Control Objectives for Information Technology (COBIT) Compliance

COBIT is a framework created by ISACA that allows IT managers to bridge the gap between control requirements, technical issues, and business risks. Section 404 of Sarbanes-Oxley Act (SOX) requires public company’s annual reports to include the company's own assessment of internal control over financial reporting, and an auditor's attestation. Companies often use COBIT as the framework to meet SOX Section 404 compliance requirements. By aligning business practices with the COBIT framework, organizations are able to clarify their security posture and reduce potential risk.

How EiQ Helps

EiQ’s SOCVue Security Monitoring service delivers 24/7/365 security monitoring and reporting that helps organizations address the security monitoring requirements in the COBIT 5 framework sections APO13 and DSS05.

EiQ‘s SOCVue Vulnerability Management service provides vulnerability detection and remediation guidance to proactively improve your security posture.

With the Security Monitoring on-premise deployment option, EiQ’s SOC team can also proactively assess several additional security controls, which are based on the SANS/CIS Critical Security Controls*, in order to reduce your compliance risk. The security controls are directly mapped to relevant sections of COBIT 5. Our SOC analysts will work with your organization to enable the reporting you need to help meet your compliance objectives with ease.

Critical Security ControlCOBIT 5How SOCVue Security Monitoring AddressesHow SOCVue Vulnerability Management Addresses
Critical Security Control #1: Inventory of Authorized and Unauthorized DevicesAPO13: Manage Security DSS05: Manage Security Services
AI09: Manage Assets
SOCVue security analysts can monitor DHCP event logs to track the identity of devices connecting to the network and help detect unauthorized devices.SOCVue security analysts will conduct Qualys discovery scans in order to build an inventory of authorized and unauthorized devices.
Critical Security Control #4: Continuous Vulnerability Assessment and RemediationAPO13: Manage Security DSS05: Manage Security ServicesSOCVue security analysts can help you correlate data from a wide variety of commercial vulnerability scanners with real-time security event data for enhanced alerting and reporting.SOCVue Vulnerability Management includes Qualys vulnerability scanning along with our SOCVue security analysts to manage the tool and guide you with recommended action. New vulnerabilities can be quickly detected and appropriate staff notified.
Critical Security Control #6: Maintenance, Monitoring, and Analysis of Audit LogsAPO13: Manage Security DSS05: Manage Security ServicesSOCVue Security Monitoring provides the people, process, and technology needed to collect, monitor, and analyze audit logs. Monitoring audit logs can provide valuable security insight and help detect advanced threats.
Critical Security Control #9: Limitation and Control of Network PortsAPO13: Manage Security DSS05: Manage Security ServicesSOCVue security analysts will help you establish a whitelist/blacklist of ports and protocols and assess whether any unauthorized ports, protocols, and services are running on a network.SOCVue Vulnerability Management provides vulnerability scanning technology from Qualys to help detect vulnerable port and protocol usage on your IT assets.

*Additional controls auditing available with on-premise Security Monitoring deployments

Learn More About SOCVue Security as a Service

Let's Talk
The moment I discovered EiQ Networks, I just knew I had to learn more about the security services being offered by this company. From what I was seeing, they had all the right stuff for me and more.
Greg Beltzer Senior Vice President of Information Technology, Williams Financial Group