COBIT 5 for Security: What You Need to Know

ISACA's Robert Stroud on New Approach to Governance, Management

By , July 23, 2012.
COBIT 5 for Security: What You Need to Know
Read Transcript

ISACA just issued COBIT 5 for Information Security, a business-centric approach to governance and IT management. ISACA's Robert Stroud explains what COBIT 5 means to your organization.

Built upon the recently-released COBIT 5 framework, COBIT 5 for Information Security offers additional, security-specific guidance designed to help enterprises reduce their risk profile through improved management of security.

Today's extended enterprise opens organizations to a variety of new risks, ranging from lost mobile devices to data leakage of business-critical data. These risks fundamentally impact governance and management, Stroud says.

"There are more and more external threats able to get inside the environment of the data center, and these need to be understood and not necessarily always avoided," says Stroud, a member of ISACA's Strategic Advisory Council. "[COBIT 5] is all about understanding your risk profile from a business perspective, and understanding what the organizational impact is, so you can make effective investment decisions in the right areas."

COBIT 5 for Information Security isn't a one-size-fits-all framework, he cautions. "COBIT 5 is not a panacea; it's not something to take and lift and use exactly as-is," Stroud says. "You're going to take it and map it or mold it to your organizational requirements, your organizational construct and the various competitive advantages you have."

In an interview on the unique elements of COBIT 5 for Information Security, Stroud discusses:

  • How the COBIT 5 framework differs from version 4.1;
  • Why organizations need to approach governance and management differently today;
  • How COBIT 5 for Information Security helps organizations reduce their risk profile.

Stroud, CGEIT, CRISC, is a member of ISACA's Strategic Advisory Council. He is a past international vice president of ISACA, and member of the ISACA Framework Committee. He is also vice president of Strategy and Innovation and service management and governance evangelist at CA Technologies.

Stroud spent more than 15 years in the finance industry, successfully managing multiple initiatives in both the IT and retail banking sectors related to IT service management and process governance.

Follow Tom Field on Twitter: @SecurityEditor

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE FFIEC: New Threats to Banks?

While several experts say two new cyberthreat alerts from the FFIEC are primarily designed to make...

Latest Tweets and Mentions

ARTICLE FFIEC: New Threats to Banks?

While several experts say two new cyberthreat alerts from the FFIEC are primarily designed to make...

The ISMG Network