Securing an IT Organization through Governance, Risk Management, and Audit
1st Edition
Published on 30. September 2020
Book
Paperback/Softback
368 pages
978-0-367-65865-6 (ISBN)
Description
Past events have shed light on the vulnerability of mission-critical computer systems at highly sensitive levels. It has been demonstrated that common hackers can use tools and techniques downloaded from the Internet to attack government and commercial information systems. Although threats may come from mischief makers and pranksters, they are more likely to result from hackers working in concert for profit, hackers working under the protection of nation states, or malicious insiders.
Securing an IT Organization through Governance, Risk Management, and Audit introduces two internationally recognized bodies of knowledge: Control Objectives for Information and Related Technology (COBIT 5) from a cybersecurity perspective and the NIST Framework for Improving Critical Infrastructure Cybersecurity (CSF). Emphasizing the processes directly related to governance, risk management, and audit, the book provides details of a cybersecurity framework (CSF), mapping each of the CSF steps and activities to the methods defined in COBIT 5. This method leverages operational risk understanding in a business context, allowing the information and communications technology (ICT) organization to convert high-level enterprise goals into manageable, specific goals rather than unintegrated checklist models.
The real value of this methodology is to reduce the knowledge fog that frequently engulfs senior business management, and results in the false conclusion that overseeing security controls for information systems is not a leadership role or responsibility but a technical management task. By carefully reading, implementing, and practicing the techniques and methodologies outlined in this book, you can successfully implement a plan that increases security and lowers risk for you and your organization.
Securing an IT Organization through Governance, Risk Management, and Audit introduces two internationally recognized bodies of knowledge: Control Objectives for Information and Related Technology (COBIT 5) from a cybersecurity perspective and the NIST Framework for Improving Critical Infrastructure Cybersecurity (CSF). Emphasizing the processes directly related to governance, risk management, and audit, the book provides details of a cybersecurity framework (CSF), mapping each of the CSF steps and activities to the methods defined in COBIT 5. This method leverages operational risk understanding in a business context, allowing the information and communications technology (ICT) organization to convert high-level enterprise goals into manageable, specific goals rather than unintegrated checklist models.
The real value of this methodology is to reduce the knowledge fog that frequently engulfs senior business management, and results in the false conclusion that overseeing security controls for information systems is not a leadership role or responsibility but a technical management task. By carefully reading, implementing, and practicing the techniques and methodologies outlined in this book, you can successfully implement a plan that increases security and lowers risk for you and your organization.
More details
Series
Language
English
Place of publication
London
United Kingdom
Publishing group
Taylor & Francis Ltd
Target group
Professional and scholarly
Academic and Professional Practice & Development
Dimensions
Height: 234 mm
Width: 156 mm
Thickness: 21 mm
Weight
600 gr
ISBN-13
978-0-367-65865-6 (9780367658656)
Copyright in bibliographic data and cover images is held by Nielsen Book Services Limited or by the publishers or by their respective licensors: all rights reserved.
Schweitzer Classification
Other editions
Additional editions
Ken E. Sigler | James L. Rainey III
Securing an IT Organization through Governance, Risk Management, and Audit
Book
01/2016
1st Edition
Auerbach Publishers Inc.
€108.20
Shipment within 15-20 days
Ken E. Sigler | James L. Rainey III
Securing an IT Organization through Governance, Risk Management, and Audit
E-Book
01/2016
1st Edition
Auerbach Publishers Inc.
€65.99
Available for download
Ken E. Sigler | James L. Rainey III
Securing an IT Organization through Governance, Risk Management, and Audit
E-Book
01/2016
1st Edition
Auerbach
€65.99
Available for download
Persons
Ken Sigler is a faculty member of the Computer Information Systems (CIS) program at the Auburn Hills Michigan campus of Oakland Community College and the chair of the Campus Senate. His primary research is in the area of software management, software assurance, and cybersecurity. He has authored several books on the topic of cybersecurity ICT management and developed the college's CIS program option Information Technologies for Homeland Security, which has a recognized relationship with the Committee on National Security Systems. Sigler serves as the liaison for the college as one of three founding members of the International Cybersecurity Education Coalition (ICSEC), which is now the Midwest chapter for CISSE.
James L. Rainey, III, DMIT, is an IT specialist with the U.S. government where he works on technical project documentation within the SDLC. Dr. Rainey holds an MS degree in computer and information systems and did a tour with the Department of Defense where he earned a citation for his work. Dr. Rainey has also worked as a UNIX system administrator, SAP basis administrator, and enterprise and infrastructure architect. Additionally, he worked at Comerica Bank's Data Center in Auburn Hills, Michigan, as a developer and taught at the University of Detroit Mercy's Computer and Information Systems Department for 10 years as an adjunct.
James L. Rainey, III, DMIT, is an IT specialist with the U.S. government where he works on technical project documentation within the SDLC. Dr. Rainey holds an MS degree in computer and information systems and did a tour with the Department of Defense where he earned a citation for his work. Dr. Rainey has also worked as a UNIX system administrator, SAP basis administrator, and enterprise and infrastructure architect. Additionally, he worked at Comerica Bank's Data Center in Auburn Hills, Michigan, as a developer and taught at the University of Detroit Mercy's Computer and Information Systems Department for 10 years as an adjunct.
Content
Cybersecurity Risk Management. Introduction to the Framework for Improving Critical Infrastructure. Identify Function. Protect Function. Detect Function. Respond Function. Recover Function. The COBIT Framework. Decomposition of Framework. Framework Structure's Generic Domains. Decomposition of COBIT 5. COBIT Management Guidelines. COBIT Management Dashboard. What COBIT Sets Out to Accomplish. Internal Audits. Tying It All Together. References.