Trust In, and Value From, Information Systems

Print   Close this window

DS5 Ensure Systems Security

Process Description

Deliver and SupportThe need to maintain the integrity of information and protect IT assets requires a security management process. This process includes establishing and maintaining IT security roles and responsibilties, policies, standards, and procedures. Security management also includes performing security monitoring and periodic testing and implementing corrective actions for identified security weaknesses or incidents. Effective security management protects all IT assets to minimise the business impact of security vulnerabilities and incidents.

DS5 Ensure Systems Security

Control over the IT process of Ensure systems security that satisfies the business requirement for IT of maintaining the integrity of information and processing infrastructure and minimising the impact of security vulnerabilities and incidents by focusing on defining IT security policies, plans and procedures, and monitoring, detecting, reporting and resolving security vulnerabilities and incidents is achieved by:

  • Understanding security requirements, vulnerabilities and threats
  • Managing user identities and authorisations in a standardised manner
  • Testing security regularly
and is measured by
  • Number of incidents damaging the organisation’s reputation with the public
  • Number of systems where security requirements are not met
  • Number of violations in segregation of duties
DS5 Ensure Systems Security
DS5 Ensure Systems Security