COBIT Security Baseline: An Information. Survival Kit, 2nd Edition. IT Governance Institute. Click here if your download doesn”t start automatically. This login page is the result of either: Taping “Sign In”; Attempting to access content or functionality which requires login (such as a purchase, registration or My. An Information Security Survival Kit IT Governance Institute derived from COBIT : • Board Briefing on IT Governance, 2nd Edition—Designed to help executives.

Author: Mizuru Zulubei
Country: Guatemala
Language: English (Spanish)
Genre: Sex
Published (Last): 12 February 2004
Pages: 487
PDF File Size: 2.17 Mb
ePub File Size: 1.62 Mb
ISBN: 607-3-77064-888-4
Downloads: 56164
Price: Free* [*Free Regsitration Required]
Uploader: Juhn

For example, integrity of management information is especially important to a business that relies on critical editiom decisions, and integrity of an online purchase is very important to the home user doing Internet shopping. Identify and monitor sources for keeping up to date with security patches and implement those appropriate for the enterprise infrastructure.

IT Governance Institute News Archive

Would the board members recognise a security incident when they saw one? Because site security on the Internet is interdependent, a compromised computer not only creates problems for the computer’s owner, but it is also a threat to other sites on the Internet. Ensure that applicable cobir measures have been identified and implemented e.

Information Security Survival Kit 4— Executives Ediition control practices provide the more detailed how and why needed by management, service providers, end users and control professionals to implement highly specific controls based on an analysis of operational and IT risks.

Turn off the computer or disconnect it from the network when it is not in use. To 2d and print the downloaded document, you need to use an Adobe Acrobat Reader. Has management identified all information customer data, strategic plans, research results, etc. Many e-mail programs use the same code as web browsers to display HTML. The objective of information security is protecting the interests of those relying on information and the systems and communications that deliver the information from harm resulting from failures of availability, confidentiality and integrity.


Use accounts that have system administrator rights only in special situations, such as when installing software or configuring your system. Figure 8—Security Precautions for the Nontechnical Home User Obtain guidance from time to time from qualified and reputable advisors certified technicians to ensure that the computer installation has no significant security flaws. The impact of the Internet and the growth of the networked economy have added the need for trust in electronic transactions.

Quickstart provides a baseline for control over IT in small to medium enterprises SMEs and other entities where IT is less strategic and not as critical for survival. Many recent viruses use these social engineering techniques to spread. Control Objective Ensure systems security Eition that all What safeguards have been established over the physical security of computer assets and do they appear adequate?

Paul Dorey, director, digital business security, BP Plc. Ensure that the information security strategy pragmatically measures risks and seeks to cost-effectively mitigate risk at an acceptable level with minimal business disruptions. Executives reveal their top IT problems in global IT governance survey Insufficient IT staff availability, service delivery issues and difficulty proving the value of information technology IT continue to plague executives at organisations around the world, according to a new report by the non-profit, baselin IT Governance Institute ITGI.

Software problems One of the most common problems when using computers is software, i.

Control transactions to ensure input, processing, their authenticity and that they vaseline be storage and repudiated. Is the process to keep management informed on security issues by the information security officer adequate?

How does the organisation detect security incidents? Please ask a representative to contact me. Install only official, up-to-date operating systems and applications; avoid installing anything that is not needed. IT Security Guidelines — This document elaborates on the policy requirements and sets the implementation standard on the security requirements specified in the Baseline IT Security Policy. Consistently communicate and regularly discuss the basic rules for implementing security requirements and responding to security incidents.


How many attacks did the enterprise suffer last year? A packet sniffer installed on any cable modem user’s computer in a neighborhood may be able to capture data transmitted by any other cable modem in the same neighborhood.

Installing a packet sniffer does not necessarily require administrator-level access. Regularly assess vulnerabilities through monitoring system weaknesses using Computer Emergency Readiness Team CERT 1 bulletins, intrusion and stress testing, and testing of contingency plans.

Figure 9—Security Precautions for the Technically Editkon Home User Ensure that the virus protection software is configured correctly and keep it up to date, automatically, if possible. This guide focuses on the specific risk of IT security in a way that is simple to follow and implement for the home user or the user in small to medium enterprises, as well as for the executives and board members of ocbit organisations.

On the other hand, these developments have bsaeline new opportunities for information technologyrelated problems to occur, such as theft of data, malicious attacks using viruses, hacking, denialof-service DoS attacks and even new ways to commit organised crime.

COBIT Security Baseline

Is the material editiom in the step security baseline a comprehensive baaeline to better information security? How often and with what impact? Where appropriate, ensure that competent external resources have reviewed the information security control mechanisms, and assessed compliance with laws, regulations and contractual obligations relative to information security.

New guide aligning Cobit 4. What safeguards have been established over systems connected to the Internet to protect the entity from viruses and other attacks? What would be the consequences of a serious security incident in terms of lost revenues, lost customers and investor confidence?