Page 164 - DCAP309_INFORMATION_SECURITY_AND_PRIVACY
P. 164
Information Security and Privacy
Notes COBIT includes an executive summary, management guidelines, framework, control objectives,
execution toolset and audit guidelines. Extensive support is offered, counting a list of critical
success factors for dimensioning security program effectiveness and benchmark for auditing
reasons. COBIT has been revised numerous times since inception and upgrades are available at
regular intervals.
The reason of COBIT is to offer management and business process owners with an information
technology (IT) governance model that assists in delivering value from IT and understanding
and organizing the risks connected with IT. COBIT helps bridge the gaps between business
requirements, control requirements and technical issues. It is a control model to meet the needs
of IT governance and ensure the reliability of information and information systems.
COBIT is used internationally by those who have the most important responsibilities for business
processes and technology, those who depend on technology for applicable and dependable
information, and those offering quality, reliability and organization of information technology.
Did u know? Full form of COBIT
Control Objectives for Information and related Technology.
Task Discuss the functions of COBIT framework.
11.3.3 SSE-CMM
“The SSE-CMM is defined as a process reference model. It is concentrated upon the needs for
executing security in a system or series of connected systems that are the Information. The
SSE-CMM is a common framework for executing security engineering within an organization;
if possible in conjunction with other manufacturing CMMs. SSE-CMM builds on the work of
Deming much as other CMMs have completed, concentrated on process description and
enhancement as concentrating on process definition and enhancement as a core value.
Taking this procedure development approach, SSE-CMM views at the occurrence of security
defects, or incidents, and ask for identifying the flaw in the associated process so as to remediate
the flaw, therefore removing the overall fault. In order to attain improvements in processes,
those processes must be expected, with predictable results. Moreover, controls must be defined
and unstated neighboring those processes.
!
Caution Efforts should be made to enhance the overall usefulness of processes.
SSE-CMM is a very tough, well-tested structure for incorporation into an engineering-oriented
organization. If your organization performs engineering, like through product development,
then use of SSE-CMM, mainly in amalgamation within other CMMs, would be very valuable.
Though, specified the engineering focus, SSE-CMM is not a superior match for service
organizations that are not prepared around an engineering function. While SSE-CMM surely
has key lessons to instruct in terms of administrating information security holistically, those
lessons will be hard to execute outside of an engineering context.
The CMM approach in common is very sound, yet very overseas to American business culture.
It is believed to be starting with a statistical analysis of procedures, and then using those statistics
158 LOVELY PROFESSIONAL UNIVERSITY
