I agree that COBIT addresses potential security threats. During my internship, I had the chance to audit a security company. Their security was extremely tight, staff and visitors had to go through security scans and exchange their identification card for a day pass into the premise as well as Wi-Fi access which will expire every 2 hours. Although social media sites and access to personal email accounts are restricted in the workplace, it recently implemented Bring Your Own Devices so employees could still work outside official hours. This introduces new vulnerabilities into the security environment as attackers may access the employees’ devices should they connect to unencrypted public Wi-Fi networks or had left their Bluetooth on (ISACA, 2014). It also creates a platform for employees to leak out confidential information via their personal devices.
Despite having tight security measures, organisations should be weary of malicious end users using security loopholes to commit cybercrimes and threatening their IT security (Wolden, Valverde, & Talla, 2015). COBIT 5 for Information Security addresses such threats by providing organisations with security-specific guidance to reduce their risk profiles. It requires organisation to have full understanding of the potential risks the possible impact and place effective processes around each risk (Field, 2012). Based on each risk scenario, organisations should make effective decisions on whether they will avoid, mitigate, share/transfer or accept the risk.
(217 words, excluding in-text citations)
Useful Links
Infographic:
Article:
- Goode, A. (2010). Managing mobile security: How are we doing? Network Security,2010(2), 12-15.
YouTube:
References
Wolden, Valverde, & Talla. (2015). The effectiveness of COBIT 5 Information Security Framework for reducing Cyber Attacks on Supply Chain Management System. IFAC PapersOnLine, 48(3), 1846-1852.
Wolden, Valverde, & Talla. (2015). The effectiveness of COBIT 5 Information Security Framework for reducing Cyber Attacks on Supply Chain Management System. IFAC PapersOnLine, 48(3), 1846-1852.
Field, T. (23 July, 2012). COBIT 5 for Security:
What You Need to Know. Retrieved from Bank Info Security: http://www.bankinfosecurity.com/interviews/cobit-5-for-security-what-you-need-to-know-i-1590
ISACA. (2014). Mobile Devices. ISACA Journal,
15-16. Retrieved from
https://www.isaca.org/Journal/archives/2014/Volume-5/Documents/Journal-vol-5-2014.pdf
No comments:
Post a Comment