4Matt Technology

(DSS) Deliver, Serve and Support

COBIT 2019: Service Security Management (DSS05)

What is security management with COBIT 2019 and how to apply DSS05 Managed Security Service – Protect company information to maintain the level of information security risk acceptable to the company in accordance with the security policy. Objective Minimize the business impact of operational information security incidents and vulnerabilities. Management Practice DSS05.01 Protect against malicious software. Implement and maintain preventative, detection, and corrective measures (especially updated security patches and virus control) across the enterprise to protect information systems and technology against malicious software (e.g., ransomware, malware, viruses, worms, spyware , spam). DSS05.02 Manage network security and connectivity. Use security measures and related management procedures to protect information across all connectivity methods. DSS05.03 Manage endpoint security. Ensure that endpoints (e.g., laptop, desktop, server, and other mobile and network devices or software) are secured to a level equal to or greater than the security requirements defined for information processed, stored, or transmitted. DSS05.04 Manage user identity and logical access. Ensure all users have access rights to information in accordance with business requirements. Coordinate with business units that manage their own access rights across business processes. DSS05.05 Manage physical access to I&T assets. Define and implement procedures (including emergency procedures) to grant, limit and revoke access to facilities, buildings and areas, according to business needs. Access to facilities, buildings and areas must be justified, authorized, recorded and monitored. This requirement applies to all persons entering the premises, including employees, temporary staff, customers, suppliers, visitors or any other third party. DSS05.06 Manage confidential documents and output devices. Establish appropriate physical safeguards, accounting practices, and inventory management regarding sensitive IT assets such as special forms, negotiable instruments, special-purpose printers, or security tokens. DSS05.07 Manage vulnerabilities and monitor infrastructure for security-related events Using a portfolio of tools and technologies (e.g., intrusion detection tools), manage vulnerabilities and monitor infrastructure for unauthorized access. Ensure security tools, technologies, and detection are integrated into overall event monitoring and incident management. Skills Information security SCTY The selection, design, justification, implementation and operation of controls and management strategies to maintain the security, confidentiality, integrity, availability, accountability and relevant compliance of information systems with relevant legislation, regulations and standards . PENT Penetration Testing The assessment of organizational vulnerabilities through the design and execution of penetration tests that demonstrate how an adversary can subvert the organization's security goals or achieve specific adversary objectives. Penetration testing can be a stand-alone activity or an aspect of acceptance testing prior to an approval to operate. Identifying deeper insights into the business risks of various vulnerabilities. SCAD security administration The provision of operational and administrative security management services. Typically includes authorizing and monitoring access to IT facilities or infrastructure, investigating unauthorized access and complying with relevant legislation. Translated by 4Matt Technology from the original Process Symphony: Security Service Management–DSS05 (COBIT2019) Tags: ServiceNow, Snow Software, Software Asset Management, Software Asset Management, SAM, FINOps, ITAM, ITSM, Flexera, Cloud Management governance framework, design factors, contact us, governance structures, it governance, online course, design guide, governance objective, cobit certification 2019, corporate governance, it business, leave a comment, cobit exam 2019, it management, IT governance information, free materials, isaca launched, cobit framework, benefits of cobit 2019, decision making, developed by isaca, certificate programs, designed to evolve, best practices, capacity levels, microsoft power, information management, control objectives, social networks, foundation bridge, brazilian companies, it professionals, governance components, organizational structures, certification exams, business processes, performance management, governance certification, implementing nist using cobit, it market, power bi, managed it, design and implementation, governance framework, implementation guides, design factors, cobit implementation, best practices, implementation guide, effective governance, digital transformation, project management, governance strategy, cybersecurity, business objectives, certification cobit, goal cascade, information technology

Read more "

COBIT 2019: Delivery, Service and Support (DSS)

DSS: (Deliver, service and support) is a pillar of the COBIT framework and consists of the following structure: 01 Managed Operations 02 Managed Service Requests and Incidents 03 Managed Problems 04 Managed Continuity 05 Managed Security Services 06 Managed Business Process Controls DSS01 : Managed Operations Coordinate and execute the activities and operational procedures required to provide internal and outsourced IT services. Include execution of predefined standard operating procedures and required monitoring activities. Deliver operational results of IT products and services as planned. DSS02: Managed Service Requests and Incidents Provide timely and effective response to user requests and resolution of all types of incidents. Restore normal service; record and respond to user requests; and record, investigate, diagnose, escalate and resolve incidents. Achieve greater productivity and minimize disruptions by quickly resolving user queries and incidents. Assess the impact of changes and handle service incidents. Resolve user requests and restore service in response to incidents. DSS03: Problems managed Identify and classify problems and their root causes. Provide timely resolution to prevent recurring incidents. Provide recommendations for improvements. Increase availability, improve service levels, reduce costs, improve convenience and customer satisfaction by reducing the number of operational problems and identify root causes as part of problem resolution. DSS04: Managed Continuity Establish and maintain a plan to enable businesses and IT organizations to respond to incidents and quickly adapt to disruptions. This will enable continuous operations of critical business processes and required I&T services and maintain the availability of resources, assets and information at a level acceptable to the enterprise. Adapt quickly, continue business operations, and maintain resource and information availability at a level acceptable to the business in the event of a significant disruption (e.g., threats, opportunities, demands). DSS05: Managed Security Services Protect corporate information to maintain the level of information security risk acceptable to the company in accordance with the security policy. Establish and maintain information security roles and access privileges. Perform security monitoring. Minimize the business impact of operational information security vulnerabilities and incidents. DSS06: Managed Business Process Controls Define and maintain appropriate business process controls to ensure that information related to and processed by internal or outsourced business processes meets all relevant information control requirements. Identify relevant information control requirements. Manage and operate appropriate input, throughput, and output controls (application controls) to ensure that information processing and information satisfies these requirements. Maintain the integrity of information and the security of information assets processed within the company's business processes or in its outsourced operation. Translated by 4Matt Technology from the original Process Symphony: Deliver, Service and Support (COBIT 2019) Tags: design factors, contact us, governance structures, it governance, online course, design guide, governance objective, cobit certification, corporate governance , it business, leave a comment, cobit exam, it management, information governance, free materials, isaca launched, cobit structure, cobit benefits, decision making, developed by isaca, Brazilian companies, designed to evolve, IT management information, best practices, capability levels, microsoft power, control objectives, certificate programs, stakeholders, social networks, foundation bridge, it professionals, governance components, cobit implementation, performance management, certification exams, certification in governance, implementation guides, design factors, implementing nist using cobit, IT market, power bi, managed IT, design and implementation, governance framework, governance strategy, cybersecurity, best practices, implementation guide, effective governance , waterfall of goals, structures, organizational, digital transformation, business objectives, information technology, cobit certification, project management, risk management

Read more "