COBIT 5 for Information Security

COBIT 5 for Information Security is a COBIT 5 Professional Guide. It examines COBIT 5 from a security view, placing a security lens over the concepts, enablers and principles within COBIT 5. Appendix B, Detailed Guidance: Processes Enabler is presented in the same format as the tables in COBIT 5: Enabling Processes and provides security-specific process goals and metrics, inputs/outputs, and activities.

COBIT 5 for Information Security is intended for all stakeholders in the enterprise because information security is the responsibility of all enterprise stakeholders. Using it can result in enterprise benefits such as improved risk decisions and cost management related to the information security function.

COBIT 5 for Information Security aims to be an 'umbrella' framework to connect to other information security frameworks, good practices and standards. It describes the pervasiveness of information security throughout the enterprise and provides an overarching framework of enablers. The relevant information security frameworks, good practices and standards need to be adapted to suit specific requirements of the enterprise's specific environment. The reader can then decide, based on the specific needs of the enterprise, which framework or combination of frameworks is best to use, also taking into account the legacy situation in the enterprise, the availability of the framework and other factors. For this, the mapping of COBIT 5 for Information Security to related standards in appendix H will help find a suitable framework according to relevant needs.