Understanding COBIT 5. based on ISACA Materials www.isaca.org/cobit. Prepared by: Deb Mallette, CGEIT, CISA, CSSBB, IMG BSMS EPDM, Process Consultant

Similar documents

COBIT 5 Introduction. 28 February 2012

COBIT 5 Process Assessment Method (PAM) Debra Mallette, CGEIT, CISA, CSSBB Governance Risk and Compliance -G22

Presented by. Denis Darveau CISM, CISA, CRISC, CISSP

Chayuth Singtongthumrongkul

Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT Maat Consulting Reading, UK

Roles, Activities and Relationships

COBIT Helps Organizations Meet Performance and Compliance Requirements

Revised October 2013

COBIT 5: A New Governance Framework for Managing & Auditing the Technology Environment CS 6-7: Tuesday, July 7 3:30-4:30

INFORMATION TECHNOLOGY FLASH REPORT

COBIT 5 For Cyber Security Governance and Management. Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE)

IT Governance Implementation Workshop

COBIT 5 Foundation Workshop. COBIT is a trademark of the Information Systems Audit and Control Association and the IT Governance Institute

White Paper. COBIT 5 & BiSL

Introduction to ITIL for Project Managers

Assessing & Managing IT Risks: Using ISACA's CobiT & Risk IT Frameworks

CLOUD SECURITY THROUGH COBIT, ISO ISMS CONTROLS, ASSURANCE AND COMPLIANCE

Strategy, COBIT and Vision: HOW DO THEY RELATE? Ken Vander Wal, CISA, CPA, Past President, ISACA

Increasing IT Value and Reducing Risk. More for Less with COBIT5. IT Governance and Strategy

COBIT 5 ISACA s new framework for IT Governance, Risk, Security and Auditing. An overview

The IT Infrastructure Library (ITIL)

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA

S11 - Implementing IT Governance An Introduction Debra Mallette

Terms of Reference for an IT Audit of

How To Compare Itil To Togaf

How To Use Risk It

EA vs ITSM. itsmf

Enabling Information PREVIEW VERSION

COBIT 5 for Risk. CS 3-7: Monday, July 6 4:00-5:00. Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.

Copyright protected. Use is for Single Users only via a VHP Approved License. For information and printed versions please see

Certified Information Security Manager (CISM)

Somewhere Today, A Project is Failing

ITIL Service Lifecycles and the Project Manager

Maximize the synergies between ITIL and DevOps

COBIT 4.1 TABLE OF CONTENTS

for Information Security

COBIT 5 and the Process Capability Model. Improvements Provided for IT Governance Process

Auditors Need to Know June 13th, ISACA COBIT 5 for Assurance

CYBERSECURITY NEXUS ROBERT E STROUD INTERNATIONAL PRESIDENT, ISACA RAMSÉS GALLEGO INTERNATIONAL VICE PRESIDENT, ISACA

Effectively Using CobiT in IT Service Management

Maximize the synergies between ITIL and DevOps. AXELOS.com

Certified Software Quality Assurance Professional VS-1085

Introduction to ISACA and ITGI By Georges Ataya, International Vice President, ISACA

EVALUATION FRAMEWORK FOR SERVICE CATALOG MATURITY IN INFORMATION TECHNOLOGY ORGANIZATIONS

Integrating the Project Portfolio Management and Service Portfolio Management: The Governance of Enterprise IT Perspective

Complimentary Relationship Between ITIL and PMBOK

Introduction Auditing Internal Controls in an IT Environment SOx and the COSO Internal Controls Framework Roles and Responsibilities of IT Auditors

Tutorial: Towards better managed Grids. IT Service Management best practices based on ITIL

Frameworks for IT Management

IT Vendor Due Diligence. Jennifer McGill CIA, CISA, CGEIT IT Audit Director Carolinas HealthCare System December 9, 2014

Profil stručnjaka za informacijsku sigurnost - certificirati se ili ne? Biljana Cerin, CISA, CISM, CGEIT, CBCP, PMP

ISO 21500: Did we need it? A Consultant's Point of View after a first experience. Session EM13TLD04

Criticism of Implementation of ITSM & ISO20000 in IT Banking Industry. Presented by: Agus Sutiawan, MIT, CISA, CISM, ITIL, BSMR3

IT Service Management ITIL, COBIT

itsmf USA Problem Management Community of Interest

"Integrating ITIL and COBIT 5 to Optimize IT Process and Service Delivery"

ITIL v3 Service Manager Bridge

Trends in Information Technology (IT) Auditing

Preparation Guide. EXIN IT Service Management Associate Bridge based on ISO/IEC 20000

ITIL: What it is What it Can Do For You V2.1

GAIA Service Catalogs: A Framework for the Construction of IT Service Catalogs

An Implementation Roadmap

IS Management, ITIL, ISO, COBIT...

ASSESSMENT OF THE IT GOVERNANCE PERCEPTION WITHIN THE ROMANIAN BUSINESS ENVIRONMENT

JUSTIFYING SECURITY SPENDING

ITIL AND COBIT EXPLAINED

Software Quality Standards and. from Ontological Point of View SMEF. Konstantina Georgieva

Contents. viii. 4 Service Design processes 57. List of figures. List of tables. OGC s foreword. Chief Architect s foreword. Preface.

Recommendation for IT Governance Using the COBIT 4.1 Framework

Ann Geyer Tunitas Group. CGEIT Domains

ITIL V3 AND THE SERVICE LIFECYCLE PART I THE MISSING COMPONENT

PMP Examination Tasks Puzzle game

CobiT Strategy and Long Term Vision

Service Management. A framework for providing worlds class IT services

Feature. Developing an Information Security and Risk Management Strategy

Security & IT Governance: Strategies to Building a Sustainable Model for Your Organization

TOGAF TOGAF & Major IT Frameworks, Architecting the Family

ESKITP Implement procedures and standards relating to metrics for IT service delivery

Metrics 101: Implementing a Metrics Framework to Create Value through Continual Service Improvement

Principles of Execution. Tips and Techniques for Effective Project Portfolio Management

TOGAF. TOGAF & Major IT Frameworks, Architecting the Family. by Danny Greefhorst, MSc., Director of ArchiXL. IT Governance and Strategy

IT Governance (Worthwhile Exercise?) January 10, 2013 Presented by Chad Murphy, CISA

Enhancing IT Governance, Risk and Compliance Management (IT GRC)

CONCEPTUAL MODEL OF IT GOVERNANCE FOR HIGHER EDUCATION BASED ON COBIT 5 FRAMEWORK

A Comparison of IT Governance & Control Frameworks in Cloud Computing. Jack D. Becker ITDS Department, UNT & Elana Bailey

Information Security Governance:

Moving Forward with IT Governance and COBIT

Project Management (PMI Based)

Creating and Maturing a Service Catalog

IT governance and business organization: some trends about the management of application portfolio

Introduction to ITIL for Project Managers

Executive's Guide to

IT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE

Tutorial on Service Level Management in e- Infrastructures State of the Art and Future Challenges. The FedSMProject Thomas Schaaf & Owen Appleton

ITIL V3 Service Design Certification Program 3 Days

Transcription:

Prepared by: Deb Mallette, CGEIT, CISA, CSSBB, IMG BSMS EPDM, Process Consultant Understanding COBIT 5 based on ISACA Materials www.isaca.org/cobit ISACA Silicon Valley Chapter Spring 1

Why COBIT is important What COBIT 5 is n n n n Framework Implementation Life Cycle Process Reference Model Process Assessment Method How to use COBIT Session Objectives What is different about COBIT 5 vs. COBIT 4.1 ISACA Silicon Valley Chapter Spring 2

ISACA Silicon Valley Chapter Spring 3

Why is COBIT important to Your Enterprise? IT audit and assurance de-facto standard Governance, Risk and Compliance Information Security Business value focused IT Process Framework ITIL, CMMI and PMBOK synergies Governance and Management processes How to monitor, evaluate, assess and improve business process performance ISACA Silicon Valley Chapter Spring 4

Achieve Operational Excellence COBIT Framework to Achieve Business Goals Generate Business Value Optimize Costs Make Quality Business Decisions Maintain acceptable level of IT-related risk Information Technology ISACA Silicon Valley Chapter Spring 5

A Business Framework for the Governance and Management of Enterprise IT Five Principles Seven Enablers Governance and Management Implementation Lifecycle Assessment Approach ISACA Silicon Valley Chapter Spring Page:6

Evolution of scope Now a Complete Framework! Governance of Enterprise IT IT Governance Management Val IT 2.0 (2008) Control Risk IT (2009) Audit COBIT 1 COBIT 2 COBIT 3 COBIT 4.0/4.1 COBIT 5 1996 1998 2000 2005/7 ww.isaca.org/cobit 2012 ISACA Silicon Valley Chapter Spring Page:7

1. Meeting Stakeholder Needs COBIT 5 Five Principles 5. Separating Governance From Management COBIT 5 Principles 2. Covering the Enterprise End-to-End 4. Enabling a Holistic Approach 3. Applying a Single Integrated Framework ISACA Silicon Valley Chapter Spring 8

Stakeholder Needs Principle 1. Meeting Stakeholder Needs Drive Governance Objective: Create Value Benefits Realization Risk Optimization Resource Optimization ISACA Silicon Valley Chapter Spring 9

Stakeholder Needs Drive Influences Governance Objective: Create Value Benefits Realization Risk Optimization Resource Optimization Enterprise Goals IT Related Goals Enabler Goals Cascades to Cascades to ISACA Silicon Valley Chapter Spring 10

Benefits Realization Principle 2. Covering the Enterprise End-to-End Governance Objective: Create Value Risk Optimization Resource Optimization Governance Enablers Governance Scope Roles, Activities and Relationships ISACA Silicon Valley Chapter Spring 11

Owners and Stakeholders Accountable Delegate Governing Body Monitor Management Report Principle 2: Roles, Activities and Relationships Set Direction ISACA Silicon Valley Chapter Spring Instruct and Align Operations and Execution 12

Principle 3: Applying a Single Integrated Framework Diagram excerpt from COBIT 5 Essential Facts - Fact 4: COBIT 5 brings order to complex standards, regulations and frameworks ISACA Silicon Valley Chapter Spring 13

Principle 4. Enabling a Holistic Approach Processes Organizational Structures Culture, Ethics and Behavior Principles, Policies and Frameworks Information Services Infrastructure Applications RESOURCES ISACA Silicon Valley Chapter Spring People, Skills and Competencies 14

Enablers and Performance Stakeholders Internal External Goals Intrinsic Context Accessibility and Security Life Cycle Plan Design Build Use Evaluate Dispose Good Practices Practices Work Products Addressed? Achieved? Goal Indicator Metrics Managed? ISACA Silicon Valley Chapter Spring Applied? Practice Indicator Metrics 15

Governance Direct Business Needs Evaluate Management Feedback Principle 5: Monitor Management Plan (Align, Plan, Organize) Build (Build, Acquire Implement) Run (Deliver, Service, Support) Monitor (Monitor, Evaluate, Assess) ISACA Silicon Valley Chapter Spring 16

Implementation Lifecycle ISACA Silicon Valley Chapter Spring Page:17

Process Capability Assessment Approach Detailed guidance for COBIT 5 ISO/IEC 15504 Compliant method COBIT 5 Enabling Processes are defined as ISO/IEC 15504 compliant process reference model Raises bar incomplete process if there is not evidence (metrics and work products) that purpose/goals are largely achieved Aligns with ITIL TIPA Assessment method ISACA Silicon Valley Chapter Spring 18

COBIT 5 PAM Optimizing Predictable Established Managed Performed Incomplete Capability Measurement System PRM Purpose Outcomes Base Practices Work Products

ISACA Silicon Valley Chapter Spring COBIT 5 Enabling Processes Goals Cascade Process model explanation Diagram of Model Details for 37 Processes: n Purpose n Practices n Goals & Metrics n Activities & RACI n Work Products Page:20

COBIT 5 Domains and Processes ISACA Silicon Valley Chapter Spring 21

COBIT4.1 Framework Slide 22

COBIT 4.1 v.s COBIT 5 COBIT 4.1 COBIT 5.0 Governance embedded No Val IT and Risk IT 5 Principles Principle-driven approach IT Management and Audit focus Bridge from COBIT 4.1 Enablers developed as Pulled ISACA Silicon Valley Chapter Spring 23

Summary ISACA Silicon Valley Chapter Spring 24

ISACA Silicon Valley Chapter Spring Page:25

Thanks! Great ideas need landing gear as well as wings. ~C.D. Jackson ISACA Silicon Valley Chapter Spring Page:26