COBIT 5 For Cyber Security Governance and Management. Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE)

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "COBIT 5 For Cyber Security Governance and Management. Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE)"

Transcription

1 COBIT 5 For Cyber Security Governance and Management Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE)

2 Cybersecurity Governance using COBIT5 Cyber Defence Summit Riyadh, KSA March 1 2,

3 Agenda I. The Need for Governance II. Introduction to COBIT III. The COBIT5 Principles IV. The COBIT5 Enablers V. Applying COBIT5 to Cybersecurity Governance 1

4 Section I THE NEED FOR GOVERNANCE 2

5 GRC Governance, risk management and compliance An increasingly used umbrella term that covers these three areas of enterprise activities These areas of activity are progressively being more aligned and integrated to improve enterprise performance and delivery of stakeholder needs. 3

6 GRC Definitions Governance Exercise of authority; control; government; arrangement. Risk (management ) Hazard; danger; peril; exposure to loss, injury, or destruction (The act or art of managing; the manner of treating, directing, carrying on, or using, for a purpose; conduct; administration; guidance; control) Compliance The act of complying; a yielding; as to a desire, demand, or proposal; concession; submission Webster s Online Dictionary 4

7 Types of Governance Different types of governance exist: Corporate governance Project governance Information technology governance Environmental governance Economic and financial governance Each type has one or more sources of guidance, each with similar goals but often varying terms and techniques for their achievement. 5

8 Role of IT as a Strategic Partner Role of ICT within organizations could significantly differ based on the strategic direction of the business, ICT and their alignment. Do organisations need IT Governance? Technology is an integral component of every organizational strategy. It is the right use of ICT through Strategy and Plan that differentiates successful organizations Value IT in DIFFERENTIATOR role Service Proactive IT in ENABLER role Reactive Fire Fighting IT in SUPPORT role 6

9 Implementing Governance The integration of the implementation of the GRC activities within an enterprise requires a systemic approach for reliably achieving the business goals of its stakeholders. Such approaches are typically based on enablers of various types (e.g., principles, policies, models, frameworks, organisational structures). 7

10 A GRC Model Example From the OCEG Red Book GRC Capability Model version 2.1 8

11 ISACA and COBIT ISACA actively promotes research that results in the development of products both relevant and useful to IT governance, risk, control, assurance and security professionals. ISACA developed and maintains the internationally recognised COBIT framework, helping IT professionals and enterprise leaders fulfil their IT governance responsibilities while delivering value to the business. 9

12 Section II INTRODUCTION TO COBIT5 10

13 Why Develop COBIT 5? COBIT 5: ISACA Board of Directors directive: Tie together and reinforce all ISACA knowledge assets with COBIT. Provide a renewed and authoritative governance and management framework for enterprise information and related technology Integrate all other major ISACA frameworks and guidance Align with other major frameworks and standards 2012 ISACA. All Rights Reserved. 11

14 Evolution The Evolution of COBIT 5 Governance of Enterprise IT IT Governance Management Control BMIS (2010) Val IT 2.0 (2008) Audit Risk IT (2009) COBIT1 COBIT2 COBIT3 COBIT4.0/4.1 COBIT / ISACA. All Rights Reserved. 12

15 COBIT 5 Scope Not simply IT; not only for big business! COBIT 5 is about governing and managing information Whatever medium is used End to end throughout the enterprise Information is equally important to: Global, multinational business National and local government Charities and not for profit enterprises Small to medium enterprises and Clubs and associations 13

16 Business Needs Enterprises are under constant pressure to: Increase benefits realization through effective and innovative use of enterprise IT Generate business value from new enterprise investments with a supporting IT investment Achieve operational excellence through application of technology Maintain IT related risk at an acceptable level Contain cost of IT services and technology Ensure business and IT collaboration, leading to business user satisfaction with IT engagement and services Comply with ever increasing relevant laws, regulations and policies 2012 ISACA. All Rights Reserved. 14

17 COBIT 5... Defines the starting point of governance and management activities with the stakeholder needs related to enterprise IT Creates a more holistic, integrated and complete view of enterprise governance and management of IT that is consistent, provides an end-to-end view on all IT-related matters and provides a holistic view Creates a common language between IT and business for the enterprise governance and management of IT Is consistent with generally accepted corporate governance standards, and thus helps to meet regulatory requirements 2012 ISACA. All Rights Reserved. 15

18 The COBIT 5 Format Simplified COBIT 5 directly addresses the needs of the viewer from different perspectives Development continues with specific practitioner guides COBIT 5 is initially in 3 volumes: 1. The Framework Free Download 2. Process Reference Guide Free to Members 3. Implementation Guide - Free to Members COBIT 5 is based on: 5 principles and 7 enablers 16

19 COBIT 5 Product Family 2012 ISACA. All Rights Reserved. 17

20 COBIT ISACA All rights reserved 18

21 Section III THE COBIT5 PRINCIPLES 19

22 COBIT 5 Principles 2012 ISACA. All Rights Reserved. 20

23 Principle 1: Meeting Stakeholder Needs Enterprises exist to create value for their stakeholders Value creation: realizing benefits at an optimal resource cost while optimizing risk. 21

24 Principle 1: Meeting Stakeholder Needs Enterprises have many stakeholders Governance is about Negotiating Deciding amongst different stakeholders value interests Considering all stakeholders when making benefit, resource and risk assessment decisions For each decision, ask: For whom are the benefits? Who bears the risk? What resources are required? 2012 ISACA. All Rights Reserved. 22

25 Principle 1: Meeting Stakeholder Needs Stakeholder needs have to be transformed into an enterprises actionable strategy The COBIT 5 goals cascade translates stakeholder needs into specific, practical and customized goals 23

26 24

27 25

28 Principle 1: Meeting Stakeholder Needs The COBIT 5 goals cascade allows the definition of priorities for Implementation Improvement Assurance of enterprise governance of IT In practice, the goals cascade: Defines relevant and tangible goals and objectives at various levels of responsibility Filters the knowledge base of COBIT 5, based on enterprise goals to extract relevant guidance for inclusion in specific implementation, improvement or assurance projects Clearly identifies and communicates how enablers are used to achieve enterprise goals 26

29 Principle 2: Covering the Enterprise End to End COBIT 5 addresses the governance and management of information and related technology from an enterprise-wide, end-to-end perspective COBIT 5: Integrates governance of enterprise IT into enterprise governance Covers all functions and processes within the enterprise Does not focus only on the IT function 27

30 Principle 2: Covering the Enterprise End to End 28

31 Principle 2: Covering the Enterprise End to End Main elements of the governance approach: Governance Enablers comprising The organizational resources for governance The enterprise s resources A lack of resources or enablers may affect the ability of the enterprise to create value Governance Scope comprising The whole enterprise An entity, a tangible or intangible asset, etc. 29

32 Principle 3: Applying a Single Integrated Framework COBIT 5: Aligns with the latest relevant standards and frameworks Is complete in enterprise coverage Provides a basis to integrate effectively other frameworks, standards and practices used Integrates all knowledge previously dispersed over different ISACA frameworks Provides a simple architecture for structuring guidance materials and producing a consistent product set 30

33 Principle 3: Applying a Single Integrated Framework The COBIT 5 product family is the connection: COBIT 5: A Business Framework for the Governance and Management of Enterprise IT COBIT 5: Enabling Processes COBIT 5 Implementation Guide COBIT 5 for Information Security COBIT 5 for Assurance COBIT 5 for Risk COBIT 5 Enabling Information COBIT 5 Online A series of other products is planned for specific audiences or topics The perspective concept links the above to external sources for standards 31

34 Principle 3: Applying a Single Integrated Framework Enablers provide structure to the COBIT 5 knowledge base 2012 ISACA. All Rights Reserved. 32

35 Principle 3: Applying a Single Integrated Framework 33

36 Principle 3: Applying a Single Integrated Framework Drivers PERFORMANCE: Business Goals CONFORMANCE Basel II, Sarbanes- Oxley Act, etc. Enterprise Governance Balanced Scorecard COSO IT Governance COBIT Best Practice Standards ISO 9001:2000 ISO ISO Processes and Procedures QA Procedures Security Principles ITIL 34

37 Principle 4: Enabling a Holistic Approach COBIT 5 defines a set of enablers to support the implementation of a comprehensive governance and management system for enterprise IT. COBIT 5 enablers are: Factors that, individually and collectively, influence whether something will work Driven by the goals cascade Described by the COBIT 5 framework in seven categories 35

38 Principle 4: Enabling a Holistic Approach 2012 ISACA. All Rights Reserved. 36

39 Principle 5: Separating Governance from Management The COBIT 5 framework makes a clear distinction between governance and management Governance and management Encompass different types of activities Require different organizational structures Serve different purposes COBIT 5: Enabling Processes differentiates the activities associated with each 37

40 Principle 5: Separating Governance from Management 2012 ISACA. All Rights Reserved. 38

41 copyright All rights reserved. COBIT 5 Process Reference Model 2012 ISACA. All Rights Reserved. 39

42 The COBIT 5 Principles Summary COBIT 5 brings together the five principles that allow the enterprise to build an effective governance and management framework based on a holistic set of seven enablers that optimises information and technology investment and use for the benefit of stakeholders. 40

43 Section IV THE COBIT5 ENABLERS 41

44 Principle 4: Enabling a Holistic Approach 2012 ISACA. All Rights Reserved. 42

45 The Enabler Dimensions COBIT 5 enabler dimensions: All enablers have a set of common dimensions that: Provide a common, simple and structured way to deal with enablers Allow an entity to manage its complex interactions Facilitate successful outcomes of the enablers 43

46 Enabler 1 - Principles, Policies & Frameworks The purpose of this enabler is to convey the governing body s and management s direction and instructions. They are instruments to communicate the rules of the enterprise, in support of the governance objectives and enterprise values as defined by the board and executive management. Differences between principles and policies Principles need to be limited in number Put in simple language, expressing as clearly as possible the core values of the enterprise Policies are more detailed guidance on how to put principles into practice 44

47 Enabler 1 - Principles, Policies & Frameworks The characteristics of good policies; they should o Be effective achieve their purpose o Be efficient especially when implementing them o Non-intrusive Should make sense and be logical to those who have to comply with them. Policies should have a mechanism (framework) in place where they can be effectively managed and users know where to go. Specifically they should be: o Comprehensive, covering all required areas o Open and flexible allowing for easy adaptation and change. o Current and up to date The purpose of a policy life cycle is that it must support a policy framework in order to achieve defined goals. 45

48 Enabler 2 - Processes COBIT 5 Enablers: Processes complements COBIT 5 and contains a detailed reference guide to the processes that are defined in the COBIT 5 process reference model: The COBIT 5 goals cascade is recapitulated and complemented with a set of example metrics for the enterprise goals and the IT-related goals. The COBIT 5 process model is explained and its components defined. The Enabler process guide which is referenced in this module contains the detailed process information for all 37 COBIT 5 processes shown in the process reference model. 46

49 Enabler 2 - Processes COBIT 5: Enabling Processes The COBIT 5 process reference model subdivides the IT-related practices and activities of the enterprise into two main areas governance and management with management further divided into domains of processes: The GOVERNANCE domain contains five governance processes; within each process, evaluate, direct and monitor (EDM) practices are defined. The four MANAGEMENT domains are in line with the responsibility areas of plan, build, run and monitor (PBRM) 47

50 Enabler 2 Processes: PRM Structure Each process is divided into : o Process Description o Process Purpose statement o IT-related Goals (from the Goals cascade see example in the Appendix) o Each IT-related goal is associated with a set of generic related metrics o Process Goals (Also from the Goals cascade mechanism and is referred to as Enabler Goals. o Each Process Goal is associated or related with a set of generic metrics. o Each Process contains a set of Management Practices o These are associated with a generic RACI chart (Responsible, Accountable, Consulted, Informed) o Each management practices contains a set of inputs and outputs (called work products in module PC) o Each management Practice is associated with a set of activities 48

51 Enabler 2 Processes: Definitions A process is defined as a collection of practices influenced by the enterprises policies, and procedures that takes inputs from a number of sources (including other processes) manipulates the inputs and produces outputs (e.g. products and services) Process Practices are defined as the guidance necessary to achieve process goals. Process Activities are defined as the guidance to achieve management practices for successful governance and management of enterprise IT. Inputs and Outputs are the process work products/artefacts considered necessary to support operation of the process. 49

52 Enabler 3 - Organisational Structures Figure 33 - COBIT 5 Roles and Organisational Structures Board CEO CFO Role /Structure Chief Operating officer (COO) CRO CIO Chief Information security Officer (CISO) Business executive Business Process Owner Strategy Committee (IT Executive) Defeinition/Description The group of the most senior executives and/or non-executive directors of the enterprise who are accountable for the governance of the enterprise and have overall control of its resources The highest-ranking officer who is in charge of the total management of the enterprise The most senior official of the enterprise who is accountable for all aspects of financial management, including financial risk and controls and reliable and accurate accounts The most senior official of the enterprise who is accountable for the operation of the enterprise The most senior official of the enterprise who is accountable for all aspects of risk management across the enterprise. An IT risk officer function may be established to oversee IT-related risk. The most senior official of the enterprise who is responsible for aligning IT and business strategies and accountable for planning, resourcing and managing the delivery of IT services and solutions to support enterprise objectives The most senior official of the enterprise who is accountable for the security of enterprise information in all its forms A senior management individual accountable for the operation of a specific business unit or subsidiary An individual accountable for the performance of a process in realising its objectives, driving process improvement and approving process changes A group of senior executives appointed by the board to ensure that the board is involved in, and kept informed of, major IT-related matters and decisions. The committee is accountable for managing the portfolios of IT-enabled investments, IT services and IT assets, ensuring that value is delivered and risk is managed. The committee is normally chaired by a board member, not by the CIO. 50

53 Enabler 3 - Organisational Structures Figure 33 - COBIT 5 Roles and Organisational Structures Role /Structure Project and Programme Steering Committees Architecture Board Enterprise Risk Committee Head of HR Compliance Defeinition/Description A group of stakeholders and experts who are accountable for guidance of programmes and projects, including management and monitoring of plans, allocation of resources, delivery of benefits and value, and management of programme and project risk A group of stakeholders and experts who are accountable for guidance on enterprise architecture-related matters and decisions, and for setting architectural policies and standards The group of executives of the enterprise who are accountable for the enterprise-level collaboration and consensus required to support enterprise risk management (ERM) activities and decisions. An IT risk council may be established to consider IT risk in more detail and advise the enterprise risk committee. The most senior official of an enterprise who is accountable for planning and policies with respect to all human resources in that enterprise The function in the enterprise responsible for guidance on legal, regulatory and contractual compliance. Audit The function in the enterprise responsible for provision of internal audits Head of Architecture A senior individual accountable for the enterprise architecture process 51

54 Enabler 4 - Culture, Ethics and Behaviour Good practices for creating, encouraging and maintaining desired behaviour throughout the enterprise include: o Communication throughout the enterprise of desired behaviours and corporate values. (This can be done via a code of ethics) o Awareness of desired behaviour, strengthened by senior management example. This is one of the keys to a good governance environment when senior management and the executives walk the talk so to speak. It is sometimes a difficult area and one that causes many enterprises to fail because it leads to poor governance. (Typically this will be part of a training and awareness sessions based around a code of ethics) o Incentives to encourage and deterrents to enforce desired behaviour. There is a clear link to HR payment and reward schemes. o Rules and norms which provide more guidance and will typically be found in a Code of Ethics 52

55 Enabler 5 - Information Importance of the Information Quality categories and dimensions; o The concept of information criteria was introduced in COBIT 4.1; these were very important to be able show how to meet business requirements. Importance of Information Criteria o COBIT 4.1 introduced us to the concept of 7 Key Information criteria to meet Business requirements. This concept has been retained but translated differently 53

56 Enabler 5 - Information : Business Requirements From COBIT 4.1 To satisfy business objectives, information needs to conform to certain control criteria, which COBIT refers to as business requirements for information. Based on broader quality, fiduciary, and security requirements, seven distinct information criteria are defined. These are: Effectiveness Effectiveness Efficiency Confidentiality Integrity Availability Compliance Reliability Business Requirements Efficiency Confidentiality Integrity Availability Compliance Reliability IT Processes IT Resources 54

57 Enabler 6 - Services, Infrastructure and Applications The five architecture principles that govern the implementation and use of IT-Related resources o Reuse Common components of the architecture should be used when designing and implementing solutions as part of the target or transition architectures. o Buy vs. build Solutions should be purchased unless there is an approved rationale for developing them internally. o Simplicity The enterprise architecture should be designed and maintained to be simple as possible while still meeting enterprise requirements. o Agility The enterprise architecture should incorporate agility to meet changing business needs in an effective and efficient manner. o Openness - The enterprise architecture should leverage open industry standards. 55

58 Enabler 6 - Services, Infrastructure and Applications Relationship To other Enablers o Information is a service capability that is leveraged through processes to deliver internal and external services. o Cultural and behavioural aspects relevant when a service-oriented culture needs to be built o Process inputs and outputs Most of the inputs and outputs (work products) of the process management practices and activities in the PRM include service capabilities. Consider other frameworks such as: o ITIL 3 o TOGAF ( ) which provides an integrated information infrastructure reference model. 56

59 Enabler 7 People, Skills and Competencies Identify the good practices of people, Skills and Competencies, specifically: o Described by different skill levels for different roles. o Defining skill requirements for each role o Mapping skill categories to COBIT 5 process domains (APO; BAI etc.) o These correspond to the with IT-related activities undertaken, e.g. business analysis, information management etc. o Using external sources for good practices The Skills Framework for the information age (SFIA) 57

60 Enabler 7 People, Skills and Competencies 58

61 Section IV APPLYING COBIT5 TO CYBERSECURITY GOVERNANCE 59

62 COBIT5 Principles The COBIT 5 framework and its components as applied to cybersecurity cover governance, management and assurance. To ensure appropriate and comprehensive governance, the five basic principles within COBIT 5 should be used as a starting point. 60

63 Principle 3: Applying a Single Integrated Framework To create a single integrated framework for governing (and managing) cybersecurity, other governance provisions from within the enterprise need to be taken on board: Cybersecurity, as defined in ISO Information technology Security techniques Guidelines for cybersecurity Information security, e.g., ISO or National Institute of Standards and Technology (NIST) SP SANS Critical Controls (Top 20) Enterprise governance of IT, as defined through COBIT 5 or other frameworks Risk management frameworks and practices influencing cybersecurity Business continuity, service continuity and emergency/crisis handling provisions at the governance level, e.g., ISO 22301, ISO Organizational (corporate) governance provisions influencing cybersecurity directly or indirectly 61

64 Cybersecurity Management To efficiently manage all aspects of security, it is useful to structure it in line with COBIT. COBIT 5 defines a number of enablers, which are used to build holistic security management that addresses cybersecurity in the widest sense and is seamlessly connected to other GRC practices throughout the enterprise. 62

65 Enabler 1 Principles, Policies & Frameworks In cybersecurity, principles, policies and frameworks form an important foundation for specifying measures and activities within the enterprise and in relationships with business partners, customers and other third parties. This enabler further sets out the documentation requirements for cybersecurity, including actual attacks and breaches. 63

66 64

67 Enabler 1 - Principles, Policies & Frameworks The purpose of a cybersecurity policy is to clearly and unambiguously express the goals and objectives as well as the boundaries for security management and security solutions. The policy also serves to define the role and scope of cybersecurity within general information security. It should further address the appropriate organizational alignment, and specific roles and responsibilities in conjunction with cybersecurity. 65

68 66

69 Enabler 2 - Processes In managing cybersecurity, both management and monitoring processes need to be in place to achieve and maintain an adequate level of security. 67

70 68

71 69

72 Enabler 3 - Organization Structures 70

73 Example: ISM Profile 71

74 Enabler 4 - Culture, Ethics, and Behaviour The Culture, Ethics and Behaviour enabler in COBIT 5 defines a set of model behaviors and cultural values that need to be applied to cybersecurity management. 72

75 73

76 Enabler 5 - Information The central asset to be protected from cybercrime and cyberwarfare is enterprise information itself, including PII and other privileged information assets. Most of these information assets will have an intrinsic value as well as a business value attributed to them: Credit card data Intrinsic value as privileged information (e.g., entrusted by the customer), business value for payments, generally high attractiveness for cybercrime Personal login and password profiles Intrinsic value as PII, business value through access to sensitive data, very high attractiveness for cybercrime and cyberwarfare 74

77 Enabler 5 - Information 75

78 Enabler 6 - Services, Infrastructure and Applications The Services, Infrastructure and Applications enabler identifies service capabilities, attributes and goals for information security management, as described in COBIT 5 for Information Security: Security architecture Security awareness Secure development Security assessments Adequately secured and configured systems User access and access rights in line with business requirements Adequate protection against malware, external attacks and intrusion attempts Adequate incident response Security testing Monitoring and alert services for security-related events 76

79 Enabler 7 - People, Skills and Competencies 77

80 Sample Training Structure Program 78

81 QUESTIONS Thanks for joining us 79

COBIT 5 Introduction. 28 February 2012

COBIT 5 Introduction. 28 February 2012 COBIT 5 Introduction 28 February 2012 COBIT 5 Executive Summary 2012 ISACA. All rights reserved. 2 Information! Information is a key resource for all enterprises. Information is created, used, retained,

More information

COBIT 5: A New Governance Framework for Managing & Auditing the Technology Environment CS 6-7: Tuesday, July 7 3:30-4:30

COBIT 5: A New Governance Framework for Managing & Auditing the Technology Environment CS 6-7: Tuesday, July 7 3:30-4:30 COBIT 5: A New Governance Framework for Managing & Auditing the Technology Environment CS 6-7: Tuesday, July 7 3:30-4:30 Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.net

More information

CLOUD SECURITY THROUGH COBIT, ISO 27001 ISMS CONTROLS, ASSURANCE AND COMPLIANCE

CLOUD SECURITY THROUGH COBIT, ISO 27001 ISMS CONTROLS, ASSURANCE AND COMPLIANCE CLOUD SECURITY THROUGH COBIT, ISO 27001 ISMS CONTROLS, ASSURANCE AND COMPLIANCE Indranil Mukherjee Singapore ISC Pte Ltd Session ID: CLD T02 Session Classification: Intermediate Cloud Computing from a

More information

Chayuth Singtongthumrongkul

Chayuth Singtongthumrongkul IT is complicated. IT Governance doesn t have to be. Chayuth Singtongthumrongkul CISSP, CISA, ITIL Intermediate, PMP, IRCA ISMS (ISO/IEC 27001) Director of International Academic Alliance, ACIS Professional

More information

Revised October 2013

Revised October 2013 Revised October 2013 Version 3.0 (Live) Page 0 Owner: Chief Examiner CONTENTS: 1. Introduction..2 2. Foundation Certificate 2 2.1 The Purpose of the COBIT 5 Foundation Certificate.2 2.2 The Target Audience

More information

Roles, Activities and Relationships

Roles, Activities and Relationships and in COBIT 5 Objective: Value Creation Benefits Realisation Risk Resource Enablers Scope Roles, Activities and Relationships Source: COBIT 5, figure 8 Key Roles, Activities and Relationships Roles, Activities

More information

for Information Security

for Information Security for Information Security The following pages provide a preview of the information contained in COBIT 5 for Information Security. The publication provides guidance to help IT and Security professionals

More information

COBIT 5 ISACA s new framework for IT Governance, Risk, Security and Auditing. An overview

COBIT 5 ISACA s new framework for IT Governance, Risk, Security and Auditing. An overview COBIT 5 IACA s new framework for IT Governance, Risk, ecurity and Auditing An overview M. Garsoux COBIT 5 Licensed Training rovider Introduction rinciples rocesses Implementation upporting roducts Questions

More information

IT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE

IT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE 1 IT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE ANSWERS AND PRACTICAL TIPS FROM THE IT GOVERNANCE AUDIT PROFESSIONALS JOHAN LIDROS, PRESIDENT EMINERE GROUP KATE MULLIN, CISO, HEALTH

More information

Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT Maat Consulting Reading, UK www.maatconsulting.com

Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT Maat Consulting Reading, UK www.maatconsulting.com COBIT 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT Maat Consulting Reading, UK www.maatconsulting.com 1 Copyright Notice COBIT is 1996, 1998, 2000, 2005 2012 ISACA and IT Governance Institute.

More information

Presented by. Denis Darveau CISM, CISA, CRISC, CISSP

Presented by. Denis Darveau CISM, CISA, CRISC, CISSP Presented by Denis Darveau CISM, CISA, CRISC, CISSP Las Vegas ISACA Chapter, February 19, 2013 2 COBIT Definition Control Objectives for Information and Related Technology (COBIT) is an IT governance framework

More information

COBIT 5 for Risk. CS 3-7: Monday, July 6 4:00-5:00. Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.

COBIT 5 for Risk. CS 3-7: Monday, July 6 4:00-5:00. Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell. COBIT 5 for Risk CS 3-7: Monday, July 6 4:00-5:00 Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.net Disclaimer of Use and Association Note: It is understood that

More information

COBIT 5 Foundation Workshop. COBIT is a trademark of the Information Systems Audit and Control Association and the IT Governance Institute

COBIT 5 Foundation Workshop. COBIT is a trademark of the Information Systems Audit and Control Association and the IT Governance Institute COBIT 5 Foundation Workshop COBIT is a trademark of the Information Systems Audit and Control Association and the IT Governance Institute COBIT 5: A Business Framework for the Governance and Management

More information

INFORMATION TECHNOLOGY FLASH REPORT

INFORMATION TECHNOLOGY FLASH REPORT INFORMATION TECHNOLOGY FLASH REPORT ISACA Releases COBIT 5: Updated Framework for the Governance and Management of IT May 18, 2012 In April, ISACA released COBIT 5 as a replacement for its current globally

More information

2009 Solvay Brussels School and IT Governance institute

2009 Solvay Brussels School and IT Governance institute IT Governance Masterclass Georges Ataya CISA, CGEIT, CISA, CISSP, MSCS, PBA International VP, IT Governance Institute Professor, Solvay Business School Managing Partner, ICT Control NV 1 Georges Ataya

More information

Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices. April 10, 2013

Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices. April 10, 2013 Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices April 10, 2013 Today's Agenda: Key Topics Defining IT Governance IT Governance Elements & Responsibilities

More information

Risk IT A set of guiding principles and. the first framework to help enterprises identify, govern and effectively manage IT risk.

Risk IT A set of guiding principles and. the first framework to help enterprises identify, govern and effectively manage IT risk. Risk IT A set of guiding principles and the first framework to help enterprises identify, govern and effectively manage IT risk. In business today, risk plays a critical role. Almost every business decision

More information

COBIT 4.1 TABLE OF CONTENTS

COBIT 4.1 TABLE OF CONTENTS COBIT 4.1 TABLE OF CONTENTS Executive Overview....................................................................... 5 COBIT Framework.........................................................................

More information

Practical Cobit Implemetation Approaches: Implementing Cobit 5 In A Week

Practical Cobit Implemetation Approaches: Implementing Cobit 5 In A Week Practical Cobit Implemetation Approaches: Implementing Cobit 5 In A Week Kaya Kazmirci CISA, CISM, CISSP, Cobit 5 Foundations Kazmirci Associates kaya@kayakazmirci.com +90 532 487 7756 Kaya Kazmirci Founder

More information

Understanding COBIT 5. based on ISACA Materials www.isaca.org/cobit. Prepared by: Deb Mallette, CGEIT, CISA, CSSBB, IMG BSMS EPDM, Process Consultant

Understanding COBIT 5. based on ISACA Materials www.isaca.org/cobit. Prepared by: Deb Mallette, CGEIT, CISA, CSSBB, IMG BSMS EPDM, Process Consultant Prepared by: Deb Mallette, CGEIT, CISA, CSSBB, IMG BSMS EPDM, Process Consultant Understanding COBIT 5 based on ISACA Materials www.isaca.org/cobit ISACA Silicon Valley Chapter Spring 1 Why COBIT is important

More information

WEST COAST DISTRICT MUNICIPALITY IT GOVERNANCE FRAMEWORK IT CHARTER

WEST COAST DISTRICT MUNICIPALITY IT GOVERNANCE FRAMEWORK IT CHARTER WEST COAST DISTRICT MUNICIPALITY IT GOVERNANCE FRAMEWORK IT CHARTER MAY 2012 INDEX 1 Introduction... 1 2 Contextual background... 3 2.1 The CobiT 5 framework (2012)... 4 2.2 The ISO 27000 series (2005,

More information

Moving Forward with IT Governance and COBIT

Moving Forward with IT Governance and COBIT Moving Forward with IT Governance and COBIT Los Angeles ISACA COBIT User Group Tuesday 27, March 2007 IT GRC Questions from the CIO Today s discussion focuses on the typical challenges facing the CIO around

More information

Domain 5 Information Security Governance and Risk Management

Domain 5 Information Security Governance and Risk Management Domain 5 Information Security Governance and Risk Management Security Frameworks CobiT (Control Objectives for Information and related Technology), developed by Information Systems Audit and Control Association

More information

S11 - Implementing IT Governance An Introduction Debra Mallette

S11 - Implementing IT Governance An Introduction Debra Mallette S11 - Implementing IT Governance An Introduction Debra Mallette S11 - Introduction to IT Governance Implementation using COBIT and Val IT Speaker: Debra Mallette, CGEIT, CISA, CSSBB Session Objectives

More information

Applying Integrated Risk Management Scenarios for Improving Enterprise Governance

Applying Integrated Risk Management Scenarios for Improving Enterprise Governance Applying Integrated Risk Management Scenarios for Improving Enterprise Governance János Ivanyos Trusted Business Partners Ltd, Budapest, Hungary, ivanyos@trusted.hu Abstract: The term of scenario is used

More information

Strategy, COBIT and Vision: HOW DO THEY RELATE? Ken Vander Wal, CISA, CPA, Past President, ISACA vandeke@gmail.com 11.16.2013

Strategy, COBIT and Vision: HOW DO THEY RELATE? Ken Vander Wal, CISA, CPA, Past President, ISACA vandeke@gmail.com 11.16.2013 Strategy, COBIT and Vision: HOW DO THEY RELATE? Ken Vander Wal, CISA, CPA, Past President, ISACA vandeke@gmail.com 11.16.2013 AGENDA IT s Changing Landscape ISACA s Response Vision and Mission COBIT 5

More information

IT Compliance 24.09.2007. After Hours Seminar September 2007 Zurich. Improving IT Risk & Compliance Management (RCM)

IT Compliance 24.09.2007. After Hours Seminar September 2007 Zurich. Improving IT Risk & Compliance Management (RCM) IT Compliance 24.09. AHS After Hours Seminar Zurich Improving IT Risk & Compliance Management (RCM) Bruno J. Wiederkehr Member of the Board ISACA Switzerland Chapter Agenda 1. Understanding the RCM Requirements

More information

IT Governance Charter

IT Governance Charter Version : 1.01 Date : 16 September 2009 IT Governance Network South Africa USA UK Switzerland www.itgovernance.co.za info@itgovernance.co.za 0825588732 IT Governance Network, Copyright 2009 Page 1 1 Terms

More information

This article describes how these seven enablers have contributed towards better information security management at HDFC Bank.

This article describes how these seven enablers have contributed towards better information security management at HDFC Bank. Information Security Management at HDFC Bank: Contribution of Seven Enablers By Vishal Salvi, CISM, and Avinash W. Kadam, CISA, CISM, CGEIT, CRISC, CBCP, CISSP, CSSLP HDFC Bank was incorporated in August

More information

2.1 MBI Framework 2.2 ITIL 2.3 COBIT

2.1 MBI Framework 2.2 ITIL 2.3 COBIT Extending MBI Model using ITIL and COBIT Processes DOI: 10.20470/jsi.v6i4.244 Sona Karkoskova 1, George Feuerlicht 1,2 1 Faculty of Informatics and Statistics University of Economics, Prague 2 Unicorn

More information

IT Governance. What is it and how to audit it. 21 April 2009

IT Governance. What is it and how to audit it. 21 April 2009 What is it and how to audit it 21 April 2009 Agenda Can you define What are the key objectives of How should be structured Roles and responsibilities Key challenges and barriers Auditing Scope Test procedures

More information

COBIT Helps Organizations Meet Performance and Compliance Requirements

COBIT Helps Organizations Meet Performance and Compliance Requirements DISCUSS THIS ARTICLE COBIT Helps Organizations Meet Performance and Compliance Requirements By Sreechith Radhakrishnan, COBIT Certified Assessor, ISO/IEC 20000 LA, ISO/IEC 27001 LA, ISO22301 LA, ITIL Expert,

More information

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA Volume 3, July 2014 Come join the discussion! Alberto León Lozano will respond to questions in the discussion area of the COBIT 5 Use It Effectively topic beginning 21 July 2014. Mapping COBIT 5 with IT

More information

Stepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM

Stepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM Stepping Through the Info Security Program Jennifer Bayuk, CISA, CISM Infosec Program How to: compose an InfoSec Program cement a relationship between InfoSec program and IT Governance design roles and

More information

Principles for An. Effective Risk Appetite Framework

Principles for An. Effective Risk Appetite Framework Principles for An Effective Risk Appetite Framework 18 November 2013 Table of Contents Page I. Introduction... 1 II. Key definitions... 2 III. Principles... 3 1. Risk appetite framework... 3 1.1 An effective

More information

Chief Information Security Officer

Chief Information Security Officer Principles Vision Purpose Statement Chief Information Security Officer healthalliance Purpose, Vision and Principles healthalliance provides shared services to benefit NZ health organisations. We will

More information

Increasing IT Value and Reducing Risk. More for Less with COBIT5. IT Governance and Strategy

Increasing IT Value and Reducing Risk. More for Less with COBIT5. IT Governance and Strategy Increasing IT Value and Reducing Risk More for Less with COBIT5 Copyright 2012 ITpreneurs. All rights reserved. 1 COBIT 5 the Next Evolution 2 COBIT 5 Released in April 2012 COBIT5 is the eagerly awaited

More information

Enabling Information PREVIEW VERSION

Enabling Information PREVIEW VERSION Enabling Information These following pages provide a preview of the information contained in COBIT 5: Enabling Information. The main benefit of this publication is that it provides COBIT 5 users with a

More information

IT Governance Regulatory. P.K.Patel AGM, MoF

IT Governance Regulatory. P.K.Patel AGM, MoF IT Governance Regulatory Perspective P.K.Patel AGM, MoF Agenda What is IT Governance? Aspects of IT Governance What banks should consider before implementing these aspects? What banks should do for implementation

More information

Domain 1 The Process of Auditing Information Systems

Domain 1 The Process of Auditing Information Systems Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge

More information

JOE MOROLONG LOCAL MUNICIPALITY IT GOVERNANCE FRAMEWORK

JOE MOROLONG LOCAL MUNICIPALITY IT GOVERNANCE FRAMEWORK JOE MOROLONG LOCAL MUNICIPALITY IT GOVERNANCE FRAMEWORK INDEX 1 Introduction... 2 Contextual background... 2.1 The CobiT 5 framework (2012)... 2.2 The ISO 27000 series (2005, 2011)... 2.3 The Risk IT

More information

Presentation on COBIT Education

Presentation on COBIT Education http://www.itpreneurs.com Presentation on COBIT Education Mastering COBIT with effective learning solutions Arjan Woertman ITpreneurs This COBIT product suite includes COBIT 4.0, which is used by permission

More information

Blending Corporate Governance with. Information Security

Blending Corporate Governance with. Information Security Blending Corporate Governance with Information Security WHAT IS CORPORATE GOVERNANCE? Governance has proved an issue since people began to organise themselves for a common purpose. How to ensure the power

More information

ITIL 2011 Lifecycle Roles and Responsibilities UXC Consulting

ITIL 2011 Lifecycle Roles and Responsibilities UXC Consulting ITIL 2011 Lifecycle Roles and Responsibilities UXC Consulting Date November 2011 Company UXC Consulting Version Version 1.5 Contact info@uxcconsulting.com.au http://www.uxcconsulting.com.au This summary

More information

ISSA Guidelines on Master Data Management in Social Security

ISSA Guidelines on Master Data Management in Social Security ISSA GUIDELINES ON INFORMATION AND COMMUNICATION TECHNOLOGY ISSA Guidelines on Master Data Management in Social Security Dr af t ve rsi on v1 Draft version v1 The ISSA Guidelines for Social Security Administration

More information

Compliance Policy AGL Energy Limited

Compliance Policy AGL Energy Limited Compliance Policy AGL Energy Limited November 2013 Table of Contents 1. About this Document... 3 2. Policy Statement... 4 3. Purpose... 4 4. AGL Compliance Context... 4 5. Scope... 5 6. Objectives... 5

More information

Executive's Guide to

Executive's Guide to Executive's Guide to IT Governance Improving Systems Processes with Service Management, COBIT, and ITIL ROBERT R. MOELLER WILEY John Wiley & Sons, Inc. Contents Preface xiii PART I: IT GOVERNANCE CONCEPTS

More information

ITIL Service Lifecycle Design

ITIL Service Lifecycle Design ITIL Service Lifecycle Design Course Details Course Code: Duration: Notes: ITILSL-Des 5 days This course syllabus should be used to determine whether the course is appropriate for the students, based on

More information

The Value of Vulnerability Management*

The Value of Vulnerability Management* The Value of Vulnerability Management* *ISACA/IIA Dallas Presented by: Robert Buchheit, Director Advisory Practice, Dallas Ricky Allen, Manager Advisory Practice, Houston *connectedthinking PwC Agenda

More information

White Paper. COBIT 5 & BiSL

White Paper. COBIT 5 & BiSL White Paper COBIT 5 & BiSL This paper compares the scope and perspective of COBIT 5 and BiSL and shows how these two frameworks can be used in conjunction to assure that business information management

More information

Trends in Information Technology (IT) Auditing

Trends in Information Technology (IT) Auditing Trends in Information Technology (IT) Auditing Padma Kumar Audit Officer May 21, 2015 Discussion Topics Common and Emerging IT Risks Trends in IT Auditing IT Audit Frameworks & Standards IT Audit Plan

More information

CA HalvesThe Cost Of Testing IT Controls For Sarbanes-Oxley Compliance With Unified Processes.

CA HalvesThe Cost Of Testing IT Controls For Sarbanes-Oxley Compliance With Unified Processes. TECHNOLOGY BRIEF: REDUCING COST AND COMPLEXITY WITH GLOBAL GOVERNANCE CONTROLS CA HalvesThe Cost Of Testing IT Controls For Sarbanes-Oxley Compliance With Unified Processes. Table of Contents Executive

More information

Principled Performance & GRC

Principled Performance & GRC part of GRC Fundamentals Principled Performance & GRC How principled performance is the new normal and the imperative for integrating governance, performance, risk, internal control and compliance management

More information

Principles of IT Governance

Principles of IT Governance Principles of IT Governance Governance of enterprise IT focuses on delivering services to support top line growth while moving operational savings to the bottom line. The management of IT services has

More information

IT Governance: framework and case study. 22 September 2010

IT Governance: framework and case study. 22 September 2010 IT Governance: framework and case study Presenter Yaowaluk Chadbunchachai Advisory Services Ernst & Young Corporate Services Limited Presentation topics ERM and IT governance IT governance framework IT

More information

Information Security Management Systems

Information Security Management Systems Information Security Management Systems Øivind Høiem CISA, CRISC, ISO27001 Lead Implementer Senior Advisor Information Security UNINETT, the Norwegian NREN About Øivind Senior Adviser at the HE sector

More information

3.6 - REPORT BY THE CHAIRMAN OF THE BOARD OF DIRECTORS ON CORPORATE GOVERNANCE, RISK MANAGEMENT AND INTERNAL CONTROLS

3.6 - REPORT BY THE CHAIRMAN OF THE BOARD OF DIRECTORS ON CORPORATE GOVERNANCE, RISK MANAGEMENT AND INTERNAL CONTROLS RISK FACTORS Report by the Chairman of the Board of Directors on corporate governance, risk management and internal controls Property damage and operating loss insurance Property damage/operating loss

More information

Vermont Enterprise Architecture Framework (VEAF) Identity & Access Management (IAM) Abridged Strategy Level 0

Vermont Enterprise Architecture Framework (VEAF) Identity & Access Management (IAM) Abridged Strategy Level 0 Vermont Enterprise Architecture Framework (VEAF) Identity & Access Management (IAM) Abridged Strategy Level 0 EA APPROVALS EA Approving Authority: Revision

More information

AUSTRALIAN GOVERNMENT INFORMATION MANAGEMENT OFFICE CYBER SECURITY CAPABILITY FRAMEWORK & MAPPING OF ISM ROLES

AUSTRALIAN GOVERNMENT INFORMATION MANAGEMENT OFFICE CYBER SECURITY CAPABILITY FRAMEWORK & MAPPING OF ISM ROLES AUSTRALIAN GOVERNMENT INFORMATION MANAGEMENT OFFICE CYBER SECURITY CAPABILITY FRAMEWORK & MAPPING OF ISM ROLES Final Report Prepared by Dr Janet Tweedie & Dr Julie West June 2010 Produced for AGIMO by

More information

Governance and Management of Information Security

Governance and Management of Information Security Governance and Management of Information Security Øivind Høiem, CISA CRISC Senior Advisor Information Security UNINETT, the Norwegian NREN About Øivind Senior Adviser at the HE sector secretary for information

More information

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES Ethical Leadership and Corporate Citizenship The board should provide effective leadership based on ethical foundation. that the company

More information

CONCEPTUAL MODEL OF IT GOVERNANCE FOR HIGHER EDUCATION BASED ON COBIT 5 FRAMEWORK

CONCEPTUAL MODEL OF IT GOVERNANCE FOR HIGHER EDUCATION BASED ON COBIT 5 FRAMEWORK CONCEPTUAL MODEL OF IT GOVERNANCE FOR HIGHER EDUCATION BASED ON COBIT 5 FRAMEWORK HERU NUGROHO Telkom University, Telkom Applied Science School, Department of Information Technology, Bandung E-mail: herunugroho@telkomuniversity.ac.id,

More information

C ETS C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CSCSS / ENTERPRISE TECHNOLOGY + SECURITY

C ETS C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CSCSS / ENTERPRISE TECHNOLOGY + SECURITY CSCSS / ENTERPRISE TECHNOLOGY + SECURITY C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CENTRE FOR STRATEGIC CSCSS CYBERSPACE + SECURITY SCIENCE CSCSS / ENTERPRISE TECHNOLOGY + SECURITY GROUP Information

More information

The Asset Management Landscape

The Asset Management Landscape The Asset Management Landscape ISBN 978-0-9871799-1-3 Issued November 2011 www.gfmam.org The Asset Management Landscape www.gfmam.org ISBN 978-0-9871799-1-3 Published November 2011 This version replaces

More information

COBIT & ITIL usage for SOX current and future

COBIT & ITIL usage for SOX current and future COBIT & ITIL usage for SOX current and future Robert E Stroud International Vice President ISACA Evangelist ITSM & IT Governance CA, Inc. Japan, November 8, 2007 Trademark Notice ITIL is a registered trademark

More information

Criticism of Implementation of ITSM & ISO20000 in IT Banking Industry. Presented by: Agus Sutiawan, MIT, CISA, CISM, ITIL, BSMR3

Criticism of Implementation of ITSM & ISO20000 in IT Banking Industry. Presented by: Agus Sutiawan, MIT, CISA, CISM, ITIL, BSMR3 Criticism of Implementation of ITSM & ISO20000 in IT Banking Industry Presented by: Agus Sutiawan, MIT, CISA, CISM, ITIL, BSMR3 Outline What is IT Service Management What is ISO 20000 Step by step implementation

More information

Security Controls What Works. Southside Virginia Community College: Security Awareness

Security Controls What Works. Southside Virginia Community College: Security Awareness Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction

More information

Guide to the Sarbanes-Oxley Act: IT Risks and Controls. Frequently Asked Questions

Guide to the Sarbanes-Oxley Act: IT Risks and Controls. Frequently Asked Questions Guide to the Sarbanes-Oxley Act: IT Risks and Controls Frequently Asked Questions Table of Contents Page No. Introduction.......................................................................1 Overall

More information

AMAHLATHI LOCAL MUNICIPALITY

AMAHLATHI LOCAL MUNICIPALITY AMAHLATHI LOCAL MUNICIPALITY IT GOVERNANCE FRAMEWORK APPROVED BY :... POSITION :... SIGNATURE :... DATE OF APPROVAL :... REVISION DATE :... 1 Table of Contents GLOSSARY OF TERMS AND DEFINITIONS... 3 1.

More information

ITIL AND COBIT EXPLAINED

ITIL AND COBIT EXPLAINED ITIL AND COBIT EXPLAINED 1 AGENDA Overview of Frameworks Similarities and Differences Details on COBIT Framework (based on version 4.1) Details on ITIL Framework, focused mainly on version.2. Comparison

More information

Developing National Frameworks & Engaging the Private Sector

Developing National Frameworks & Engaging the Private Sector www.pwc.com Developing National Frameworks & Engaging the Private Sector Focus on Information/Cyber Security Risk Management American Red Cross Disaster Preparedness Summit Chicago, IL September 19, 2012

More information

The Governance of Corporate Forensics using COBIT, NIST and Increased Automated Forensic Approaches

The Governance of Corporate Forensics using COBIT, NIST and Increased Automated Forensic Approaches The Governance of Corporate Forensics using COBIT, NIST and Increased Automated Forensic Approaches Henry Nnoli, Dale Lindskog, Pavol Zavarsky, Shaun Aghili, Ron Ruhl Information Systems Security Management

More information

COPYRIGHTED MATERIAL. Contents. Acknowledgments Introduction

COPYRIGHTED MATERIAL. Contents. Acknowledgments Introduction Contents Acknowledgments Introduction 1. Governance Overview How Do We Do It? What Do We 1 Get Out of It? 1.1 What Is It? 1 1.2 Back to Basics 2 1.3 Origins of Governance 3 1.4 Governance Definition 5

More information

A Business Framework for the Governance and Management of Enterprise IT

A Business Framework for the Governance and Management of Enterprise IT A Business Framework for the Governance and Management of Enterprise IT These following pages provide a preview of the information contained in COBIT 5. The COBIT 5 framework is available as a complimentary

More information

IT Risk Management Life Cycle and enabling it with GRC Technology. 21 March 2013

IT Risk Management Life Cycle and enabling it with GRC Technology. 21 March 2013 IT Risk Management Life Cycle and enabling it with GRC Technology 21 March 2013 Overview IT Risk management lifecycle What does technology enablement mean? Industry perspective Business drivers Trends

More information

Module 6 Essentials of Enterprise Architecture Tools

Module 6 Essentials of Enterprise Architecture Tools Process-Centric Service-Oriented Module 6 Essentials of Enterprise Architecture Tools Capability-Driven Understand the need and necessity for a EA Tool IASA Global - India Chapter Webinar by Vinu Jade

More information

Frameworks and related products that help professionals attain value from information systems.

Frameworks and related products that help professionals attain value from information systems. Frameworks and related products that help professionals attain value from information systems. Dear valued professional, In today s business landscape, executives must ensure that their IT is working as

More information

Auditors Need to Know June 13th, 2012. ISACA COBIT 5 for Assurance

Auditors Need to Know June 13th, 2012. ISACA COBIT 5 for Assurance COBIT 5 What s New, What Auditors Need to Know June 13th, 2012 Anthony Noble Viacom Inc. ISACA COBIT 5 for Assurance Task Force Chair Special thanks to Derek Oliver & ISACA for supplying material for this

More information

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility CYBER SECURITY AND RISK MANAGEMENT An Executive level responsibility Cyberspace poses risks as well as opportunities Cyber security risks are a constantly evolving threat to an organisation s ability to

More information

ICTEC. IT Services Issues 3.4.2008. HELSINKI UNIVERSITY OF TECHNOLOGY 2007 Kari Hiekkanen

ICTEC. IT Services Issues 3.4.2008. HELSINKI UNIVERSITY OF TECHNOLOGY 2007 Kari Hiekkanen ICTEC IT Services Issues 3.4.2008 IT Services? IT Services include (for example) Consulting, IT Strategy, IT Architecture, Process, Software Software development, deployment, maintenance, operation, Custom

More information

Enhancing IT Governance, Risk and Compliance Management (IT GRC)

Enhancing IT Governance, Risk and Compliance Management (IT GRC) Enhancing IT Governance, Risk and Compliance Management (IT GRC) Enabling Reliable eservices Tawfiq F. Alrushaid Saudi Aramco Agenda GRC Overview IT GRC Introduction IT Governance IT Risk Management IT

More information

ITIL Foundation in IT Service Management

ITIL Foundation in IT Service Management ITIL Foundation in IT Service Management Course Description: This course provides comprehensive first-level training for anyone involved in provision, support, and delivery of IT Services. The ITIL Framework

More information

Audit, Risk Management and Compliance Committee Charter

Audit, Risk Management and Compliance Committee Charter Audit, Risk Management and Compliance Committee Charter Woolworths Limited Adopted by the Board on 27 August 2013 page 1 1 Introduction This Charter sets out the responsibilities, structure and composition

More information

SABPP IT GOVERNANCE COMMITTEE TERMS OF REFERENCE

SABPP IT GOVERNANCE COMMITTEE TERMS OF REFERENCE SABPP IT GOVERNANCE COMMITTEE TERMS OF REFERENCE PREAMBLE The purpose of the IT Governance Committee is to ensure that IT is effectively governed at SABPP in accordance with the King III Code of Governance

More information

What is COBIT 5? Principle 1: Meeting Stakeholder Needs. Principle 2: Covering the Enterprise End-to-End

What is COBIT 5? Principle 1: Meeting Stakeholder Needs. Principle 2: Covering the Enterprise End-to-End The leading framework for the governance and management of enterprise IT What is COBIT 5? COBIT 5 is the only business framework for the governance and management of enterprise IT. ISACA s globally accepted

More information

Gobierno de TI Enfrentando al Reto. IT Governance Facing the Challenge. Everett C. Johnson, CPA International President ISACA and ITGI

Gobierno de TI Enfrentando al Reto. IT Governance Facing the Challenge. Everett C. Johnson, CPA International President ISACA and ITGI Gobierno de TI Enfrentando al Reto IT Facing the Challenge Everett C. Johnson, CPA International President ISACA and ITGI 1 Add titles Agenda Agenda IT governance keys IT governance focus areas: theory

More information

IT Charter and IT Governance Framework

IT Charter and IT Governance Framework IT Charter and IT Governance Framework Status: Custodian: Approved Director: Information Technology Date approved: 2013-12-04 Implementation date: 2013-12-05 Decision number: SAQA 02102/13 Due for review:

More information

CIO, CISO and Practitioner Guidance IT Security Governance

CIO, CISO and Practitioner Guidance IT Security Governance June 2006 (Revision 1, August 2007) () 1 CIO, CISO and Practitioner Guidance Whatever your business, security and privacy are key matters that affect your enterprise and those dependent upon you. There

More information

IT Service Management. The Role of Service Request Management

IT Service Management. The Role of Service Request Management RL Consulting IT Service Management The Role of Service Request Management Prepared by: Rick Leopoldi June 1, 2007 Copyright 2001-2007. All rights reserved. Duplication of this document or extraction of

More information

Company size matters: Perspectives on IT Governance

Company size matters: Perspectives on IT Governance www.pwc.com/ca/technology-consulting Company size matters: Perspectives on IT Governance versus large Canadian organizations and IT Governance PwC conducted research for the 4th edition of the IT Governance

More information

BADM 590 IT Governance, Information Trust, and Risk Management

BADM 590 IT Governance, Information Trust, and Risk Management BADM 590 IT Governance, Information Trust, and Risk Management Information Technology Infrastructure Library (ITIL) Spring 2007 By Po-Kun (Dennis), Tseng Abstract: This report is focusing on ITIL framework,

More information

ENTERPRISE RISK MANAGEMENT FRAMEWORK

ENTERPRISE RISK MANAGEMENT FRAMEWORK ENTERPRISE RISK MANAGEMENT FRAMEWORK COVENANT HEALTH LEGAL & RISK MANAGEMENT CONTENTS 1.0 PURPOSE OF THE DOCUMENT... 3 2.0 INTRODUCTION AND OVERVIEW... 4 3.0 GOVERNANCE STRUCTURE AND ACCOUNTABILITY...

More information

ITIL : the basics. Valerie Arraj, Compliance Process Partners LLC. White Paper July 2013

ITIL : the basics. Valerie Arraj, Compliance Process Partners LLC. White Paper July 2013 ITIL : the basics Valerie Arraj, Compliance Process Partners LLC White Paper July 2013 2 ITIL : the basics Contents 1 What is ITIL and what are its origins? 3 2 The service lifecycle 3 3 Why would an organization

More information

Citation for published version (APA): Berthing, H. H. (2014). Vision for IT Audit 2020. Abstract from Nordic ISACA Conference 2014, Oslo, Norway.

Citation for published version (APA): Berthing, H. H. (2014). Vision for IT Audit 2020. Abstract from Nordic ISACA Conference 2014, Oslo, Norway. Aalborg Universitet Vision for IT Audit 2020 Berthing, Hans Henrik Aabenhus Publication date: 2014 Document Version Early version, also known as pre-print Link to publication from Aalborg University Citation

More information

ASSESSMENT OF THE IT GOVERNANCE PERCEPTION WITHIN THE ROMANIAN BUSINESS ENVIRONMENT

ASSESSMENT OF THE IT GOVERNANCE PERCEPTION WITHIN THE ROMANIAN BUSINESS ENVIRONMENT Accounting and Management Information Systems Vol. 11, No. 1, pp. 44 55, 2012 ASSESSMENT OF THE IT GOVERNANCE PERCEPTION WITHIN THE ROMANIAN BUSINESS ENVIRONMENT Pavel NĂSTASE 1 and Simona Felicia UNCHIAŞU

More information

Measuring IT Governance Maturity Evidences from using regulation framework in the Republic Croatia

Measuring IT Governance Maturity Evidences from using regulation framework in the Republic Croatia Measuring IT Governance Maturity Evidences from using regulation framework in the Republic Croatia MARIO SPREMIĆ, Ph.D., CGEIT, Full Professor Faculty of Economics and Business Zagreb, University of Zagreb

More information

HITRUST CSF Assurance Program

HITRUST CSF Assurance Program HITRUST CSF Assurance Program Simplifying the information protection of healthcare data 1 May 2015 2015 HITRUST LLC, Frisco, TX. All Rights Reserved Table of Contents Background CSF Assurance Program Overview

More information

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available

More information

Guideline. Records Management Strategy. Public Record Office Victoria PROS 10/10 Strategic Management. Version Number: 1.0. Issue Date: 19/07/2010

Guideline. Records Management Strategy. Public Record Office Victoria PROS 10/10 Strategic Management. Version Number: 1.0. Issue Date: 19/07/2010 Public Record Office Victoria PROS 10/10 Strategic Management Guideline 5 Records Management Strategy Version Number: 1.0 Issue Date: 19/07/2010 Expiry Date: 19/07/2015 State of Victoria 2010 Version 1.0

More information

IT Governance Implementation Workshop

IT Governance Implementation Workshop IT Governance Implementation Workshop 3 Full day power packed workshop facilitated by Mr. Gary Allan Banister and Mr. Sreechith Radhakrishnan About the Programme Information is created, used, retained,

More information