Skip to Main Content
Online exclusive! Receive a free e-book when you purchase a training course or toolkit online - for a limited time only!
COBIT® 5 for Information Security

COBIT® 5 for Information Security

SKU: 4172
Publishers: ISACA
Format: Softcover
Availability: In Stock

The official ISACA guide to information security using the COBIT 5 framework

This professional guide from ISACA® covers the implementation og the COBIT® 5 framework on IT governance and management in an enterprise context

Buy now, pay later! Enjoy the benefits of paying by purchase order with an IT Governance corporate account.  Apply online today or call our service centre team on 00 800 48 484 484.

Price: 70,00 €

Responsibility for information security lies with all enterprise stakeholders, not just CISOs, ISMs and other information security professionals. COBIT 5 for Information Security therefore is aimed at all levels, and details how COBIT 5 can be used as an umbrella framework to link information security frameworks, best practices and standards to secure the organisation's information assets.

In this manual you will be shown how the relevant frameworks, best practices and standards for information security can be adapted to form a cohesive framework using COBIT 5. COBIT 5 is mapped to International Standards and relevant frameworks in the appendix to the book to aid this process.

COBIT 5 for Information Security offers:

  • an up-to-date view on governance, providing the most up-to-date view on information security governance and management through alignment with COBIT 5, ISO/IEC 38500 and other IT governance initiatives. COBIT 5 for Information Security aligns with other major frameworks, standards and models such as the ISO/IEC 27000 series, the Information Security Forum (ISF) Standard of Good Practice, and BMIS.
  • a clear distinction between governance and management. COBIT 5 clarifies the role of governance and management and provides a clear distinction between them, with a revised process model reflecting this distinction and showing how they relate to each other.
  • an end-to-end view. COBIT 5 for Information Security is a process model that integrates both business and IT functional responsibilities, providing a clear distinction between information security governance and information security management practices, outlining responsibilities at various levels of the enterprise, encompassing all process steps from beginning to end.
  • holistic guidance. The COBIT 5 for Information Security framework brings together comprehensive and holistic guidance on information, structures, culture, policies and their interdependence.


Executive Summary
Target Audience
Conventions Used and Overview

Section I. Information Security
Chapter 1. Information Security Defined
Chapter 2. COBIT 5 Principles
2.1 Overview
2.2 Principle 1. Meeting Stakeholder Needs
2.3 Principle 2. Covering the Enterprise End-to-end
2.4 Principle 3. Applying a Single, Integrated Framework
2.5 Principle 4. Enabling a Holistic Approach
2.6 Principle 5. Separating Governance From Management

Section II. Using COBIT 5 Enablers for Implementing Information Security in Practice
Chapter 1. Introduction
1.1 The Generic Enabler Model
1.2 Enabler Performance Management
1.3 COBIT 5 for Information Security and Enablers
Chapter 2. Enabler: Principles, Policies and Frameworks
2.1 Principles, Policies and Framework Model
2.2 Information Security Principles
2.3 Information Security Policies
2.4 Adapting Policies to the Enterprise’s Environment
2.5 Policy Life Cycle
Chapter 3. Enabler: Processes
3.1 The Process Model
3.2 Governance and Management Processes
3.3 Information Security Governance and Management Processes
3.4 Linking Processes to Other Enablers
Chapter 4. Enabler: Organisational Structures
4.1 Organisational Structures Model
4.2 Information Security Roles and Structures
4.3 Accountability Over Information Security
Chapter 5. Enabler: Culture, Ethics and Behaviour
5.1 Culture Model
5.2 Culture Life Cycle
5.3 Leadership and Champions
5.4 Desirable Behaviour
Chapter 6. Enabler: Information
6.1 Information Model
6.2 Information Types
6.3 Information Stakeholders
6.4 Information Life Cycle
Chapter 7. Enabler: Services, Infrastructure and Applications
7.1 Services, Infrastructure and Applications Model
7.2 Information Security Services, Infrastructure and Applications
Chapter 8. Enabler: People, Skills and Competencies
8.1 People, Skills and Competencies Model
8.2 Information Security-related Skills and Competencies

Section III. Adapting COBIT 5 for Information Security to the Enterprise Environment
Chapter 1. Introduction
Chapter 2. Implementing Information Security Initiatives
2.1. Considering the Enterprise’s Information Security Context
2.2. Creating the Appropriate Environment
2.3. Recognising Pain Points and Trigger Events
2.4. Enabling Change
2.5. A Life Cycle Approach
Chapter 3. Using COBIT 5 for Information Security to Connect Other Frameworks, Models, Good Practices and Standards

Appendix A. Detailed Guidance: Principles, Policies and Frameworks Enabler
A.1 Information Security Principles
A.2 Information Security Policy
A.3 Specific Information Security Policies Driven by the Information Security Function
A.4 Specific Information Security Policies Driven by Other Functions Within the Enterprise
Appendix B. Detailed Guidance: Processes Enabler
B.1 Evaluate, Direct and Monitor (EDM)
B.2 Align, Plan and Organise (APO)
B.3 Build, Acquire and Implement (BAI)
B.4 Deliver, Service and Support (DSS)
B.5 Monitor, Evaluate and Assess (MEA)
Appendix C. Detailed Guidance: Organisational Structures Enabler
C.1 Chief Information Security Officer
C.2 Information Security Steering Committee
C.3 Information Security Manager
C.4 Enterprise Risk Management Committee
C.5 Information Custodians/Business Owners
Appendix D. Detailed Guidance: Culture, Ethics and Behaviour Enabler
D.1 Behaviours
D.2 Leadership
Appendix E. Detailed Guidance: Information Enabler
E.1 Information Security Stakeholders Template
E.2 Information Security Strategy
E.3 Information Security Budget
E.4 Information Security Plan
E.5 Policies
E.6 Information Security Requirements
E.7 Awareness Material
E.8 Information Security Review Reports
E.9 Information Security Dashboard
Appendix F. Detailed Guidance: Services, Infrastructure and Applications Enabler
F.1 Security Architecture
F.2 Security Awareness
F.3 Secure Development
F.4 Security Assessments
F.5 Adequately Secured and Configured Systems, Aligned With Security Requirements and Security Architecture
F.6 User Access and Access Rights in Line With Business Requirements
F.7 Adequate Protection Against Malware, External Attacks and Intrusion Attempts
F.8 Adequate Incident Response
F.9 Security Testing
F.10 Monitoring and Alert Services for Security-related Events
Appendix G. Detailed Guidance: People, Skills and Competencies Enabler
G.1 Information Security Governance
G.2 Information Security Strategy Formulation
G.3 Information Risk Management
G.4 Information Security Architecture Development
G.5 Information Security Operations
G.6 Information Assessment and Testing and Compliance
Appendix H. Detailed Mappings



Customer Reviews

(0# of Ratings:)
This website uses cookies. View our cookie policy.