220 , ~100 .

"Processes Enabler" (37 )

1.

Executive Summary

2. ( )

~5 .

~6 . COBIT5
Ch.1. IS defined

Meeting Stakeholder Needs

1.

3. ,

Covering the Enterprise End-to-end

2.

Section I. IS

Applying a Single, Integrated Framework

3.

Ch.2. COBIT5 Principles

Enabling a Holistic Approach

4.

...

,
COBIT5 for IS

4.

Separating Governance From Management

5.

5.

6.

Section II. Using COBIT 5 Enablers for

Implementing IS in Practice

~27 . 7 Enablers

Section III. Adapting COBIT 5 for IS to

the Enterprise Environment

~8 .

7.
1. APO13 Manage Securit
2. DSS05 Manage Security Services

1
Appendix A-G

Detailed Guidance 7 Enabler (~140 .)

1. EDM03 Ensure Risk Optimization

1. ISO 27001 / ISO 27002

2. APO09 Manage Service Agreements

3. APO12 Manage Risk

Appendix H. Detailed Mappings

2. The ISF 2011 Standard of Good Practice for Information Security

NIST SP 800-53A Revision 1. "Guide for Assessing the Information
3. Security Controls in Federal Information Systems and Organisations"

4. BAI04 Manage Availability and Capacity

5. BAI06 Manage Changes

Acronyms / Glossary

6. BAI08 Manage Knowledge

7. BAI09 Manage Assets
8. BAI010 Manage Configuration
9. DSS02 Manage Service Requests and Incidents

2
Confidentiality means preserving authorised
restrictions on access and disclosure, including means
for protecting privacy and proprietary information.

COBIT 5
( )

10. DSS03 Manage Problems

Information security - Ensures that within the enterprise,

information is protected against disclosure to unauthorised
users (confidentiality), improper modification (integrity) and
non-access when required (availability).

11. DSS04 Manage Continuity

12. ...

Integrity means guarding against improper

information modification or destruction, and includes
ensuring information non-repudiation and authenticity.
Availability means ensuring timely and reliable access to
and use of information.

all stakeholders of information security

1. Principles, Policies and Frameworks

CISOs

Evaluate, Direct and Monitor

,

Governance

ISMs
other IS professionals

Reduced complexity and increased cost-effectiveness due to improved

and easier integration of information security standards, good practices
and/or sector-specific guidelines

, " " /
1.

Align, Plan and Organise

,
Build, Acquire and Implement
,

2. Processes
Management

Deliver, Service and Support

,

Increased user satisfaction with information security arrangements and outcomes

2.

COBIT5 for IS
http://80na20.blogspot.com/

Improved integration of information security in the enterprise

3.

Monitor, Evaluate and Assess

,

Informed risk decisions and risk awareness

4.

3. Organisational Structures

Benefits
(Using COBIT5 for IS)

/ " "

4. Culture, Ethics and Behaviour

Reduced (impact of) information security incidents

6.
Enhanced support for innovation and competitiveness
7.

Stakeholders

Improved prevention, detection and recovery

5. ,

5. Information

Improved management of costs related to the information security function

8. ,

Information life Cycle

Better understanding of information security

9.

6. Services, Infrastructure and Applications

7. People, Skills and Competencies

IS is practiced in daily operations

1.
People respect the importance of IS policies and principles
2. .
People are provided with sufficient and detailed IS guidance and are encouraged
to participate in and challenge the current IS situation
" "
3. ,
Everyone is accountable for the protection of information within the enterprise
4.
Stakeholders are aware of how to identify and respond
to threats to the enterprise

5.

IS Culture and Behavior

Generic enablers model

Management proactively supports and anticipates new IS innovations

and communicates this to the enterprise. The enterprise is receptive
to account for and deal with new IS challenges
6.
Business management engages in continuous cross-functional
collaboration to allow for efficient and effective IS programmes

7.
Executive management recognises the business value of IS
8.

mm draft COBIT for IS.mmap - 31.08.2012 -