ITIL2 ITIL 32 2

2 DOMAIN ONE – INFORMATION SECURITY AND RISK MANAGEMENT 27 2.1 EXPECTATIONS FOR CISSP 27 2.2 UNDERSTANDING SECURITY POLICIES, PROCEDURES, STANDARDS, GUIDELINES AND BASELINES 29 2.3 WHAT ARE THE COMPLIANCE FRAMEWORKS? 31 2.3.1 COSO 31 2.3.2 ITIL 32 2.3.3 COBIT 32 2.3.4 ISO 17799 / BS 7799 33 2.4 CHANGING ORGANIZATIONAL BEHAVIOR 35 2.5 RESPONSIBILITIES OF THE INFORMATION SECURITY OFFICER 37 2.6 CREATING AN ENTERPRISE SECURITY OVERSIGHT 3 – – Certification for Information System Security Professional (CISSP) COMMITTEE 39 2.7 WHY SECURITY AWARENESS TRAINING? 42 — 2.3.1 COSO In 1985, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) was formed to sponsor the National Commission on Fraudulent Financial Reporting. 31 – – Certification for Information System Security Professional (CISSP) COSO identified five areas of control necessary for meeting objectives related to financial reporting and objectives.

They are control environment, risk assessment, control activities, information and communication, and monitoring.

Some organizations working toward compliance to SarbanesOxley Section 404 have adopted the COSO internal control model as an audit framework. 2.3.2 ITIL The British governmentís Stationary Office created a set of 34 books between 1989 and 1992 to improve IT service management.

This framework is called the IT Infrastructure Library (ITIL).

It contains best practices for core operational processes such as change, release, and configuration management, problem and incident management, capacity and availability management, and financial management as they pertain to IT service.

ITIL shows how controls can be implemented for these IT process, but are required to be maintained and implemented daily.

Achievement of the ITIL standard is an ongoing process requiring management support and planning. 2.3.3 COBIT The IT Governance Institute published 34 high-level processes called the Control Objectives of Information and related Technology (COBIT).

A total of 214 control 32 – – Certification for Information System Security Professional (CISSP) objectives were created to support these processes.

The COBIT model defines four domains for governance: planning and organization, acquisition and implementation, delivery and support, and monitoring.

Within these domains, processes and IT activities are defined. 2.3.4 ISO 17799 / BS 7799 The ISO 17799/BS 7799 standard has a rich history starting in 1993 and started with the U.K.

Department of Trade and Industry.

In 1999, ISO 17799:2000 became the first international information security management standard by the International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC).

Modified in June 2005, the ISO 17799 standard contains 134 detailed information security controls in 11 areas consisting of:

Read more about 2 ITIL 32 2:

Accredited ITIL Foundation, Intermediate and Expert Certifications

Accredited ITIL Foundation, Intermediate and Expert Certifications, Learn more about ITIL HERE:

ITIL and 2 ITIL 32     2

ITIL - 2 ITIL 32 2

ITIL and 2 ITIL 32     2

ITIL - 2 ITIL 32 2

Categories: News

Related Posts

News

ITIL PREDICTIVE ANALYTICS REPORT

  This ITIL report evaluates technologies and applications in terms of their business impact, adoption rate and maturity level to help users decide where and when to invest. The Predictive Analytics Scores below – ordered Read more…

News

Cybersecurity PREDICTIVE ANALYTICS REPORT

Read online and subscribe to Predictive Analytics Email Updates HERE You can have a say in which analytics you need in which timeframe: simply add your (anonymous) need to the list at https://theartofservice.com/predictive-analytics-topics-reports-urgency and we Read more…

News

Storage Technologies PREDICTIVE ANALYTICS REPORT

  This Storage Technologies report evaluates technologies and applications in terms of their business impact, adoption rate and maturity level to help users decide where and when to invest. This predictive analytics evaluates 36 storage-related Read more…