Phil Marshall Black Duck Software ISACA Webinar Program ISACA. All rights reserved.
|
|
- Jewel Stone
- 8 years ago
- Views:
Transcription
1 Open Source Component Governance and Management Using COBIT Phil Marshall Black Duck Software 2012 ISACA Webinar Program ISACA. All rights reserved.
2 Welcome Type in questions using the Ask A Question button All audio is streamed over your computer Having technical issues? Click the? button Download the slide deck from the Event Home Page After viewing the webinar, ISACA Members may earn 1 CPE credit. To earn 1 CPE, click the CPE Quiz link on the Event Home Page. Once you pass the quiz, you will receive a printable CPE Certificate. t Question or suggestion? them to elearning@isaca.org 2012 ISACA Webinar Program ISACA. All rights reserved. 2
3 About Black Duck Software OSS Enablement for Multi-Source Development Enable organizations and developers to build better software faster by automating and managing their selection, use and governance of OSS Founded in Backed by industry leaders Recognized as a market leader & innovator Cool Vendor 2010 Nifty 150 Application Development Cloud Computing Innovation Award ISACA Webinar Program ISACA. All rights reserved. 3
4 Who For? 1,100 Customers in 24 Countries 2012 ISACA Webinar Program ISACA. All rights reserved. 4
5 Black Duck Approach PILOT QUALITATIVE QUANTIFIED BUSINESS CASE 2012 ISACA Webinar Program ISACA. All rights reserved. 5
6 Technology & Service at Enterprise Scale FOSS Maturity Governance Strategy Policy Remediation Search & Select Approve Catalog Audit Monitor 2012 ISACA Webinar Program ISACA. All rights reserved. 6
7 Today s Agenda Open Source Component use is Proliferating Benefits and Challenges Unique to OSS use? Best in Class Strategic Use of OSS Does it makes sense to apply the COBIT Framework 2012 ISACA Webinar Program ISACA. All rights reserved. 7
8 Open Source Component Use is Proliferating! 2012 ISACA Webinar Program ISACA. All rights reserved.
9 Example: Large Commercial UK Bank Trading Application Delivered a new trading app but only had to do 28% of the work! 2012 ISACA Webinar Program ISACA. All rights reserved. 9
10 OSS Governance in Job Descriptions? Open source is ubiquitous, awareness of the need for management and governance is growing in EIT Gartner 2011: In % of Global 2000 enterprises include OSS in mission-critical software portfolios (going to 99% by 2016) Increasing numbers of IT organizations depend on use of open-source software (OSS), while only a minority have established, open-source governance policies in place By 2014, 50% of Global 2000 organizations will experience technology, cost and security challenges through lack of open-source governance OSS IS NOW IN THE JOB DESCRIPTION 2012 ISACA Webinar Program ISACA. All rights reserved. 10
11 Why OSS? Open source is ubiquitous, it s unavoidable.having a policy against open source is impractical and places you at a competitive disadvantage ISACA Webinar Program ISACA. All rights reserved. 11
12 Why OSS? Competitive advantage Open source is ubiquitous, it s unavoidable.having a policy against open source is impractical and places you at a competitive disadvantage ISACA Webinar Program ISACA. All rights reserved. 12
13 Why OSS? Competitive advantage Open source is ubiquitous, it s unavoidable.having a policy against open source is impractical and places you at a competitive disadvantage. Flexibility 2012 ISACA Webinar Program ISACA. All rights reserved. 13
14 Why OSS? Competitive advantage Open source is ubiquitous, it s unavoidable.having a policy against open source is impractical and places you at a competitive disadvantage. Flexibility Faster 2012 ISACA Webinar Program ISACA. All rights reserved. 14
15 Why OSS? Competitive advantage Open source is ubiquitous, it s unavoidable.having a policy against open source is impractical and places you at a competitive disadvantage. Flexibility Cheaper Faster 2012 ISACA Webinar Program ISACA. All rights reserved. 15
16 Why OSS? Competitive advantage Innovation Open source is ubiquitous, it s unavoidable.having a policy against open source is impractical and places you at a competitive disadvantage. Flexibility Cheaper Faster 2012 ISACA Webinar Program ISACA. All rights reserved. 16
17 Why OSS? Competitive advantage Innovation Open source is ubiquitous, it s unavoidable.having a policy against open source is impractical and places you at a competitive disadvantage. Flexibility Cheaper Faster 2012 ISACA Webinar Program ISACA. All rights reserved. 17
18 Faster, Better, Cheaper Cost Schedule Features Open source is a silver bullet that allows simultaneous improvement along all three dimensions of the software iron triangle of cost, schedule, features. Jeffrey Hammond - August ISACA Webinar Program ISACA. All rights reserved. 18
19 Benefits and Challenges Unique to OSS use? 2012 ISACA Webinar Program ISACA. All rights reserved.
20 Change, Risk and Opportunity "We make extensive use of open source [for trading systems], and I expect it will continue to be a very big part of what we do for the next few years," said Jeremy Lehman, the Chief Software Architect at Citigroup's Global Equities group. FOSS Analysis (Nov. 2011) Large growth in Bank consumption of open source technologies to enable rapid delivery of new services to market. 50% of companies will face challenges due to lack of OSS policy and management 2012 ISACA Webinar Program ISACA. All rights reserved. 20
21 Mixed OSS-Internal Code Risks Loss of Intellectual Property License Rights and Restrictions Export Regulations Software Defects Injunction? Security Vulnerabilities Contractual Obligations? Escalating Support Costs 2012 ISACA Webinar Program ISACA. All rights reserved. 21
22 Governance without Considering OSS Use? Risks Brand impact Security vulnerability Customer service Not including the use of open source software in a governance program represents a major business risk 29% Open Source Software IPR impact Legal infringement 2012 ISACA Webinar Program ISACA. All rights reserved. 22
23 What Development Executives Tell Us I have little/no visibility into the open source used in our projects I m accountable for all of this and I have little control Our open source compliance will slow down our development schedules It s difficult to support applications that contain open source code We need standardization our developers use multiple different versions of the same/similar component 2012 ISACA Webinar Program ISACA. All rights reserved. 23
24 Keys to OSS Management 2012 ISACA Webinar Program ISACA. All rights reserved. 24
25 What do we typically find? Conclusion: An Under-developed Governance program is hindering this client from realizing the value of Open Source. Operational and legal risk reduction require Managing level across all disciplines. To fully realize the value of OSS (beyond risk reduction) companies should strive to be at the Participating or Driving levels. Client is exposed in several areas and only partially developed in others. Supply Chain & Compliance are the most developed. Discovery, Maint. & Support, Community Interaction and Executive Oversight are undeveloped 2012 ISACA Webinar Program ISACA. All rights reserved. 25
26 Why Manage Code/Components Acquisition? Quality issues 85% Found 0 Coding Unit test Function Field test Post test stage release Capers Jones, applied software measurement: assuring productivity and quality. Introduced 2012 ISACA Webinar Program ISACA. All rights reserved. 26
27 What s different about OSS? License Use and. The following table highlights some freeware and open source licenses that may be used in a given use case ISACA Webinar Program ISACA. All rights reserved. 27
28 Compliance and Governance Challenges identified at UK Bank Legal Corporate SBU1 SBU2 SBU3 SBU4 SBU5 SBU6 Project A Project B Project C Establish a policy for certifying new OSS use Develop a governance policy for your OSS portfolio Governance model undefined Global, regional, decentralized Stakeholder roles Differing levels of OSS maturity in business units Differing business models and use cases in business units Differing levels of readiness and ability (and willingness?) to assimilate change Business Case and funding 2012 ISACA Webinar Program ISACA. All rights reserved. 28
29 Manual OSS Process Challenges Identified Search & Select Web search Ask around Check the spreadsheet Sift through information Approve Fill out form Answer questions Advocate Contact legal Wait Wait Security review Catalog Update spreadsheet Arch. review Other approval boards Audit Cd Code Review Rewrite Monitor Monitor security alerts Monitor updates to components Where Used? 2012 ISACA Webinar Program ISACA. All rights reserved. 29
30 Getting to Governance Open Source Governance (OSG) program 2012 ISACA Webinar Program ISACA. All rights reserved. 30
31 Getting to Governance Establish key stakeholder group Open Source Governance (OSG) program 2012 ISACA Webinar Program ISACA. All rights reserved. 31
32 Getting to Governance Establish key stakeholder group Strategy, policy, process Open Source Governance (OSG) program 2012 ISACA Webinar Program ISACA. All rights reserved. 32
33 Getting to Governance Establish key stakeholder group Strategy, policy, process Open Source Governance (OSG) program Discovery 2012 ISACA Webinar Program ISACA. All rights reserved. 33
34 Getting to Governance Establish key stakeholder group Strategy, policy, process Open Source Governance (OSG) program Discovery Remediation 2012 ISACA Webinar Program ISACA. All rights reserved. 34
35 Getting to Governance Establish key stakeholder group Strategy, policy, process Open Source Governance (OSG) program Discovery Remediation Communication & training 2012 ISACA Webinar Program ISACA. All rights reserved. 35
36 Best in Class Strategic Use of OSS 2012 ISACA Webinar Program ISACA. All rights reserved.
37 Gartner s Recommendations Open-Source Software, the Power Behind the Throne Gartner, November Develop an inventory of the exposure of your IT environment to OSS 2. Establish a policy for certifying new open-source use 3. Develop a governance policy for your OSS portfolio. 4. Consider OSS offerings, along with the closed-source software, as competitive alternatives, and make selections based on technical excellence and total cost of ownership (TCO) merits ISACA Webinar Program ISACA. All rights reserved. 37
38 Black Duck Software Enabling Enterprise Open Source Adoption Gartner: average Enterprise uses 29% OSS (January 2011) Best practice companies use 60%-80% 100% 90% 80% 70% 60% 50% 40% Value of Best-in-Class Open Source Software Use 80% 30% 20% 10% 0% 29% Average Best-in-Class 2012 ISACA Webinar Program ISACA. All rights reserved. 38
39 OSS Adoption Lifecycle? Mission critical Strategic imperative Tactical decision Innovators Technology Enthusiasts Early adopters Visionaries Early Majority Pragmatists 2012 ISACA Webinar Program ISACA. All rights reserved. 39
40 OSS Adoption Lifecycle? Built-in in Compliance Driving Participating Managed Measured Exposed Engineering driven Business strategy driven 2012 ISACA Webinar Program ISACA. All rights reserved. 40
41 Extend COBIT Framework to OSS Governance and Management? 2012 ISACA Webinar Program ISACA. All rights reserved.
42 Requirements for World-Class OSS Management & Governance Strategy Articulate the business objectives for use of OSS Policy & Process OSS Policy & Management Process Technology Automate governance and compliance Design In and automate policies 2012 ISACA Webinar Program ISACA. All rights reserved. 42
43 Yes, IT Governance Frameworks are in place February 2011 The State Of IT Governance,,Q ISACA Webinar Program ISACA. All rights reserved. 43
44 IT Governance Frameworks (Cont.) February 2011 The State Of IT Governance, Q ISACA Webinar Program ISACA. All rights reserved. 44
45 IT Governance Frameworks (Cont.) February 2011 The State Of IT Governance, Q ISACA Webinar Program ISACA. All rights reserved. 45
46 Governance and Management Defined What sort of framework is COBIT? An IT audit and control framework? COBIT (1996) and COBIT 2 nd Edition (1998) Focus on Control Objectives An IT management framework? COBIT 3 rd Edition (2000) Management Guidelines added An IT governance framework? COBIT 4.0 (2005) and COBIT 4.1 (2007) Governance and compliance processes added Assurance processes removed BUT what is the difference between governance and management? 2012 ISACA Webinar Program ISACA. All rights reserved. 46
47 Governance and Management Defined (cont.) Governance ensures that stakeholder needs, conditions and options are evaluated to determine balanced, agreed-on enterprise objectives to be achieved; setting direction through prioritization and decision making; and monitoring performance and compliance against agreed-on direction and objectives (EDM). Management plans, builds, runs and monitors activities in alignment with the direction set by the governance body to achieve the enterprise objectives (PBRM) ISACA Webinar Program ISACA. All rights reserved. 47
48 COBIT 5 Holistic? COBIT 5 processes now cover end-to-end business and IT activities, i.e., a full enterprise-level view. This provides for a more holistic and complete coverage of practices reflecting the pervasive enterprise-wide nature of IT use. It makes the involvement, responsibilities and accountabilities of business stakeholders in the use of IT more explicit and transparent. But, are you considering OSS use at the application and component level? 2012 ISACA Webinar Program ISACA. All rights reserved. 48
49 New GEIT Principles COBIT 5 Principles Source: COBIT 5, figure ISACA All rights reserved ISACA Webinar Program ISACA. All rights reserved. 49
50 Stakeholder Value and Business Objectives Principle 1. Meeting Stakeholder Needs: Stakeholder needs have to be transformed into an enterprise s actionable strategy. The COBIT 5 goals cascade translates stakeholder needs into specific, practical and customized goals within the context of the enterprise, IT-related goals and enabler goals. Source: COBIT 5, figure ISACA All rights reserved ISACA Webinar Program ISACA. All rights reserved. 50
51 RACI Charts Source: COBIT 5: Enabling Processes, page ISACA All rights reserved ISACA Webinar Program ISACA. All rights reserved. 51
52 COBIT Process Reference Model Source: COBIT 5, figure ISACA All rights reserved ISACA Webinar Program ISACA. All rights reserved. 52
53 Enterprise Architecture Touch Points in the Development Process (SDLC) A day in the life of an Enterprise Architect ISACA Webinar Program ISACA. All rights reserved. 53
54 COBIT Touch Points for OSS Governance Search & Select Simple, Consolidated Entry Point Trusted Source Updated & Maintained Approve Configurable Approval Forms Automated Approval Workflow Audit Automated Delta Scans Custom Code Printing Rapid Identification CLI & SDK Knowledge Base Catalog Approved Multi-Source Stack Custom Components & Licenses Bill of Materials Monitor Automated NVD Notifications Where FOSS used 2012 ISACA Webinar Program ISACA. All rights reserved. 54
55 Automated Governance and Compliance Application development cycle Plan Code Build Test Rl Release Open source governance lifecycle Acquire Approve Catalog Audit Monitor Description Version Vulnerabilities Cryptography License Maturity Black Duck KnowledgeBase 2012 ISACA Webinar Program ISACA. All rights reserved. 55
56 What Next? Strongly consider discovering your OSS exposure Speak to development teams about OSS use Consider a true holistic approach to Governance Become a strategic, optimized user organization 2012 ISACA Webinar Program ISACA. All rights reserved. 56
57 Questions? Contact Information: Phil Marshall Black Duck Software ISACA Webinar Program ISACA. All rights reserved. 57
What Developers, Cars & Banks Have in Common: Best Practices for Open Source Governance
What Developers, Cars & Banks Have in Common: Best Practices for Open Source Governance Shoken Kim Black Duck Software June 7, 2012 Linux Con Japan Compliance Mini-Track Overview Trends Strategic use of
More informationOSS LOGISTICS: DRIVING INNOVATIVE SOFTWARE FROM DEVELOPER TO CUSTOMER Alex Bigmore Senior Architect & Open Source Governance Programme Manager SITA
OSS LOGISTICS: DRIVING INNOVATIVE SOFTWARE FROM DEVELOPER TO CUSTOMER Alex Bigmore Senior Architect & Open Source Governance Programme Manager SITA Phil Granof EVP & Chief Marketing Officer Black Duck
More informationHow to Ensure IT Compliance Without Compromising Innovation. Nik Teshima, IBM Phil Odence, Black Duck
How to Ensure IT Compliance Without Compromising Innovation Nik Teshima, IBM Phil Odence, Black Duck Black Duck 2013 Speakers Phil Odence VP of Business Development Black Duck Software Nik Teshima Senior
More informationManaging Open Source Code Best Practices
Managing Open Source Code Best Practices September 24, 2008 Agenda Welcome and Introduction Eran Strod Open Source Best Practices Hal Hearst Questions & Answers Next Steps About Black Duck Software Accelerate
More informationPresented by. Denis Darveau CISM, CISA, CRISC, CISSP
Presented by Denis Darveau CISM, CISA, CRISC, CISSP Las Vegas ISACA Chapter, February 19, 2013 2 COBIT Definition Control Objectives for Information and Related Technology (COBIT) is an IT governance framework
More informationHow to Avoid 5 Common Pitfalls in Open Source Utilization. July 2013
How to Avoid 5 Common Pitfalls in Open Source Utilization July 2013 Today s Presenters Phil Odence Black Duck Baruch Sadogursky JFrog 2 Agenda Open Source Trends Avoiding 5 Common Pitfalls JFrog Artifactory
More informationAdapting IT Governance Frameworks to Ensure Control and Visibility of Open Source
Adapting IT Governance Frameworks to Ensure Control and Visibility of Open Source Dave Lounsbury, CTO & Vice President, The Open Group Peter Vescuso, EVP of Marketing & Business Development, Black Duck
More informationHow To Improve Your Software
Driving Quality, Security and Compliance in Third- Party Code Dave Gruber Director of Product Marketing, Black Duck Keri Sprinkle Sr Product Marketing Manager, Coverity Jon Jarboe Sr Technical Marketing
More informationXEROX TALKS BEST PRACTICES FOR OPEN SOURCE GOVERNANCE
XEROX TALKS BEST PRACTICES FOR OPEN SOURCE GOVERNANCE November 2014 2014 Black Duck Software, Inc. All Rights Reserved. SPEAKERS Phil Odence Vice President and General Manager Black Duck Software Robert
More informationCOBIT 5 Introduction. 28 February 2012
COBIT 5 Introduction 28 February 2012 COBIT 5 Executive Summary 2012 ISACA. All rights reserved. 2 Information! Information is a key resource for all enterprises. Information is created, used, retained,
More informationCLOUD SECURITY THROUGH COBIT, ISO 27001 ISMS CONTROLS, ASSURANCE AND COMPLIANCE
CLOUD SECURITY THROUGH COBIT, ISO 27001 ISMS CONTROLS, ASSURANCE AND COMPLIANCE Indranil Mukherjee Singapore ISC Pte Ltd Session ID: CLD T02 Session Classification: Intermediate Cloud Computing from a
More informationChayuth Singtongthumrongkul
IT is complicated. IT Governance doesn t have to be. Chayuth Singtongthumrongkul CISSP, CISA, ITIL Intermediate, PMP, IRCA ISMS (ISO/IEC 27001) Director of International Academic Alliance, ACIS Professional
More informationOpen Source Drives Innovation in Financial Services
Open Source Drives Innovation in Financial Services 2013 Black Duck, Know Your Code, Ohloh, SpikeSource, Spike and the Black Duck logo are registered trademarks of Black Duck Software, Inc. in the United
More informationHow To Manage An Open Source Software
Executive Briefing: Four Steps to Creating an Effective Open Source Policy Greg Olson Sr. Director OSS Management Olliance Group Speaker Greg Olson Sr. Director, Open Source Management Over 30 years of
More informationHOW TO UTILIZE OPEN SOURCE IN YOUR CODE BASE AND BUILD PROCESS. 2015 Black Duck Software, Inc. All Rights Reserved.
HOW TO UTILIZE OPEN SOURCE IN YOUR CODE BASE AND BUILD PROCESS 2015 Black Duck Software, Inc. All Rights Reserved. TODAY S PRESENTERS Baruch Sadogursky JFrog Dave Gruber Black Duck 2 2015 Black Duck Software,
More informationEnabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices. April 10, 2013
Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices April 10, 2013 Today's Agenda: Key Topics Defining IT Governance IT Governance Elements & Responsibilities
More informationCOBIT 5 For Cyber Security Governance and Management. Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE)
COBIT 5 For Cyber Security Governance and Management Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE) Cybersecurity Governance using COBIT5 Cyber Defence Summit Riyadh, KSA
More informationDriving Business Agility with the Use of Open Source Software
Driving Business Agility with the Use of Open Source Software Speakers Peter Vescuso EVP of Marketing & Business Development Black Duck Software Melinda Ballou Program Director, Application Life-Cycle
More informationFinding The PPM Sweet Spot
Finding The PPM Sweet Spot How the Cloud and a Top Down Approach Can Help Drive Project Portfolio Value Featured Presenter: Daniel Stang Research Director Welcome! Thank you for joining us. A few things
More informationCOBIT 5 for Risk. CS 3-7: Monday, July 6 4:00-5:00. Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.
COBIT 5 for Risk CS 3-7: Monday, July 6 4:00-5:00 Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.net Disclaimer of Use and Association Note: It is understood that
More informationHow To Transform It Risk Management
The transformation of IT Risk Management kpmg.com The transformation of IT Risk Management The role of IT Risk Management Scope of IT risk management Examples of IT risk areas of focus How KPMG can help
More informationPractical Approaches to Achieving Sustainable IT Governance
Practical Approaches to Achieving Sustainable IT Governance Beyond Mandates: Getting to Sustainable IT Governance Best Practices Agenda IT Governance Definition IT Governance Principles IT Governance Decisions
More informationReducing Cost and Risk Through Software Asset Management
RESEARCH SUMMARY NOVEMBER 2013 Reducing Cost and Risk Through Software Asset Management A survey conducted by CA Technologies among delegate attendees at the 2013 Gartner IT Financial, Procurement & Asset
More informationOpen Source Governance in Highly Regulated Companies
Open Source Governance in Highly Regulated Companies 2013 Black Duck, Know Your Code, Ohloh, SpikeSource, Spike and the Black Duck logo are registered trademarks of Black Duck Software, Inc. in the United
More informationCOBIT Helps Organizations Meet Performance and Compliance Requirements
DISCUSS THIS ARTICLE COBIT Helps Organizations Meet Performance and Compliance Requirements By Sreechith Radhakrishnan, COBIT Certified Assessor, ISO/IEC 20000 LA, ISO/IEC 27001 LA, ISO22301 LA, ITIL Expert,
More informationIT Governance. Key Initiative Overview
Michael Gerrard Research Vice President and Distinguished Analyst IT governance addresses two major topics: demand governance ( doing the right things ) and supply-side governance ( doing things right
More informationINFORMATION TECHNOLOGY FLASH REPORT
INFORMATION TECHNOLOGY FLASH REPORT ISACA Releases COBIT 5: Updated Framework for the Governance and Management of IT May 18, 2012 In April, ISACA released COBIT 5 as a replacement for its current globally
More information5 Steps for a Winning Open Source Compliance Program
5 Steps for a Winning Open Source Compliance Program Kellan Ponikiewicz Peter Vescuso @black_duck_sw Black Duck 2013 Speakers Peter Vescuso EVP of Marketing Black Duck Software Kellan Ponikiewicz IP Counsel
More informationModule 6 Essentials of Enterprise Architecture Tools
Process-Centric Service-Oriented Module 6 Essentials of Enterprise Architecture Tools Capability-Driven Understand the need and necessity for a EA Tool IASA Global - India Chapter Webinar by Vinu Jade
More informationThe Corporate Counsel s Guide to Open Source Software Policy Implementation
The Corporate Counsel s Guide to Open Source Software Policy Implementation How to Protect the Enterprise from Risk while Helping Your Company More Efficiently Develop and Maintain Applications Black Duck
More informationCOBIT 5: A New Governance Framework for Managing & Auditing the Technology Environment CS 6-7: Tuesday, July 7 3:30-4:30
COBIT 5: A New Governance Framework for Managing & Auditing the Technology Environment CS 6-7: Tuesday, July 7 3:30-4:30 Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.net
More informationStrategy, COBIT and Vision: HOW DO THEY RELATE? Ken Vander Wal, CISA, CPA, Past President, ISACA vandeke@gmail.com 11.16.2013
Strategy, COBIT and Vision: HOW DO THEY RELATE? Ken Vander Wal, CISA, CPA, Past President, ISACA vandeke@gmail.com 11.16.2013 AGENDA IT s Changing Landscape ISACA s Response Vision and Mission COBIT 5
More informationVulnerability Management
Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other
More informationMoving Forward with IT Governance and COBIT
Moving Forward with IT Governance and COBIT Los Angeles ISACA COBIT User Group Tuesday 27, March 2007 IT GRC Questions from the CIO Today s discussion focuses on the typical challenges facing the CIO around
More informationStrategic Planning. Key Initiative Overview
David Aron Research Vice President This overview provides a high-level description of the Strategic Planning Key Initiative. IT leaders can use it to create strategies that help the business win, and change
More information"Service Lifecycle Management strategies for CIOs"
"Service Lifecycle strategies for CIOs" Ralf Hart, Sales Manager CEE Europe FrontRange Solutions 10th December 2008 Agenda FrontRange Solutions The challenges the IT community faces What is the solution?
More informationStepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM
Stepping Through the Info Security Program Jennifer Bayuk, CISA, CISM Infosec Program How to: compose an InfoSec Program cement a relationship between InfoSec program and IT Governance design roles and
More informationIT risk management discussion 2013 PIAA Leadership Camp May 15, 2013
IT risk management discussion 2013 PIAA Leadership Camp May 15, 2013 Debbie Lew Agenda Review what is IT governance Review what is IT risk management A discussion of key IT risks to be aware of Page 2
More informationDATA CENTER INFRASTRUCTURE MANAGEMENT
THE nlyte SOLUTION nlyte Software was founded by data center professionals for data center professionals and is the independent provider of data center infrastructure Management (DCIM) solutions. The nlyte
More informationDelivering Quality Service with IBM Service Management
Delivering Quality Service with IBM Service Milos Nikolic, Global Technology Services Manager Dragan Jeremic, Technical Sales Specialist for Tivoli December 10th 2008 Innovation is the Process, Success
More informationBringing Continuous Security to the Global Enterprise
Bringing Continuous to the Global Enterprise Asset Discovery Network Web App Compliance Monitoring Threat Protection The Most Advanced Platform 3+ Billion IP Scans/Audits a Year 1+ Trillion Events The
More informationIT Governance (Worthwhile Exercise?) January 10, 2013 Presented by Chad Murphy, CISA
IT Governance (Worthwhile Exercise?) January 10, 2013 Presented by Chad Murphy, CISA Things we hear! You are making it much too complex. It is an IT problem! We do not know where to start! We do this already!
More informationReaching for the cloud: the potential and the reality of using cloud-based platforms. Speaker: Michael Michaelides October 22, 2015
Reaching for the cloud: the potential and the reality of using cloud-based platforms Speaker: Michael Michaelides October 22, 2015 Within today s financial services (FS) marketplace, speed to market, agility
More informationDomain 1 The Process of Auditing Information Systems
Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge
More informationInfraStruxure Data Centre Management Software. Holistic open standards integrated data centre management solution.
Data Centre Solutions...energy efficient by design InfraStruxure Data Centre Management Software Holistic open standards integrated data centre management solution. Creating an effective workspace environment
More informationAuditing the Software Development Lifecycle ISACA Geek Week. Mike Van Stone Sekou Kamara August 2014
Auditing the Software Development Lifecycle ISACA Geek Week Mike Van Stone Sekou Kamara August 2014 Agenda Introduction Audit Scope Project Initiation SDLC Processes Stakeholders Common Development Methodologies
More informationApplication Overhaul. Key Initiative Overview
Scott D. Nelson Research Managing Vice President This overview provides a high-level description of the Application Overhaul Key Initiative. IT leaders can use this guide to understand how to develop an
More informationHP Application Security Center
HP Application Security Center Web application security across the application lifecycle Solution brief HP Application Security Center helps security professionals, quality assurance (QA) specialists and
More informationOPEN SOURCE SOFTWARE CUSTODIAN AS A SERVICE
OPEN SOURCE SOFTWARE CUSTODIAN AS A SERVICE Martin Callinan Martin.callinan@sourcecodecontrol.co Wednesday, June 15, 2016 Table of Contents Introduction... 2 Source Code Control... 2 What we do... 2 Service
More informationScanning Open Source Software and Managing License Obligations on IBM SmartCloud. Because code travels
Scanning Open Source Software and Managing License Obligations on IBM SmartCloud Because code travels 1 Webinar Agenda Protecode & IBM SmartCloud Company IBM Partnership Solutions Managing Code Obligations
More informationEnabling Data Quality
Enabling Data Quality Establishing Master Data Management (MDM) using Business Architecture supported by Information Architecture & Application Architecture (SOA) to enable Data Quality. 1 Background &
More informationCOBIT 5 ISACA s new framework for IT Governance, Risk, Security and Auditing. An overview
COBIT 5 IACA s new framework for IT Governance, Risk, ecurity and Auditing An overview M. Garsoux COBIT 5 Licensed Training rovider Introduction rinciples rocesses Implementation upporting roducts Questions
More informationOpen Source Software and the impact on Mergers & Acquisitions
Open Source Software and the impact on Mergers & Acquisitions Black Duck 2013 Speakers Russell Hartz VP of Corporate Development SAP Oliver Vivell Senior Director of Corporate Development SAP Matthew Jacobs
More informationSummit Platform. IT and Business Challenges. SUMMUS IT Management Solutions. IT Service Management (ITSM) Datasheet. Key Benefits
Summit Platform The Summit Platform provides IT organizations a comprehensive, integrated IT management solution that combines IT service management, IT asset management, availability management, and project
More informationIntegrating ITSM and Cloud into Enterprise IT Governance
ITSM and Cloud Computing: Integrating ITSM and Cloud into Enterprise IT Governance Presented by: Eric Marks AgilePath Corporation President & CEO Agenda ITSM in Enterprise Governance Context ITSM Integration
More informationLeveraging Open Source for a Winning Enterprise Mobile Strategy
Leveraging Open Source for a Winning Enterprise Mobile Strategy Speakers Peter Vescuso EVP of Marketing & Business Development Black Duck Software @black_duck_sw Bryan House VP of Marketing Acquia @bryanhouse
More informationSimplify and Automate IT
Simplify and Automate IT Expectations have never been higher Reduce IT Costs 30% increase in staff efficiency Reduce support costs by 25% Improve Quality of Service Reduce downtime by 75% 70% faster MTTR
More informationAutomated IT Asset Management Maximize organizational value using BMC Track-It! WHITE PAPER
Automated IT Asset Management Maximize organizational value using BMC Track-It! WHITE PAPER CONTENTS ADAPTING TO THE CONSTANTLY CHANGING ENVIRONMENT....................... 1 THE FOUR KEY BENEFITS OF AUTOMATION..................................
More informationLuncheon Webinar Series May 7th, 2015
Luncheon Webinar Series May 7th, 2015 Stewardship Center Overview Presented by Robert Dickson Sponsored By: 1 2015 IBM Corporation 1 Stewardship Center Overview Questions and suggestions regarding presentation
More informationBOM based on what they input into fossology.
SPDX Tool Website SPDX Tool Description License and copyright scanner that emits license names that conform to SPDX. In March a module should be added that gives the user an SPDX FOSSology fossology.org
More informationNetwork Security and Vulnerability Assessment Solutions
Network Security and Vulnerability Assessment Solutions Unified Vulnerability Management It s a known fact that the exponential growth and successful exploitation of vulnerabilities create increasingly
More informationRisk Considerations for Internal Audit
Risk Considerations for Internal Audit Cecile Galvez, Deloitte & Touche LLP Enterprise Risk Services Director Traci Mizoguchi, Deloitte & Touche LLP Enterprise Risk Services Senior Manager February 2013
More informationEd Adams, CEO Security Innovation. Dr. Larry Ponemon Ponemon Institute. 2012 ISACA Webinar Program. 2012 ISACA. All rights reserved.
2012 Study on Application Security: AS Survey of fits Security and dd Developers Ed Adams, CEO Security Innovation Dr. Larry Ponemon Ponemon Institute 2012 ISACA Webinar Program. 2012 ISACA. All rights
More informationEnabling Information PREVIEW VERSION
Enabling Information These following pages provide a preview of the information contained in COBIT 5: Enabling Information. The main benefit of this publication is that it provides COBIT 5 users with a
More informationGeoff Harmer PhD, CEng, FBCS, CITP, CGEIT Maat Consulting Reading, UK www.maatconsulting.com
COBIT 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT Maat Consulting Reading, UK www.maatconsulting.com 1 Copyright Notice COBIT is 1996, 1998, 2000, 2005 2012 ISACA and IT Governance Institute.
More informationCybersecurity The role of Internal Audit
Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government
More informationRevised October 2013
Revised October 2013 Version 3.0 (Live) Page 0 Owner: Chief Examiner CONTENTS: 1. Introduction..2 2. Foundation Certificate 2 2.1 The Purpose of the COBIT 5 Foundation Certificate.2 2.2 The Target Audience
More informationIntegrating Project Management and Service Management
Integrating Project and Integrating Project and By Reg Lo with contributions from Michael Robinson. 1 Introduction Project has become a well recognized management discipline within IT. is also becoming
More informationSimplify and Automate IT
Simplify and Automate IT The current state of IT INCIDENT SERVICE LEVEL DATA SERVICE REQUEST ASSET RELEASE CONFIGURATION GOVERNANCE AND COMPLIANCE EVENT AND IMPACT ENTERPRISE SCHEDULING DASHBOARDS CAPACITY
More informationWilhelmenia Ravenell IT Manager Eli Lilly and Company
Wilhelmenia Ravenell IT Manager Eli Lilly and Company Agenda Introductions The Service Management Framework Keys of a successful Service management transformation Why transform? ROI and the customer experience
More informationSuccessfully manage multiple suppliers
Viewpoint paper Successfully manage multiple suppliers Achieve effective IT service delivery Table of contents 1 Manage and integrate multiple suppliers 1 See multisupplier environment challenges 2 Understand
More informationGobierno de TI Enfrentando al Reto. IT Governance Facing the Challenge. Everett C. Johnson, CPA International President ISACA and ITGI
Gobierno de TI Enfrentando al Reto IT Facing the Challenge Everett C. Johnson, CPA International President ISACA and ITGI 1 Add titles Agenda Agenda IT governance keys IT governance focus areas: theory
More informationRequirements Change Management
Requirements Change Management Task 2.5 June 14, 2012 Changing Change. Develop the Professional. Develop the Profession. International Institute of Business Analysis 2 Looking for a Career? Visit IIBA
More informationA CobiT Case Study. Drawing on CobiT for the implementation of an Enterprise Risk Management Framework. December 2008
A CobiT Case Study Drawing on CobiT for the implementation of an Enterprise Risk Management Framework December 2008 Presenter: Clive E. Waugh, CISSP C/EH 1 Risk Management Framework Objectives CobiT provided
More informationAchieving Control: The Four Critical Success Factors of Change Management. Technology Concepts & Business Considerations
Achieving Control: The Four Critical Success Factors of Change Management Technology Concepts & Business Considerations T e c h n i c a l W H I T E P A P E R Table of Contents Executive Summary...........................................................
More information8 Tips for Winning the IT Asset Management Challenge START
Tips for Winning the IT Asset Management Challenge START A successful IT Asset Management (ITAM) program can help you lower your costs and increase your asset utilization. You benefit by avoiding unplanned
More informationNegotiating Vendor Contracts. Key Initiative Overview
Christopher Ambrose Research Vice President This overview provides a high-level description of the Negotiating Vendor Contracts Key Initiative. IT leaders can use this overview to understand how to improve
More informationGoverning and optimising the design, build and run of new generation IT services
Governing and optimising the design, build and run of new generation IT services harold.petersen@uxcconsulting.com.au www.uxcconsulting.com.au Leadit Conference, Melbourne 13-15 August 2014 Harold Petersen
More informationRSA Solution Brief. The RSA Solution for Cloud Security and Compliance
The RSA Solution for Cloud Security and Compliance The RSA Solution for Cloud Security and Compliance enables enduser organizations and service providers to orchestrate and visualize the security of their
More informationProject Management Office Best Practices
Project Management Office Best Practices Agenda Maturity Models (Industry & PMO) PMO Areas of Expertise (Scale & Scope) Project Management Office Process Model Project Management Framework PMO Implementation
More informationThe Value of Vulnerability Management*
The Value of Vulnerability Management* *ISACA/IIA Dallas Presented by: Robert Buchheit, Director Advisory Practice, Dallas Ricky Allen, Manager Advisory Practice, Houston *connectedthinking PwC Agenda
More informationThe expression better, faster, cheaper THE BUSINESS CASE FOR PROJECT PORTFOLIO MANAGEMENT
Cloud Solutions for IT Management WHITE PAPER THE BUSINESS CASE FOR PROJECT PORTFOLIO MANAGEMENT How Progressive IT Organizations Are Using Hosted Solutions To Deliver On Time, On Budget, On Quota and
More informationThe RSA Solution for. infrastructure security and compliance. A GRC foundation for VMware. Solution Brief
The RSA Solution for Cloud Security and Compliance A GRC foundation for VMware infrastructure security and compliance Solution Brief The RSA Solution for Cloud Security and Compliance enables end-user
More informationDesigning and Implementing Cloud Governance: Cloud, and Cloud Governance, are Emerging Capabilities
Designing and Implementing Governance:, and Governance, are Emerging Capabilities Eric Marks President & CEO AgilePath Corporation emarks@agile-path.com Designing and Implementing Governance Governance
More informationIT Portfolio Management
IT Portfolio Management The Critical Step to Continually Optimizing Your Data Center Consolidation and Migration Initiatives Christopher Steel Digital Government Institute s Cloud Computing & Data Center
More informationTying It All Together: Practical ERM Integration. Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation
Tying It All Together: Practical ERM Integration Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation November 16, 2007 1 Agenda Basis for ERM Integration ERM Objectives ERM Focus
More informationIT Asset Inventory and Outsourcing: The Value of Visibility
BDNA WHITE PAPER IT Asset Inventory and Outsourcing: The Value of Visibility October 2007 bdnacorp.com U.S. Corporate Headquarters 650.625.9530 Europe, Middle East & Africa +33.1.42.27.10.71 Asia Pacific
More informationStrategies for assessing cloud security
IBM Global Technology Services Thought Leadership White Paper November 2010 Strategies for assessing cloud security 2 Securing the cloud: from strategy development to ongoing assessment Executive summary
More informationIT Risk Management Life Cycle and enabling it with GRC Technology
IT Risk Management Life Cycle and enabling it with GRC Technology Debbie Lew (debbie.lew@ey.com), Senior Manager, E&Y Steven Jones (steven.jones@ey.com), Senior Manager, E&Y Overview 1. What is risk management?
More informationHP Service Manager. Software Version: 9.34 For the supported Windows and UNIX operating systems. Processes and Best Practices Guide
HP Service Manager Software Version: 9.34 For the supported Windows and UNIX operating systems Processes and Best Practices Guide Document Release Date: July 2014 Software Release Date: July 2014 Legal
More informationEXIN.Passguide.EX0-001.v2014-10-25.by.SAM.424q. Exam Code: EX0-001. Exam Name: ITIL Foundation (syllabus 2011) Exam
EXIN.Passguide.EX0-001.v2014-10-25.by.SAM.424q Number: EX0-001 Passing Score: 800 Time Limit: 120 min File Version: 24.5 http://www.gratisexam.com/ Exam Code: EX0-001 Exam Name: ITIL Foundation (syllabus
More informationjourney to a hybrid cloud
journey to a hybrid cloud Virtualization and Automation VI015SN journey to a hybrid cloud Jim Sweeney, CTO GTSI about the speaker Jim Sweeney GTSI, Chief Technology Officer 35 years of engineering experience
More informationWhy Finance Should Automate Management & Regulatory Reporting Processes
May 25, 2016 Why Finance Should Automate Management & Regulatory Reporting Processes connecting senior-level financial executives since 1931 CPE Credits Today s webcast is worth 1 Continuing Professional
More informationI D C T E C H N O L O G Y S P O T L I G H T. E n a b l i n g Quality I n n o va t i o n w i t h Servi c e
I D C T E C H N O L O G Y S P O T L I G H T E n a b l i n g Quality I n n o va t i o n w i t h Servi c e V i r t u a lization a nd Netw or k Virtualization December 2014 Adapted from Worldwide Automated
More informationSoftware Licensing and Pricing Best Practices. Stewart Buchanan June 3, 2009 Gartner Webinar
Software Licensing and Pricing Best Practices Stewart Buchanan June 3, 2009 Gartner Webinar How to Participate Today Audio Announcement You have joined the audio muted using your computer s speaker system
More informationImplementing Practical Information Security Programs
Implementing Practical Information Security Programs CISO Summit March 17-19, 2013 Presented by: David Cass, SVP & Chief Information Security Officer, Elsevier Information Security & Data Protection Office
More informationCisco Intelligent Automation for Cloud
Product Data Sheet Cisco Intelligent Automation for Cloud Early adopters of cloud-based service delivery were seeking additional cost savings beyond those achieved with server virtualization and abstraction.
More informationIT Governance Overview
IT Governance Overview Contents Executive Summary... 3 What is IT Governance?... 4 Strategic Vision and IT Guiding Principles... 4 Campus-Wide IT Strategic Vision... 4 IT Guiding Principles... 4 The Scope
More informationSESSION 709 Wednesday, November 4, 9:00am - 10:00am Track: Strategic View
SESSION 709 Wednesday, November 4, 9:00am - 10:00am Track: Strategic View The Business of IT Provisioning Bill Irvine Transformation Strategist, Accelerate Innovation, VMware billirvine@comcast.net Session
More informationData Governance Center Positioning
Data Governance Center Positioning Collibra Capabilities & Positioning Data Governance Council: Governance Operating Model Data Governance Organization Roles & Responsibilities Processes & Workflow Asset
More information