Abstract
A low-level code of practice is presented in this paper to help information security (IS) risk management professionals manage enterprise IS risks effectively and efficiently using COBIT 5 framework1. The proposed code of practice is the result of the experience gained by the authors over years through working with clients in many industries implementing IS risk management using different international standards and frameworks. COBIT 5 is supposed to serve as an umbrella framework that integrates knowledge and practice of many other standards and frameworks. However, COBIT 5, like many other frameworks, lacks detailed guidelines at the low-level activities carried out during IT risk management. This code of practice is proposed to fill in this gap. The recommended guidelines and activities have been successfully used in real-world IS risk management projects.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
