IT Audit and Governance

- Guidance: The data, personnel, devices, systems, and facilities that enable the organisation to achieve business purposes are identified and managed consistently.

ID.AM-6 Checklist:
1. 📜 Define cybersecurity roles
- Example: Clearly specify the roles of a Security Officer, Network Administrator, and other relevant positions.
2. 🤝 Establish responsibilities for third-party stakeholders
- Example: Outline security responsibilities for suppliers, customers, and partners in contracts and SLAs.
3. 🎯 Create a cybersecurity training program
- Example: Develop a curriculum to train employees in their respective cybersecurity roles and responsibilities.

---
📚 Consolidated Relevant Standards:

- CIS CSC: 1, 2, 12, 13, 14, 17, 19
- COBIT 5: APO01.02, APO02.02, APO03.03, APO03.04, APO07.06, APO10.04, APO12.01, APO13.01, BAI04.02, BAI09.01, BAI09.02, BAI09.05, DSS01.02, DSS05.02, DSS06.03
- ISA 62443: 2-1:2009 4.2.3.4, 4.2.3.6, 4.3.2.3.3; 3-3:2013 SR 7.8
- ISO/IEC 27001: A.6.1.1, A.8.1.1, A.8.1.2, A.8.2.1, A.11.2.6, A.12.5.1, A.13.2.1, A.13.2.2
- NIST SP 800-53 Rev. 4: AC-4, AC-20, CA-3, CA-9, CM-8, CP-2, PL-8, PM-5, PM-11, PS-7, RA-2, SA-9, SA-14, SC-6
---

So there you have it, folks! A thorough look at Asset Management in cybersecurity audits, now complete with real-world examples and references to industry standards. Go ahead and check your current setup against these guidelines. Trust me, you'll sleep better at night! 😴

Stay secure, Cyber Warriors! 🛡️⚔️

www.tg-me.com/us/IT Audit and Governance/com.IT_Audit/344

3.0K viewsMr Moon, Oct 12, 2023 at 09:41

- Guidance: The data, personnel, devices, systems, and facilities that enable the organisation to achieve business purposes are identified and managed consistently.

ID.AM-6 Checklist:
1. 📜 Define cybersecurity roles
- Example: Clearly specify the roles of a Security Officer, Network Administrator, and other relevant positions.
2. 🤝 Establish responsibilities for third-party stakeholders
- Example: Outline security responsibilities for suppliers, customers, and partners in contracts and SLAs.
3. 🎯 Create a cybersecurity training program
- Example: Develop a curriculum to train employees in their respective cybersecurity roles and responsibilities.

---
📚 Consolidated Relevant Standards:

- CIS CSC: 1, 2, 12, 13, 14, 17, 19
- COBIT 5: APO01.02, APO02.02, APO03.03, APO03.04, APO07.06, APO10.04, APO12.01, APO13.01, BAI04.02, BAI09.01, BAI09.02, BAI09.05, DSS01.02, DSS05.02, DSS06.03
- ISA 62443: 2-1:2009 4.2.3.4, 4.2.3.6, 4.3.2.3.3; 3-3:2013 SR 7.8
- ISO/IEC 27001: A.6.1.1, A.8.1.1, A.8.1.2, A.8.2.1, A.11.2.6, A.12.5.1, A.13.2.1, A.13.2.2
- NIST SP 800-53 Rev. 4: AC-4, AC-20, CA-3, CA-9, CM-8, CP-2, PL-8, PM-5, PM-11, PS-7, RA-2, SA-9, SA-14, SC-6
---

So there you have it, folks! A thorough look at Asset Management in cybersecurity audits, now complete with real-world examples and references to industry standards. Go ahead and check your current setup against these guidelines. Trust me, you'll sleep better at night! 😴

Stay secure, Cyber Warriors! 🛡️⚔️

BY IT Audit and Governance