COBIT DSS06.06 - Secure Information Assets

by Rajeshwari Kumar


COBIT DSS06.06 is a key control objective within the COBIT framework that focuses on securing information assets within an organization. In today's digital age, the protection of sensitive information is of utmost importance to prevent data breaches and cyber threats. Implementing the controls outlined in COBIT DSS06.06 can help organizations ensure the confidentiality, integrity, and availability of their information assets. 

Implementing Security Measures In COBIT DSS06.06

Importance Of Securing Information Assets In COBIT DSS06.06

COBIT DSS06.06, a control objective within the COBIT framework, focuses on the importance of securing information assets. Securing information assets is essential to mitigate risks such as data breaches, cyber attacks, and unauthorized access. By implementing the principles outlined in COBIT DSS06.06, organizations can establish a robust security framework to protect their information assets from internal and external threats.

One of the key aspects of COBIT DSS06.06 is the identification of critical information assets. By conducting a risk assessment and categorizing information assets based on their importance and sensitivity, organizations can prioritize their security efforts and allocate resources effectively.

Furthermore, COBIT DSS06.06 emphasizes the need for implementing appropriate security controls to safeguard information assets. This includes measures such as access controls, encryption, and regular security audits to monitor and detect any potential vulnerabilities.

By adhering to the principles outlined in COBIT DSS06.06, organizations can enhance their overall security posture and reduce the likelihood of data breaches and security incidents. In addition, by securing information assets, organizations can build trust with their customers, partners, and stakeholders, demonstrating a commitment to protecting sensitive data and ensuring compliance with regulatory requirements.

Understanding The Risk Factors In COBIT DSS06.06

COBIT DSS06.06 is a critical control objective within COBIT, as it deals with the secure management of information assets – a key component of any organization’s overall security posture. Understanding the risk factors associated with DSS06.06 is essential for organizations looking to effectively manage their information security risks.

There are several key risk factors that organizations need to be aware of when it comes to DSS06.06. One of the primary risk factors is unauthorized access to sensitive information assets. This can occur through a variety of means, such as insider threats, external hacking attempts, or even inadvertent exposure of sensitive data. Without proper controls in place to prevent unauthorized access, organizations are at risk of data breaches and potential damage to their reputation.

Another risk factor to consider is compromised data integrity. If information assets are not properly secured, there is a risk that data integrity could be compromised. This can lead to inaccurate or incomplete data, which can have serious implications for decision-making within the organization. Ensuring that data integrity is maintained is crucial for organizations looking to effectively leverage their information assets.

Additionally, organizations need to consider the risk of data loss when it comes to DSS06.06. Data loss can occur through a variety of means, such as malware attacks, physical theft of devices, or accidental deletion of data. Without proper backup and recovery mechanisms in place, organizations risk losing critical information assets that are essential for their operations.

IT Governance Framework Toolkit

Implementing Security Measures In COBIT DSS06.06

  1. Identify sensitive information assets: The first step in implementing security measures in COBIT DSS06.06 is to identify the sensitive information assets that need to be protected. This includes data such as customer information, intellectual property, and financial records.
  1. Classify information assets: Once the sensitive information assets have been identified, they should be classified based on their importance and value to the organization. This will help in prioritizing security measures and allocating resources accordingly.
  1. Implement access controls: Access controls are essential in protecting information assets from unauthorized access. Implementing measures such as user authentication, role-based access control, and encryption can help prevent data breaches.
  1. Regularly review and update security policies: Security policies should be regularly reviewed and updated to ensure they are aligned with the organization's security objectives and regulatory requirements. This includes policies related to data protection, access control, and incident response.
  1. Conduct regular security assessments: Regular security assessments and audits should be conducted to identify vulnerabilities and weaknesses in the organization's security posture. This will help in identifying areas for improvement and implementing necessary security measures.
  1. Train employees on security best practices: Employees are often the weakest link in an organization's security defenses. Providing training on security best practices, such as how to recognize phishing attacks and the importance of strong passwords, can help prevent security incidents.
  1. Monitor and analyze security incidents: Monitoring and analyzing security incidents can help in identifying patterns and trends that could indicate potential security threats. This will enable organizations to take proactive measures to mitigate risks and prevent future incidents.

Monitoring And Assessing The Effectiveness In COBIT DSS06.06

  1. Define security objectives: Before monitoring and assessing the effectiveness of security measures, it is essential to establish clear security objectives aligned with the organization's goals and risk profile.
  1. Implement security controls: Implementing security controls outlined in COBIT DSS06.06 is essential to protect information assets. These controls may include data encryption, access controls, and regular security updates.
  1. Conduct regular risk assessments: Conducting regular risk assessments helps identify potential vulnerabilities and threats to information assets. This allows organizations to prioritize security measures effectively.
  1. Monitor security incidents: Monitoring security incidents and conducting post-incident analysis helps identify patterns and trends that can improve security measures in place.
  1. Measure and report on security performance: Establishing key performance indicators (KPIs) to measure security performance allows organizations to track progress and identify areas for improvement.
  1. Engage stakeholders: Engaging stakeholders, including senior management, IT teams, and employees, ensures that everyone is aware of their roles and responsibilities in securing information assets.
  1. Continuously review and update security policies: Security policies should be reviewed and updated regularly to align with changing threats and technologies.


COBIT DSS06.06 provides a comprehensive framework for securing information assets within an organization. By implementing the guidelines outlined in this control objective, companies can better protect their sensitive data and mitigate the risk of security breaches. It is essential for organizations to adhere to the principles of COBIT DSS06.06 to uphold the integrity and confidentiality of their information assets.

IT Governance Framework Toolkit