What is security management with COBIT 2019 and how to apply it
Managed Security Service
DSS05 – Protect company information to maintain the level of information security risk acceptable to the company in accordance with the security policy.
objective
Minimize the business impact of operational information security incidents and vulnerabilities.
Management Practice
DSS05.01 Protect against malicious software.
Implement and maintain preventive, detection and corrective measures (especially up-to-date security patches and virus control) across the enterprise to protect information systems and technology from malicious software (e.g. ransomware, malware, viruses, worms, spyware , spam).
DSS05.02 Manage network security and connectivity.
Use security measures and related management procedures to protect information across all connectivity methods.
DSS05.03 Manage endpoint security.
Ensure that endpoints (eg laptop, desktop, server and other mobile and network devices or software) are secured to a level equal to or greater than the security requirements defined for information processed, stored or transmitted.
DSS05.04 Manage user identity and logical access.
Ensure that all users have access rights to information as per business requirements. Coordinate with business units that manage their own access rights in business processes.
DSS05.05 Manage physical access to I&T assets.
Define and implement procedures (including emergency procedures) for granting, limiting and revoking access to facilities, buildings and areas as required by the business. Access to facilities, buildings and areas must be justified, authorized, recorded and monitored. This requirement applies to all persons entering the premises, including employees, temporary employees, customers, suppliers, visitors or any other third party.
DSS05.06 Manage confidential documents and output devices.
Establish appropriate physical safeguards, accounting practices, and inventory management against sensitive IT assets such as special forms, negotiable instruments, special-purpose printers, or security tokens.
DSS05.07 Manage vulnerabilities and monitor infrastructure for security-related events
Using a portfolio of tools and technologies (eg, intrusion detection tools), manage vulnerabilities and monitor infrastructure for unauthorized access. Ensure that security tools, technologies and detection are integrated into overall event monitoring and incident management.
Skills
SCTY Information Security
The selection, design, justification, implementation and operation of controls and management strategies to maintain security, confidentiality, integrity, availability, accountability and relevant compliance of information systems with relevant legislation, regulations and standards.
PENT Penetration Test
Assessing organizational vulnerabilities through the design and execution of penetration tests that demonstrate how an adversary can subvert the organization's security goals or achieve specific adversary objectives. Penetration testing can be a standalone activity or an aspect of acceptance testing prior to an approval to operate. Identifying deeper insights into the business risks of various vulnerabilities.
Security Administration SCAD
The provision of operational and administrative security management services. It typically includes authorizing and monitoring access to IT facilities or infrastructure, investigating unauthorized access, and complying with relevant legislation.
Translated by 4Matt Technology from the original Process Symphony: Security Service Management–DSS05 (COBIT2019)
Tags: ServiceNow, Snow Software, Software Asset Management, Software Asset Management, SAM, FINOps, ITAM, ITSM, Flexera, Cloud Management governance framework, design factors, contact us, governance structures, it governance, online course , design guide, governance objective, cobit certification 2019, corporate governance, it business, leave a comment, cobit exam 2019, it management, information governance, free materials, isaca released, cobit framework, cobit 2019 benefits, outlet of decisions, developed by isaca, certificate programs, designed to evolve, best practices, capacity levels, microsoft power, information management, control objectives, social networks, foundation bridge, brazilian companies, it professionals, governance components, organizational structures, certification exams, business processes, performance management, governance certification, implementing nist using cobit, ti, power bi, managed ti, design and implementation, governance framework, implementation guides, design factors, cobit implementation, best practices, implementation guide, effective governance, digital transformation, project management, governance strategy, security cybernetics, business objectives, cobit certification, cascade of goals, information technology