Posted by: Robert Davis
Accountability, Acquire and Implement, Adaptive Systems, Asset Management, Assurance Services, Availability Management, COBIT, COBIT Domains, Control Environment, Control Objectives, Control Objectives for Information and related Technology, Deliver and Support, Due Diligence, Fiduciary Responsibility, Framework, Information Assets Protection, Information Security Governance, Information Security Management, ISG, Key Performance Indicators, Monitor and Evaluate, Performance Measurement, Plan and Organize, Risk Management, Strategic Alignment, Value Delivery
1.2 IAP Management
“Applying similar management practices to [i]nformation security management is unavoidable as the security environment keeps on increasing in complexity and insecurity.” – Security Governance.net
Typically, the primary purposes for information systems are reliable, effective data collection, processing, and dissemination. Information systems should incorporate procedures specifically designed to achieve management’s objectives through adequate control measures. An entity’s management therefore should consider IAP a required service ensuring relevant information criteria delivery and support. As suggested by the COBIT framework, an entity’s information delivery and support should integrate effectiveness, efficiency, confidentiality, integrity, availability, compliance, and reliability criteria.