A Business Framework for the Governance and Management of Enterprise IT

Similar documents
Enabling Information PREVIEW VERSION

for Information Security

Roles, Activities and Relationships

Please feel free to call on our organizations if we can be of assistance in any way on further deliberations, task forces or committees.

Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT Maat Consulting Reading, UK

Chayuth Singtongthumrongkul

COBIT 5 Introduction. 28 February 2012

Understanding COBIT 5. based on ISACA Materials Prepared by: Deb Mallette, CGEIT, CISA, CSSBB, IMG BSMS EPDM, Process Consultant

Presented by. Denis Darveau CISM, CISA, CRISC, CISSP

IS Audit and Assurance Guideline 2402 Follow-up Activities

G13 USE OF RISK ASSESSMENT IN AUDIT PLANNING

COBIT 5 ISACA s new framework for IT Governance, Risk, Security and Auditing. An overview

G11 EFFECT OF PERVASIVE IS CONTROLS

INFORMATION TECHNOLOGY FLASH REPORT

ISACA ON-SITE TRAINING DELIVERS EXPERT INSTRUCTION AT YOUR WORKPLACE

CLOUD GOVERNANCE: Questions Boards of Directors Need to Ask AN ISACA CLOUD VISION SERIES WHITE PAPER

COBIT 5: A New Governance Framework for Managing & Auditing the Technology Environment CS 6-7: Tuesday, July 7 3:30-4:30

COBIT 5 for Risk. CS 3-7: Monday, July 6 4:00-5:00. Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.

Re: Experience with the Framework for Improving Critical Infrastructure Cybersecurity ( Framework )

Strategy, COBIT and Vision: HOW DO THEY RELATE? Ken Vander Wal, CISA, CPA, Past President, ISACA

How To Use Risk It

IS Audit and Assurance Guideline 2202 Risk Assessment in Planning

Assessing & Managing IT Risks: Using ISACA's CobiT & Risk IT Frameworks

MANY CERTIFICATES WHAT S THE WORTH?

INSIGHTS AND RESOURCES FOR THE CYBERSECURITY PROFESSIONAL

Profil stručnjaka za informacijsku sigurnost - certificirati se ili ne? Biljana Cerin, CISA, CISM, CGEIT, CBCP, PMP

CobiT Strategy and Long Term Vision

ITAF. 3 rd Edition. A Professional Practices Framework for IS Audit/Assurance

COBIT Helps Organizations Meet Performance and Compliance Requirements

Revised October 2013

All about CPEs. David Gittens CISA CISM CISSP CRISC HISP

IT Governance Implementation Workshop

Terms of Reference for an IT Audit of

Auditors Need to Know June 13th, ISACA COBIT 5 for Assurance

White Paper. COBIT 5 & BiSL

COBIT 5 Implementation Certification Course

Candidate s Guide to the CISM Exam and Certification

Increasing IT Value and Reducing Risk. More for Less with COBIT5. IT Governance and Strategy

"Integrating ITIL and COBIT 5 to Optimize IT Process and Service Delivery"

The IT Infrastructure Library (ITIL)

COBIT 5 For Cyber Security Governance and Management. Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE)

CLOUD SECURITY THROUGH COBIT, ISO ISMS CONTROLS, ASSURANCE AND COMPLIANCE

Continuing Professional Education Policy

The preceding pages provide a preview of the information contained in COBIT 5 for Risk.

Integrating the Project Portfolio Management and Service Portfolio Management: The Governance of Enterprise IT Perspective

ow to use CobiT to assess the security & reliability of Digital Preservation

Certified Information Security Manager 2011 Candidate s Guide to the CISM. Exam and Certification

COBIT 5 Implementation Certifi cate. Training Course & Exam

Somewhere Today, A Project is Failing

ISACA. Trust in, and value from, information systems.

Risks and Rewards of the Internet of Things. Findings From ISACA s 2013 IT Risk/Reward Barometer

COBIT 5 Foundation Workshop. COBIT is a trademark of the Information Systems Audit and Control Association and the IT Governance Institute

Citation for published version (APA): Berthing, H. H. (2014). Vision for IT Audit Abstract from Nordic ISACA Conference 2014, Oslo, Norway.

IBM Security in the Software Development Lifecycle

This article describes how these seven enablers have contributed towards better information security management at HDFC Bank.

Introduction to ISACA and ITGI By Georges Ataya, International Vice President, ISACA

IS Standards, Guidelines and Procedures for Auditing and Control Professionals

Introduction Auditing Internal Controls in an IT Environment SOx and the COSO Internal Controls Framework Roles and Responsibilities of IT Auditors

ISACA is responding to the PCAOB questions principally from an information technology (IT) perspective.

Active Software Escrow s Usefulness for Companies Embracing COBIT 5 By Andrew Stekhoven

Applying Integrated Risk Management Scenarios for Improving Enterprise Governance

Benchmark of controls over IT activities Report. ABC Ltd

Criticism of Implementation of ITSM & ISO20000 in IT Banking Industry. Presented by: Agus Sutiawan, MIT, CISA, CISM, ITIL, BSMR3

COBIT 4.1 TABLE OF CONTENTS

26 February Ms. Nancy M. Morris, Secretary Securities and Exchange Commission 100 F Street NE Washington, DC

COBIT 5 IMPLEMENTATION SYLLABUS

Why CISM? Who Earns CISM Certification? CISA, CISM and CGEIT Program Accreditation Renewed Under ISO/IEC 17024:2003

Cyber Security Consultancy Standard. Version 0.2 Crown Copyright 2015 All Rights Reserved. Page 1 of 13

Contents. viii. 4 Service Design processes 57. List of figures. List of tables. OGC s foreword. Chief Architect s foreword. Preface.

Cybercrime & Cybersecurity: the Ongoing Battle International Hellenic University

Application for CISA Certification

Gobierno de TI Enfrentando al Reto. IT Governance Facing the Challenge. Everett C. Johnson, CPA International President ISACA and ITGI

ISO 27001:2005 & ISO 9001:2008

Social Media: Business Benefits and Security, Governance and Assurance Perspectives

Governance and Management of Information Security

2. Alignment. 3. Financial Benefits. 4. Non-financial Benefits. 5. Risk

Did Someone Say Value? Delivering Enterprise Value the Metrics Way

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA

IT Service Management ITIL, COBIT

Cloud Computing Advantages

ISACA Privacy Principles and Program Management Guide Preview Yves LE ROUX Principal consultant

CRISC is a trademark/service mark of ISACA. The mark has been applied for or registered in countries throughout the world.

Application for CISM Certification

COBIT 5 and the Process Capability Model. Improvements Provided for IT Governance Process

Certified Information Security Manager (CISM)

Compliance Risk Management IT Governance Assurance

Public Service Corporate Governance of Information and Communication Technology Policy Framework

Big Data: Impact, Benefits, Risk and Governance

Foundation Bridge in IT Service Management (ITSM) according to ISO/IEC Specification Sheet. ISO/IEC Foundation Bridge TÜV SÜD Akademie

Information Security Management Systems

ISACA Tools Help Develop Cybersecurity Expertise

Office Hours: By Appointment COURSE DESCRIPTION AND LEARNING GOALS

Cyber Risk Management with COBIT 5

Updated: 2014 January. Continuing Professional Education (CPE) Policy

Enhancing IT Governance, Risk and Compliance Management (IT GRC)

INFORMATION SECURITY & GOVERNANCE SYSTEMS AND IT INFRASTRUCTURE INFOSEC & TECHNOLOGY TRAINING. forebrook

IS AUDITING GUIDELINE REVIEW OF VIRTUAL PRIVATE NETWORKS DOCUMENT #

Enterprise Architecture at Work

Copyright protected. Use is for Single Users only via a VHP Approved License. For information and printed versions please see

Cloud Computing Market Maturity Study Results

Transcription:

A Business Framework for the Governance and Management of Enterprise IT

These following pages provide a preview of the information contained in COBIT 5. The COBIT 5 framework is available as a complimentary PDF (www.isaca.org/cobit) and for purchase in hard copy (www.isaca.org/bookstore). It provides an overview of the COBIT 5 guidance, its five principles and seven enablers. We encourage you to share this document with your enterprise leaders, team members, clients and/or consultants. COBIT enables enterprises to maximize the value and minimize the risk related to information, which has become the currency of the 21 st century. COBIT 5 is a comprehensive framework of globally accepted principles, practices, analytical tools and models that can help any enterprise effectively address critical business issues related to the governance and management of information and technology. Additional information is available at www.isaca.org/cobit. Not a member? Learn the value of ISACA membership. Additional information is available at www.isaca.org/membervalue.

ISACA With 95,000 constituents in 160 countries, ISACA (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems (IS) assurance and security, enterprise governance and management of IT, and IT-related risk and compliance. Founded in 1969, the non-profit, independent ISACA hosts international conferences, publishes the ISACA Journal, and develops international IS auditing and control standards, which help its constituents ensure trust in, and value from, information systems. It also advances and attests IT skills and knowledge through the globally respected Certified Information Systems Auditor (CISA ), Certified Information Security Manager (CISM ), Certified in the Governance of Enterprise IT (CGEIT ) and Certified in Risk and Information Systems Control TM (CRISC TM ) designations. ISACA continually updates COBIT, which helps IT professionals and enterprise leaders fulfil their IT governance and management responsibilities, particularly in the areas of assurance, security, risk and control, and deliver value to the business. Disclaimer ISACA has designed this publication, (the Work ), primarily as an educational resource for governance of enterprise IT (GEIT), assurance, risk and security professionals. ISACA makes no claim that use of any of the Work will assure a successful outcome. The Work should not be considered inclusive of all proper information, procedures and tests or exclusive of other information, procedures and tests that are reasonably directed to obtaining the same results. In determining the propriety of any specific information, procedure or test, readers should apply their own professional judgement to the specific GEIT, assurance, risk and security circumstances presented by the particular systems or information technology environment. Copyright 2012 ISACA. All rights reserved. For usage guidelines, see www.isaca.org/cobituse. ISACA 3701 Algonquin Road, Suite 1010 Rolling Meadows, IL 60008 USA Phone: +1.847.253.1545 Fax: +1.847.253.1443 Email: info@isaca.org Web site: www.isaca.org Feedback: www.isaca.org/cobit Participate in the ISACA Knowledge Center: www.isaca.org/knowledge-center Follow ISACA on Twitter: https://twitter.com/isacanews Join the COBIT conversation on Twitter: #COBIT Join ISACA on LinkedIn: ISACA (Official), http://linkd.in/isacaofficial Like ISACA on Facebook: www.facebook.com/isacahq ISBN 978-1-60420-237-3 Printed in the United States of America 4 2

Table of Contents Table of Contents List of Figures...9 COBIT 5: A Business Framework for the Governance and Management of Enterprise IT...11 Executive Summary...13 Chapter 1. Overview of COBIT 5...15 Overview of This Publication...16 Chapter 2. Principle 1: Meeting Stakeholder Needs...17 Introduction...17 COBIT 5 Goals Cascade...17 Step 1. Stakeholder Drivers Influence Stakeholder Needs...17 Step 2. Stakeholder Needs Cascade to Enterprise Goals...17 Step 3. Enterprise Goals Cascade to IT-related Goals...18 Step 4. IT-related Goals Cascade to Enabler Goals...18 Using the COBIT 5 Goals Cascade...20 Benefits of the COBIT 5 Goals Cascade...20 Using the COBIT 5 Goals Cascade Carefully...20 Using the COBIT 5 Goals Cascade in Practice...20 Governance and Management Questions on IT...21 How to Find an Answer to These Questions...22 Chapter 3. Principle 2: Covering the Enterprise End-to-end...23 Governance Approach...23 Governance Enablers...24 Governance Scope...24 Roles, Activities and Relationships...24 Chapter 4. Principle 3: Applying a Single Integrated Framework...25 COBIT 5 Framework Integrator...25 Chapter 5. Principle 4: Enabling a Holistic Approach...27 COBIT 5 Enablers...27 Systemic Governance and Management Through Interconnected Enablers...27 COBIT 5 Enabler Dimensions...28 Enabler Dimensions...28 Enabler Performance Management...29 Example of Enablers in Practice...29 Chapter 6. Principle 5: Separating Governance From Management...31 Governance and Management...31 Interactions Between Governance and Management...31 COBIT 5 Process Reference Model...32 Chapter 7. Implementation Guidance...35 Introduction...35 Considering the Enterprise Context...35 Creating the Appropriate Environment...36 Recognising Pain Points and Trigger Events...36 Enabling Change...37 A Life Cycle Approach...37 Getting Started: Making the Business Case...38 7

Chapter 8. The COBIT 5 Process Capability Model...41 Introduction...41 Differences Between the COBIT 4.1 Maturity Model and the COBIT 5 Process Capability Model...41 Differences in Practice...43 Benefits of the Changes...44 Performing Process Capability Assessments in COBIT 5...45 Appendix A. References...47 Appendix B. Detailed Mapping Enterprise Goals IT-related Goals...49 Appendix C. Detailed Mapping IT-related Goals IT-related Processes...51 Appendix D. Stakeholder Needs and Enterprise Goals...55 Appendix E. Mapping of COBIT 5 With the Most Relevant Related Standards and Frameworks...57 Introduction...57 COBIT 5 and ISO/IEC 38500...57 ISO/IEC 38500 Principles...57 ISO/IEC 38500 Evaluate, Direct and Monitor...60 Comparison With Other Standards...60 ITIL V3 2011 and ISO/IEC 20000...60 ISO/IEC 27000 Series...60 ISO/IEC 31000 Series...60 TOGAF...60 Capability Maturity Model Integration (CMMI) (development)...61 PRINCE2...61 Appendix F. Comparison Between the COBIT 5 Information Model and COBIT 4.1 Information Criteria... 63 Appendix G. Detailed Description of COBIT 5 Enablers...65 Introduction...65 Enabler Dimensions...65 Enabler Performance Management...66 COBIT 5 Enabler: Principles, Policies and Frameworks...67 COBIT 5 Enabler: Processes...69 Enabler Performance Management...70 Example of Process Enabler in Practice...71 COBIT 5 Process Reference Model...71 COBIT 5 Enabler: Organisational Structures...75 COBIT 5 Enabler: Culture, Ethics and Behaviour...79 COBIT 5 Enabler: Information...81 Introduction The Information Cycle...81 COBIT 5 Information Enabler...81 COBIT 5 Enabler: Services, Infrastructure and Applications...85 COBIT 5 Enabler: People, Skills and Competencies...87 Appendix H. Glossary...89 8

COBIT 5: A Business Framework for the Governance and Management of Enterprise IT COBIT 5: A Business Framework for the Governance and Management of Enterprise IT The COBIT 5 publication contains the COBIT 5 framework for governing and managing enterprise IT. The publication is part of the COBIT 5 product family as shown in figure 1. COBIT 5 Enabler Guides Figure 1 COBIT 5 Product Family : Enabling Processes : Enabling Information Other Enabler Guides COBIT 5 Professional Guides Implementation for Information Security for Assurance for Risk Other Professional Guides COBIT5 Online Collaborative Environment The COBIT 5 framework is built on five basic principles, which are covered in detail, and includes extensive guidance on enablers for governance and management of enterprise IT. The COBIT 5 product family includes the following products: COBIT 5 (the framework) COBIT 5 enabler guides, in which governance and management enablers are discussed in detail. These include: COBIT 5: Enabling Processes COBIT 5: Enabling Information (in development) Other enabler guides (check www.isaca.org/cobit) COBIT 5 professional guides, which include: COBIT 5 Implementation COBIT 5 for Information Security (in development) COBIT 5 for Assurance (in development) COBIT 5 for Risk (in development) Other professional guides (check www.isaca.org/cobit) A collaborative online environment, which will be available to support the use of COBIT 5 11

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information