Get to know COBIT 5 Warangkana Musikhasungka ISACA Bangkok Chapter Vice President Director, PwC Risk Assurance Solutions Warangkana.musikhasungka@th.pwc.com 8 December 2015 2015 ISACA. All Rights Reserved.
ว ทยากร วรางคณา ม ส กะส งข การศ กษา ปร ญญาโท MBA In Financial and Banking, จ ฬาลงกรณ มหาว ทยาล ย ปร ญญาตร สถ ต ศาสตร บ ณฑ ต จ ฬาลงกรณ มหาว ทยาล ย อน ปร ญญา น ต ศาสตร รามค าแหงมหาว ทยาล ย CISA, CRISC Information System Audit and Controls Association (ISACA) การท างาน ป จจ บ น Director - Risk Assurance Services, PricewaterhouseCoopers (PwC) ต าแหน งอ น รองนายกสมาคม ISACA Bangkok Chapter คณะกรรมการว ชาช พบ ญช ด านวางระบบบ ญช สภาว ชาช พบ ญช ในพระบรมราช ปถ มภ คณะอน กรรมการทางด านเทคโนโลย สารสนเทศ สมาคมผ ตรวจสอบภายในแห งประเทศไทย ประสบการณ อ น ๆ ผ บรรยายห วข อเก ยวก บ การประเม นความเส ยง การตรวจสอบทางด านเทคโนโลย สารสนเทศ และ IT Governance ส าหร บ ISACA Bangkok Chapter ผ ด าเน นรายการ และผ บรรยายห วข อเก ยวก บการประเม นความเส ยง การตรวจสอบทางด าน เทคโนโลย สารสนเทศ และ IT Governance ส าหร บ IA Clinic สมาคมผ ตรวจสอบภายใน แห งประเทศไทย 2015 ISACA. All Rights Reserved. 2
Get to know COBIT 5 1. IT Risks Trend and Survey 2. Introduction - Why Cobit? 3. COBIT 5 Principles 2015 ISACA. All Rights Reserved. 3
Get to know COBIT 5 1. IT Risks Trend and Survey 2015 ISACA. All Rights Reserved.
Top 10 Global Business Risks for 2015 Reference : Allianz Risk Barometer 2015 2015 ISACA. All Rights Reserved. 5
The Global Risk Landscape 2015 What is the impact and likelihood of technological risks? Reference: Global Risk Perception Survey 2014, World Economic Forum 2015 ISACA. All Rights Reserved. 6
The Global Risk Landscape 2015 What is the impact and likelihood of technological risks? Reference: Global Risk Perception Survey 2014, World Economic Forum 2015 ISACA. All Rights Reserved. 7
IT Risk Trends 2015 Critical information infrastructure breakdown Cyber attacks Misuse of technologies Data fraud or theft 2015 ISACA. All Rights Reserved. 8
Critical information infrastructure breakdown This risk is most closely related to inadequate research and development investment and is at centre of the four technological risks. Capital /Funding Supply Constraints Inadequate R&D investment Threats from new technologies Online data and Information Security 2015 ISACA. All Rights Reserved. 9
Cyber attacks Example Phishing Social Engineering Unpatched software Network-traveling worms Cybercrime 2015 ISACA. All Rights Reserved. 10
Misuse of technologies Example People are actually concerned about misuse and abuse of technology. Society states that internet uses lead to intimidation or threat to people as well as allowing easy piracy by providing the infrastructure to illegal music or software downloads and plagiarism. 2015 ISACA. All Rights Reserved. 11
Data fraud or theft 2015 ISACA. All Rights Reserved. 12
Unauthorised Access Program Errors Input Errors System Down Operation inefficiency Not fit with business Inaccurate Incomplete Untimely Information Unsecured System System Interruption Ineffective Not Confidential Unavailable Noncompliance Inefficient Not Integrity Unreliable 2015 ISACA. All Rights Reserved. 13
The global state of information security survey 2015 2015 ISACA. All Rights Reserved. 14
The global state of information security survey 2015 2015 ISACA. All Rights Reserved. 15
The global state of information security survey 2015 2015 ISACA. All Rights Reserved. 16
The global state of information security survey 2015 2015 ISACA. All Rights Reserved. 17
The global state of information security survey 2015: Key Findings 2015 ISACA. All Rights Reserved. 18
CEO are getting more concerned about a wide range of risks 78% Over-Regulation 54% New market entrants 58% Technology change 73% Availability of key skill 72% Government response 60% Social instability 72% Geopolitical uncertainty 61% Cyber threats Data security 60% Shift in Customer behaviors 70% Increasing tax burden 2015 ISACA. All Rights Reserved. 19
2016 ข อม ลจาก 2015 ISACA. All Rights Reserved. 20
Get to know COBIT 5 2. Introduction - Why Cobit? 2015 ISACA. All Rights Reserved.
Key Challenges of Using IT 1. Keep IT running 2. Aligning IT with business 3. Delivering value 4. Security 5. Regulatory compliance 6. Mastering complexity 7. Optimizing costs 2015 ISACA. All Rights Reserved. 22
The Need for IT Governance, Why? Keeping IT Running Aligning IT with Business Security Managing Complexity Value/Cost Regulatory Compliance 23 23
Why Develop COBIT 5? COBIT 5: ISACA Board of Directors directive: Tie together and reinforce all ISACA knowledge assets with COBIT. Provide a renewed and authoritative governance and management framework for enterprise information and related technology Integrate all other major ISACA frameworks and guidance Align with other major frameworks and standards 2015 ISACA. All Rights Reserved. 24
The Evolution of COBIT 5 Governance of Enterprise IT Evolution IT Governance Management Control Audit BMIS (2010) Val IT 2.0 (2008) Risk IT (2009) COBIT1 COBIT2 COBIT3 COBIT4.0/4.1 COBIT 5 1996 1998 2000 2005/7 2012 2015 ISACA. All Rights Reserved.
COBIT 5 Scope Not simply IT; not only for big business! COBIT 5 is about governing and managing information Whatever medium is used End to end throughout the enterprise Information is equally important to: Global, multinational business National and local government Charities and not for profit enterprises Small to medium enterprises and Clubs and associations 2015 ISACA. All Rights Reserved. 26
Enterprise Benefits Enterprises and their executives strive to: Maintain quality information to support business decisions. Generate business value from IT-enabled investments, i.e., achieve strategic goals and realise business benefits through effective and innovative use of IT. Achieve operational excellence through reliable and efficient application of technology. Maintain IT-related risk at an acceptable level. Optimise the cost of IT services and technology. How can these benefits be realised to create enterprise stakeholder value? 2015 ISACA. All Rights Reserved. 27
Stakeholder Value Delivering enterprise stakeholder value requires good governance and management of information and technology (IT) assets. Enterprise boards, executives and management have to embrace IT like any other significant part of the business. External legal, regulatory and contractual compliance requirements related to enterprise use of information and technology are increasing, threatening value if breached. COBIT 5 provides a comprehensive framework that assists enterprises to achieve their goals and deliver value through effective governance and management of enterprise IT. 2015 ISACA. All Rights Reserved. 28
Business Needs Enterprises are under constant pressure to: Increase benefits realization through effective and innovative use of enterprise IT Generate business value from new enterprise investments with a supporting IT investment Achieve operational excellence through application of technology Maintain IT related risk at an acceptable level Contain cost of IT services and technology Ensure business and IT collaboration, leading to business user satisfaction with IT engagement and services Comply with ever increasing relevant laws, regulations and policies 2015 ISACA. All Rights Reserved. 29
The COBIT 5 Format Simplified COBIT 5 directly addresses the needs of the viewer from different perspectives Development continues with specific practitioner guides COBIT 5 is initially in 3 volumes: 1. The Framework 2. Process Reference Guide 3. Implementation Guide COBIT 5 is based on: 5 principles and 7 enablers 2015 ISACA. All Rights Reserved. 30
COBIT 5 Product Family 2015 ISACA. All Rights Reserved. 31
COBIT and Other IT Governance Frameworks COSO ISO 27002 COBIT ISO 9000 WHAT ITIL HOW SCOPE OF COVERAGE 2015 ISACA. All Rights Reserved. 32
Where Does COBIT Fit? Drivers PERFORMANCE: Business Goals CONFORMANCE Basel II, Sarbanes- Oxley Act, etc. Enterprise Governance Balanced Scorecard COSO IT Governance COBIT Best Practice Standards ISO 9001:2000 ISO 27002 ISO 20000 Processes and Procedures QA Procedures Security Principles ITIL 2015 ISACA. All Rights Reserved. 33
Get to know COBIT 5 3. COBIT 5 Principles 2015 ISACA. All Rights Reserved.
COBIT 5 Principles 2015 ISACA. All Rights Reserved. 35
Principle 1: Meeting Stakeholder Needs Enterprises exist to create value for their stakeholders Value creation: realizing benefits at an optimal resource cost while optimizing risk. 2015 ISACA. All Rights Reserved. 36
Principle 1: Meeting Stakeholder Needs 2015 ISACA. All Rights Reserved. 37
Principle 2: Covering the Enterprise End to End 2015 ISACA. All Rights Reserved. 38
Principle 4: Enabling a Holistic Approach 2015 ISACA. All Rights Reserved. 39
Principle 5 - Governance and Management Defined 2015 ISACA. All Rights Reserved. 40
2015 ISACA. All Rights Reserved. COBIT 5 Process Reference Model
Governance Management Interaction 2015 ISACA. All Rights Reserved. 42
COBIT 5 Product Family 2015 ISACA. All Rights Reserved. 43
2015 ISACA. All Rights Reserved.