ISACA's Guide to COBIT 5 for Information Security
ISACA, the global IT association, recently released COBIT 5 for Information Security - new guidance aimed at helping security leaders use the COBIT framework to reduce their risk profile and add value to their organizations. Join two ISACA leaders for an insider's look at how to use COBIT 5 for Information Security to:
- Link information security with organizational strategic goals;
- Create the appropriate governance and management framework;
- Comply with the ever-growing number of relevant laws, regulations and contractual requirements.
Information is the currency of the 21st century enterprise. As such, effectively securing information is critical. To help enterprises with this challenging mission, global IT association ISACA has developed COBIT 5 for Information Security, which builds upon COBIT 5. COBIT is used by enterprises in all industries and all geographies to create trust in and value from information systems.
Among the major drivers for the development of COBIT 5 for Information Security:
- The need to describe information security in an enterprise context, including all aspects that lead to effective governance and management of information security, such as organizational structures, policies and culture.
- An ever-increasing need for the enterprise to maintain information risk at an acceptable (and regulatory compliant) level and to protect information against unauthorized disclosure, unauthorized or inadvertent modifications, and possible intrusions - all while containing the cost of IT services and technology protection.
- The need to link together all major ISACA research, frameworks and guidance, with a primary focus on Business Management for Information Security (BMIS) and COBIT.
COBIT 5 for Information Security is designed for all stakeholders of information security, from the business to IT. Leading this session are two ISACA executives, Christos K. Dimitriadis, International Vice President, and Robert E Stroud, member of the ISACA Strategic Advisory Council. They will share insights on how to use this new guidance to:
- View information security as a business enabler as well as a risk management tool;
- Ensure effective governance by combining several different standards and good practices under a common framework, avoiding overlaps and additional complexity and cost;Understand and assess the relation between information security and corporate culture;
- Ensure that services and systems are continuously available to internal and external stakeholders.