Beruflich Dokumente
Kultur Dokumente
CObIT 5 EDM EDM01 EDM02 EDM03 EDM04 EDM05 APO APO01 APO02 APO03 APO04 APO05 APO06 APO07 APO08 APO09 APO10 APO11 APO12 APO13 BAI BAI01 BAI02 BAI03 BAI04 BAI05 BAI06 BAI07 BAI08 BAI09 BAI10 DSS DSS01 Evaluate, Direct and Monitor Ensure Governance Framework Setting and Maintenance Ensure Benefits Delivery Ensure Risk Optimisation Ensure Resource Optimisation Ensure Stakeholder Transparency Align, Plan and Organise Manage the IT Management Framework Manage Strategy Manage Enterprise Architecture Manage Innovation Manage Portfolio Manage Budget and Costs Manage Human Resources Manage Relationships Manage Service Agreements Manage Suppliers Manage Quality Manage Risk Manage Security Build, Acquire and Implement Manage Programmes and Projects Manage Requirements Definition Manage Solutions Identification and Build Manage Availability and Capacity Manage Organisations Change Enablement Manage Changes Manage Change Acceptance and Transitioning Manage Knowledge Manage Assets Manage Configuration Deliver, Service and Support Manage Operations
8 10 7 4 8 18 17 12 17 10 3 9 13 8 3 10 8 22 15 12 17 9 10 7 9 14 9 10 20
12 3 X X X 5 X X X X
15
18
13
X 1 X
Security Direction
Manage Service Requests and Incidents Manage Problems Manage Continuity Manage Security Services Manage Business Process Controls Monitor, Evaluate and Assess Monitor, Evaluate and Assess Performance and Conformance Monitor, Evaluate and Assess the System of Internal Control Monitor, Evaluate and Assess Compliance with External Requirements
4 1 8 41 19 11 14 4
X 2 X X
ISF Benchmark
15 2 X X
1 18 2 X X X 4 X X X X 9 X X X X X X Information Security Strategy Stakeholder Value Delivery 13 3 X X 3 X X X X X X X X X 6 13 2 X X 2 X X X 6 X X X X 5 12 1 X X X X 5 X X X X Managing Information Risk Assessment 4 10 1 X X X X X 3 X X 5 5 12 1 X X X X X X X X X Confidentiality Requirements Integrity Requirements Availability Requirements 12 1 Information Risk Treatment 5 1 X Legal and Regulatory Compliance 1 0 Information Privacy 9 0 Information Security Policy 5 X 11 1 X 5 X Information Security Function 2 0 2 X Staff Agreements 4 X X X 9 2 X Security Awareness Programme X 6 0 3 X X Security Awareness Messages 8 1 X 3 X X Security Education / Training 10 Roles and Responsibilities 5 Information Classification 5 Document Management 3 Sensitive Physical Information 4 5 11 1 X X X X X X X X X 4 5 11 1 X X X X X X X X X X X X 4 X X 6 X X X X 0 2 X X 0 1 X 1 X X X X X 1 X X X 0 X X 2 X 2 X 3
X 3 X X
X X X
8 X X X X
Security Direction
2 X
X X
1 X
X X 1
1 X
X 1
X 1
X 1
X X
2 X
2 X
X X
X X 1 X X 1 X 1 X 2 X X X 0 1 X X X 0 X 0 X 0 1 X X 1 0 X 1 X X 2 X X 0 X 0 X 0 0
10 1
2 5 0 2 X 1 X Information Classification Document Management Sensitive Physical Information Asset Register Application Protection Browser-based Application Protection Customer Access Arrangements Customer Contracts 3 0 4 0 Access Control 2 0 User Authorisation 1 0 Access Control Mechanisms 1 0 Sign-on Process 0 0 2 0 Computer and Network Installations 0 1 0 Server Configuration 0 1 0 Virtual Servers 0 1 0 Network Storage Systems 0 1 0 Back-up 8 Change Management 4 Service Level Agreements 7 Security Architecture 4 Critical Infrastructure 2 0 5 0 1 0 3 0 1 5 0 X 3 0 0 1 0 0 0 1 0 0 0 1 0 0 3 X X X 1 0 0 0 0 0 0 1 0 0 0 0
X 3 X
3 X
3 X
X X
X X X 1
3 X
X X X 1 X X X 0 X X 0 X X 0 X 0 X 0 X 0 X 0 0 X X 0 X X 0 X 0 X 0 X 0 X 0 X 0 X 0 0
8 0
X 0 2 1 4 0 X X X Service Level Agreements Security Architecture Critical Infrastructure Cryptographic Solutions Information Leakage Protection Network Device Configuration Physical Network Management External Network Connections 1 0 1 0 Firewalls 1 0 Remote Maintenance 1 0 Voice over IP (VoIP) Networks 1 0 Telephony and Conferencing 0 0 1 0 Patch Management 0 1 0 Malware Awareness 0 1 0 Malware Protection Software 0 3 0 Security Event Logging 0 5 0 System / Network Monitoring 1 Intrusion Detection 9 5 7 0 X X 2 X X X X 2 1 4 0 X 0 0 1 0 1 0 1 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 3 X 3 Emergency Fixes 2 Forensic Investigations
X X
X X
X X
Change Management
X 0
X X 1 X
1 X
1 X
2 X
1 X
X X
X 0 0 0 0 0 0
X 0
X 0
X 0
X 0
X 0 0 0
X 0
X 0
X 0
X 0 1 X
1 4 9 0 X X X 0 X 1 0 3 0 Emergency Fixes Forensic Investigations Local Environment Profile Office Equipment Remote Environments Mobile Device Configuration Mobile Device Connectivity 1 0 1 0 Portable Storage Devices 1 0 Consumer Devices 1 0 Email 7 0 External Supplier Management Process 3 3 5 0 Hardware / Software Acquisition 1 2 0 Outsourcing 0 1 0 Cloud Service Contracts 0 3 0 System Development Methodology 1 4 0 Quality Assurance 5 Specifications of Requirements 2 System Design 1 System Build 3 Systems Testing 0 0 2 0 3 3 0 X X 0 X 0 0 1 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 1 X X X X 2 X X X X 0 X 0 X 3 X 3 X X X X
1 0
1 X
1 X
1 X
X X X 0 X X 1 X
X X 0 0 0
X 0
X 0
X 0
X 0
X 0
X 0
X 0 2 X X 0 0 0 0 0
5 0
X 0 0 2 0 X 2 X System Design System Build Systems Testing Security Testing System Promotion Criteria Installation Process Post-implementation Review Physical Protection 2 0 1 0 Power Supplies 1 0 Hazard Protection 1 0 Business Continuity Strategy 1 0 Business Continuity Programme 0 0 1 0 Resilience 2 4 0 Crisis Management X 0 2 0 Business Continuity Planning 0 1 0 Business Continuity Arrangements 0 1 0 Business Continuity Testing 6 Security Audit Management 4 Security Audit Process Planning 4 Security Audit Process Fieldwork 5 Security Audit Process Reporting 1 0 1 0 X 2 0 3 0 X 0 4 0 X 3 X 0 3 0 3 X 3 0 3 0 X 1 4 0 X 3 X X 0 0 0 0 0 0 0 0 0 1 X 0 X 1 0 0
5 X X X X
Specifications of Requirements
2 X
1 X
1 X
X X 0 0 0 0 X 0 0 0 0 X 0 0 0 0
X X 0
0 0 4 2 X X 1 X Security Audit Process Planning Security Audit Process Fieldwork Security Audit Process Reporting Security Audit Process Monitoring Security Monitoring Information Risk Reporting 4 1 X 0 X X 2 5 1 X 0 X X 2 0 4 1 X X 1 14 4 X X X X X X X X 0 X X 7 X 9 3 X X 0 X X X 5 X X X 7 0 X 2 3 X X
6 1
X 0
X 4 X X
1 X
X 1 X
1 X
1 X
1 X
2 X X
2 X X
2 X X
1 X