Portal TFL
Skupno življenje in sinergija COBIT 5 in ISO/IEC 27001/27002
O AVTORJU
Mag. Rado Ključevšek, univ. dipl. inž. rač, CISM, CRISC, CISSP, MBCP, MBCI, CHFI, direktor, K.SEC informacijska varnost, d. o. o., nacionalni predstavnik v ISO/IEC JTC1 SC27, rado.kljucevsek@ksec.si.
AVTOR
Rado Ključevšek
IZDAJATELJ
Slovenski inštitut za revizijo
KLJUČNE BESEDE
COBIT 5, COBIT 5 za informacijsko varnost, ISO/IEC 27001, ISO/IEC 27002, informacijska varnost
KLJUČNE BESEDE V ANGLEŠČINI
COBIT 5, COBIT 5 for information security, ISO/IEC 27001, ISO/IEC 27002, information security
NASLOV SEKCIJE
PUBLIKACIJA
Revija SIR*IUS
ŠTEVILKA PUBLIKACIJE
5
LETO
2013
PREVOD NASLOVA
Obligations of active certified information system auditors when auditing personal data
POVZETEK
Cilj prispevka je primerjava dveh načinov ureditve informacijske varnosti v organizaciji in analiza njunih skupnih značilnosti in razlik. Primerjamo COBIT 5 za informacijsko varnost, ki je nedavno izšel pri organizaciji ISACA, in standarda ISO/IEC 27001:2005 in 27002:2005. Opiramo se na obstoječo preslikavo okvira COBIT 5 za informacijsko varnost v druge okvire informacijske varnosti. Preslikavo obrnemo, da je urejena po poglavjih vsakega od standardov ISO/IEC in ne več po procesih okvira COBIT. V preslikavi smo označili poglavja in kontrole, pri katerih mora biti revizor ali svetovalec še posebej pozoren. To so predvsem področja, ki pri drugem načinu ne nastopajo. Opisali smo skupne značilnosti in razlike obeh načinov. Vsak ima svoje prednosti in slabosti in tudi priložnosti in grožnje. Za vsakega posebej smo naredili analizo SWOT in jo tabelarično predstavili. Po analizi in primerjavi smo povzeli še koristi njunega skupnega delovanja in našteli možne sinergije. Na koncu smo predlagali še način njune skupne uvedbe, pri čemer smo se oprli na življenjska kroga, ki ju vsak posebej vpeljuje v svoj način. Ker sta kroga različna, smo naredili ustrezno preslikavo enega v drugega.
POVZETEK ČLANKA V ANGLEŠČINI
The article compares two approaches to information security arrangement in an organization: COBIT 5 for information security that has been recently published by ISACA and the standards ISO/IEC 27001:2005 and 27002:2005. The comparison is based on the existing mapping of the COBIT 5 framework for information security to some other information security frameworks. The mapping has been turned around, so that it is now arranged according to the chapters of the standards and not to the processes of COBIT. In the mapping, we have marked some chapters and controls to which the auditor or consultant should pay special attention. Mostly, these are the areas which do not appear in the other approach. The article continues with a description of the common features and the differences of the approaches. Each of them has its own strengths, weaknesses, opportunities and threats. A SWOT analysis is done for each approach separately, and presented in a table. After the analysis and comparison has been done, a summary is given of the benefits from their common operation and of possible synergies. At the end, the authors suggest a way for their common implementation on the basis of the life cycles that each of the approaches makes use of. Because the life cycles are different, a mapping from one to the other is made, accordingly.
Za ogled celotnega dokumenta je potrebna prijava v portal.
Začnite z najboljšim.
VSE NA ENEM MESTU.