4Matt Technology

COBIT 2019: Service Security Management (DSS05)

What is security management with COBIT 2019 and how to apply it

Managed Security Service

DSS05 – Protect company information to maintain the level of information security risk acceptable to the company in accordance with the security policy.


Minimize the business impact of operational information security incidents and vulnerabilities.

Management Practice

DSS05.01 Protect against malicious software.

Implement and maintain preventive, detection and corrective measures (especially up-to-date security patches and virus control) across the enterprise to protect information systems and technology from malicious software (e.g. ransomware, malware, viruses, worms, spyware , spam).

DSS05.02 Manage network security and connectivity.

Use security measures and related management procedures to protect information across all connectivity methods.

DSS05.03 Manage endpoint security.

Ensure that endpoints (eg laptop, desktop, server and other mobile and network devices or software) are secured to a level equal to or greater than the security requirements defined for information processed, stored or transmitted.

DSS05.04 Manage user identity and logical access.

Ensure that all users have access rights to information as per business requirements. Coordinate with business units that manage their own access rights in business processes.

DSS05.05 Manage physical access to I&T assets.

Define and implement procedures (including emergency procedures) for granting, limiting and revoking access to facilities, buildings and areas as required by the business. Access to facilities, buildings and areas must be justified, authorized, recorded and monitored. This requirement applies to all persons entering the premises, including employees, temporary employees, customers, suppliers, visitors or any other third party.

DSS05.06 Manage confidential documents and output devices.

Establish appropriate physical safeguards, accounting practices, and inventory management against sensitive IT assets such as special forms, negotiable instruments, special-purpose printers, or security tokens.

DSS05.07 Manage vulnerabilities and monitor infrastructure for security-related events

Using a portfolio of tools and technologies (eg, intrusion detection tools), manage vulnerabilities and monitor infrastructure for unauthorized access. Ensure that security tools, technologies and detection are integrated into overall event monitoring and incident management.

Cobit 2019 4Matt Tecnologia


SCTY Information Security

The selection, design, justification, implementation and operation of controls and management strategies to maintain security, confidentiality, integrity, availability, accountability and relevant compliance of information systems with relevant legislation, regulations and standards.

PENT Penetration Test

Assessing organizational vulnerabilities through the design and execution of penetration tests that demonstrate how an adversary can subvert the organization's security goals or achieve specific adversary objectives. Penetration testing can be a standalone activity or an aspect of acceptance testing prior to an approval to operate. Identifying deeper insights into the business risks of various vulnerabilities.

Security Administration SCAD

The provision of operational and administrative security management services. It typically includes authorizing and monitoring access to IT facilities or infrastructure, investigating unauthorized access, and complying with relevant legislation.

Translated by 4Matt Technology from the original Process Symphony: Security Service Management–DSS05 (COBIT2019)

Tags: ServiceNow, Snow Software, Software Asset Management, Software Asset Management, SAM, FINOps, ITAM, ITSM, Flexera, Cloud Management governance framework, design factors, contact us, governance structures, it governance, online course , design guide, governance objective, cobit certification 2019, corporate governance, it business, leave a comment, cobit exam 2019, it management, information governance, free materials, isaca released, cobit framework, cobit 2019 benefits, outlet of decisions, developed by isaca, certificate programs, designed to evolve, best practices, capacity levels, microsoft power, information management, control objectives, social networks, foundation bridge, brazilian companies, it professionals, governance components, organizational structures, certification exams, business processes, performance management, governance certification, implementing nist using cobit, ti, power bi, managed ti, design and implementation, governance framework, implementation guides, design factors, cobit implementation, best practices, implementation guide, effective governance, digital transformation, project management, governance strategy, security cybernetics, business objectives, cobit certification, cascade of goals, information technology

Related Posts

Uncovering CMDB: Complete FAQ Guide

In this article, we will explore the world of CMDB (Configuration Management Database), answering the most common questions about this important aspect of IT management. From basic meaning to best practices and its implementation, let's dive into the essential questions related to CMDB. 1. CMDB means? CMDB is the

Read more "

CSDM and ServiceNow: Optimize Service Management!

The Common Service Data Model (CSDM) in ServiceNow is a standardized framework that helps organizations structure and manage their configuration items (CIs), CMDB (Configuration Management Database), and services within the ServiceNow platform. It provides a consistent way to define and relate different aspects of IT services

Read more "

Microsoft SPLA versus BYOL

In the ever-evolving landscape of information technology, cloud computing has established itself as a powerful solution for businesses of all sizes. When moving to the cloud, organizations face the crucial decision of how to manage and license their software. Two common options in this scenario are

Read more "