26
a
handle on
the
system network security. Arranged
into
nine different areas,
it
is
mainly
concerned with
the
business
continuity planning
to
determine how
the
organizations
continue to operate after
failure or disaster, system access control
to determine the basis
of
organizational authorization of
information, system development and
maintenance to
determine
the
main
process
of
building
security
and
protection
into
all
aspects
of
the
information technology system of the organizations, physical and environmental security
to
determine
the
precautions
of
external,
non-system
aspects,
compliance
to
determine
the
infringement
avoidance
of
the
organizations regarding
to
the
current
laws
and
obligatory,
personnel
security
to
determine
how
human
error
and
misuse
activities
can
be
effectively
reduced,
security
organization to
determine
the
management
of
organizational security, computer and operations management to determine the risk
level
of
operational
system
while
increasing
security
of
information, and
asset
classification
and
control
to
determine
the
effectiveness
of
information
assets
protection
within
the
organizations [7].
As
for
the
use
of
intrusion
detection
and
prevention
system,
ISO,
collaborating with
IEC,
has
complied
with
standard
ISO/IEC
18043:2006
in
deploying
and operating intrusion detection system throughout networks.
2.1.6.2 Control Objectives for Information and related Technology (COBIT)
As
one
of
the
IT
governance
institutions
and
the
top
leader
of
information
systems
auditing
scheme,
ISACA
has
been
developed
and
specialized to
assist
in
establishing
IT
governance
in
the
organizations and
also
to
deliver
audit
facilities
and
standards that provide practicality to the
information systems
auditors
in, on
this
thesis
case,
deploying
and
reviewing
intrusion
detection
system.
It
also
provides
substantial
 |