What do you think?
Rate this book
COBIT 5 for Information Security
COBIT 5 for Information Security is a COBIT 5 Professional Guide. It examines COBIT 5 from a security view, placing a security lens over the concepts, enablers and principles within COBIT 5. Appendix B, Detailed Guidance: Processes Enabler is presented in the same format as the tables in COBIT 5: Enabling Processes and provides security-specific process goals and metrics, inputs/outputs, and activities.
COBIT 5 for Information Security is intended for all stakeholders in the enterprise because information security is the responsibility of all enterprise stakeholders. Using it can result in enterprise benefits such as improved risk decisions and cost management related to the information security function.
COBIT 5 for Information Security aims to be an 'umbrella' framework to connect to other information security frameworks, good practices and standards. It describes the pervasiveness of information security throughout the enterprise and provides an overarching framework of enablers. The relevant information security frameworks, good practices and standards need to be adapted to suit specific requirements of the enterprise's specific environment. The reader can then decide, based on the specific needs of the enterprise, which framework or combination of frameworks is best to use, also taking into account the legacy situation in the enterprise, the availability of the framework and other factors. For this, the mapping of COBIT 5 for Information Security to related standards in appendix H will help find a suitable framework according to relevant needs.
COBIT 5 for Information Security is intended for all stakeholders in the enterprise because information security is the responsibility of all enterprise stakeholders. Using it can result in enterprise benefits such as improved risk decisions and cost management related to the information security function.
COBIT 5 for Information Security aims to be an 'umbrella' framework to connect to other information security frameworks, good practices and standards. It describes the pervasiveness of information security throughout the enterprise and provides an overarching framework of enablers. The relevant information security frameworks, good practices and standards need to be adapted to suit specific requirements of the enterprise's specific environment. The reader can then decide, based on the specific needs of the enterprise, which framework or combination of frameworks is best to use, also taking into account the legacy situation in the enterprise, the availability of the framework and other factors. For this, the mapping of COBIT 5 for Information Security to related standards in appendix H will help find a suitable framework according to relevant needs.
220 pages, Paperback
First published January 1, 2012
6 people are currently reading
25 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 2 of 2 reviews
September 14, 2020
So I went back and forth on this book. Alot of the information is contained in COBIT 2019 books so it was very repetitive for me. However, this was written back in the times of COBIT 5 so I did not ding it a star for that. I was not a fan of how it was organized. A book that is 60 pages of content plus 160 pages of Appendix seems like its too much appendix and not enough content.
Appendix C, Detailed Guidance on Organizational Structure was good. Lot of organizations struggle in where the Information Security Role should be, who should it report to, etc. This is good for immature organizations figuring it out.
Appendix H is a complete misnomer. Detailed Mappings. More like general mappings. The mapping to NIST were to broad large categories. I get it, thats fine, but then do not call it Detailed.
The Glossary was good too. Words have meaning and getting an organization to all have the same meaning is important.
Appendix C, Detailed Guidance on Organizational Structure was good. Lot of organizations struggle in where the Information Security Role should be, who should it report to, etc. This is good for immature organizations figuring it out.
Appendix H is a complete misnomer. Detailed Mappings. More like general mappings. The mapping to NIST were to broad large categories. I get it, thats fine, but then do not call it Detailed.
The Glossary was good too. Words have meaning and getting an organization to all have the same meaning is important.
April 21, 2024
Good for study and being example if the governance in trouble
Displaying 1 - 2 of 2 reviews