DS05 Ensure systems security

focuses on	defining IT security policies, plans and procedures monitoring, detecting, reporting and resolving security vulnerabilities and incidents
is controlled by	DS05.01 Management of IT Security Manage IT security at the highest appropriate organisational level, so the management of security actions is in line with business requirements. DS05.02 IT Security Plan Translate business, risk and compliance requirements into an overall IT security plan, taking into consideration the IT infrastructure and the security culture. Ensure that the plan is implemented in security policies and procedures together with appropriate investments in services, personnel, software and ... DS05.03 Identity Management Ensure that all users (internal, external and temporary) and their activity on IT systems (business application, IT environment, system operations, development and maintenance) are uniquely identifiable. Enable user identities via authentication mechanisms. Confirm that user access rights to systems and data are ... DS05.04 User Account Management Address requesting, establishing, issuing, suspending, modifying and closing user accounts and related user privileges with a set of user account management procedures. Include an approval procedure outlining the data or system owner granting the access privileges. These procedures should apply for all ... DS05.05 Security Testing, Surveillance and Monitoring Test and monitor the IT security implementation in a proactive way. IT security should be reaccredited in a timely manner to ensure that the approved enterprise´s information security baseline is maintained. A logging and monitoring function will enable the early prevention and/or ... DS05.06 Security Incident Definition Clearly define and communicate the characteristics of potential security incidents so they can be properly classified and treated by the incident and problem management process. DS05.07 Protection of Security Technology Make security-related technology resistant to tampering, and do not disclose security documentation unnecessarily. DS05.08 Cryptographic Key Management Make security-related technology resistant to tampering, and do not disclose security documentation unnecessarily.Determine that policies and procedures are in place to organise the generation, change, revocation, destruction, distribution, certification, storage, entry, use and archiving of cryptographic keys to ensure the protection of ... DS05.09 Malicious Software Prevention, Detection and Correction Put preventive, detective and corrective measures in place (especially up-to-date security patches and virus control) across the organisation to protect information systems and technology from malware (e.g., viruses, worms, spyware, spam). DS05.10 Network Security Use security techniques and related management procedures (e.g., firewalls, security appliances, network segmentation, intrusion detection) to authorise access and control information flows from and to networks. DS05.11 Exchange of Sensitive Data Exchange sensitive transaction data only over a trusted path or medium with controls to provide authenticity of content, proof of submission, proof of receipt and non-repudiation of origin.
is part of	Deliver and Support (DS) is concerned with the actual delivery of required services, which includes service delivery, management of security and continuity, service support for users, and management of data and operational facilities.
can be mapped from	Payment Card Industry Data Security Standard ein Regelwerk im Zahlungsverkehr, das sich auf die Abwicklung von Kreditkartentransaktionen bezieht und von allen wichtigen Kreditkartenorganisationen unterstützt wird; Handelsunternehmen und Dienstleister, die Kreditkarten-Transaktionen speichern, übermitteln, oder abwickeln, müssen die Regelungen erfüllen. Halten sie sich nicht daran, können Strafgebühren verhängt, Einschränkungen ausgesprochen, oder ... [06.6] Information security management Objective: To manage information security effectively within all service activities.
supports	Account for and protect all IT assets. Ensure that IT services and infrastructure can properly resist and recover from failures due to error, deliberate attack or disaster Ensure that automated business transactions and information exchanges can be trusted Ensure that critical and confidential information is withheld from those who should not have access to it Maintain the integrity of information and processing infrastructure

Lernen Sie mehr über DS05 Ensure systems security in einer unserer Schulungen:

CobiT Basic Practitioner Schulung

Haben Sie Fragen zu diesem Thema? Oder können wir sonst etwas für Sie tun? Unsere Experten stehen Ihnen gerne zur Verfügung:

schreiben Sie uns

Dies ist ein Teil des Body of Service Knowledge der Continental Software GmbH, zusammengetragen aus den Best Practices der ITIL und CobiT und PMBOK Frameworks, der ISO 20000 Norm, sowie aus eigener Erfahrung.

© Continental Software GmbH; ITIL® und IT Infrastructure Library® sind eingetragene Warenzeichen des Office of Government Commerce (OGC). COBIT® ist eingetragenes Warenzeichen der Information Systems Audit and Control Association (ISACA). ISO® ist eingetragenes Warenzeichen der International Organization for Standardization. PMI und PMBOK sind eingetragene Marken des Project Management Institute, Inc. Andere hier erwähnte Inhalte, Produkt- oder Firmennamen können die Warenzeichen ihrer jeweiligen Eigentümer sein.