Parent Framework: COBIT 2019
Domain: Align Plan and Organise
Define, operate and monitor an information security management system.
Keep the impact and occurrence of information security incidents within the enterprise’s risk appetite levels.
APO13.01 Establish and maintain an information security management
Establish and maintain an information security management system (ISMS) that provides a standard, formal and continuous approach to information security management, enabling secure technology and business processes that are aligned with business requirements.
APO13.02 Define and manage an information security and privacy risk
Maintain an information security plan that describes how information security risk is to be managed and aligned with enterprise strategy and enterprise architecture. Ensure that recommendations for implementing security improvements are based on approved business cases, implemented as an integral part of services and solutions development, and operated as an integral part of business operation.
APO13.03 Monitor and review the information security management
Maintain and regularly communicate the need for, and benefits of, continuous improvement in information security. Collect and analyse data about the information security management system (ISMS), and improve its effectiveness. Correct nonconformities to prevent recurrence.
Information security SCTY
The selection, design, justification, implementation and operation of controls and management strategies to maintain the security, confidentiality, integrity, availability, accountability and relevant compliance of information systems with legislation, regulation and relevant standards.
Be the first to leave a review.