Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

You must be logged in to join this group.

PO6.3 - IT Policies Management

This topic is intended to enable collaboration and sharing of information to facilitate a better understanding and approach to implementing this COBIT control objective based on the risk, value and guidance provided by its corresponding control practices.

COBIT Control Objective PO6.3 - IT Policies Management is contained within Process Popup Communicate Management Aims and Direction

Learn more about COBIT and related publications.

Click “Join This Community” to be able to actively participate in discussions and contribute content. You must be an ISACA member to join this topic. Join ISACA now.

 
This Topic Has:
26 Members
0 Online
4021 Visits

 Recent Discussions

Community Leader

Knowledge Center Manager

Knowledge Center Manager

Title: Become a Topic Leader!

Badge: Energizer


IT Policies Management

Develop and maintain a set of policies to support IT strategy. These policies should include policy intent; roles and responsibilities; exception process; compliance approach; and references to procedures, standards and guidelines. Their relevance should be confirmed and approved regularly.

View value and Risk Drivers  help

Hide value and Risk Drivers help


Value Drivers

  • Appropriate policies and procedures for the organisation
  • Quality within the organisation
  • Proper use of applications and IT services
  • Transparency and understanding of IT costs, benefits, strategy and security levels
  Risk Drivers
  • Greater number and impact of security breaches
  • Unaccepted or unknown policies
  • Misunderstanding of management’s aims and directions
  • Out-of-date or incomplete policies
  • Poor organisational security culture
  • Lack of transparency

View Control Practices  help

Hide Control Practices  help

  1. Create a hierarchical set of policies, standards and procedures to manage the IT control environment. The form and style of the policies should align to the IT control environment.
  2. Develop specific policies on relevant key topics such as quality, security, confidentiality, internal controls, ethics and intellectual property rights.
  3. Evaluate and update the policies at least yearly to accommodate changing operating or business environments. The re-evaluation should assess the policies’ adequacy and appropriateness, and they should be amended as necessary.
  4. Ensure that procedures are in place to track compliance with policies and define the consequences of non-compliance.
  5. Ensure that accountability has been defined through roles and responsibilities.

Discussions: 0 total

Must be a Topic member to contribute

No Results Found

Documents & Publications: 74 total

Must be a Topic member to contribute
View All »
Downloads
Posted by FarmService 1229 days ago
Downloads
Posted by FarmService 2314 days ago
Books
Posted by ISACA 647 days ago
Posted by ISACA 789 days ago

Events & Online Learning: 13 total

16 Mar 2015
ISACA International Event
Orlando, FL, USA
15 Jun 2015
ISACA International Event
Ciudad de México, Mexico
21 Sep 2015
ISACA International Event
Miami, FL, USA
21 Sep 2015
ISACA International Event
06010 Mexico City, Panama
La Conferencia Latinoamericana CACS/ISRM
9 Nov 2015
ISACA International Event
Copenhagen, Denmark
Stay on top of the trends and opportunities of the dynamic technology industry at EuroCACS/ISRM —the leading European conference for IT audit, assurance, security and risk professionals.

Journal Articles: 84 total

Volume 4, 2107
by Larry G. Wlosinski, CISA, CRISC, CISM, CAP, CBCP, CCSP, CDP, CIPM, CISSP, ITIL v3, PMP
The root causes of privacy incidents include the outsourcing of data, malicious insiders, system glitches, cyberattacks, and the failure to shred or dispose of privacy data properly.
Volume 3, 2107
by Jayakumar Sundaram, CISA, ISO 27001 LA
The SoA is a continuously updated and controlled document that provides an overview of information security implementation.
Volume 4, 2017
by Mathew Nicho, Ph.D., CEH, CIS, ITIL Foundation, RWSP, SAP, Shafaq Khan, Ph.D., CIS, PMBOK, PMP, SAP, and Ram Mohan, CRISC, CISM, CGEIT, ISO 27001, ITIL Foundation
A key issue often cited by information systems (IS) executives in the last three decades is aligning IT with business, which assists in realizing value from IT investments.
Volume 4, 2017
by Steven De Haes, Ph.D., Anant Joshi, Ph.D., Tim Huygh and Salvi Jansen
IT governance, also referred to as governance of enterprise IT (GEIT) or corporate governance of IT, is a subset of corporate governance that is concerned with enterprise IT assets.
Volume 4, 2017
by Mathew Nicho, Ph.D., CEH, CIS, ITIL Foundation, RWSP, SAP, Shafaq Khan, Ph.D., CIS, PMBOK, PMP, SAP and Ram Mohan, CRISC, CISM, CGEIT, ISO 27001
The Emirates National Oil Company embarked on an initiative to realize value out of IT assets through Information Technology Infrastructure Library (ITIL) process implementation.
Volume 3, 2017
by Indrajit Atluri, CRISC, CISM, CEH, CISSP, CSSLP, HCISPP, ITILv3
The resolve to address IoT device security at various levels—hardware and software, government and enterprise, consumers and services—is widespread.

Wikis: 2 total

Blog Posts: 55 total

Few days ago the person behind the Hacking Team hack revealed how he did it in pastebin - (the original in Spanish) https://pastebin.com/raw/GPSHF04A I was very keen to understand how good you need to be to hack back one of the most (in)famous hacki...
Posted By : TiagoRosado | 0 comments
9 Aug 2017
How, where, and when can IT innovate even in anapparent non-innovation culture?Innovationcan be a broad concept whose definition for a specific company, department orpractitioner is based very much upon context. Organization mission, culture,size, revenue...
Posted By : Richard521 | 0 comments
Senior Manager           ultimate responsibility Information security Officer          functional responsibility Security Analyst           Strategic, develops policies and guidelines Owner         - Responsible for asset         - Determine level of clas...
Posted By : Muhammad554 | 0 comments
Cyber Security Program the way I have often observed in various organization over the years, is lead with piecemeal approach. There is no holistic view or review of the same and the Cyber Security team, often to be counted on fingers, is left to fend the...
Posted By : Mayank | 0 comments
31 Dec 2016
The Mobile Maritime Hub 2009-2050 is an strategic plan that started in 2009, in Vilanova i La Geltrú, a coastal town, to promote maritime, nautical, fishing and scientific activities in a seaside region, by a properly use of the technological tools existi...
Posted By : ramoncod | 0 comments
A customer walks into a grocery store to buy a cold yogurt, then walks toward the checkout stand to buy it. While waiting in line to buy the yogurt, there is a chance it will warm up. If the line is long, not only will the customer refuse to buy the yogu...
Posted By : Don Turnblade | 0 comments