COBIT Forums and Information

.: THE CONTROLIT USER GROUP - Dedicated to Supporting COBIT Users:.
   The Independent Support Group for IT Governance and COBIT
   Welcome Guest! Click here to Create A Free Account. March 10, 2014  
· Trang chủ
· Feedback
· Forums
· Recommend Us
· Search
· Statistics
· Submit News
· Surveys
· Top 10
· Topics
· Web Links
· Your Account

 .:Who's Online
Hiện tại có 100 khách và 4 thành viên đang online.

Bạn là khách. Bạn có thể đăng kí bằng cách nhấn vào đây

 .:COBIT Trademark
COBIT is a trademark of the Information Systems Audit and Control Association and the IT Governance Institute.

ISACA/ITGI does not endorse, approve or sponsor any activities identified on this web site, nor is ISACA/ITGI affiliated in any manner with this web site, the activites hereunder, or the ControlIT User Group.


 .:Security Resources
Security Policies

 .:Page Views
Chúng tôi đã nhận
lượt xem từ Sept 2004

COBIT Forums and Information: Forums

ControlIT User Group: COBIT :: View topic - Cobit Security Policies?
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Cobit Security Policies?

Post new topic   Reply to topic    ControlIT User Group: COBIT Forum Index -> Information Security
View previous topic :: View next topic  
Author Message

PostPosted: Tue Dec 14, 2004 12:59 am    Post subject: Cobit Security Policies? Reply with quote

Are there any 'COBIT Compliant' or maybe 'COBIT aligned' security policies out there? Does anyone know of anything like this?


Frank Jackson
IS Manager
Back to top

PostPosted: Fri Mar 11, 2005 7:48 am    Post subject: Reply: Cobit Security Policies Reply with quote

Sure: My interpretation is whether or not you have a data classification program in place, including a matrix describing data levels and security requirements tied to each level. Data classification is a standard practice in Information Security and used to identify and protect information based upon its sensitivity. Usually the program identifies four (plus or minus) data sensitivity levels from public (least sensitivity) to controlled (highest seneitivity). (The level names are not set, the program designer picks them.) At each level, criteria for classifying data at that level, and the security requirements (file encryption, email encryption, destruction, etc.) are specified in the martix. Data is then compared to the criteria to get a classification and from the resulting classification, security requirements are set. If you have never done it, the concept may seem complex, but once experienced it is rather straight forward. :-{)
Back to top

PostPosted: Fri Mar 11, 2005 7:50 am    Post subject: Whoops Reply with quote

Sorry, Frank. Right answer to the wrong question! Embarassed
Back to top

Joined: Aug 13, 2006
Posts: 7

PostPosted: Mon Aug 14, 2006 12:11 pm    Post subject: Reply with quote

In my company, we aligned CobIT with the security processes in a matrixed fashion. For the security aspect we also incorporated FISMA and FISCAM.

It is proprietary, but I would be happy to speak with you.

Dan Vogel
Back to top
View user's profile Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    ControlIT User Group: COBIT Forum Index -> Information Security All times are GMT + 10 Hours
Page 1 of 1

Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Powered by phpBB 2.0.10 © 2001 phpBB Group
phpBB port v2.1 based on Tom Nitzschner's phpbb2.0.6 upgraded to phpBB 2.0.4 standalone was developed and tested by:
ArtificialIntel, ChatServ, mikem,
sixonetonoffun and Paul Laudanski (aka Zhen-Xjell).

Version 2.1 by Nuke Cops 2003

Forums ©


COBIT trademark of ISACA. Logos & trademarks property of respective owners. Comments property posters. Site 2006 The ControlIT User Group.
Software copyrighted 2005, and is free under GNU and GPL licence. Noc 5/2006
How to make money online