SlideShare uma empresa Scribd logo

Use of the COBIT Security Baseline

Transferir como PPT, PDF
Barry Caplin
Barry Caplin

Use of the COBIT Security Baseline as a framework for an information security program at a large state agency. Presented at the 2005 MN Govt IT Symposium.

NegóciosTecnologia
1 de 41
COBIT Barry Caplin Chief Information Security Officer Minnesota Department of Human Services Christopher Buse Information Technology Audit Manager Minnesota Office of the Legislative Auditor
Agenda ,[object Object],[object Object],[object Object],[object Object]
About Us ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Information Security Governance Why Adopt a Framework?
Information Security Governance ,[object Object],[object Object],[object Object],[object Object]
Information Security Governance ,[object Object],[object Object],[object Object],[object Object],[object Object]
Information Security Governance ,[object Object],[object Object],[object Object],[object Object],[object Object]
Information Security Governance ,[object Object],[object Object],[object Object],[object Object],[object Object]
Information Security Governance ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Conflict
Information Security Governance Who needs Security Governance? We do!
Industry Best Practice ,[object Object],[object Object],[object Object],[object Object]
The 10000 Foot View Information Security Governance Hierarchy Information Lifecycle Management Compliance Information Policy Information Risk Management Information Security Governance Framework
COBIT What’s it all About?
What is COBIT ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Strengths ,[object Object],[object Object],[object Object],[object Object]
Support ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Information Sources ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Business Focus ,[object Object],[object Object],[object Object],[object Object],[object Object]
COBIT Framework ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Products ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Cost
Still Interested ,[object Object],[object Object],[object Object],[object Object]
COBIT as an Audit Tool Use of the COBIT Framework in the Office of the Legislative Auditor
Planning ,[object Object],[object Object],[object Object]
Reporting ,[object Object],[object Object]
COBIT as a Management Tool Use of the COBIT Security Baseline at the Department of Human Services
MN DHS ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
MN DHS ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
MN DHS ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
MN DHS ,[object Object],[object Object],[object Object],[object Object],[object Object]
COBIT Use in State ,[object Object],[object Object],[object Object]
COBIT and Security ,[object Object],[object Object],[object Object],[object Object],[object Object]
Maturity Model ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Initial Baseline ,[object Object],[object Object],[object Object],[object Object]
Implementation Steps ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Security Baseline Projects ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Security Baseline Projects ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Security Baseline Projects ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Information Lifecycle Management *From http://www.cacr.math.uwaterloo.ca/conferences/2005/psw/gingras.ppt
Supporting Work ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Discussion?

Recomendados

ISO/IEC 27001:2005 naar ISO 27001:2013 Checklist
ISO/IEC 27001:2005 naar ISO 27001:2013 ChecklistISO/IEC 27001:2005 naar ISO 27001:2013 Checklist
ISO/IEC 27001:2005 naar ISO 27001:2013 Checklist
Lloyd's Register Quality Assurance Nederland
 
ISO 27001 (v2013) Checklist
ISO 27001 (v2013) ChecklistISO 27001 (v2013) Checklist
ISO 27001 (v2013) Checklist
Ivan Piskunov
 
Implementing a Security Framework based on ISO/IEC 27002
Implementing a Security Framework based on ISO/IEC 27002Implementing a Security Framework based on ISO/IEC 27002
Implementing a Security Framework based on ISO/IEC 27002
pgpmikey
 
Presentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMPresentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCM
Shantanu Rai
 
Iso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guideIso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guide
mfmurat
 
Iso 27001 2013 Standard Requirements
Iso 27001 2013 Standard RequirementsIso 27001 2013 Standard Requirements
Iso 27001 2013 Standard Requirements
Uppala Anand
 
Whitepaper iso 27001_isms | All about ISO 27001
Whitepaper iso 27001_isms | All about ISO 27001Whitepaper iso 27001_isms | All about ISO 27001
Whitepaper iso 27001_isms | All about ISO 27001
Chandan Singh Ghodela
 
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001
PECB
 

Recomendados

ISO/IEC 27001:2005 naar ISO 27001:2013 Checklist
ISO/IEC 27001:2005 naar ISO 27001:2013 ChecklistISO/IEC 27001:2005 naar ISO 27001:2013 Checklist
ISO/IEC 27001:2005 naar ISO 27001:2013 Checklist
Lloyd's Register Quality Assurance Nederland
 
ISO 27001 (v2013) Checklist
ISO 27001 (v2013) ChecklistISO 27001 (v2013) Checklist
ISO 27001 (v2013) Checklist
Ivan Piskunov
 
Implementing a Security Framework based on ISO/IEC 27002
Implementing a Security Framework based on ISO/IEC 27002Implementing a Security Framework based on ISO/IEC 27002
Implementing a Security Framework based on ISO/IEC 27002
pgpmikey
 
Presentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMPresentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCM
Shantanu Rai
 
Iso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guideIso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guide
mfmurat
 
Iso 27001 2013 Standard Requirements
Iso 27001 2013 Standard RequirementsIso 27001 2013 Standard Requirements
Iso 27001 2013 Standard Requirements
Uppala Anand
 
Whitepaper iso 27001_isms | All about ISO 27001
Whitepaper iso 27001_isms | All about ISO 27001Whitepaper iso 27001_isms | All about ISO 27001
Whitepaper iso 27001_isms | All about ISO 27001
Chandan Singh Ghodela
 
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001
PECB
 
Iso 27001 certification
Iso 27001 certificationIso 27001 certification
Iso 27001 certification
ramya119
 
ISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedureISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedure
Uppala Anand
 
Information Security Management Systems(ISMS) By Dr Wafula
Information Security Management Systems(ISMS) By Dr WafulaInformation Security Management Systems(ISMS) By Dr Wafula
Information Security Management Systems(ISMS) By Dr Wafula
Discover JKUAT
 
ISMS Part I
ISMS Part IISMS Part I
ISMS Part I
khushboo
 
Information System Audit and Control
Information System Audit and ControlInformation System Audit and Control
Information System Audit and Control
Asad Raza
 
Isms
IsmsIsms
Isms
penetration Tester
 
How Does the New ISO 27001 Impact Your IT Risk Management Processes?
How Does the New ISO 27001 Impact Your IT Risk Management Processes?How Does the New ISO 27001 Impact Your IT Risk Management Processes?
How Does the New ISO 27001 Impact Your IT Risk Management Processes?
Lars Neupart
 
Transitioning to iso 27001 2013
Transitioning to iso 27001 2013Transitioning to iso 27001 2013
Transitioning to iso 27001 2013
SAIGlobalAssurance
 
Isms awareness presentation
Isms awareness presentationIsms awareness presentation
Isms awareness presentation
Pranay Kumar
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awareness
Ãsħâr Ãâlâm
 
Iso 27001 Checklist
Iso 27001 ChecklistIso 27001 Checklist
Iso 27001 Checklist
Craig Willetts ISO Expert
 
IT Audit methodologies
IT Audit methodologiesIT Audit methodologies
IT Audit methodologies
genetics
 
Infosec Audit Lecture_4
Infosec Audit Lecture_4Infosec Audit Lecture_4
Infosec Audit Lecture_4
Obrina Candra, CISA, ISMS-LA
 
PECB Certified ISO 27001:2013 Lead Implementer by Kinverg
PECB Certified ISO 27001:2013 Lead Implementer by KinvergPECB Certified ISO 27001:2013 Lead Implementer by Kinverg
PECB Certified ISO 27001:2013 Lead Implementer by Kinverg
Kinverg
 
Iso 27001 2013
Iso 27001 2013Iso 27001 2013
Iso 27001 2013
Magda CHELLY, Ph.D, S-CISO, CISSP®
 
Iso27001 Audit Services
Iso27001 Audit ServicesIso27001 Audit Services
Iso27001 Audit Services
mcloete
 
Iso 27001 2013 clause 6 - planning - by Software development company in india
Iso 27001 2013 clause 6 - planning - by Software development company in indiaIso 27001 2013 clause 6 - planning - by Software development company in india
Iso 27001 2013 clause 6 - planning - by Software development company in india
iFour Consultancy
 
Popular Pitfalls In Isms Compliance
Popular Pitfalls In Isms CompliancePopular Pitfalls In Isms Compliance
Popular Pitfalls In Isms Compliance
Ramkumar Ramachandran
 
ISO 27001:2013 - Changes
ISO 27001:2013 - ChangesISO 27001:2013 - Changes
ISO 27001:2013 - Changes
n|u - The Open Security Community
 
CMMC Certification
CMMC CertificationCMMC Certification
CMMC Certification
ControlCase
 
Alberta's Approach To An Itm Control Framework
Alberta's Approach To An Itm Control FrameworkAlberta's Approach To An Itm Control Framework
Alberta's Approach To An Itm Control Framework
Government Technology Exhibition and Conference
 
Cobit 4.1 - DS2
Cobit 4.1 - DS2Cobit 4.1 - DS2
Cobit 4.1 - DS2
Juliana Maria Lopes
 

Mais conteúdo relacionado

Mais procurados

ISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedureISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedure
Uppala Anand
 
Information Security Management Systems(ISMS) By Dr Wafula
Information Security Management Systems(ISMS) By Dr WafulaInformation Security Management Systems(ISMS) By Dr Wafula
Information Security Management Systems(ISMS) By Dr Wafula
Discover JKUAT
 
Transitioning to iso 27001 2013
Transitioning to iso 27001 2013Transitioning to iso 27001 2013
Transitioning to iso 27001 2013
SAIGlobalAssurance
 
IT Audit methodologies
IT Audit methodologiesIT Audit methodologies
IT Audit methodologies
genetics
 

Mais procurados (20)

Iso 27001 certification
Iso 27001 certificationIso 27001 certification
Iso 27001 certification
 
ISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedureISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedure
 
Information Security Management Systems(ISMS) By Dr Wafula
Information Security Management Systems(ISMS) By Dr WafulaInformation Security Management Systems(ISMS) By Dr Wafula
Information Security Management Systems(ISMS) By Dr Wafula
 
ISMS Part I
ISMS Part IISMS Part I
ISMS Part I
 
Information System Audit and Control
Information System Audit and ControlInformation System Audit and Control
Information System Audit and Control
 
Isms
IsmsIsms
Isms
 
How Does the New ISO 27001 Impact Your IT Risk Management Processes?
How Does the New ISO 27001 Impact Your IT Risk Management Processes?How Does the New ISO 27001 Impact Your IT Risk Management Processes?
How Does the New ISO 27001 Impact Your IT Risk Management Processes?
 
Transitioning to iso 27001 2013
Transitioning to iso 27001 2013Transitioning to iso 27001 2013
Transitioning to iso 27001 2013
 
Isms awareness presentation
Isms awareness presentationIsms awareness presentation
Isms awareness presentation
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awareness
 
Iso 27001 Checklist
Iso 27001 ChecklistIso 27001 Checklist
Iso 27001 Checklist
 
IT Audit methodologies
IT Audit methodologiesIT Audit methodologies
IT Audit methodologies
 
Infosec Audit Lecture_4
Infosec Audit Lecture_4Infosec Audit Lecture_4
Infosec Audit Lecture_4
 
PECB Certified ISO 27001:2013 Lead Implementer by Kinverg
PECB Certified ISO 27001:2013 Lead Implementer by KinvergPECB Certified ISO 27001:2013 Lead Implementer by Kinverg
PECB Certified ISO 27001:2013 Lead Implementer by Kinverg
 
Iso 27001 2013
Iso 27001 2013Iso 27001 2013
Iso 27001 2013
 
Iso27001 Audit Services
Iso27001 Audit ServicesIso27001 Audit Services
Iso27001 Audit Services
 
Iso 27001 2013 clause 6 - planning - by Software development company in india
Iso 27001 2013 clause 6 - planning - by Software development company in indiaIso 27001 2013 clause 6 - planning - by Software development company in india
Iso 27001 2013 clause 6 - planning - by Software development company in india
 
Popular Pitfalls In Isms Compliance
Popular Pitfalls In Isms CompliancePopular Pitfalls In Isms Compliance
Popular Pitfalls In Isms Compliance
 
ISO 27001:2013 - Changes
ISO 27001:2013 - ChangesISO 27001:2013 - Changes
ISO 27001:2013 - Changes
 
CMMC Certification
CMMC CertificationCMMC Certification
CMMC Certification
 

Destaque

Project Risk register
Project Risk registerProject Risk register
Project Risk register
Kashif Mastan
 

Destaque (17)

Alberta's Approach To An Itm Control Framework
Alberta's Approach To An Itm Control FrameworkAlberta's Approach To An Itm Control Framework
Alberta's Approach To An Itm Control Framework
 
Cobit 4.1 - DS2
Cobit 4.1 - DS2Cobit 4.1 - DS2
Cobit 4.1 - DS2
 
Guia de estudo para exame de certificacao do Cobit 4.1 v7
Guia de estudo para exame de certificacao do Cobit 4.1 v7Guia de estudo para exame de certificacao do Cobit 4.1 v7
Guia de estudo para exame de certificacao do Cobit 4.1 v7
 
101 01-f07 assessment checklist - rev 1 - soaf
101 01-f07 assessment checklist - rev 1 - soaf101 01-f07 assessment checklist - rev 1 - soaf
101 01-f07 assessment checklist - rev 1 - soaf
 
Cobit 5 for information security
Cobit 5 for information securityCobit 5 for information security
Cobit 5 for information security
 
ISO 27002
ISO 27002ISO 27002
ISO 27002
 
Enterprise Information Systems Security: A Case Study in the Banking Sector
Enterprise Information Systems Security: A Case Study in the Banking SectorEnterprise Information Systems Security: A Case Study in the Banking Sector
Enterprise Information Systems Security: A Case Study in the Banking Sector
 
Iso 27002-2013
Iso 27002-2013Iso 27002-2013
Iso 27002-2013
 
It governance & cobit 5
It governance & cobit 5It governance & cobit 5
It governance & cobit 5
 
Integrated GRC
Integrated GRCIntegrated GRC
Integrated GRC
 
Risk Analysis using open FAIR and Adoption of right Security Controls
Risk Analysis using open FAIR and Adoption of right Security ControlsRisk Analysis using open FAIR and Adoption of right Security Controls
Risk Analysis using open FAIR and Adoption of right Security Controls
 
Project Risk register
Project Risk registerProject Risk register
Project Risk register
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview
 
Practical Applications of Block Chain Technologies
Practical Applications of Block Chain Technologies Practical Applications of Block Chain Technologies
Practical Applications of Block Chain Technologies
 
Top 10 Essentials for Building a Powerful Security Dashboard
Top 10 Essentials for Building a Powerful Security DashboardTop 10 Essentials for Building a Powerful Security Dashboard
Top 10 Essentials for Building a Powerful Security Dashboard
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management System
 

Semelhante a Use of the COBIT Security Baseline

Security Lifecycle Management
Security Lifecycle ManagementSecurity Lifecycle Management
Security Lifecycle Management
Barry Caplin
 
Gs Us Roadmap For A World Class Information Security Management System– Isoie...
Gs Us Roadmap For A World Class Information Security Management System– Isoie...Gs Us Roadmap For A World Class Information Security Management System– Isoie...
Gs Us Roadmap For A World Class Information Security Management System– Isoie...
Tammy Clark
 
Governance and management of IT.pptx
Governance and management of IT.pptxGovernance and management of IT.pptx
Governance and management of IT.pptx
Prashant Singh
 
Compliance Framework
Compliance FrameworkCompliance Framework
Compliance Framework
barnetdh
 
Using Modelling and Simulation for Policy Decision Support in Identity Manage...
Using Modelling and Simulation for Policy Decision Support in Identity Manage...Using Modelling and Simulation for Policy Decision Support in Identity Manage...
Using Modelling and Simulation for Policy Decision Support in Identity Manage...
gueste4e93e3
 
Solve the exercise in security management.pdf
Solve the exercise in security management.pdfSolve the exercise in security management.pdf
Solve the exercise in security management.pdf
sdfghj21
 
EUCI Mapping Cybersecurity to CIP
EUCI Mapping Cybersecurity to CIPEUCI Mapping Cybersecurity to CIP
EUCI Mapping Cybersecurity to CIP
Scott Baron
 

Semelhante a Use of the COBIT Security Baseline (20)

Security Lifecycle Management
Security Lifecycle ManagementSecurity Lifecycle Management
Security Lifecycle Management
 
Gs Us Roadmap For A World Class Information Security Management System– Isoie...
Gs Us Roadmap For A World Class Information Security Management System– Isoie...Gs Us Roadmap For A World Class Information Security Management System– Isoie...
Gs Us Roadmap For A World Class Information Security Management System– Isoie...
 
Governance and management of IT.pptx
Governance and management of IT.pptxGovernance and management of IT.pptx
Governance and management of IT.pptx
 
Chapter 10 security standart
Chapter 10 security standartChapter 10 security standart
Chapter 10 security standart
 
D1 security and risk management v1.62
D1 security and risk management v1.62D1 security and risk management v1.62
D1 security and risk management v1.62
 
Planning for-and implementing ISO 27001
Planning for-and implementing ISO 27001Planning for-and implementing ISO 27001
Planning for-and implementing ISO 27001
 
gray_audit_presentation.ppt
gray_audit_presentation.pptgray_audit_presentation.ppt
gray_audit_presentation.ppt
 
CISSPills #3.02
CISSPills #3.02CISSPills #3.02
CISSPills #3.02
 
Nine HIPAA Compliance Questions to ask Yourself
Nine HIPAA Compliance Questions to ask YourselfNine HIPAA Compliance Questions to ask Yourself
Nine HIPAA Compliance Questions to ask Yourself
 
Accountability Corbit Overview 06262007
Accountability Corbit Overview 06262007Accountability Corbit Overview 06262007
Accountability Corbit Overview 06262007
 
ISO27001_COBIT_Students.pptx
ISO27001_COBIT_Students.pptxISO27001_COBIT_Students.pptx
ISO27001_COBIT_Students.pptx
 
Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020
 
Developing an Information Security Program
Developing an Information Security ProgramDeveloping an Information Security Program
Developing an Information Security Program
 
Information Systems Security Review 2004
Information Systems Security Review 2004Information Systems Security Review 2004
Information Systems Security Review 2004
 
The Identity Project (Rhys Smith)
The Identity Project (Rhys Smith)The Identity Project (Rhys Smith)
The Identity Project (Rhys Smith)
 
Compliance Framework
Compliance FrameworkCompliance Framework
Compliance Framework
 
Using Modelling and Simulation for Policy Decision Support in Identity Manage...
Using Modelling and Simulation for Policy Decision Support in Identity Manage...Using Modelling and Simulation for Policy Decision Support in Identity Manage...
Using Modelling and Simulation for Policy Decision Support in Identity Manage...
 
Solve the exercise in security management.pdf
Solve the exercise in security management.pdfSolve the exercise in security management.pdf
Solve the exercise in security management.pdf
 
EUCI Mapping Cybersecurity to CIP
EUCI Mapping Cybersecurity to CIPEUCI Mapping Cybersecurity to CIP
EUCI Mapping Cybersecurity to CIP
 
Cobit 41 framework
Cobit 41 frameworkCobit 41 framework
Cobit 41 framework
 

Mais de Barry Caplin

Healing healthcare security
Healing healthcare securityHealing healthcare security
Healing healthcare security
Barry Caplin
 
Dreaded Embedded sec360 5-17-16
Dreaded Embedded sec360 5-17-16Dreaded Embedded sec360 5-17-16
Dreaded Embedded sec360 5-17-16
Barry Caplin
 
Wearing Your Heart On Your Sleeve - Literally!
Wearing Your Heart On Your Sleeve - Literally!Wearing Your Heart On Your Sleeve - Literally!
Wearing Your Heart On Your Sleeve - Literally!
Barry Caplin
 
3 factors of fail sec360 5-15-13
3 factors of fail sec360 5-15-133 factors of fail sec360 5-15-13
3 factors of fail sec360 5-15-13
Barry Caplin
 
Embracing the IT Consumerization Imperitive
Embracing the IT Consumerization ImperitiveEmbracing the IT Consumerization Imperitive
Embracing the IT Consumerization Imperitive
Barry Caplin
 
Embracing the IT Consumerization Imperitive
Embracing the IT Consumerization ImperitiveEmbracing the IT Consumerization Imperitive
Embracing the IT Consumerization Imperitive
Barry Caplin
 
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
Barry Caplin
 
Toys in the office 11
Toys in the office 11Toys in the office 11
Toys in the office 11
Barry Caplin
 

Mais de Barry Caplin (20)

Healing healthcare security
Healing healthcare securityHealing healthcare security
Healing healthcare security
 
It’s not If but When 20160503
It’s not If but When 20160503It’s not If but When 20160503
It’s not If but When 20160503
 
Dreaded Embedded sec360 5-17-16
Dreaded Embedded sec360 5-17-16Dreaded Embedded sec360 5-17-16
Dreaded Embedded sec360 5-17-16
 
It’s not if but when 20160503
It’s not if but when 20160503It’s not if but when 20160503
It’s not if but when 20160503
 
Wearing Your Heart On Your Sleeve - Literally!
Wearing Your Heart On Your Sleeve - Literally!Wearing Your Heart On Your Sleeve - Literally!
Wearing Your Heart On Your Sleeve - Literally!
 
CISOs are from Mars, CIOs are from Venus
CISOs are from Mars, CIOs are from VenusCISOs are from Mars, CIOs are from Venus
CISOs are from Mars, CIOs are from Venus
 
Online Self Defense - Passwords
Online Self Defense - PasswordsOnline Self Defense - Passwords
Online Self Defense - Passwords
 
The CISO Guide – How Do You Spell CISO?
The CISO Guide – How Do You Spell CISO?The CISO Guide – How Do You Spell CISO?
The CISO Guide – How Do You Spell CISO?
 
Bullying and Cyberbullying
Bullying and CyberbullyingBullying and Cyberbullying
Bullying and Cyberbullying
 
3 factors of fail sec360 5-15-13
3 factors of fail sec360 5-15-133 factors of fail sec360 5-15-13
3 factors of fail sec360 5-15-13
 
Tech smart preschool parent 2 13
Tech smart preschool parent 2 13Tech smart preschool parent 2 13
Tech smart preschool parent 2 13
 
Embracing the IT Consumerization Imperative NG Security
Embracing the IT Consumerization Imperative NG SecurityEmbracing the IT Consumerization Imperative NG Security
Embracing the IT Consumerization Imperative NG Security
 
Online Self Defense
Online Self DefenseOnline Self Defense
Online Self Defense
 
Embracing the IT Consumerization Imperitive
Embracing the IT Consumerization ImperitiveEmbracing the IT Consumerization Imperitive
Embracing the IT Consumerization Imperitive
 
Embracing the IT Consumerization Imperitive
Embracing the IT Consumerization ImperitiveEmbracing the IT Consumerization Imperitive
Embracing the IT Consumerization Imperitive
 
Stuff my ciso says
Stuff my ciso saysStuff my ciso says
Stuff my ciso says
 
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
 
Toys in the office 11
Toys in the office 11Toys in the office 11
Toys in the office 11
 
Accidental Insider
Accidental InsiderAccidental Insider
Accidental Insider
 
Teens 2.0 - Teens and Social Networks
Teens 2.0 - Teens and Social NetworksTeens 2.0 - Teens and Social Networks
Teens 2.0 - Teens and Social Networks
 

Último

Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
pujan9679
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
uneakwhite
 
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai KuwaitThe Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
daisycvs
 
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al MizharAl Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
allensay1
 
Mckinsey foundation level Handbook for Viewing
Mckinsey foundation level Handbook for ViewingMckinsey foundation level Handbook for Viewing
Mckinsey foundation level Handbook for Viewing
Nauman Safdar
 

Último (20)

Cannabis Legalization World Map: 2024 Updated
Cannabis Legalization World Map: 2024 UpdatedCannabis Legalization World Map: 2024 Updated
Cannabis Legalization World Map: 2024 Updated
 
HomeRoots Pitch Deck | Investor Insights | April 2024
HomeRoots Pitch Deck | Investor Insights | April 2024HomeRoots Pitch Deck | Investor Insights | April 2024
HomeRoots Pitch Deck | Investor Insights | April 2024
 
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
 
Ooty Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Avail...
Ooty Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Avail...Ooty Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Avail...
Ooty Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Avail...
 
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
Chennai Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Av...
 
Falcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investorsFalcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investors
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with Culture
 
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAIGetting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
 
Arti Languages Pre Seed Teaser Deck 2024.pdf
Arti Languages Pre Seed Teaser Deck 2024.pdfArti Languages Pre Seed Teaser Deck 2024.pdf
Arti Languages Pre Seed Teaser Deck 2024.pdf
 
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptxQSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
 
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGBerhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur 70918*19311 CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
 
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai KuwaitThe Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
 
Falcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business GrowthFalcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business Growth
 
Falcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business PotentialFalcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business Potential
 
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al MizharAl Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
 
Mckinsey foundation level Handbook for Viewing
Mckinsey foundation level Handbook for ViewingMckinsey foundation level Handbook for Viewing
Mckinsey foundation level Handbook for Viewing
 
Phases of Negotiation .pptx
Phases of Negotiation .pptx Phases of Negotiation .pptx
Phases of Negotiation .pptx
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
 
CROSS CULTURAL NEGOTIATION BY PANMISEM NS
CROSS CULTURAL NEGOTIATION BY PANMISEM NSCROSS CULTURAL NEGOTIATION BY PANMISEM NS
CROSS CULTURAL NEGOTIATION BY PANMISEM NS
 

Use of the COBIT Security Baseline

  • 1. COBIT Barry Caplin Chief Information Security Officer Minnesota Department of Human Services Christopher Buse Information Technology Audit Manager Minnesota Office of the Legislative Auditor
  • 2.
  • 3.
  • 4. Information Security Governance Why Adopt a Framework?
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10. Information Security Governance Who needs Security Governance? We do!
  • 11.
  • 12. The 10000 Foot View Information Security Governance Hierarchy Information Lifecycle Management Compliance Information Policy Information Risk Management Information Security Governance Framework
  • 13. COBIT What’s it all About?
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21. Cost
  • 22.
  • 23. COBIT as an Audit Tool Use of the COBIT Framework in the Office of the Legislative Auditor
  • 24.
  • 25.
  • 26. COBIT as a Management Tool Use of the COBIT Security Baseline at the Department of Human Services
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 34.
  • 35.
  • 36.
  • 37.
  • 38.
  • 39. Information Lifecycle Management *From http://www.cacr.math.uwaterloo.ca/conferences/2005/psw/gingras.ppt
  • 40.