Effective governance and management of information security is necessary for achieving enterprise objectives. It can help enterprises build resilience and minimize the occurrence and impact of security breaches that can cause reputational damage, legal and regulatory risk, or even threaten their very survival. COBIT Focus Area: Information Security is the highly anticipated first focus area publication to launch under the COBIT 2019 umbrella, fulfilling its promise to make its guidance more flexible and practical to use.
COBIT Focus Area: Information Security serves to extend the COBIT portfolio by building upon best practices shared for the governance and management of information and technology aimed at the whole enterprise through the lens of information security, and details additional metrics and activities that should be considered when implementing or assessing COBIT in the context of information security. The major drivers for the development of this publication include:
- Clarifying the roles of governance and management and showing how they relate to each other
- Providing a clear end-to-end view into distinction within the enterprise and during all process steps between information security governance and information security management practices
- Providing a comprehensive and holistic guidance on information security – not only to processes but to all components in an enterprise, including organization structure, skills, policies, etc.
Stakeholders throughout the enterprise who interact with information security, whether a board director, CISO or business manager will benefit from guidance on:
- Reduced complexity and increased cost-effectiveness due to improved and easier integration and alignment of information security standards, good practices and/or sector-specific guidelines
- Increased stakeholder satisfaction with information security arrangements and outcomes
- Improved integration of information security in the enterprise
- Informed risk decisions and risk awareness
- Improved prevention, detection and recovery
- Reduced (impact and probability of) information security incidents
- Enhanced support for innovation and competitiveness
- Improved management and optimization of costs related to information security
- Better understanding of information security by stakeholders
“COBIT is an open-ended and flexible framework, which allows for easy customization to an organization’s needs,” said Winston Hayden, CISA, CISM, CGEIT, CRISC, Executive Governance and Information Security Advisor, and a developer of the publication. “COBIT Focus Area: Information Security cohesively outlines the benefits of applying good governance techniques in the context of information security, particularly at a time when the significance of information and technology is increasing and the need to mitigate information risk and protect I&T assets is constantly intensifying.”
This focus area publication is comprehensive, providing an overview and description of COBIT roles and organizational structures, COBIT terminology and key concepts including the components of a governance system and COBIT governance and management objectives.
“This new guidance makes COBIT more practical than ever, giving clear guidance on how to govern and manage information security in your organization,” said Nader Qaimari, chief learning officer at ISACA. “Studies show that bad actors have taken advantage of COVID-19 and ramped up attacks on organizations. This guidance will enhance your readiness and resiliency, while at the same time optimizing your budget, in the face of a challenging threat landscape.”
COBIT Focus Area: Information Security is available to ISACA members in a digital format for US $50 and in print for $60. For non-members, the digital format is available for $90 and the print version is $100. The publication is available at www.isaca.org/bookstore/bookstore-cobit_19-print/cb19is.
It joins other available COBIT publications, including: COBIT 2019 Framework: Introduction and Methodology, COBIT 2019 Framework: Governance and Management Objectives (both free downloads for ISACA members), and COBIT 2019 Design Guide: Designing an Information and Technology Governance Solution. Find all COBIT publications at www.isaca.org/resources/cobit. Find additional ISACA resources at www.isaca.org/resources.
For more than 50 years, ISACA® (www.isaca.org) has advanced the best talent, expertise and learning in technology. ISACA equips individuals with knowledge, credentials, education and community to progress their careers and transform their organizations, and enables enterprises to train and build quality teams. ISACA is a global professional association and learning organization that leverages the expertise of its 145,000 members who work in information security, governance, assurance, risk and privacy to drive innovation through technology. It has a presence in 188 countries, including 223 chapters worldwide.