Parent Framework: COBIT 2019
Domain: Deliver, Service and Support (DSS)
Managed Security Service
Protect enterprise information to maintain the level of information security risk acceptable to the enterprise in accordance with the security policy.
Purpose
Minimize the business impact of operational information security vulnerabilities and incidents.
Management Practice
DSS05.01 Protect against malicious software.
Implement and maintain preventive, detective and corrective measures (especially up-to-date security patches and virus control) across the enterprise to protect information systems and technology from malicious software (e.g., ransomware, malware, viruses, worms, spyware, spam).
DSS05.02 Manage network and connectivity security.
Use security measures and related management procedures to protect information over all methods of connectivity.
DSS05.03 Manage endpoint security.
Ensure that endpoints (e.g., laptop, desktop, server, and other mobile and network devices or software) are secured at a level that is equal to or greater than the defined security requirements for the information processed, stored or transmitted.
DSS05.04 Manage user identity and logical access.
Ensure that all users have information access rights in accordance with business requirements. Coordinate with business units that manage their own access rights within business processes.
DSS05.05 Manage physical access to I&T assets.
Define and implement procedures (including emergency procedures) to grant, limit and revoke access to premises, buildings and areas, according to business need. Access to premises, buildings and areas should be justified, authorized, logged and monitored. This requirement applies to all persons entering the premises, including staff, temporary staff, clients, vendors, visitors or any other third party.
DSS05.06 Manage sensitive documents and output devices.
Establish appropriate physical safeguards, accounting practices and inventory management regarding sensitive I&T assets, such as special forms, negotiable instruments, special-purpose printers or security tokens.
DSS05.07 Manage vulnerabilities and monitor the infrastructure for
security-related events.
Using a portfolio of tools and technologies (e.g., intrusion detection tools), manage vulnerabilities and monitor the infrastructure for unauthorized access. Ensure that security tools, technologies and detection are integrated with general event monitoring and incident management.
Skills
Information security SCTY
The selection, design, justification, implementation and operation of controls and management strategies to maintain the security, confidentiality, integrity, availability, accountability and relevant compliance of information systems with legislation, regulation and relevant standards.
Penetration testing PENT
The assessment of organisational vulnerabilities through the design and execution of penetration tests that demonstrate how an adversary can either subvert the organisation’s security goals or achieve specific adversarial objectives. Penetration testing may be a stand-alone activity or an aspect of acceptance testing prior to an approval to operate. The identification of deeper insights into the business risks of various vulnerabilities.
Security administration SCAD
The provision of operational security management and administrative services. Typically includes the authorisation and monitoring of access to IT facilities or infrastructure, the investigation of unauthorised access and compliance with relevant legislation.