Abstract
A low-level code of practice is presented in this paper to help information security (IS) risk management professionals manage enterprise IS risks effectively and efficiently using COBIT 5 framework1. The proposed code of practice is the result of the experience gained by the authors over years through working with clients in many industries implementing IS risk management using different international standards and frameworks. COBIT 5 is supposed to serve as an umbrella framework that integrates knowledge and practice of many other standards and frameworks. However, COBIT 5, like many other frameworks, lacks detailed guidelines at the low-level activities carried out during IT risk management. This code of practice is proposed to fill in this gap. The recommended guidelines and activities have been successfully used in real-world IS risk management projects.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
