Recommendation for IT Governance Using the COBIT 4.1 Framework



Similar documents
Terms of Reference for an IT Audit of

COBIT 4.1 TABLE OF CONTENTS

IT Charter and IT Governance Framework

CobiT and IT Governance Elements for building in security. from the top, down and the bottom, up

Effectively Using CobiT in IT Service Management

GOVERNANCE OF INFORMATION TECHNOLOGY IN HIGHER EDUCATION

Chayuth Singtongthumrongkul

IT Governance. What is it and how to audit it. 21 April 2009

Gobierno de TI Enfrentando al Reto. IT Governance Facing the Challenge. Everett C. Johnson, CPA International President ISACA and ITGI

Information Security Management Systems

IT Governance: framework and case study. 22 September 2010

Governance and Management of Information Security

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA

EA vs ITSM. itsmf

COBIT Helps Organizations Meet Performance and Compliance Requirements

IT Governance Regulatory. P.K.Patel AGM, MoF

An Interview with William F. Slater, III

Strategy, COBIT and Vision: HOW DO THEY RELATE? Ken Vander Wal, CISA, CPA, Past President, ISACA

ASSESSMENT OF THE IT GOVERNANCE PERCEPTION WITHIN THE ROMANIAN BUSINESS ENVIRONMENT

Citation for published version (APA): Berthing, H. H. (2014). Vision for IT Audit Abstract from Nordic ISACA Conference 2014, Oslo, Norway.

Project Management and ITIL Transitions

What Should IS Majors Know About Regulatory Compliance?

EVALUATION FRAMEWORK FOR SERVICE CATALOG MATURITY IN INFORMATION TECHNOLOGY ORGANIZATIONS

Applying Integrated Risk Management Scenarios for Improving Enterprise Governance

COBIT 5 For Cyber Security Governance and Management. Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE)

Trends in Information Technology (IT) Auditing

GRC Program Best Practices & Lessons Learned

ITIL Vs. LAYER - Search Engine Marketing System

Information System Project Management Context (IS PM 2. lecture, 2012)

IS Audit and Assurance Guideline 2402 Follow-up Activities

Feature. Developing an Information Security and Risk Management Strategy

Aalborg Universitet. Cyber Assurance - what should the IT auditor focus on? Berthing, Hans Henrik Aabenhus. Publication date: 2014

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013

ITIL AND COBIT EXPLAINED

CLASSIFICATION SPECIFICATION FORM

IT Service Management ITIL, COBIT

Program Overview and 2015 Outlook

Certified Software Quality Assurance Professional VS-1085

Introduction Auditing Internal Controls in an IT Environment SOx and the COSO Internal Controls Framework Roles and Responsibilities of IT Auditors

SSAE 16 Everything You Wanted To Know But Are Afraid To Ask. Kurt Hagerman CISA, CISSP, QSA Managing Director, Coalfire December 8, 2011

Domain 1 The Process of Auditing Information Systems

JOE MOROLONG LOCAL MUNICIPALITY IT GOVERNANCE FRAMEWORK

Data Governance. Unlocking Value and Controlling Risk. Data Governance.

Understanding COBIT 5. based on ISACA Materials Prepared by: Deb Mallette, CGEIT, CISA, CSSBB, IMG BSMS EPDM, Process Consultant

Internal audit value optimization for insurance organizations

Digital Continuity Plan

S11 - Implementing IT Governance An Introduction Debra Mallette

Sarbanes-Oxley Control Transformation Through Automation

IT Governance Charter

Beyond Mandates: Getting to Sustainable IT Governance Best Practices. Steve Romero PMP, CISSP, CPM IT Governance Evangelist

Moving Forward with IT Governance and COBIT

CYBERSECURITY SLAs: MANANGING REQUIREMENTS AT ARM S LENGTH

ISO/IEC 27002:2013 WHITEPAPER. When Recognition Matters

SECURITY RISK MANAGEMENT

Your Software Quality is Our Business. INDEPENDENT VERIFICATION AND VALIDATION (IV&V) WHITE PAPER Prepared by Adnet, Inc.

Workshop agenda. Data Quality Metrics and IT Governance. Today s purpose. Icebreaker. Audience Contract. Today s Purpose

VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium

Information Security Management System (ISMS) Overview. Arhnel Klyde S. Terroza

Auditors Need to Know June 13th, ISACA COBIT 5 for Assurance

COBIT 5 for Risk. CS 3-7: Monday, July 6 4:00-5:00. Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.

Image Area. View Point. Transforming your Metrics Program with the right set of Silver Bullets.

IT Governance Implementation Workshop

Public Service Corporate Governance of Information and Communication Technology Policy Framework

GLOBAL STANDARD FOR INFORMATION MANAGEMENT

Office of the Auditor General AUDIT OF IT GOVERNANCE. Tabled at Audit Committee March 12, 2015

Internal Auditing Guidelines

WEST COAST DISTRICT MUNICIPALITY IT GOVERNANCE FRAMEWORK IT CHARTER

North Texas ISSA CISO Roundtable

Infrastructure consulting. Global Infrastructure

GAIA Service Catalogs: A Framework for the Construction of IT Service Catalogs

Certified Information Security Manager (CISM)

Hans Henrik Berthing, CPA, CISA, CGEIT, CRISC, CIA

HIPAA and HITRUST - FAQ

1. FPO. Guide to the Sarbanes-Oxley Act: IT Risks and Controls. Second Edition

How To Improve Your Business

Information Technology Auditing for Non-IT Specialist

San Francisco Chapter. Presented by Mike O. Villegas, CISA, CISSP

IMPLEMENTATION OF HIGH-PERFORMANCE SECURITY MANAGEMENT PROCESSES

COBIT 5 Implementation Certification Course

NEW PERSPECTIVES. Data Analysis Challenges: C1 is customer provided. Anticipate IRS Audits: System Development and Implementation Projects:

Automated Controls Strategy, Implementation & Practical Examples. By Danny Miller, CGEIT, CISA, ITIL

Developing a Project Management Office:

Cut Costs vs. Smart Buy. Cloud Services For Real

Cybersecurity Audit Why are we still Vulnerable? November 30, 2015

FERC Regulations: Managing Compliance Through ETRM Technology

IT Governance isn t one thing, it s everything. Steve Romero PMP, CISSP, CCP

A Comparison of IT Governance & Control Frameworks in Cloud Computing. Jack D. Becker ITDS Department, UNT & Elana Bailey

QUALITY MANAGEMENT SYSTEM MANUAL

CASRO Digital Research Conference Data Security: Don t Risk Being the Weak Link

Auditing IT Governance Steve Hunt October 11, 2012

Control Design & Implementation Week #5 CRISC Exam Prep ~ Domain #4. Bill Pankey Tunitas Group. Job Practice

WELCOME TO SECURE

Business Excellence and ROI based process maturity

COBIT 5: A New Governance Framework for Managing & Auditing the Technology Environment CS 6-7: Tuesday, July 7 3:30-4:30

Certified Information Systems Auditor (CISA)

Enabling Information PREVIEW VERSION

IT Outsourced Services. Preliminary Survey

PCI Policy Compliance Using Information Security Policies Made Easy. PCI Policy Compliance Information Shield Page 1

7Seven Things You Need to Know About Long-Term Document Storage and Compliance

Practical Approaches to Achieving Sustainable IT Governance

Transcription:

Recommendation for IT Governance Using the COBIT 4.1 Framework William F. Slater, III, MBA, M.S., PMP, CISSP, CISA Week 7 Assignment CYBR 615 Cybersecurity Governance and Compliance January 27, 2013 January 27, 2013 A Brief Presentation on IT Governance and COBIT -William F. Slater III 1

Agenda Key Trends that Will Shape the Future of IT What is IT Governance? Recommendations for IT Governance Common Pitfalls of IT Governance Recommendations for COBIT-based IT Governance COBIT 4.1 vs. COBIT 5.0 Conclusion References January 27, 2013 A Brief Presentation on IT Governance and COBIT -William F. Slater III 2

Key Trends That Will Shape the Future of IT Measuring and Managing EVERYTHING Controlling Costs of EVERYTHING Optimization of EVERYTHING Automation of EVERYTHING using smart applications and smart hardware Trying to be as GREEN as possible in EVERYTHING Trying to get EVERYTHING done with as few people as possible, even ZERO people EVERYTHINGwill be under Risk Management and Information Security management (i.e. ISO 27001) EVERYTHING will be under Service Management (i.e. ITIL and ISO 20000) Continuous Process Improvement in EVERYTHING Watch word: Save Your Company Money by optimizing EVERYTHING, continually improving EVERYTHING and adding business value The move to the Cloud to save money and increase efficiencies will continue to INCREASE EVERYTHING will be subject to compliance and AUDITING EVERYTHING is On the Table January 27, 2013 A Brief Presentation on IT Governance and COBIT -William F. Slater III 3

What Is IT Governance? IT Governance is a management-backed initiative that will implement a structured framework that will allow management to strategically align, measure, and manage Information Technology resources in a way that will increase their visibility and value to the business, which reducing risk and providing a means of continual improvement. IT Governance requires strong management and management support to be successful January 27, 2013 A Brief Presentation on IT Governance and COBIT - William F. Slater III 4

IT Governance Focus Areas Strategic alignment focuses on ensuring the linkage of business and IT plans; defining, maintaining and validating the IT value proposition; and aligning IT operations with enterprise operations. Value delivery is about executing the value proposition throughout the delivery cycle, ensuring that IT delivers the promised benefits against the strategy, concentrating on optimizing costs and proving the intrinsic value of IT. Resource management is about the optimal investment in, and the proper management of, critical IT resources: applications, information, infrastructure and people. Key issues relate to the optimization of knowledge and infrastructure. Risk management requires risk awareness by senior corporate officers, a clear understanding of the enterprise s appetite for risk, understanding of compliance requirements, transparency about the significant risks to the enterprise and embedding of risk management responsibilities into the organization. Performance measurement tracks and monitors strategy implementation, project completion, resource usage, process performance and service delivery, using, for example, balanced scorecards that translate strategy into action to achieve goals measurable beyond conventional accounting. From COBIT 4.1 Guide By ISACA January 27, 2013 A Brief Presentation on IT Governance and COBIT - William F. Slater III 5

Recommendations for IT Governance Adopt an IT Governance Framework IT Governance requires strong management and management support to be successful An IT Governance Framework will Align IT capabilities with business goals and needs Allow IT to be measured and managed in a structured way Increase the value of IT to the organization Reduce risk Allow IT to be continual improved From COBIT 4.1 Guide By ISACA January 27, 2013 A Brief Presentation on IT Governance and COBIT - William F. Slater III 6

Common Pitfalls of IT Governance Who does what now? Governance participants that lack the authority to perform their roles. I'll get right on it! Governance stakeholders that lack accountability making them unmo vated participants. We do the what now? Key blueprints, standards and best practices that are not well communicated. The challenges in effectively communicating the enterprise architecture is often underestimated. The governance process itself can also be a challenge to communicate. Keen to govern Governance initiatives with excessively broad scope. The assumption is often made that governance must cover the entire organization. Rolling out a new governance process is challenging and best done incrementally. Magic software Over reliance on governance software (garbage-in garbage-out). The black box process Processes, actions and decisions that lack transparency. Transparency facilitates understanding and trust in the governance process. I watch you, you watch me Teams that evaluate themselves and other conflicts of interest. Maturity please Organizations that undertake a comprehensive governance process before reaching the requisite level of organizational maturity. From Simplicable.com January 27, 2013 A Brief Presentation on IT Governance and COBIT - William F. Slater III 7

Common Pitfalls of IT Governance From Simplicable.com January 27, 2013 A Brief Presentation on IT Governance and COBIT - William F. Slater III 8

What Is COBIT? ISACA s IT Governance Framework It is well-structured, easy to follow, and when implemented, it will allow this organization to accomplish each of these objectives: Alignment of IT capabilities with business goals and needs Establishment of performance objectives and Measurement of progress Increase the value of IT to the organization Reduce risk Continual improvement Currently on Version 5, but version 4.1 is still in common use From COBIT 4.1 Guide By ISACA January 27, 2013 A Brief Presentation on IT Governance and COBIT - William F. Slater III 9

The COBIT Top-Down Governance Pyramid From COBIT 4.1 Guide By ISACA January 27, 2013 A Brief Presentation on IT Governance and COBIT - William F. Slater III 10

COBIT Components: The Interrelationships From COBIT 4.1 Guide By ISACA January 27, 2013 A Brief Presentation on IT Governance and COBIT - William F. Slater III 11

COBIT s Information Criteria Effectivenessdeals with information being relevant and pertinent to the business process as well as being delivered in a timely, correct, consistent and usable manner. Efficiency concerns the provision of information through the optimal (most productive and economical) use of resources. Confidentialityconcerns the protection of sensitive information from unauthorized disclosure. Integrityrelates to the accuracy and completeness of information as well as to its validity in accordance with business values and expectations. Availabilityrelates to information being available when required by the business process now and in the future. It also concerns the safeguarding of necessary resources and associated capabilities. Compliancedeals with complying with the laws, regulations and contractual arrangements to which the business process is subject, i.e., externally imposed business criteria as well as internal policies. From COBIT 4.1 Guide By ISACA Reliabilityrelates to the provision of appropriate information for management to operate the entity and exercise its fiduciary and governance responsibilities. January 27, 2013 A Brief Presentation on IT Governance and COBIT - William F. Slater III 12

Recommendations for COBIT-based IT Governance COBIT is a mature IT Governance Framework that offers many measurable benefits Adoption of COBIT will allow this organization to achieve the following goals Alignment of IT capabilities with business goals and needs Establishment of goals, and measurement oand management of IT in a structured way Increase the value of IT to the organization Risk reduction Continual improvement of IT From COBIT 4.1 Guide By ISACA January 27, 2013 A Brief Presentation on IT Governance and COBIT - William F. Slater III 13

COBIT 4.1 vs. COBIT 5.0 COBIT 5.0 is very similar to COBIT 4.1, except that is more prescriptive on the use of Balanced Scorecards, measurement, management, and continual improvement. January 27, 2013 A Brief Presentation on IT Governance and COBIT - William F. Slater III 14

Conclusion IT Governance offers the best hope for well-managed IT Resources. IT Governance requires strong management and management support to be successful COBIT is well-structured, easy to follow, and when implemented, it will allow this organization to accomplish each of these objectives: Alignment of IT capabilities with business goals and needs Establishment of performance objectives and Measurement of progress Increase the value of IT to the organization Risk reduction Continual improvement From COBIT 4.1 Guide By ISACA January 27, 2013 A Brief Presentation on IT Governance and COBIT -William F. Slater III 15

References ISACA. (2012) The ISACA website. Retrieved from on http://ww.isaca.org on December 15, 2012. Simplicable.com (2011). 8 Common IT Governance Pitfalls. Retrieved from www.simplicable.com on May 15, 2011. January 27, 2013 A Brief Presentation on IT Governance and COBIT -William F. Slater III 16

References ISO. (2006). ISO 17021 -Conformity assessment Requirements for bodies providing audit and certification of management systems. Retrieved from http://isiri.org/portal/file/showfile.aspx?id=746a125a-d702-477e-8e23-165d321dd57a on July 18, 2011. ISO. (2011). ISO 19011 -Guidelines for auditing management systems. Retrieved from http://www.cnis.gov.cn/wzgg/201202/p020120229378899282521.pdf on July 18, 2011. LaChapelle, E. (2011). ISO 27001 Lead Auditor Course Material from PECB (www.pecb.org). From a course delivered in Dallas, TX in July 2011. Lincke, S. (2011). The Small Business Information Security Workbook. Retrieved from http://itm.iit.edu/netsecure11/susanlincke_smallbizsecworkbook.pdf on May 15, 2012. SANS. (2012. SANS IT Audit Courses. Retrieved from http:// it-audit.sans.org on December 14, 2012. Senft, S., et al. (2013). Information Technology Control and Audit, fourth edition.boca Raton, FL: CRC Press. THEIIA. 2012. The Institute of Internal Auditors. Retrieved from https://na.theiia.org/certification/ciacertification/pages/cia-certification.aspx on December 16, 2012. Wikipedia. (2012). Information Technology Audit. Retrieved from http://en.wikipedia.org/wiki/information_technology_audit on December 15, 2012. Wright, C. S. (2007). A Taxonomy of Information Systems Audits Assessments and Reviews. Retrieved from http://www.sans.org/reading_room/whitepapers/auditing/taxonomy-information-systems-audits-assessmentsreviews_1801 July 23, 2007. January 27, 2013 A Brief Presentation on IT Governance and COBIT -William F. Slater III 17

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information