Benchmark of controls over IT activities. 2011 Report. ABC Ltd

Similar documents
AN OVERVIEW OF INFORMATION SECURITY STANDARDS

COBIT 5 and the Process Capability Model. Improvements Provided for IT Governance Process

Information Security Management Systems. Chief Operating Officer, Director of Strategy and Business Development, Chief Information Security Officer

CHArTECH BOOkS MANAgEMENT SErIES INTrODuCINg ITSM AND ITIL A guide TO IT SErvICE MANAgEMENT

Enhancing IT Governance, Risk and Compliance Management (IT GRC)

Certified Information Security Manager (CISM)

Preparation Guide. EXIN IT Service Management Executive Consultant/Manager based on ISO/IEC 20000

OVERVIEW. In all, this report makes recommendations in 14 areas, such as. Page iii

Information security PROVIDING PERSONAL AND PROFESSIONAL DEVLOMENT FOR IT LEADERS

How small and medium-sized enterprises can formulate an information security management system

Creating Business Value with Effective, Pervasive Cloud Security and Cloud Enablement Services

Using Information Shield publications for ISO/IEC certification

Measuring IT Governance Maturity Evidences from using regulation framework in the Republic Croatia

ITSM Governance In the world of cloud computing

Tutorial: Towards better managed Grids. IT Service Management best practices based on ITIL

IT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE

Information Technology Auditing for Non-IT Specialist

ITIL Foundation Certification Course

Cyber Security Risk Management

TWO-THIRDS OF ORGANISATIONS HAVE ENGAGED WITH ITIL Is your Company an IT Service Management Laggard?

BADM 590 IT Governance, Information Trust, and Risk Management

Integrated Information Management Systems

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

Certification for Information System Security Professional (CISSP)

SCOTTISH CENSUS INDEPENDENT SECURITY REVIEW REPORT

Somewhere Today, A Project is Failing

GLOBAL STANDARD FOR INFORMATION MANAGEMENT

IT Governance: The benefits of an Information Security Management System

Information Security Management System and Certification for VAS and Data Provider in Telecom Industry: A Case Study

PwC Luxembourg. Models for the governance of your investments with Portfolio Management September 2009

ISO Information Security Management Systems Foundation

COPYRIGHTED MATERIAL. Contents. Acknowledgments Introduction

In the first three installments of our series on Information Security

CBEST FAQ February 2015

INFORMATION TECHNOLOGY FLASH REPORT

iso20000templates.com

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013

Understanding Management Systems Concepts

Compliance and Governance

Achieve ISO Certification

Contents. viii. 4 Service Design processes 57. List of figures. List of tables. OGC s foreword. Chief Architect s foreword. Preface.

Preparation Guide. Side entry to the EXIN Expert in IT Service Management based on ISO/IEC 20000

Domain 5 Information Security Governance and Risk Management

Key Speculations & Problems faced by Cloud service user s in Today s time. Wipro Recommendation: GRC Framework for Cloud Computing

IT consulting Advice into action

Information Security Management Systems

ISO/IEC 27002:2013 WHITEPAPER. When Recognition Matters

In the launch of this series, Information Security Management

Improving residual risk management through the use of security metrics

OUTSOURCING: SECURITY GOVERNANCE FRAMEWORK FOR IT MANAGED SERVICE PROVISION GOOD PRACTICE GUIDE 2 ND EDITION

Feature. Developing an Information Security and Risk Management Strategy

EDUCORE ISO Expert Training

How to Lead the People in a Program Based Environment

IT Service Management

Symantec Security Compliance Solution Symantec s automated approach to IT security compliance helps organizations minimize threats, improve security,

Bedfordshire Fire and Rescue Authority Corporate Services Policy and Challenge Group 9 September 2014 Item No. 6

Business Recovery Information Online

Introduction Auditing Internal Controls in an IT Environment SOx and the COSO Internal Controls Framework Roles and Responsibilities of IT Auditors

ADRIAN DAVIS INFORMATION SECURITY FORUM

Risk mitigation for business resilience White paper. A comprehensive, best-practices approach to business resilience and risk mitigation.

CYBER SECURITY DASHBOARD: MONITOR, ANALYSE AND TAKE CONTROL OF CYBER SECURITY

The Information Systems Audit

IT Service Management ITIL, COBIT

De Nieuwe Code voor Informatiebeveiliging

Security and Privacy in Cloud Computing

Governance and Management of Information Security

Information Technology Security Program

Trends in Information Technology (IT) Auditing

Turning INSIGHTS Into ACTION

A Comparison of IT Governance & Control Frameworks in Cloud Computing. Jack D. Becker ITDS Department, UNT & Elana Bailey

Cloud Computing An Auditor s Perspective

Applying Integrated Risk Management Scenarios for Improving Enterprise Governance

Moving Forward with IT Governance and COBIT

Need a system to deliver consistent, efficient and reliable IT services? Use an ISO/IEC compliant management system.

Business Continuity / Disaster Recovery Context

COBIT Helps Organizations Meet Performance and Compliance Requirements

Preparing for the Convergence of Risk Management & Business Continuity

Log management and ISO 27001

G11 EFFECT OF PERVASIVE IS CONTROLS

Compliance & information security A (bit of a) rant. Jodie Siganto

Learning Aims: To research, record and evaluate the difficulties of starting your own business.

Program Overview and 2015 Outlook

Information Security Management System Policy

Security Controls What Works. Southside Virginia Community College: Security Awareness

G13 USE OF RISK ASSESSMENT IN AUDIT PLANNING

Introduction to ISACA and ITGI By Georges Ataya, International Vice President, ISACA

Information Security Management System Information Security Policy

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Two

Business Continuity Management

An Overview of ISO/IEC family of Information Security Management System Standards

Cyber Security and Cloud Computing. Dr Daniel Prince Course Director MSc in Cyber Security

Privileged user management

HP Operational ITSM Service. For continual service improvement

COBIT 5 Implementation Certification Course

Information Governance Maturity Model

How To Recover From A Disaster

ISO/IEC ITIL Service Management V.2 V s V.3 Project ACE Andy Evans Programme Director and Strategic Programme Advisor

Consulting Services Efficient Security Processes Made to Measure.

Course: Information Security Management in e-governance. Day 1. Session 3: Models and Frameworks for Information Security Management

ISO20000: What it is and how it relates to ITIL v3

Transcription:

www.pwc.com/cy Benchmark of controls over IT activities 2011 Report ABC Ltd... 2012

Scope and approach We wish to provide you with our IT Benchmarking report over IT activities at ABC Ltd (the Company) with the use of our PwC Benchmarking tool. The benefit to you from this benchmarking report is to: Understand why IT systems are not delivering quality, value, effectiveness and efficiencies. Provide insight into how your IT controls compare against your peers and industry within Europe. Improve the understanding of IT at Board and/or Audit Committee level. Assist you prepare a comprehensive road map for improvement. The IT focus areas covered include: Systems Quality; Systems Support and Change; IT Operations; Information Security; The areas of Strategic Decision Making, IT Governance and IT were not addressed as those areas were outside of our scope. We have identified the areas where our clients, as a whole, tend to encounter risk and control issues with IT. We have considered the controls ABC Ltd operates in each of the in-scope areas and rated them on the following 0-4 scale: 0 No effective controls in the area; 1 Some controls with significant gaps or problems with their operation; 2 Controls are broadly adequate with still some gaps, and the controls do not come up to good practice levels; 3 Controls are at good practice level; and 4 Controls that are better than generally accepted good practice. The ratings have been based on professional judgement and are subjective / qualitative ratings rather than based on objective quantifiable statistics. Good practice as defined by PwC is continually evolving, based on industry standards such as COBIT, ITIL, ISO27001, regulatory rules and PwC experience. So, more rigorous processes may be needed in future to maintain this year's scores. We have compared our ratings for ABC Ltd with those for Europe to give an idea of how we perceive the controls in place compared to others in the sector. Our benchmark database contains "audited" data, built up from equivalent reviews at other clients. ABC Ltd data is included in the database. All client data is anonymised and shown only on an aggregated basis with no fewer than 10 clients in any comparison data set. As with all benchmarks, the analysis should be treated as indicative rather than comprehensive. Different companies may exhibit different risk profiles and may require different levels of control over their IT activities. In addition, in any organisation, there needs to be a balance between cost and control. Consequently, there is not a single correct level of control for companies. PwC accepts no liability to any other party into whose hands it may come. PwC Page 2 of 5

Overall Benchmark Results PwC Page 3 of 5

Glossary for the Benchmarking report Reference Description COBIT The Control Objectives for Information and related Technology (COBIT) is a set of best practices (framework) for information technology (IT) management created by the Information Systems Audit and Control Association (ISACA), and the IT Governance Institute (ITGI) in 1996. ITIL The Information Technology Infrastructure Library (ITIL) is a set of concepts and practices for managing Information Technology (IT) services (ITSM), IT development and IT operations. ISO27001 ISO/IEC 27001, is an Information Security System (ISMS) standard published in October 2005 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Its full name is ISO/IEC 27001:2005 - Information technology -- Security techniques -- Information security management systems - Requirements. 2011 Report Desired Desired maturity level of controls for 2011 2011 Report Current Current maturity level of controls for 2011 Top Quartile Indication where each quartile starts and finish based on the benchmarking data and Second Quartile the criteria selected (i.e. industries, countries within Europe zone, markets, legal Third Quartile structure, etc). Bottom Quartile Blank area Area where no benchmarking data is available yet. Question Questions asked to identify the current level of controls over IT activities. Potential Impact What level of business impact would arise if the controls were to fail -, Medium, Rating Low. Desired Control How strong would the organisation like the control to be. Current Control How strong is the control implemented at present. Reasons for the A brief summary of our findings. current rating Possible Actions to be considered by the management for implementation, according to the Development Areas Desired Control rating. Not applicable (N/A) No information was collected for this area or does not apply to your organisation. PwC Page 4 of 5

Detail Road Map Priority Area # Section Impact Rating Current Control Road Map Priority Time For Completion Cost Involved Yes/No Systems quality 4.1 Systems Quality and Business Intelligence Medium 2.50 Low 4.2 Data Quality 1.75 Medium 4.3 End-user Computing Medium 2.00 Medium 4.4 Project and Benefits Realisation 1.00 Systems support and change Physical Data Centre Security 4.5 Acquiring and developing new technologies Medium 1.50 Medium 5.1 Systems Support Capability 1.75 Medium 5.2 Change Process 1.50 5.3 Promotion (and access) to live environment 1.75 Medium 6.1 Physical Data Centre Security Medium 2.50 Low 6.2 Service Delivery and Problem Medium 1.50 Medium 6.3 Disaster Recovery and Continuity Planning 1.50 6.4 Data Retention 1.50 Security 7.1 Security 1.00 7.2 Security Awareness and Training 1.50 7.3 Identity and Access 1.00 7.4 Monitoring unusual and privileged access 1.00 7.5 Threat and Vulnerability 0.75 7.6 Data Loss Prevention 1.50 PwC Page 5 of 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information