Posted by: Robert Davis
Accountability, Acquire and Implement, Asset Management, Availability Management, COBIT Domains, Control Objectives for Information and related Technology, Deliver and Support, Due Diligence, Fiduciary Responsibility, Framework, Information Assets Protection, Information Security Governance, Information Security Management, ISG, Key Performance Indicators, Monitor and Evaluate, Plan and Organize, Risk Management, Value Delivery
Acquisitions and implementations are necessary for adequate information security. To realize the information security strategy, information security solutions need to be identified, developed or acquired, as well as implemented and integrated into business and IT processes seamlessly. During an information security product or service acquisition and implementation cycle, changes and maintenance may be required to sustain continued service quality for impacted systems or processes.
Within an entity’s organizational structure, providing acceptable service delivery necessitates the installation of an effective support system. Information security service delivery and support may range from operational protection deployment to crisis response training. However, assessing changes in, and maintenance of, existing systems are critical security service components contributing to delivery value. Required information protection changes and maintenance can be induced through various problems encountered by users or deliberate attacks on the established information security architecture.