Download Transforming Cybersecurity: Using COBIT 5 PDF

TitleTransforming Cybersecurity: Using COBIT 5
File Size1.3 MB
Total Pages190
Table of Contents
                            Purpose of This Publication
Introduction
	What Is Cybersecurity?
	Cybercrime and Advanced Persistent Threats (APTs)
	Cyberwarfare
	Other Relevant Threats
	The COBIT 5 Product Family
	Transforming Cybersecurity Using COBIT 5
1.  Impact of Cybercrime and Cyberwarfare on Business  and Society
	Trends and Game Changers
	Business and Organizational Impact
	Individual and Societal Impact
	Legal and Regulatory Impact
2.  Threats, Vulnerabilities and Associated Risk
	Vulnerability and Threat Categorization
	Identifying Systemic Weaknesses
	Integrating Attack and Incident History
	Organizational Risk
		Organizational Design and Structural Risk
		Organizational Governance, Compliance and Control Risk
		Cultural Risk
	Social Risk
		People Risk
		Individual Culture Risk
		Risk Associated With Human Factors
		Emergence Risk
	Technical Risk
		Architecture-related Risk
		Application Layer Risk
		Risk Related to the Operating System Layer
		IT Infrastructure Risk
		Technical Infrastructure Risk
3. Security Governance
	The Business Case
	Governing Cybersecurity Transformation
		Establish Current State
		Define Target State
		Strategic and Systemic Transformation
	Applying COBIT 5 to Cybersecurity Governance
		Evaluate, Direct and Monitor (EDM)
		Align, Plan and Organize (APO)
		Mapping COBIT 5 to Val IT and Risk IT
4. Cybersecurity Management
	Existing Security Controls
	Principles, Policies and Frameworks
		Information Security Principles
		Information Security Policy
		Cybersecurity Policy
		Cybersecurity Management Standard
		Cybersecurity Key Operating Procedures (KOPs)
	Processes
		Security Management Processes
		Security Monitoring Processes
		Continuity-related Processes
	Organizational Structures
	Culture, Ethics and Behavior
		Defining Model Behaviors
		Daily Operations
		Importance of Principles and Policies
		Sufficient and Detailed Guidance
		Accountability
		Stakeholder Awareness of Threats
		Innovation Support
		Business Management Cross-functional Involvement
		Executive Management Recognition
	Information
		Protecting Sensitive Information
		Protecting Personal Information
		Protecting Information in the Cloud
	Services, Infrastructure and Applications
		Security Architecture
		Security Awareness
		Secure Development
		Security Assessments
		Adequately Secured and Configured Systems
		User Access and Access Rights in Line With Business Requirements
		Adequate Protection Against Malware, External Attacks and Intrusion Attempts
		Adequate Incident Response
		Security Testing
		Monitoring and Alert Services for Security-related Events
	People, Skills and Competencies
		Security Management Skills
		End-user Skills
		Cybersecurity Training
5. Cybersecurity Assurance
	Auditing and Reviewing Cybersecurity
		Audit Universe
		Audit Objectives
		Planning and Scoping
		Legal Considerations
		Privacy and Data Protection
		Logging, Data Retention and Archiving
		Audit Data Storage and Archiving
	Cybersecurity Investigation and Forensics
		Investigative Requirements
		Privacy Concerns
		Investigative Approach—Ex Post
		Investigative Approach—Real Time
		Chain of Custody
		E-discovery
6.  Establishing and Evolving Systemic Security
	The Cybersecurity System
	Attack Anatomy
	Mapping Vulnerabilities, Threats and Risk
	Systemic Governance, Management and Assurance
		Identifying Potential Security Improvements
		Targeting Cybersecurity Investments
		Applying COBIT 5 to Systemic Security
7.  Guiding Principles for Transforming Cybersecurity
	Principle 1. Know the potential impact of cybercrime and cyberwarfare.
	Principle 2. Understand end users, their cultural values and their  behavior patterns.
	Principle 3. Clearly state the business case for cybersecurity, and the risk appetite of the enterprise.
	Principle 4. Establish cybersecurity governance.
	Principle 5. Manage cybersecurity using principles and enablers.
	Principle 6. Know the cybersecurity assurance universe and objectives.
	Principle 7. Provide reasonable assurance over cybersecurity.
	Principle 8. Establish and evolve systemic cybersecurity.
Appendix A. Mappings of COBIT 5 and COBIT 5 for Information Security to Cybersecurity
	Processes Enabler Mappings
	Services, Infrastructure and Applications Enabler Mapping
	People, Skills and Competencies Enabler Mapping
Appendix B. Intelligence, Investigation and Forensics in Cybersecurity
Appendix C. Sources
List of Figures
Acronyms
                        

Similer Documents