ISACA and COBIT 5

ISACA and COBIT 51

ISACA and COBIT 5

Introduction

The purpose of this paper is discuss the organizations of Information Systems Audit and Control Association (ISACA) and COBIT 5, “the leading framework for the governance and management of enterprise IT,” (ISACA.org, 2016). This paper will identify best practices presented by these organizations as they relate to developing environmental and security controls in a software development lifecycle.

Best Practices

The DS12 of ISACA and COBIT 5 is meant to manage the physical environment (ISACA.org, 2016). Here is more information:

Protection for computer equipment and personnel requires well-designed and well-managed physical facilities. The process of managing the physical environment includes defining the physical site requirements, selecting appropriate facilities, and designing effective processes for monitoring environmental factors and managing physical access. Effective management of the physical environment reduces business interruptions from damage to computer equipment and personnel (ISACA.org, 2016).

Next, I will discuss the security controls.

Information security management is one very important for IT professionals (ISACA.org, 2016). Here is more information:

According to the American Institute of Certified Public Accountants (AICPA)’s 19thAnnual Top Technology Initiatives survey conducted in 2009, information security management is the most important initiative affecting IT strategy, investment and implementation in business organizations. In light of the fraudulent accounting practices that transpired in the US in the last decade, organizations have recognized the lack of effective information security management as a contributing factor. Information security governance has become a critical concern across all levels of an enterprise because system vulnerability continues to be a pressing risk for organizations, and new threats emerge constantly.

Organizations often rely on enforcing information security policies and implementing controls to safeguard their physical and information assets. The adoption and application of a security framework plays a significant role in information security management. Among the various security frameworks available, ISO 27002Information technology—Security techniques—Code of practice for information security managementis an international standard from the International Organization for Standardization that establishes guiding principles and benchmarks for creating, implementing and sustaining information security management in an organization. ISO 27002 contains a list of control objectives and specific controls that organizations around the world are using as practical guidelines to manage information security. ISO 27002 includes 11 areas of security controls that may be implemented in an organization: security policy management, corporate security management, organizational asset management, human resources security management, physical and environmental security management, communications and operations management, information access control management, information systems security management, information security incident management, business continuity management, and compliance.

Among the various organizational, technological and operational controls outlined in ISO 27002, what security controls are the most commonly implemented? What controls may have been overlooked or deemed less critical? With these questions in mind, this article’s authors surveyed IT auditors to understand the current state of information security controls in organizations. IT auditors were chosen because they are trained to evaluate an organization’s information systems control design and effectiveness, and because they must regularly assess information security controls. Therefore, they are knowledgeable candidates for answering questions regarding an organization’s ability to protect its information assets and properly dispense information to authorized users (ISACA.org, 2016).

Conclusion

The purpose of this paper discussed the organizations of Information Systems Audit and Control Association (ISACA) and COBIT 5, “the leading framework for the governance and management of enterprise IT,” (ISACA.org, 2016). This paper identified best practices presented by these organizations as they relate to developing environmental and security controls in a software development lifecycle.

References

ISACA.org. (2016). Information Systems Audit and Control Association. Chicago, Illinois:

Information Systems Audit and Control Association. Retrieved from: