Practical Cobit Implemetation Approaches: Implementing Cobit 5 In A Week
|
|
- Lynn Terry
- 7 years ago
- Views:
Transcription
1 Practical Cobit Implemetation Approaches: Implementing Cobit 5 In A Week Kaya Kazmirci CISA, CISM, CISSP, Cobit 5 Foundations Kazmirci Associates kaya@kayakazmirci.com Kaya Kazmirci Founder ISACA Istanbul Chapter Education Committee Chair and Past Chapter President Chair Cobit 5/CISA Translation Committees Cobit Evangelist (Regulatory Consultant & Trainer) IT Governance and Cyber Security Expert Kazmirci Associates MD Mountain Biker & Sailor Kaya.kazmirci@isaca-istanbul.org Kaya@kayakazmirci.com
2 Project Plan: Short and Sweet Cobit 5 Implementations must build on existing knowledge Training and practical group work Previously completed certifications and documentation (e.g. Cobit 4.1) Motivated team (regulatory/financial pressure and/or visionary leadership) Divide and create value (one process/capability improvement/metric at a time) C5 Training (2 Exercises Days) (1 Day) As-Is To-Be Reporting (2 Days) Kickoff! How do you eat an elephant? Critical Cobit 5 Content
3 Critical Cobit 5 Content: One bite at a time COBIT 5 is based on: 5 principles 7 enablers Goals Cascade 37 Processes in 5 Domains Implementation Approach Capability Model (Formerly Maturity Model) COBIT 5 Principles: Start with the tastiest bits 2012 ISACA All rights reserved. 6
4 Principle 1: Meeting Stakeholder Needs Enterprises have many stakeholders Governance is about Negotiating Deciding amongst different stakeholders value interests Considering all stakeholders when making benefit, resource and risk assessment decisions For each decision, ask: For whom are the benefits? Who bears the risk? What resources are required? How Do You Use The BSC? Does it predict the future? Does it correlate with future customer orders? How to measure it (surveys, consultants, standards, frameworks, metrics, maturity/capability)? Can BSC s be trusted? It costs resources to implement, does it generate ROI? Base employee bonuses on it? Complexity?
5 Principal 1 Cascade Steps (Figure 5) What is the primary Enterprise Goal? Principal 1 Cascade Steps (Figure 6) Enterprise Goals To IT Related Goals
6 Mapping IT Related Goals to C5 Processes: Less is More ITRG s map to C5 Processes Primary/Secondary Support Adopt it to your organization Keep scope narrow Focus on problem areas Principle 4: Enabling a Holistic Approach
7 Enabler 2: Processes ISACA. All rights reserved. 13 Lead and Lag Metrics: Explicit In C4.1 Process Goals (formerly KPI): How the process delivers value to IT Fire Wall Breaches Discovered Credit Card #s Lost Cost of noncompliance (fines, settlements) IT Related Goal (formerly KGI): A measure of how IT is supporting the enterprise rise
8 Process Format/Content Process: Name/Description/Purpose Management/Governance Practices (Critical) Outcomes (Combine/ Reformat) Process Format/Content Work Product Inputs (Nice to Have) Outputs (Combine/ Reformat) Supports (Nice to Have)
9 RACI Charts There Is A Lot (Too Much?) Use what you need and nothing else! 2012ISACA. All rights reserved. Cobit 5 Process Reference Model Choose Carefully! Outsourcing: APO09, 10 Security: APO13, DSS05 HR (Security): APO07, APO08 PM: APO05, 6, BAI01 SW/HW Development: BAI02, 3, 6, 7, 10 Data Center: DSS01 Help Desk: DSS02, 03 Engine Room: BAI04, DSS04
10 New and Modified Processes: APO03 Manage enterprise architecture. (TOGAF) APO04 Manage innovation. (Nice to Have) APO05 Manage portfolio. (PMBOK, Prince2) APO06 Manage budget and costs. (Activity Based Costing/Accounting) APO08 Manage relationships. (Security Impact) APO13 Manage security. (Critical) BAI05 Manage organisational change enablement. (Nice to Have) BAI08 Manage knowledge. (DS10 Manage Data in v3 more useful) BAI09 Manage assets. (Nice to Have) DSS05 Manage security service. (Critical) DSS06 Manage business process controls. (Controversial) 2012ISACA. All rights reserved. What s Missing (Next)? We Want a Camel Now Cobit Framework Suggestions
11 Framework Committee, We have a problem How do we implement Agile/Scrum in C5? Documentation requirements? Which C5 Processes to include? How do we integrate simultaneous multiple processes so they operate smoothly? Capability scores (C5) seem lower than maturity scores (C4.1 and earlier) Clients have spent LOTS improving C4.1 maturity (C5 conversion is a hard sell) Regulators can penalize for low (<3) maturity, where do we set the bar? Capability is not as clear as Maturity (nor as easy to implement) C5 capability is not prescriptive (let s create guidance) What is the value for improved Capability? DSS06 Manage Business Process Controls? What does it mean and how do we implement it in a practical sense ETOM for Telecom, Other sector based guidance would be helpful Cobit 5 Capability Less is more
12 Satisfying Cobit 5 Attributes Improves Capability How Do We Measure Capability? Level 5 Optimizing process PA.5.1 Process Innovation attribute PA.5.2 Process Optimization attribute Level 4 Predictable Process PA.4.1 Process Measurement attribute PA.4.2 Process Control attribute Level 3 Established Process PA.3.1 Process Definition attribute PA.3.2 Process Deployment attribute Level 2 Managed Process PA.2.1 Performance Management attribute PA.2.2 Work Product Management attribute Level 1 Performed process PA.1.1 Process Performance attribute Level 0 Incomplete process 2012 ISACA All rights reserved. 24
13 Process Attribute Rating Scale Cobit Capability scores 3 at a 2.5! N Not achieved 0 to 15 % achievement There is little or no evidence of achievement of the defined attribute in the assessed process P Partially achieved > 15 % to 50 % achievement There is some evidence of an approach to, and some achievement of, the defined attribute in the assessed process. Some aspects of achievement of the attribute may be unpredictable L Largely achieved > 50 % to 85% achievement There is evidence of a systematic approach to, and significant achievement of, the defined attribute in the assessed process. Some weakness related to this attribute may exist in the assessed process F Fully achieved > 85 % to 100 % achievement There is evidence of a complete and systematic approach to, and full achievement of, the defined attribute in the assessed process. No significant weaknesses related to this attribute exist in the assessed process 25 What Does That Mean? (Practical Guidance) Level 1 Some Management/Governance (M/G) Practices, Some Work Products Level 2 All M/G Practices, Work Product, Process Goals & Targets defined, RACI Level 3 Process commonly implemented, Inputs/Outputs (Training/Sourcing needs) defined, IT Related Goals defined/collected/analyzed Level 4 Process Metrics reported consistently, Goals set, Low performance reviewed Level 5 Improvement Goals set, Improvement Opportunities: Identified, Planned, Tested, Implemented & Post Implemented
14 Still Confused? More Practical Guidance CMMI Maturity seems to map well as it is based on Level 2 All of the Practices Implemented Level 3 All Activities implemented ISO > APO13 Mange Security, DSS05 Manage Security Services ISO > DSS04 Manage Continuity ISO > APO11 Manage Quality ISO > DSS01 Manage Operations, DSS02 Manage Service Requests & Incidents, DSS03 Manage Problems ISO > DSS02 (Customer Complaints) ISO > APO11 Manage Quality ISO > APO12 Manage Risk Independent Audit Financial Reporting Effective Control -> BAI06, 07 Level 4 Common enterprise wide Process Performance and Output metrics Level 5 Consistent Metric based Goals and Improvement Implementation Capability and Gap Analysis: Logistics Provider
15 Capability and Gap Analysis: NPL Collector Traditional COBIT 5 Implementation Program Management Day to day PM Enablement of change Addressing the behavioural and cultural aspects Core Continual improvement this is not a one-off project 2012 ISACA. All Rights Reserved.
16 Use The Goals Cascade to Scope Which Processes To Focus On Appendix 1
17 Start with BSC category step 1 Balanced Scorecard Financial Customer Internal Learning Enterprise Goals IT Related Goal (ITRG) COBIT Process Customer 6. Customer-oriented service culture 7. Business service continuity and availability 8. Agile responses to a changing business environment 9. Information-based strategic decision making 10. Optimisation of service delivery costs 2012 ISACA. All rights reserved. 33 Step 2 Select Enterprise Goal, IT related Goal, and Processes Customer 6. Customer-oriented service culture 7. Business service continuity and availability ITRG 07 Delivery of IT services in line with business requirements ITRG 08 Adequate use of applications, information and technology solutions ITRG 01 Alignment of IT and business strategy ITRG 04 Managed IT-related business risk ITRG 10 Security of information, processing infrastructure and applications ITRG 14 Availability of reliable and useful information for decision making PROCESSES APO09 Manage Service Agreements APO13 Manage Security BAI04 Manage Availability and Capacity BAI08 Manage Knowledge BAI10 Manage Configuration DSS03 Manage Problems DSS04 Manage Continuity PRIMARY IMPORTANCE OR IMPACT P P P P P P P 2012 ISACA. All rights reserved. 34
18 Step.3 Example APO09 Examine Metrics RELATED METRICS The number of business processes with unidentified service agreements % of live IT services covered by service Agreements % of Customers satisfied that service delivery meets agreed-on levels Number & severity of service breaches % of services being monitored to service levels % of service targets being met 2012 ISACA. All rights reserved. 35 Case Studies To Support Training and Group Work Appendix 2
19 Case Study I Case Study I Identification of IT Governance Issues 40 minutes preparation, 20 minutes discussion The objective of this exercise is to become familiar with IT governance issues and be able to explain them to executive management. Imagine that you are the newly hired CIO/IT director of the Company, and you realise that much needs to be done to improve the way IT is managed, if all the IT requirements are to be successfully delivered. You know that you were hired to sort these matters out but you feel that the board should focus on IT and they do not really know much about why it is important, what problems exist and what their responsibilities should be. You are worried that you might not be able to succeed without their full appreciation of the current issues and their support to improve the way IT is managed. You recently heard about COBIT and then discovered ITGI and ISACA on the Internet, and downloaded the Cobit 5 Enabling Processes. You have decided to use this standard to help raise awareness with the board and get them on your side working with you to fix the IT problems. Review the present situation at the Company with your group using the Goals Cascade documents as a guideline. Select Enterprise Goals and IT-Related Goals that your group feels are important to the Company. Pay particular attention to areas that you feel may be presently underserviced. Use the results of your discussion and the IT-Related Goals to Cobit 5 processes map to select 6 Cobit 5 processes which, if improved, would add significant enterprise value to the Company Your task is to work together with the rest of the IT management team (the rest of your course group) to prepare items to go into a presentation which conveys: What the processes are, why you choose them and what value their implementation will add to the Company. Select a spokesperson to present your group work. Gary Hardy Case Study II Case Study II Process Assessment 40 minutes preparation, 20 minutes presentation and discussion the Company has recognised enterprise governance implementation is a priority to enable effective corporate and IT management. After reviewing your previous presentation, the BoD has decided to implement Cobit 5 one process at a time and has asked you to complete an assessment regarding how the most critical process that you presented operates at the Company. In this exercise, you will first select a process (from those examined in Case Study I) and then assess how it operates at the Company. 1. Using what you and your teammates know and referring to the COBIT 5 Enabling Processes, consider the process and assess whether it presently fulfils the defined management/governance practices and related activities as well as delivers the defined outputs. Document any missing outputs. 2. Decide which missing practices would add value if implemented, then list and prioritize the most important 5 of them. 3. Discuss the related Cobit 5 process/it related metrics and assess whether the presently used metrics are adequate. Feel free to suggest 3 metrics that you feel would better meet the Company's needs but be aware that implementing new metrics requires resources so focus on cost effective suggestions. Gary Hardy
20 Case Study III Case Study III Capability Assessment 40 minutes preparation, 20 minutes presentation The objective of this exercise is to understand how to use the capability models in COBIT 5 to perform a capability assessment of a critical process. Use the process from Case Study II and assess its present capability at the Company. Based on its present capability, list what additional attributes need development in order for it to mature to the next level of capability. Hint: Go easy on yourselves as far as documentation requirements go. Partially (P) fullfiled attributes are ok. Work in the same group, and have a workshop as if you are the management team. One person should act as the facilitator gaining consensus as a group on what the critical attributes are and, using the COBIT capability models, considering the current level. Prepare to report the present capability as well what needs to be done to go to the next level. Prepare a short presentation to explain your results. Gary Hardy Goals Cascade Appendix 3
21 Figure 24 Mapping COBIT 5 Enterprise Goals to Governance and Management Questions Figure 24 Mapping COBIT 5 Enterprise Goals to Governance and Management Questions (cont.)
22 Figure 22 Mapping COBIT 5 Enterprise Goals to IT-related Goals Figure 23 Mapping COBIT 5 IT-related Goals to Processes
23 Figure 23 Mapping COBIT 5 IT-related Goals to Processes (cont.)
Roles, Activities and Relationships
and in COBIT 5 Objective: Value Creation Benefits Realisation Risk Resource Enablers Scope Roles, Activities and Relationships Source: COBIT 5, figure 8 Key Roles, Activities and Relationships Roles, Activities
More informationPresented by. Denis Darveau CISM, CISA, CRISC, CISSP
Presented by Denis Darveau CISM, CISA, CRISC, CISSP Las Vegas ISACA Chapter, February 19, 2013 2 COBIT Definition Control Objectives for Information and Related Technology (COBIT) is an IT governance framework
More informationRevised October 2013
Revised October 2013 Version 3.0 (Live) Page 0 Owner: Chief Examiner CONTENTS: 1. Introduction..2 2. Foundation Certificate 2 2.1 The Purpose of the COBIT 5 Foundation Certificate.2 2.2 The Target Audience
More informationCOBIT 5 For Cyber Security Governance and Management. Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE)
COBIT 5 For Cyber Security Governance and Management Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE) Cybersecurity Governance using COBIT5 Cyber Defence Summit Riyadh, KSA
More informationCOBIT 5 Introduction. 28 February 2012
COBIT 5 Introduction 28 February 2012 COBIT 5 Executive Summary 2012 ISACA. All rights reserved. 2 Information! Information is a key resource for all enterprises. Information is created, used, retained,
More informationGeoff Harmer PhD, CEng, FBCS, CITP, CGEIT Maat Consulting Reading, UK www.maatconsulting.com
COBIT 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT Maat Consulting Reading, UK www.maatconsulting.com 1 Copyright Notice COBIT is 1996, 1998, 2000, 2005 2012 ISACA and IT Governance Institute.
More informationCOBIT Helps Organizations Meet Performance and Compliance Requirements
DISCUSS THIS ARTICLE COBIT Helps Organizations Meet Performance and Compliance Requirements By Sreechith Radhakrishnan, COBIT Certified Assessor, ISO/IEC 20000 LA, ISO/IEC 27001 LA, ISO22301 LA, ITIL Expert,
More informationCriticism of Implementation of ITSM & ISO20000 in IT Banking Industry. Presented by: Agus Sutiawan, MIT, CISA, CISM, ITIL, BSMR3
Criticism of Implementation of ITSM & ISO20000 in IT Banking Industry Presented by: Agus Sutiawan, MIT, CISA, CISM, ITIL, BSMR3 Outline What is IT Service Management What is ISO 20000 Step by step implementation
More informationINFORMATION TECHNOLOGY FLASH REPORT
INFORMATION TECHNOLOGY FLASH REPORT ISACA Releases COBIT 5: Updated Framework for the Governance and Management of IT May 18, 2012 In April, ISACA released COBIT 5 as a replacement for its current globally
More informationChayuth Singtongthumrongkul
IT is complicated. IT Governance doesn t have to be. Chayuth Singtongthumrongkul CISSP, CISA, ITIL Intermediate, PMP, IRCA ISMS (ISO/IEC 27001) Director of International Academic Alliance, ACIS Professional
More informationCOBIT 5 Process Assessment Method (PAM) Debra Mallette, CGEIT, CISA, CSSBB Governance Risk and Compliance -G22
COBIT 5 Process Assessment Method (PAM) Debra Mallette, CGEIT, CISA, CSSBB Governance Risk and Compliance -G22 Session Objectives Why Assess Process Capability COBIT 5 Process Assessment Model Relationship
More informationHow To Compare Itil To Togaf
ITSM vs EA KAOS ITSM vs EA SH Needs Business Goals 2 GOVERNANCE EVALUATE PLANNING ITSM IMPROVING OPERATING Business Programs Projects DEVELOPING EA IMPLEMENTING IT service - ITIL 3 Lifecycle approach Service
More informationCOBIT 5: A New Governance Framework for Managing & Auditing the Technology Environment CS 6-7: Tuesday, July 7 3:30-4:30
COBIT 5: A New Governance Framework for Managing & Auditing the Technology Environment CS 6-7: Tuesday, July 7 3:30-4:30 Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.net
More informationUnderstanding COBIT 5. based on ISACA Materials www.isaca.org/cobit. Prepared by: Deb Mallette, CGEIT, CISA, CSSBB, IMG BSMS EPDM, Process Consultant
Prepared by: Deb Mallette, CGEIT, CISA, CSSBB, IMG BSMS EPDM, Process Consultant Understanding COBIT 5 based on ISACA Materials www.isaca.org/cobit ISACA Silicon Valley Chapter Spring 1 Why COBIT is important
More information2009 Solvay Brussels School and IT Governance institute
IT Governance Masterclass Georges Ataya CISA, CGEIT, CISA, CISSP, MSCS, PBA International VP, IT Governance Institute Professor, Solvay Business School Managing Partner, ICT Control NV 1 Georges Ataya
More informationCLOUD SECURITY THROUGH COBIT, ISO 27001 ISMS CONTROLS, ASSURANCE AND COMPLIANCE
CLOUD SECURITY THROUGH COBIT, ISO 27001 ISMS CONTROLS, ASSURANCE AND COMPLIANCE Indranil Mukherjee Singapore ISC Pte Ltd Session ID: CLD T02 Session Classification: Intermediate Cloud Computing from a
More informationCOBIT 5 and the Process Capability Model. Improvements Provided for IT Governance Process
Proceedings of FIKUSZ 13 Symposium for Young Researchers, 2013, 67-76 pp The Author(s). Conference Proceedings compilation Obuda University Keleti Faculty of Business and Management 2013. Published by
More informationAuditors Need to Know June 13th, 2012. ISACA COBIT 5 for Assurance
COBIT 5 What s New, What Auditors Need to Know June 13th, 2012 Anthony Noble Viacom Inc. ISACA COBIT 5 for Assurance Task Force Chair Special thanks to Derek Oliver & ISACA for supplying material for this
More informationCertified Information Security Manager (CISM)
Certified Information Security Manager (CISM) Course Introduction Course Introduction Domain 01 - Information Security Governance Lesson 1: Information Security Governance Overview Information Security
More informationThe Future of Best Practices in IT Service Management - ITIL Version 3 Explained
The Future of Best Practices in IT Service Management - ITIL Version 3 Explained Reg Harbeck CA Monday, August 13, 2007 Session 1455 ITIL V3: The Processes Governance Processes: Service Measurement Service
More informationISO 21500: Did we need it? A Consultant's Point of View after a first experience. Session EM13TLD04
ISO 21500: Did we need it? A Consultant's Point of View after a first experience Session EM13TLD04 Maria Cristina Barbero, MBA, PMI-ACP, PMP Nexen SPA PMI is a registered trade and service mark of the
More informationCOBIT 5 for Risk. CS 3-7: Monday, July 6 4:00-5:00. Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.
COBIT 5 for Risk CS 3-7: Monday, July 6 4:00-5:00 Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.net Disclaimer of Use and Association Note: It is understood that
More informationCopyright protected. Use is for Single Users only via a VHP Approved License. For information and printed versions please see www.vanharen.
COBIT 5 A Management Guide Other publications by Van Haren Publishing Van Haren Publishing (VHP) specializes in titles on Best Practices, methods and standards within four domains: - IT and IT Management
More informationWhite Paper. COBIT 5 & BiSL
White Paper COBIT 5 & BiSL This paper compares the scope and perspective of COBIT 5 and BiSL and shows how these two frameworks can be used in conjunction to assure that business information management
More informationSound Transit Internal Audit Report - No. 2014-3
Sound Transit Internal Audit Report - No. 2014-3 IT Project Management Report Date: Dec. 26, 2014 Table of Contents Page Background 2 Audit Approach and Methodology 2 Summary of Results 4 Findings & Management
More informationCOBIT 5 Foundation Workshop. COBIT is a trademark of the Information Systems Audit and Control Association and the IT Governance Institute
COBIT 5 Foundation Workshop COBIT is a trademark of the Information Systems Audit and Control Association and the IT Governance Institute COBIT 5: A Business Framework for the Governance and Management
More informationPINK ELEPHANT THOUGHT LEADERSHIP WHITE PAPER DEVELOPING AN IT SERVICE MANAGEMENT TRAINING STRATEGY & PLAN
PINK ELEPHANT THOUGHT LEADERSHIP WHITE PAPER DEVELOPING AN IT SERVICE MANAGEMENT TRAINING STRATEGY & PLAN Executive Summary Developing and implementing an overall IT Service Management (ITSM) training
More informationCOBIT 4.1 TABLE OF CONTENTS
COBIT 4.1 TABLE OF CONTENTS Executive Overview....................................................................... 5 COBIT Framework.........................................................................
More informationITIL AND COBIT EXPLAINED
ITIL AND COBIT EXPLAINED 1 AGENDA Overview of Frameworks Similarities and Differences Details on COBIT Framework (based on version 4.1) Details on ITIL Framework, focused mainly on version.2. Comparison
More informationSetting goals and measuring the value of Enterprise IT Architecture using COBIT 5 framework
Setting goals and measuring the value of Enterprise IT Architecture using COBIT 5 framework Karoline Westerlund, IT-strategist Umeå University, Sweden retirement Service Catalogue Defined framework Formalized
More informationIntroduction to ISACA and ITGI By Georges Ataya, International Vice President, ISACA
Quality and security in application development Round Table Meeting/Discussion Group Wednesday 23rd May 2007 Introduction to ISACA and ITGI By Georges Ataya, International Vice President, ISACA 1 The International
More informationG13 USE OF RISK ASSESSMENT IN AUDIT PLANNING
IS AUDITING GUIDELINE G13 USE OF RISK ASSESSMENT IN AUDIT PLANNING The specialised nature of information systems (IS) auditing and the skills necessary to perform such audits require standards that apply
More informationG11 EFFECT OF PERVASIVE IS CONTROLS
IS AUDITING GUIDELINE G11 EFFECT OF PERVASIVE IS CONTROLS The specialised nature of information systems (IS) auditing and the skills necessary to perform such audits require standards that apply specifically
More informationDomain 1 The Process of Auditing Information Systems
Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge
More informationCOBIT 5 ISACA s new framework for IT Governance, Risk, Security and Auditing. An overview
COBIT 5 IACA s new framework for IT Governance, Risk, ecurity and Auditing An overview M. Garsoux COBIT 5 Licensed Training rovider Introduction rinciples rocesses Implementation upporting roducts Questions
More informationISACA Roundtable. Cobit and Grab@Pizza 7 september 2015
1 ISACA Roundtable 7 september 2015 ISACA Roundtable Cobit and Grab@Pizza 7 september 2015 2015 KPN Corporate Market B.V. ISACA, is a registered trademark of the Information Systems Audit and Control Association
More informationPractical perspectives in advancing data governance to create improved data quality frameworks
Practical perspectives in advancing data governance to create improved data quality frameworks Presented by: Micheal Axelsen Director Applied Insight Pty Ltd INTRODUCTION About this presentation Purpose
More informationSomewhere Today, A Project is Failing
Aligning CobiT and ITIL - The Business Benefit 2007 ISACA All rights reserved www.isaca.org Page - 1 Somewhere Today, A Project is Failing Chapter 1, Peopleware 2nd edition Tom DeMarco 2007 ISACA All rights
More informationS11 - Implementing IT Governance An Introduction Debra Mallette
S11 - Implementing IT Governance An Introduction Debra Mallette S11 - Introduction to IT Governance Implementation using COBIT and Val IT Speaker: Debra Mallette, CGEIT, CISA, CSSBB Session Objectives
More informationITIL Service Lifecycles and the Project Manager
1 ITIL Service Lifecycles and the Project Manager The intersection of IT Service and Project Delivery Presented to: Kansas City Mid-America PMI Chapter Mark Thomas January 17, 2011 1 Agenda 2 Introduction
More informationWhat s New In ITIL V3?
What s New In ITIL V3? George Spalding VP, Global Events Pink Elephant Pink Elephant Leading The Way In IT Management Best Practices The ITIL Books (V2) T h e B u s i n e s s Planning To Implement Service
More informationSan Francisco Chapter. Cassius Downs Network Edge LLC
Cassius Downs Network Edge LLC ITIL History ITIL Books V3 Objectives Business Benefits of V3 V3 Changes Training & Certification V2 or V3? Summary 2 The 12 Rules 1. EXERCISE Rule #1: Exercise boosts brain
More informationITIL CSI 2011 Vernon Lloyd
ITIL CSI 2011 Vernon Lloyd 12 th December 2011 Implementing or Improving? Vernon Lloyd International Client Director Fox IT Without change there is no innovation, creativity, or incentive for improvement
More informationAnn Geyer Tunitas Group. CGEIT Domains
1 CGEIT Exam Prep May 17, 2011 Ann Geyer Tunitas Group CGEIT Domains 2 Job Practice Areas by Domain 25% IT Gov Frameworks 20% Risk Mgmt 15% Strategic Alignment 15% Value Delivery 13% Resource Mgmt 12%
More informationCobiT Strategy and Long Term Vision
CobiT Strategy and Long Term Vision Urs Fischer VP Head IT Risk Mgmt, Security & ICS SwissLife Seite 2 1 Seite 3 Seite 4 2 Session Objective Provide those interested stakeholders with a clear and single
More informationIT Governance Implementation Workshop
IT Governance Implementation Workshop 3 Full day power packed workshop facilitated by Mr. Gary Allan Banister and Mr. Sreechith Radhakrishnan About the Programme Information is created, used, retained,
More informationThis article describes how these seven enablers have contributed towards better information security management at HDFC Bank.
Information Security Management at HDFC Bank: Contribution of Seven Enablers By Vishal Salvi, CISM, and Avinash W. Kadam, CISA, CISM, CGEIT, CRISC, CBCP, CISSP, CSSLP HDFC Bank was incorporated in August
More informationIMPLEMENTATION OF HIGH-PERFORMANCE SECURITY MANAGEMENT PROCESSES
IMPLEMENTATION OF HIGH-PERFORMANCE SECURITY MANAGEMENT PROCESSES OBJECTIVES This course is specifically designed to improve your skills as an information security manager. Using O-ISM3 as a framework,
More informationFormulating and Implementing an HP IT program strategy using CobiT and HP ITSM
Formulating and Implementing an HP IT program strategy using CobiT and HP ITSM Mathias Sallé HP Research Laboratories mathias.salle@hp.com Steve Rosenthal Management Software Organization steve.rosenthal@hp.com
More informationfor Information Security
for Information Security The following pages provide a preview of the information contained in COBIT 5 for Information Security. The publication provides guidance to help IT and Security professionals
More informationPhil Marshall Black Duck Software. 2012 ISACA Webinar Program. 2012 ISACA. All rights reserved.
Open Source Component Governance and Management Using COBIT Phil Marshall Black Duck Software 2012 ISACA Webinar Program. 2012 ISACA. All rights reserved. Welcome Type in questions using the Ask A Question
More informationInformation Security, Privacy and Compliance Convergence
Information Security, Privacy and Compliance Convergence Rebecca Herold, CIPP, CISSP, CISM, CISA, FLMI Rebecca Herold & Associates, LLC April 2009 Agenda Information lifecycles Security and privacy challenges
More informationBusiness Excellence and ROI based process maturity
Business Excellence and ROI based process maturity SPEG North America 2014 KK Raman, KPMG 6th of May 2014 2014 KPMG, an Indian Partnership and a member firm of the KPMG network of independent member firms
More informationAN APPROACH TO DESIGN SERVICES KEY PERFORMANCE INDICATOR USING COBIT5 AND ITIL V3
AN APPROACH TO DESIGN SERVICES KEY PERFORMANCE INDICATOR USING COBIT5 AND ITIL V3 1 Retno Ayu Widiyaningrum, 2 Kudang B Sminar, 3 Husniteja Sukmana Department of Computer Science, Bogor Agricultural University,
More informationBalanced Scorecard: & Challenges. 23rd July 2007. Organized by: SMR
Balanced Scorecard: Implementation & Challenges 23rd July 2007 Organized by: SMR 1 Program Schedule» 9.00 am 10.30am» 2.00pm 3.30pm > Introduction PMS > BSC Terminology & Principles > Understanding BSC
More information1 What does the 'Service V model' represent? a) A strategy for the successful completion of all service management projects
1 What does the 'Service V model' represent? a) A strategy for the successful completion of all service management projects b) The path to Service Delivery and Service Support for efficient and effective
More informationAssessing & Managing IT Risks: Using ISACA's CobiT & Risk IT Frameworks
Assessing & Managing IT Risks: Using ISACA's CobiT & Risk IT Frameworks 2ο InfoCom Security Conference Anestis Demopoulos, Vice President ISACA Athens Chapter, & Senior Manager, Advisory Services, Ernst
More informationITIL. Lifecycle. www.alctraining.com.my. ITIL Intermediate: Continual Service Improvement. Service Strategy. Service Design. Service Transition
Take your ITIL skills to the next level ITIL Lifecycle ITIL Intermediate: Part of the complete ITIL Education Program Advance your career Add value to your organisation Gain credits towards ITIL Expert
More informationIncreasing IT Value and Reducing Risk. More for Less with COBIT5. IT Governance and Strategy
Increasing IT Value and Reducing Risk More for Less with COBIT5 Copyright 2012 ITpreneurs. All rights reserved. 1 COBIT 5 the Next Evolution 2 COBIT 5 Released in April 2012 COBIT5 is the eagerly awaited
More informationPreparation Guide. Side entry to the EXIN Expert in IT Service Management based on ISO/IEC 20000
Preparation Guide Side entry to the EXIN Expert in IT Service Management based on ISO/IEC 20000 Edition June 2015 Copyright 2015 EXIN All rights reserved. No part of this publication may be published,
More informationDirector, IT Security District Office Kern Community College District JOB DESCRIPTION
Director, IT Security District Office Kern Community College District JOB DESCRIPTION Definition Reporting to the Chief Information Officer, the Director of IT Security develops and implements procedures,
More informationIS Management, ITIL, ISO, COBIT...
IS Management, ITIL, ISO, COBIT... Orsys, with 30 years of experience, is providing high quality, independant State of the Art seminars and hands-on courses corresponding to the needs of IT professionals.
More informationEnabling Information PREVIEW VERSION
Enabling Information These following pages provide a preview of the information contained in COBIT 5: Enabling Information. The main benefit of this publication is that it provides COBIT 5 users with a
More informationSound Transit Internal Audit Report - No. 2014-6
Sound Transit Internal Audit Report - No. 2014-6 Maturity Assessment: Information Technology Division Disaster Recovery Planning Report Date: June 5, 2015 Table of Contents Page Executive Summary 2 Background
More informationStrategic IT audit. Develop an IT Strategic IT Assurance Plan
Strategic IT audit Develop an IT Strategic IT Assurance Plan Speaker Biography Hans Henrik Berthing is Partner at Verifica and Senior Advisor & Associated Professor at Aalborg University. He is specialized
More informationITIL Introduction and Overview & ITIL Process Map
ITIL Introduction and Overview & ITIL Process Map Barbara Re 1 Where we are? IT organization has a long trouble to improve service level to their customers without adding cost, reducing quality or introducing
More informationRelationship Manager (Banking) Assessment Plan
Relationship Manager (Banking) Assessment Plan ST0184/AP03 1. Introduction and Overview The Relationship Manager (Banking) is an apprenticeship that takes 3-4 years to complete and is at a Level 6. It
More informationEnterprise Service Management (ESM)
Enterprise Service Management (ESM) A Reference Model for Adopting and Adapting IT Best Practices Across and Enterprise itsm003 v.3.0 Agenda and Objectives What are ESM Best Practices? What is the ESM
More informationAn Implementation Roadmap
An Implementation Roadmap The 2nd Abu Dhabi IT s Forum P J Corum, CSQA, CSTE, ITSM Managing Director Quality Assurance Institute Middle East and Africa Dubai, UAE Quality Assurance Institute Middle East
More informationBALANCED SCORECARD What is the Balanced Scorecard?
BALANCED SCORECARD What is the Balanced Scorecard? January 2014 Table of Contents Table of Contents... 1 The Balanced Scorecard... 2 The Four Perspectives... 3 Key Performance Indicators (KPIs)... 4 Scorecard
More informationIT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE
1 IT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE ANSWERS AND PRACTICAL TIPS FROM THE IT GOVERNANCE AUDIT PROFESSIONALS JOHAN LIDROS, PRESIDENT EMINERE GROUP KATE MULLIN, CISO, HEALTH
More informationBuilding A Framework-based Compliance Program. Richard E. Mackey, Jr. Vice President, SystemExperts Corp. dick.mackey@systemexperts.
Building A Framework-based Compliance Program Richard E. Mackey, Jr. Vice President, SystemExperts Corp. dick.mackey@systemexperts.com Agenda The compliance process Assembling requirements Useful frameworks
More informationAdvanced Topics for TOGAF Integrated Management Framework
Instructor: Robert Weisman MSc, PEng, PMP CD Robert.weisman@buildthevision.ca Advanced Topics for TOGAF Integrated Management Framework ROBERT WEISMAN CEO BUILD THE VISION, INC. WWW.BUILDTHEVISION.CA EMAIL:
More informationInformation Governance Maturity Model
Information Governance Maturity Model Diogo Proença* (diogo.proenca@ist.utl.pt) Ricardo Vieira (rjcv@ist.utl.pt) José Borbinha (jlb@ist.utl.pt ) 1 Motivation Working group in Portugal developed a set of
More informationPresentation on COBIT Education
http://www.itpreneurs.com Presentation on COBIT Education Mastering COBIT with effective learning solutions Arjan Woertman ITpreneurs This COBIT product suite includes COBIT 4.0, which is used by permission
More informationFree ITIL v.3. Foundation. Exam Sample Paper 1. You have 1 hour to complete all 40 Questions. You must get 26 or more correct to pass
Free ITIL v.3. Foundation Exam Sample Paper 1 You have 1 hour to complete all 40 Questions You must get 26 or more correct to pass Compliments of Advance ITSM www.advanceitsm.com 1. What is the main reason
More informationITSM Reporting Services. Enterprise Service Management. Monthly Metric Report
ITSM Reporting Services Monthly Metric Report October 2011 Contents Introduction 3 Background 3 Purpose 3 Scope 3 AI6 Manage Change 4 Number of Changes Logged 4 Number of Emergency Changes Logged 4 Percentage
More informationCompany size matters: Perspectives on IT Governance
www.pwc.com/ca/technology-consulting Company size matters: Perspectives on IT Governance versus large Canadian organizations and IT Governance PwC conducted research for the 4th edition of the IT Governance
More informationSITA Service Management Strategy Implementation. Presented by: SITA Service Management Centre
SITA Service Management Strategy Implementation Presented by: SITA Service Management Centre Contents What is a Service? What is Service Management? SITA Service Management Strategy Methodology Service
More informationThe ITIL v.3. Foundation Examination
The ITIL v.3. Foundation Examination ITIL v. 3 Foundation Examination: Sample Paper 3, version 3.0 Multiple Choice Instructions 1. All 40 questions should be attempted. 2. There are no trick questions.
More informationSUPPLY CHAIN ASSURANCE FRAMEWORK: THE SUPPLY CHAIN STANDARDS TRANSLATOR
SUPPLY CHAIN ASSURANCE FRAMEWORK: THE SUPPLY CHAIN STANDARDS TRANSLATOR Michael de Crespigny, CEO Information Security Forum Session ID: GRC R02B Session Classification: General Interest KEY ISSUE Our
More informationPreparation Guide. EXIN IT Service Management Associate based on ISO/IEC 20000
Preparation Guide EXIN IT Service Management Associate based on ISO/IEC 20000 Edition January 2014 Copyright 2014 EXIN All rights reserved. No part of this publication may be published, reproduced, copied
More informationBeyond Mandates: Getting to Sustainable IT Governance Best Practices. Steve Romero PMP, CISSP, CPM IT Governance Evangelist
Beyond Mandates: Getting to Sustainable IT Governance Best Practices Steve Romero PMP, CISSP, CPM IT Governance Evangelist Agenda > IT Governance Definition > IT Governance Principles > IT Governance Decisions
More informationIT Governance: framework and case study. 22 September 2010
IT Governance: framework and case study Presenter Yaowaluk Chadbunchachai Advisory Services Ernst & Young Corporate Services Limited Presentation topics ERM and IT governance IT governance framework IT
More informationThe IT Infrastructure Library (ITIL)
IT service management is often equated with the Information Technology Infrastructure Library (ITIL), even though there are a variety of standards and frameworks contributing to the overall ITSM discipline.
More informationPreparation Guide. EXIN IT Service Management Associate Bridge based on ISO/IEC 20000
Preparation Guide EXIN IT Service Management Associate Bridge based on ISO/IEC 20000 Edition January 2014 Copyright 2014 EXIN All rights reserved. No part of this publication may be published, reproduced,
More informationitsmf Australia 2007 Conference: Summary of ITSM Standards and Frameworks Survey Responses
itsmf Australia 2007 Conference: Summary of ITSM Standards and Frameworks Survey Responses Aileen Cater-Steel, Wui-Gee Tan and Mark Toleman School of Information Systems, Faculty of Business University
More informationAssessing Your Information Technology Organization
Assessing Your Information Technology Organization Are you running it like a business? By: James Murray, Partner Trey Robinson, Director Copyright 2009 by ScottMadden, Inc. All rights reserved. Assessing
More informationHow To Use Risk It
Risk IT A set of guiding principles and the first framework to help enterprises identify, govern and effectively manage IT risk. In business today, risk plays a critical role. Almost every business decision
More informationCXO Dashboards. How to drive business performance with certainty. 2009 CXO Dashboards
CXO Dashboards How to drive business performance with certainty Several executives find it difficult to manage their strategic objectives with certainty Too many pressures to balance Not enough visibility
More informationIntroduction to ITIL for Project Managers
CSC NORTH AMERICAN PUBLIC SECTOR Introduction to ITIL for Project Managers May Chantilly Luncheon Linda Budiman, PMP ITILv2 & ITILv3 Process Architect ITIL Service Manager, CobiT certified 5/13/2008 8:08:45
More informationCitation for published version (APA): Berthing, H. H. (2014). Vision for IT Audit 2020. Abstract from Nordic ISACA Conference 2014, Oslo, Norway.
Aalborg Universitet Vision for IT Audit 2020 Berthing, Hans Henrik Aabenhus Publication date: 2014 Document Version Early version, also known as pre-print Link to publication from Aalborg University Citation
More informationRoles & Grades Rate Cards and Applicable SFIA Skills
Roles & s Rate Cards and Applicable Consultant Day Rate Card Consultant Day Rate Lead 900.00 Senior 800.00 Junior 0.00 CLAS Consultant and Competencies Lead CLAS Consultant Lead CLAS Consultant IT Governance
More informationPwC Luxembourg. Models for the governance of your investments with Portfolio Management September 2009
PwC Luxembourg Models for the governance of your investments with Portfolio Management Agenda Welcome The Portfolio Management Concept Portfolio Management in PMI Portfolio Management in Val IT Portfolio
More informationStepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM
Stepping Through the Info Security Program Jennifer Bayuk, CISA, CISM Infosec Program How to: compose an InfoSec Program cement a relationship between InfoSec program and IT Governance design roles and
More informationEnsuring Governance in an Agile World
Ensuring Governance in an Agile World Sean Scranton, CISA, CISM, CRISC Thad King, PMP Agenda Background of RLI Insurance Company What is Agile? Where We Were Governance, Security, and Compliance Issues
More informationESKITP714401 Implement procedures and standards relating to metrics for IT service delivery
Overview This sub-discipline covers the competencies required to perform performance metrics. Monitoring service level performance is a complex task requiring collection of data, detailed analysis, and
More informationCOBIT 5 Implementation Certifi cate. Training Course & Exam
COBIT 5 Implementation Certifi cate Training Course & Exam Introduction The COBIT 5 Implementation Certifi cate is a Practitioner Level Training Course that focuses on how to apply COBIT 5 (The Framework
More informationIntroduction: ITIL Version 3 and the ITIL Process Map V3
Introduction: ITIL Version 3 and the ITIL Process Map V3 IT Process Maps www.it-processmaps.com IT Process Know-How out of a Box IT Process Maps GbR, 2009-2 - Contents HISTORY OF ITIL... 4 The Beginnings...
More informationINFORMATION SECURITY & GOVERNANCE SYSTEMS AND IT INFRASTRUCTURE INFOSEC & TECHNOLOGY TRAINING. forebrook
INFORMATION SECURITY & GOVERNANCE SYSTEMS AND IT INFRASTRUCTURE INFOSEC & TECHNOLOGY TRAINING forebrook Forebrook offers a range of information security, governance, IT systems and infrastructure related
More information