COBIT 5 based Information Security

Corporate governance, cloud computing, outsourcing, mobile computing and privacy legislation all require that effective information security be implemented and administered. A COBIT 5 based information security management system (ISMS) will ensure that the information security strategy and its implementation are aligned with business needs and strategic objectives, an integrated approached to information security is adopted and capability is built in a sustainable manner.

This seminar will help participants understand how the COBIT 5 framework is used as a foundation to information security management in line with ISO 27001 and other sources of best practices.


Participants will learn how to implement an information security management system and on completion of this seminar they will be able to:

  • Demonstrate an understanding of the COBT 5 and ISO 27001 specifications for Information Security Management
  • Communicate the requirements for compliance with COBIT 5 and ISO 27001
  • Plan, design and implement an information security management system
  • Use COBIT 5 processes as a foundation for information security management
  • Build capability in information security across the organisation
  • Assess the extent to which an organization adheres to the ISO 27001 specification and COBIT 5 for Information Security.


Participants will learn through discussion and practical examples about:

  • Overview of the ISO/IEC 27001 specification
  • Overview of COBIT 5 for Information Security
  • The scope and purpose of an information security management system
  • Defining an ISMS policy and framework for setting objectives, regulatory compliance and risk management
  • Understanding an organization’s information security requirements
  • Developing and implementing an information security management system
  • Recognising current capability in information security
  • Adopting a process approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organisation's ISMS
  • Using the "Plan-Do-Check-Act" (PDCA) model to structure and manage all ISMS processes
  • Implementing and operating controls to manage an organization's information security risks in the context of the organization’s overall business risks
  • Monitor and review the performance and effectiveness of the ISMS
  • Continual improvement based on objective measurement.

CPIO Certification

The CPIO exam is for individuals knowledgeable about the requirements for lawfully processing personal information and promoting access to information.

Candidates Guide

PAIA Preparation

Illustration of the process and a management system for the implementation of COBIT 5.

View video


Fulfilling the Requirements, Building Capability and Being Prepared!

View video

CPIO Certification

CPIO certification demonstrate knowledge and capability to manage and protect personal information in accordance with the Protection of Personal Information Act. Read more...

CPIO Management System

Improve your 


CPIO Expertise

IT governance experts are available to assist establish, implement and improve the governance of IT based on the ISO 38500 standard and COBIT 5 good practices.


Go to top