-5
Downloads: 53561
Price: Free* [*Free Regsitration Required]
Uploader: Kajijind

These standards include information security management, information security evaluation, authentication and authorisation, etc.

Develop crisis management practices, involving executive management and the board of directors from pre-agreed thresholds onward. Protection is achieved by a combination of technical and nontechnical safeguards. IT Security Standards and Best Practices To facilitate your planning on information security management for your company, we have highlighted some internationally recognised information security standards, guidelines and effective security practices for reference.

What would be the consequences of a serious security incident in terms of lost revenues, lost customers and investor confidence? Distribute sensitive output only to authorised people. Overall, for most computer users the security objective is met when: What information security awareness training has been established and does it appear adequate considering the assessed risks?

Ensure that security is an integral part of the systems development life cycle process and explicitly addressed during each phase of the process. Insist that management make security investments and security improvements measurable, and monitor and report on programme effectiveness.


If basellne is disclosed or altered, could goods or funds be improperly diverted? Packet sniffing A packet sniffer is a program that captures data from information packets as they travel over the network. Include security in job performance appraisals and apply appropriate rewards and disciplinary measures.


Installing baseine packet sniffer does not necessarily require administrator-level access. Is the enterprise clear on its position relative to IT and security risks? What safeguards have been established over systems connected to the Internet to protect the entity from viruses and other attacks? Conduct an annual executive risk brainstorming session, prepared by security and audit professionals internal and externalresulting in actionable conclusions that are followed up on until closure.

Secuity on Conducting Online Businesses and Activities. E-mail spoofing is often an attempt to trick the user into making a damaging statement or releasing sensitive information such as passwords. Being an intermediary for another attack Intruders frequently use compromised computers as launching pads for attacking other systems. Ensure that the technology infrastructure when acquiring properly supports automated security practices.

Has management set up an independent audit of information security? Because many chat clients allow for the exchange of executable code, they present risks similar to those of e-mail clients. Is management prepared to recover from a major security incident?

Is it given periodically to all staff? Implementing technical safeguards can be more complex and expensive; therefore, proven products from reputable suppliers should always be used and, if necessary, experts should be called on for advice.

Could business revenues or profits be lost if information is disclosed, wrong or lost? Control Objective Acquire and maintain technology infrastructure Consider security Ensure that there is a measurable and management-transparent security strategy based on benchmarking, maturity models, gap analysis, and continuous performance monitoring and reporting.


COBIT Security Baseline

The related documents are obtainable through the hyperlinks provided below. CIOs, CFOs, information security managers, auditors, and those involved in corporate and information technology IT governance are often overwhelmed by the many international standards and guidance for managing the IT function.

Ensure that access control and connectivity rules for internal and external users have been implemented, based on business needs and risks. Other examples include Downloader MySis.

Medias this blog was made to help people to easily download or read PDF files. Documents Flashcards Grammar checker. Mobile devices may pose greatest threat to confidential information Mobile devices pose a significant threat in leaking confidential enterprise information, reveals an ISACA white paper.

Do not run programs of unknown origin and be aware that when thinking of sending them on to others—however appealing they may be—they may contain malicious software. Please ask a representative to contact me.

The amount of effort applied to implementing a safe and secure working environment should be based on how much of an impact a security problem could have at home or at work.