1 COBIT 5 What s New, What Auditors Need to Know June 13th, 2012 Anthony Noble Viacom Inc. ISACA COBIT 5 for Assurance Task Force Chair Special thanks to Derek Oliver & ISACA for supplying material for this presentation.
2 Migrating to COBIT 5 Intro to COBIT 5 for Assurance Professionals Types of Assurance Audit Methodologies COBIT 5 for Assurance Examples
3 INTRO TO COBIT 5 FOR ASSURANCE PROFESSIONALS
4 COBIT 5 Initiative The COBIT 5 Task Force was created in 2009: Included international experts from across ISACA constituency groups (Assurance, Security Management and Risk/Governance) Co chair John Lainhart (Past International President) Co Chair Derek Oliver (Past Chairman of the BMIS Development Committee) COBIT 5 Task Force ( ) John W. Lainhart, IV, CISA, CISM, CGEIT, IBM Global Consulting Services, USA, Co chair Derek J. Oliver, Ph.D., DBA, CISA, CISM, CITP, FBCS, FISM, MInstISP+, Ravenswood Consultants Ltd, UK, Co chair Pippa G. Andrews, CISA, ACA, CIA, KPMG, Australia Elisabeth Antonsson, CISM, BSc, BA, Nordea Bank,Sweden Steven A. Babb, CGEIT, KPMG, UK Steven De Haes, Ph.D., Antwerp Management School, Belgium Peter Harrison, CGEIT, FCPA, IBM Australia Ltd., Australia Jimmy Heschl, CISA, CISM, CGEIT, ITIL Expert, bwin.party digital entertainment plc, Austria Rob Johnson, CISA, CISM, CGEIT, CRISC, CISSP, Bank of America, USA Erik Pols, CISA, CISM, Shell International ITCI, Netherlands Vernon Poole, CISM, CGEIT, Sapphire, UK Abdul Rafeq, CISA, CGEIT, CIA, FCA, A. Rafeq and Associates, India All rights reserved. 4
5 The Need? More emphasis on operational risk management Need to drive risk management disciplines directly into the dayto day responsibilities of professionals Regulatory bodies requiring more privacy, security and an enhanced control environment Responding to financial crisis Increased publicity and liability Workforces are increasingly globalized and distributed, which increasescomplexities complexities to govern andmanage Massive volumes of information supported by technology drive business success but also raise a host of complex challenges for business and IT leaders
6 What is COBIT 5? A Practical View
7 Builds on COBIT 4 as a Foundation COBIT 5 is a significant strategic evolution of COBIT 4.1 COBIT 5 is a comprehensive governance and management framework comprising industry practices, analyticaltoolsand tools and models that help an enterprise achieve optimal value and objective by balancing technology : Benefits Risk Resource Use
8 Shifts from a Technology to a Business Conversation Focus on stakeholder objectives: Obtain quality information to support business decisions Generate business value from IT enabled investments, i.e. achieve strategic goals and realise business benefits through effective and innovative use of IT Achieve operational excellence through reliable and efficient application of technology Maintain IT related risk at an acceptable level Optimise i the cost of IT services and technology Comply with ever increasing relevant laws, regulations, contractual agreements and policies
9 COBIT 5 is Generic The Framework can be applied to any Enterprise or business process although it does reference Enterprise IT The processes included are needed in any business process not just EnterpriseIT Management processes and the monitoring of them is the focus for assurancea Area does not need to be using COBIT 5 in order to apply the framework for assurance purposes p
10 Key Concept for Auditors COBIT 5 is significant for auditors as it no longer contains any specific Control Objectives except: Enterprise goals should be achieved IT Assurance Guide: Using COBIT included Control Objectives but the base COBIT 4 did not so is an ongoing trend
11 What s in COBIT 5 for Auditors? Highlights A Taste!
12 The COBIT 5 Framework Theinitial publication introduces, defines and describes the components that make up the COBIT Framework Principles Architecture Enablers Introduction to implementation guidance and the COBIT process assessment approach
13 COBIT 5 Principles: Links IT and the Business Balance benefits, risk, resources Makes a clear distinction between governance and management Integrates governance of enterprise IT into enterprise governance Defines a set of enablers to support the implementation of a comprehensive governance and management system Serve as the overarching framework for governance and management of enterprise IT
14 Shifts IT Processes to a Business View Integrates governance of enterprise IT into enterprise governance Covers all functions and processes within the enterprise; COBIT 5 does not focus only on the IT function, but treats information and related technologies as assets that need to be dealt with just like any other asset by everyone in the enterprise. Considers all IT related governance and management enablers to be enterprise wide and end to end, i.e. inclusive of everything and everyone, internal and external that is relevant to governance and management of enterprise information and related IT
15 COBIT 5 Enablers Dimensions All enablers have a set of common dimensions. provides a common, simple, and structured way to deal with enablers, allows to manage their complex interactions, and The COBIT 5 framework defines seven categories of enablers: Processes Frameworks, Principles Pi i and policies Organisational structures People, Skills and competencies Culture, ethics and behaviour Services, Infrastructure & Applications Information
16 Principle 5: Separating Governance from Management Governance ensures that enterprise objectives are achieved by evaluating stakeholder needs, conditions and options; setting direction through prioritisation and decision making; and monitoring performance, compliance and progress against plans. Management plans, builds, runs and monitors activities in alignment with the direction set by the governance body to achieve the enterprise objectives.
17 Immediate Differences : The four MANAGEMENT domains Align, Plan & Organise (APO) replaces PO Define & Manage the Enterprise IT Control Framework Build, Acquire & Implement (BAI) replaces AI Manage Knowledge Deliver, Service & Support (DSS) replaces DS Manage Suppliers Monitor, Evaluate & Assess (MEA) replaces ME Provide Assurance (Key management Domain for Auditors) More meaningful & more business related!
18 COBIT 5 Process Map
19 Easier to Navigate: Smaller Integrated Publications
20 Capability vs. Maturity Model The process maturity model of COBIT 4.1 has been replaced with a capability model based on ISO/IEC to align with and support a separate ISACA initiative, the COBIT Program Assessment Model (PAM). Note the Assessment model is not an Assurance model There are a number of benefits in doing so: Focus on process is achieving its intended purpose and delivering its required outcomes as expected. Simplification Improved reliability and repeatability of process capability assessment Compliance with a generally accepted (ISO) process assessment standard
21 Process Capability Model Comparison COBIT 4.1 Maturity Model Levels COBIT 5 ISO/IEC Based Capability Levels Meaning of the COBIT 5 ISO/IEC15504 Based Capability Levels Context 5. Optimised 5. Optimised 4. Managed and Measurable 4. Predictable 3. Defined 3. Established Continuously improved to meet relevant current and projected enterprise goals. Operates within defined limits to achieve its process outcomes. Implemented using a defined process that is capable of achieving its process outcomes. Enterprise view/ corporate knowledge N/A 2. Managed Implemented in a managed fashion (planned, monitored and adjusted) and its work products are appropriately established, controlled and maintained. 2.Repeatable 1. Performed Process achieves its process purpose. 1. Initial/Adhoc Instance view/ individual knowledge 0. Non existent 0. Incomplete Not implemented or little or no evidence of any systematic achievement of the process purpose.
22 A Practical View TYPES OF ASSURANCE
23 What is Assurance? Taken from IT Assurance Guide: Using COBIT V4.1
24 Types of Assurance IT Assurance Activities include: Perform a risk assessment Diagnose operational and/or project risk Plan/perform risk based assurance activities Assess/Self assess process maturity Assess/Self assess controls Substantiate risk ik Process capability assessments
25 A Practical View ASSURANCE METHODOLOGIES
26 Standard Audit Methodology Audit Planning Use business goals as a starter Risk assessment/analysis of not meeting goals Define Scope/Objectives of Audit Examine drivers for the audit Select control objectives for review Execute Audit Test the controls and their design Document control weaknesses Report an overall conclusion and recommendations
27 Example: Assessment Overview Process Assessment Model Assessment Process 27 This figure is reproduced from ISO :2003 with the permission of ISO at Copyright remains with ISO.
28 Examples A Practitioners View
29 Change Management AI6 in COBIT 41and 4.1 BAI06 in COBIT 5 COBIT 4.1 contained a Maturity Model dl COBIT 5 uses the Capability Model Will use Emergency Changes for our example
30 COBIT CO AI6.3 = BAI06.2 AI6.3 Emergency ege cychanges Establish a process for defining, raising, testing, documenting, assessing and authorizing emergency changes that t do not follow the established tblihdchange process. BAI06.02 Manage Emergency Changes. Carefully manage emergency changes to minimize further incidents and make sure the change is controlled and takes place securely. Verify that emergency changes are appropriately assessed and authorized after the change.
31 For Assurance we can Perform a.. Maturity Assessment Use the COBIT V4.1 Maturity Model Capability Assessment Use the COBIT Process Assessment Model V4.1 Efficiency and Effectiveness of Controls Assessment Use the IT Assurance Guide: Using COBIT V4.1 Use the ISACA Change Management Audit Program which hreferences COBIT4.1 Develop a custom audit program using COBIT 5 Process Reference Guide
32 COBIT 4.1 Maturity Model AI6 Management of the process that satisfies the business requirement for IT of responding to business requirements in alignment with the business strategy, whilst reducing solution and service delivery defects and rework is: Level 3 Defined when there is a defined formal change management process in place, including categorization, prioritization, emergency procedures, change authorization and release management, and compliance is emerging. Workarounds take place, and processes are often bypassed. Errors may occur and unauthorized changes occasionally occur. The analysis of the impact of IT changes on business operations is becoming formalized, to support planned rollouts of new applications and technologies.
33 COBIT 4.1 Capability (PAM) Model AI6 Purpose: Satisfy the business requirement of managing IT changes in alignment with the business strategy to reduce solution and service delivery defects and rework. Outcomes (Os) Number Description AI6 O1 Change standards d and associated itdprocedures, including those for emergency changes, are defined and communicated. AI6 O2 Changes are assessed, prioritized and authorized. AI6 O3 Change status is tracked and reported. Base Practices (BPs) AI6 BP1 Develop and implement a process to consistently record, assess and prioritize change requests. Supports AI1 O1 AI6 BP2 Assess impact and prioritize changes based on business needs. Supports AI1 O2 AI6 BP3 Assure that any emergency and critical change follows the approved process. Supports AI1 O1 AI6 BP4 Authorize changes. Supports AI1 O2 AI6 BP5 Manage and disseminate relevant information regarding changes. Supports AI1 O3
34 Assurance Guide COBIT 4.1 AI6 Test of Controls Emergency Changes Enquire whether and confirm that the overall change management process includes emergency change procedures (e.g., defining, raising, testing, documenting, assessing and authorizing emergencychanges) changes). Inspect the documentation for a representative sample of emergency changes and, by interviewing key staff members, establish whether emergency changes are implemented as specified in the change management process. Confirm through interviews with key staff members that emergency access arrangements are authorized, documented and revoked after the change has been applied. Enquire whether and confirm that a post implementation review of emergency changes is conducted.
35 Assurance Guide COBIT 4.1 AI6 Test Samples Emergency Changes Inspect a sample of emergency changes and verify that they have been processed in accordance with the change managementframework framework. Verify that procedures have been followed to authorize, document and revoke access after the change has been applied. Inspect a sampleof emergency changes and determine if a post implementation review has been conducted after the changes were applied. Consider implications for further application system maintenance, impact on development and test environments, application software development quality, documentation and manuals, and data integrity.
36 ISACA Audit Program Test objective: To verify the effectiveness of the emergency change control process that ensures the integrity of the production libraries and application data. Select a sample of emergency moves to production. Determine if the program was run from an interim library or the production library. If the production library was used, determine if a one time password was retrieved. Determine if the one time password was disabled.
37 Build Your Own Audit Program Process goal: All emergency changes are Process goal: All emergency changes are reviewed and authorized after the change. Review historical metrics: Percent of total changes that are emergency fixes Number of emergency changes not authorized after the change Examine the output for verification: Documented post implementation review of emergency changes
38 Build Your Own Audit Program Test that the Base Practice activities are being performed: Ensure that a documented procedure exists to declare, assess, give preliminary approval, authorize after the change and record an emergency change. Verify that t all emergency access arrangements for changes are appropriately authorized, documented and revoked after the change has been applied. Monitor all emergency changes, and conduct post implementation reviews involving all concerned parties. The review should consider and initiate corrective actions based on root causes such as problems with business process, application system development and maintenance, development and test t environments, documentation and manuals, and data integrity. Define what constitutes an emergency change.
39 Reference Texts IT Assurance Guide: Using COBIT COBIT 5 Overview COBIT 5 Enabling Processes ISACA Change Management Audit/Assurance Program COBIT Process Assessment Model Using 4.1
IS Audit and Assurance Guideline 2402 Activities The specialised nature of information systems (IS) audit and assurance and the skills necessary to perform such engagements require standards that apply
COBIT 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT Maat Consulting Reading, UK www.maatconsulting.com 1 Copyright Notice COBIT is 1996, 1998, 2000, 2005 2012 ISACA and IT Governance Institute.
IT is complicated. IT Governance doesn t have to be. Chayuth Singtongthumrongkul CISSP, CISA, ITIL Intermediate, PMP, IRCA ISMS (ISO/IEC 27001) Director of International Academic Alliance, ACIS Professional
Presented by Denis Darveau CISM, CISA, CRISC, CISSP Las Vegas ISACA Chapter, February 19, 2013 2 COBIT Definition Control Objectives for Information and Related Technology (COBIT) is an IT governance framework
IS Audit and Assurance Guideline 2202 Risk Assessment in Planning The specialised nature of information systems (IS) audit and assurance and the skills necessary to perform such engagements require standards
IS Audit and Assurance Guideline 2208 Sampling The specialised nature of information systems (IS) audit and assurance and the skills necessary to perform such engagements require standards that apply specifically
COBIT & ITIL usage for SOX current and future Robert E Stroud International Vice President ISACA Evangelist ITSM & IT Governance CA, Inc. Japan, November 8, 2007 Trademark Notice ITIL is a registered trademark
IS AUDITING GUIDELINE G11 EFFECT OF PERVASIVE IS CONTROLS The specialised nature of information systems (IS) auditing and the skills necessary to perform such audits require standards that apply specifically
COBIT 5 Introduction 28 February 2012 COBIT 5 Executive Summary 2012 ISACA. All rights reserved. 2 Information! Information is a key resource for all enterprises. Information is created, used, retained,
Revised October 2013 Version 3.0 (Live) Page 0 Owner: Chief Examiner CONTENTS: 1. Introduction..2 2. Foundation Certificate 2 2.1 The Purpose of the COBIT 5 Foundation Certificate.2 2.2 The Target Audience
COBIT 5 For Cyber Security Governance and Management Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE) Cybersecurity Governance using COBIT5 Cyber Defence Summit Riyadh, KSA
COBIT 5 Design Paper Exposure Draft ISACA With more than 86,000 constituents in more than 160 countries, ISACA (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy
Quality and security in application development Round Table Meeting/Discussion Group Wednesday 23rd May 2007 Introduction to ISACA and ITGI By Georges Ataya, International Vice President, ISACA 1 The International
Cyber Security Consultancy Standard Version 0.2 Crown Copyright 2015 All Rights Reserved Page 1 of 13 Contents 1. Overview... 3 2. Assessment approach... 4 3. Requirements... 5 3.1 Service description...
IS AUDITING GUIDELINE G13 USE OF RISK ASSESSMENT IN AUDIT PLANNING The specialised nature of information systems (IS) auditing and the skills necessary to perform such audits require standards that apply
INFORMATION TECHNOLOGY FLASH REPORT ISACA Releases COBIT 5: Updated Framework for the Governance and Management of IT May 18, 2012 In April, ISACA released COBIT 5 as a replacement for its current globally
Volume 3, July 2014 Come join the discussion! Alberto León Lozano will respond to questions in the discussion area of the COBIT 5 Use It Effectively topic beginning 21 July 2014. Mapping COBIT 5 with IT
Strategic IT audit Develop an IT Strategic IT Assurance Plan Speaker Biography Hans Henrik Berthing is Partner at Verifica and Senior Advisor & Associated Professor at Aalborg University. He is specialized
Prepared by: Deb Mallette, CGEIT, CISA, CSSBB, IMG BSMS EPDM, Process Consultant Understanding COBIT 5 based on ISACA Materials www.isaca.org/cobit ISACA Silicon Valley Chapter Spring 1 Why COBIT is important
Information Security Governance: Designing and Implementing Security Effectively 2 nd Athens International Forum on Security 15 16 Jan 2009 Anestis Demopoulos, CISA, CISSP, CIA President of ISACA Athens
ITAG RESEARCH INSTITUTE Control and Governance Maturity Survey Establishing a reference benchmark and a self-assessment tool Erik Guldentops Wim Van Grembergen Steven De Haes Control and Governance Maturity
ow to use CobiT to assess the security & reliability of Digital Preservation Erpa WORKSHOP Antwerp 14-16 April 2004 Greet Volders Managing Consultant - VOQUALS N.V. Vice President & in charge of Education
Enabling Information These following pages provide a preview of the information contained in COBIT 5: Enabling Information. The main benefit of this publication is that it provides COBIT 5 users with a
GENERAL OVERVIEW NAT 11852-08.2004 SEGMENT FORMAT PRODUCT ID INFORMATION MANAGEMENT STRATEGIC FRAMEWORK In the context of the Information Management Strategic Framework, information is defined as: information
Applying Integrated Risk Management Scenarios for Improving Enterprise Governance János Ivanyos Trusted Business Partners Ltd, Budapest, Hungary, email@example.com Abstract: The term of scenario is used
Cybersecurity Audit Why are we still Vulnerable? November 30, 2015 John R. Robles, CISA, CISM, CRISC www.johnrrobles.com firstname.lastname@example.org 787-647-3961 John R. Robles- 787-647-3961 1 9/11-2001 The event
Was muss ein Unternehmen im Griff haben, wenn es IT einsetzt? COBIT is a registered trademark of the Information Systems Audit and Control Association (ISACA ). This product includes COBIT 5, used by permission
IT Governance Implementation Workshop 3 Full day power packed workshop facilitated by Mr. Gary Allan Banister and Mr. Sreechith Radhakrishnan About the Programme Information is created, used, retained,
Criticism of Implementation of ITSM & ISO20000 in IT Banking Industry Presented by: Agus Sutiawan, MIT, CISA, CISM, ITIL, BSMR3 Outline What is IT Service Management What is ISO 20000 Step by step implementation
PCI Policy Compliance Using Information Security Policies Made Easy PCI Policy Compliance Information Shield Page 1 PCI Policy Compliance Using Information Security Policies Made Easy By David J Lineman
Profil stručnjaka za informacijsku sigurnost - certificirati se ili ne? Biljana Cerin, CISA, CISM, CGEIT, CBCP, PMP www.ostendogroup.com DA! (by Global knowledge & TechRepublic) Top certifications by salary:
The Asset Management Landscape ISBN 978-0-9871799-1-3 Issued November 2011 www.gfmam.org The Asset Management Landscape www.gfmam.org ISBN 978-0-9871799-1-3 Published November 2011 This version replaces
Athens, 2 December 2011 Hellenic American Union Conference Center ISACA Athens Chapter and the Hellenic American Union are organizing the 1 st ISACA Athens Chapter Conference on December 2 nd, 2011. The
White Paper COBIT 5 & BiSL This paper compares the scope and perspective of COBIT 5 and BiSL and shows how these two frameworks can be used in conjunction to assure that business information management
Information Security Management at HDFC Bank: Contribution of Seven Enablers By Vishal Salvi, CISM, and Avinash W. Kadam, CISA, CISM, CGEIT, CRISC, CBCP, CISSP, CSSLP HDFC Bank was incorporated in August
What if you could spend three exciting days surrounded by peers, focused on exploring the topics most important to you and your organization? What if you could not only maintain, but update and upgrade
"Introduction to Governance with CobiT4.1 and CobiTQuickstart" ISACA Joint Session San Francisco Chapter and Silicon Valley Chapter April 23, 2008 Debra Mallette CISA (Information Systems Audit and Control
COBIT 5 Implementation Certifi cate Training Course & Exam Introduction The COBIT 5 Implementation Certifi cate is a Practitioner Level Training Course that focuses on how to apply COBIT 5 (The Framework
Aalborg Universitet Vision for IT Audit 2020 Berthing, Hans Henrik Aabenhus Publication date: 2014 Document Version Early version, also known as pre-print Link to publication from Aalborg University Citation
Governance and Management of Information Security Øivind Høiem, CISA CRISC Senior Advisor Information Security UNINETT, the Norwegian NREN About Øivind Senior Adviser at the HE sector secretary for information
"Integrating ITIL and COBIT 5 to Optimize IT Process and Service Delivery" 6th itsmf South East Europe Conference Michalis Samiotakis, ISACA Athens Chapter Athens, Greece, April 19, 2013 2 Agenda Who we
INFORMATION SECURITY & GOVERNANCE SYSTEMS AND IT INFRASTRUCTURE INFOSEC & TECHNOLOGY TRAINING forebrook Forebrook offers a range of information security, governance, IT systems and infrastructure related
Tutorial: Towards better managed Grids. IT Service Management best practices based on ITIL EGI Technical Forum 2011, Lyon (France) September 22, 2011 Dr. Thomas Schaaf www.gslm.eu EMERGENCE TECH LTD. The
Feature A Higher Level of Governance Monitoring IT Internal Controls Mike Garber, CGEIT, CIA, CITP, CPA, has many years experience as both director for IT governance and as IT audit director for Motorola
Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge
Balanced Scorecard; a Tool for Measuring and Modifying IT Governance in Healthcare Organizations Ehsan Borousan, Roozbeh Hojabri, Mahmoud Manafi and Aliread Hooman Abstract Nowadays healthcare organizations
Volume 3, July 2012 Come join the discussion! Andrew Stekhoven will be responding to questions in the discussion area of the COBIT 5 Use It Effectively topic beginning 23 July 2012. Active Software Escrow
www.pwc.com/cy Benchmark of controls over IT activities 2011 Report ABC Ltd... 2012 Scope and approach We wish to provide you with our IT Benchmarking report over IT activities at ABC Ltd (the Company)
County of San Diego Auditor and Controller OFFICE OF AUDITS & ADVISORY SERVICES SHAREPOINT SECURITY AUDIT FINAL REPORT Chief of Audits: Juan R. Perez Senior Audit Manager: Lynne Prizzia, CISA, CRISC Senior
Information Security Management System (ISMS) Overview Arhnel Klyde S. Terroza May 12, 2015 1 Arhnel Klyde S. Terroza CPA, CISA, CISM, CRISC, ISO 27001 Provisional Auditor Internal Auditor at Clarien Bank
BCS Specialist Certificate in Business Relationship Management Syllabus Version 1.9 March 2015 BCS Specialist Certificate in Business Relationship Management Syllabus Contents Change History... 2 Rationale...
CITY OF SAN ANTONIO OFFICE OF THE CITY AUDITOR Audit of Information Technology Services Department Project No. AU10-012 September 1, 2011 Audit of Information Technology Services Department Executive Summary
It is a well-known fact in computer security that security problems are very often a direct result of software bugs. That leads security researches to pay lots of attention to software engineering. The
County of San Diego Auditor and Controller OFFICE OF AUDITS & ADVISORY SERVICES CLOUD COMPUTING AUDIT FINAL REPORT Chief of Audits: Juan R. Perez Audit Manager: Lynne Prizzia, CISA, CRISC Senior Auditor:
AN APPROACH TO DESIGN SERVICES KEY PERFORMANCE INDICATOR USING COBIT5 AND ITIL V3 1 Retno Ayu Widiyaningrum, 2 Kudang B Sminar, 3 Husniteja Sukmana Department of Computer Science, Bogor Agricultural University,
Life Cycle Models, CMMI, Lean, Six Sigma Why use them? John Walz IEEE Computer Society, VP for Standards QuEST Forum Best Practices Conference Track 3 What, Where, How & Why Monday, 24-Sep-07, 4:30 5:30
1 The Capability Road Map a framework for managing quality and improving process capability Dr Kevin Daily, Improve QPI Ltd and Luis Joaquim, Critical Software SA Abstract Software developers and IT providers
Big Data: Impact, Benefits, Risk and Governance Urs Fischer, CPA (Swiss), CRISC, CISA, CIA Fischer IT GRC Consulting & Training Urs Fischer Agenda 1. Introduction 2. Impact on the Enterprise 3. Business
create better trained employees. choose the best value in training. ISACA ON-SITE TRAINING DELIVERS EXPERT INSTRUCTION AT YOUR WORKPLACE PRODUCTIVE train your workforce on-site. save on employee downtime
IT Audit in the Cloud Pavlina Ivanova, CISM ISACA-Sofia Chapter Content: o 1. Introduction o 2. Cloud Computing o 3. IT Audit in the Cloud o 4. Residual Risks o Used Resources o Questions 1. ISACA Trust
ITAG RESEARCH INSTITUTE Cobit s management guidelines revisited: the s / s cascade 1 Wim Van Grembergen, University of Antwerp (UA) Steven De Haes University Antwerp Management School (UAMS) IT Alignment
www.mpi.mb.ca CLASSIFICATION SPECIFICATION FORM Human Resources CLASSIFICATION TITLE: POSITION TITLE: (If different from above) DEPARTMENT: DIVISION: LOCATION: Executive Director Executive Director, Information
Other publications by Van Haren Publishing on IT Management Van Haren Publishing specialises in titles on Best Practices, methods and standards within IT and business management. These publications are
With information and technology at the heart of creating value for enterprises, it is more important than ever for organizations to optimize their IT risk approach in order to effectively identify related
Asset Management Policy March 2014 In February 2011, we published our current Asset Management Policy. This is the first update incorporating further developments in our thinking on capacity planning and
The Governance of Enterprise Information and Information Technology Challenges and Approaches Dr. Ronald Hale Ph.D., CISM ISACA Chief Knowledge Officer Accelerated Change Accelerated Information Risk http://blog.qmee.com/qmee-online-in-60-seconds/
A Manager s Guide to Service Management A Manager s Guide to Service Management Jenny Dugmore Shirley Lacy First published in the UK in 1995 by BSI, 389 Chiswick High Road, London W4 4AL Second edition
ISACA Privacy Principles and Program Management Guide Preview Yves LE ROUX Principal consultant Yves.email@example.com 1 2014 CA. ALL RIGHTS RESERVED. ISACA 2 2014 CA. ALL RIGHTS RESERVED. Privacy Guidance
OneCoin Blockchain Audit Report June 2015 Semper Fortis Ltd А Republic of Bulgaria, Sofia 1000, 54 William Gladstone Str., floor 3 Т +359 2 44 123 79 F +359 2 44 128 79 E firstname.lastname@example.org W www.semperfortis.bg
GLOBAL STANDARD FOR INFORMATION MANAGEMENT Manohar Ganshani Businesses have today expanded beyond local geographies. Global presence demands uniformity within the processes across disparate locations of
IT Service Management ITIL, COBIT Bülent Ekuklu Business Development Executive IBM Global Services Global Conditions are Changing 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% Agriculture Manufacturing Service
COBIT Focus July 2008, Volume 3 The newsletter dedicated to the COBIT user community Applying COBIT With Limited Resources By Matthew Altman Many midsize and small businesses, IT departments, and organizations
Gobierno de TI Enfrentando al Reto IT Facing the Challenge Everett C. Johnson, CPA International President ISACA and ITGI 1 Add titles Agenda Agenda IT governance keys IT governance focus areas: theory
The Value of ITIL to IT Audit HP Suen Chairman 9 August 2005 IT Infrastructure Library 1 ITIL Best practice in IT Service management, developed by Office of Government Commerce (OGC), UK in the late 1980s.
Image Area View Point Transforming your Metrics Program with the right set of Silver Bullets www.infosys.com Introduction Today s organizations are competing in a fast-paced marketplace driven by new technologies,
POSITION DESCRIPTION Position Title Manager, Technical Services Support Position Number Reports to Manager Technology Services Functional Auth HRM Auth Region IT Services Centre Head Office Date Feb 2011
Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session One Information Security- Perspective for Management Information Security Management Program Concept
Integrating COBIT into the IT Audit Process (Planning, Scope Development, Practices) April 20, 2006 San Francisco ISACA Chapter Luncheon Seminar Presented By Lance M. Turcato, CISA, CISM, CPA Deputy City
It s All About Process A White Paper By Gary Guttridge Principal Change Manage IT Ltd. It s All About Process Page 1 of 10 1. INTRODUCTION As long ago as 1931, the distinguished American economist, William