of 48 /48
Slide Heading Introducing COBIT ® 5 Bob Frelinger, CGEIT May 18, 2012

Introducing cobit 5-may2012_v1.0

Embed Size (px)

DESCRIPTION

I had the honor of presenting an Introduction to COBIT 5 at the Rocky Mountain Information Security Conference on May 18, 2012 in Denver, Colorado. This is the deck I used.

Text of Introducing cobit 5-may2012_v1.0

  • 1. Slide Heading IntroducingCOBIT 5Bob Frelinger, CGEIT May 18, 2012

2. Learning ObjectivesAppreciate the Background Behind COBIT 5Understand the Five COBIT 5 PrinciplesUnderstand the Seven COBIT 5 EnablersKnow How to Navigate the COBIT 5 framework documentKnow How to Navigate COBIT 5: Enabling Processes 3. Whats Behind COBIT 5Some History 4. Whats Behind COBIT 5References and Influencers ISO Standards:OGC (UK) Best Management Practice Portfolio IT Service ManagementManaging Successful Programmes (MSP)Quality ManagementPRINCE2 Risk ManagementInformation Technology Infrastructure Library (ITIL), Information Security Risk Management Corporate Governance of Information TechnologyProcess Assessment British Standards:Federal EnterpriseBusiness Continuity Management Architecture (FEA) (USA) APM Introduction to ProgrammeManagement (UK) TOGAF 9 COBIT 5 Product Family PMBOK2Leading ChangeOECD Principles ofby John KotterExisting ISACA/ITGI Material: Balanced Corporate GovernanceCOBIT 4.1 Scorecard(France)Val IT The [European] CommissionRisk IT Enterprise IT ArchitectureBMIS BABOK Guide Framework (CEAF) (Belgium) IT Assurance Framework Board Briefing on IT Governance King Code ofGovernance PrinciplesCombined Code on(King III) (South Africa)Corporate Governance (UK)COSO 5. Whats Behind COBIT 5Global Expertise and Collaboration Overseen by the ISACA/ITGI Framework Committee (FC) Research results were quality-controlled throughout thedevelopment process. Preliminary research involved several COBIT development groupsbased around the world. Before being issued, the draft documents were distributed to morethan 100 subject matter experts around the world to obtain theirprofessional review comments. Once ready, draft versions of COBIT 5 and COBIT 5: EnablingProcesses were made available to the general public. Thousandsof comments were received. 6. Importance of IT Importance of IT to the Delivery of BusinessStrategy and VisionSource: Global Status Report on theGovernance of Enterprise IT (GEIT) 2011.Rolling Meadows, IL: ISACA & ITGI, 2011. 7. Why & What is COBIT 5The Business Case Enterprises, large and small, commercial, not-for-profit or public sector, must create optimal value from IT by maintaining a balance between realizing benefits and optimizing risk levels and resource use. Information and related technology needs to: Be governed and managed in a holistic manner for the entireenterprise, Take in the full end-to-end business and IT functional areas ofresponsibility, Consider the IT-related interests of internal and externalstakeholdersA BUSINESS FRAMEWORK FOR THEGOVERNANCE AND MANAGEMENT OF ENTERPRISE IT 8. IT-Related IssuesSource: Global Status Report on the Governance of Enterprise IT (GEIT) 2011. Rolling Meadows,IL: ISACA & ITGI, 2011. 9. Drivers for GEIT ActivitiesSource: Global Status Report on the Governance of Enterprise IT (GEIT) 2011. RollingMeadows, IL: ISACA & ITGI, 2011. 10. Enterprise Readiness for GEITSource: Global Status Report on the Governance of Enterprise IT (GEIT) 2011. Rolling Meadows,IL: ISACA & ITGI, 2011. 11. What is COBIT 5The Product Family Source: COBIT 5, figure 1. 2012 ISACA All rights reserved. 12. Making It Real Just Try ItEmbrace the Concepts Embedded in COBIT 5 Integrate best, good and common industry practices Cascade goals and objectives Measure both performance toward, and achievement of, goals Take the holistic approach; end-to-end view Link inputs and outputs of key management practices Enable success through integration and alignment of seemingly disconnected governance and management activities 13. COBIT 5 PrinciplesBased on five key principles for governanceand management of enterprise ITSource: COBIT 5, figure 2. 2012 ISACA All rights reserved. 14. COBIT 5 Principle 1Principle 1. Meeting Stakeholder NeedsEnterprises exist to create value fortheir stakeholders. Source: COBIT 5, figure 3. 2012 ISACA All rights reserved. 15. COBIT 5 Principle 1Principle 1. Meeting Stakeholder NeedsThe COBIT 5 goals cascadetranslates stakeholder needsinto specific, actionable andcustomized goals within thecontext of the: Enterprise goals, IT-related goals and Enabler goals.Source: COBIT 5, figure 4. 2012 ISACA All rights reserved. 16. COBIT 5 Goals CascadeGeneric Model Based on Sound Global ResearchMapping Stakeholder Needs to COBIT 5 Enterprise GoalsAppendix DMapping COBIT 5 Enterprise Goals to IT-related GoalsAppendix BMapping COBIT 5 IT-related Goals to ProcessesAppendix C Process Goals and Suggested MetricsCOBIT 5: Enabling Processes 17. COBIT 5 Principle 2Principle 2. Covering the Enterprise End-to-end Enterprisewide, end-to-end perspective Information and relatedtechnology whereverthat information is beingGovernance Systemprocessed Key NOT just the IT functionComponentsSource: COBIT 5, figure 8 & 9 combined. 2012 ISACA All rights reserved. 18. COBIT 5 Principle 3Principle 3. Applying a Single Integrated Framework Aligns with other standardsand frameworks Complete in enterprisecoverage Simple architecture for: structuring guidance materials producing a consistent product set Integrates all knowledgepreviously dispersed overdifferent ISACA/ITGI Source: COBIT 5, figure 10. frameworks2012 ISACA All rights reserved. 19. COBIT 5 Principle 4Principle 4. Enabling a Holistic Approach Driven by the goalscascade goals definewhat enablers shouldachieve To achieve enterpriseobjectives consider aninterconnected set ofenablers Some enablers are theenterprise resourcesSource: COBIT 5, figure 12. 2012 ISACA All rights reserved. 20. COBIT 5 Principle 4Principle 4. Enabling a Holistic Approach1. The vehicles totranslate the desiredbehavior into practicalguidance for day-to-daymanagementSource: COBIT 5, figure 12. 2012 ISACA All rights reserved. 21. COBIT 5 Principle 4Principle 4. Enabling a Holistic Approach2. Describe an organizedset of practices andactivities to achievecertain objectives andproduce a set of outputsin support of achievingoverall IT-related goalsSource: COBIT 5, figure 12. 2012 ISACA All rights reserved. 22. COBIT 5 Principle 4Principle 4. Enabling a Holistic Approach3. Are the key decision-making entities in anenterprise. They can bethe traditional verticalstructures or horizontal(or lateral structures).Source: COBIT 5, figure 12. 2012 ISACA All rights reserved. 23. Organizational StructureFormal org structure supported by cross-org structures 24. COBIT 5 Principle 4Principle 4. Enabling a Holistic Approach4. Applies to bothindividuals and of theenterprise; very oftenunderestimated as asuccess factor ingovernance andmanagement activitiesSource: COBIT 5, figure 12. 2012 ISACA All rights reserved. 25. COBIT 5 Principle 4Principle 4. Enabling a Holistic Approach5. Pervasive throughoutany organization andincludes all theinformation produced andused by the enterprise.Source: COBIT 5, figure 12. 2012 ISACA All rights reserved. 26. COBIT 5 Principle 4Principle 4. Enabling a Holistic Approach6. The infrastructure,technology andapplications that providethe enterprise withinformation technologyprocessing and servicesSource: COBIT 5, figure 12. 2012 ISACA All rights reserved. 27. COBIT 5 Principle 4Principle 4. Enabling a Holistic Approach7. People, and their skillsand competencies, arerequired for: successful completionof all activities and for making correctdecisions and taking correctiveactionsSource: COBIT 5, figure 12. 2012 ISACA All rights reserved. 28. COBIT 5 Principle 4Principle 4. Enabling a Holistic ApproachEnabler DimensionsAll enablershave a set ofcommondimensions. Source: COBIT 5, figure 13. 2012 ISACA All rights reserved.This common set of dimensions: Provides a common, simple and structured way to deal with enablers Allows an entity to manage its complex interactions Facilitates successful outcomes of the enablers 29. COBIT 5 Principle 4Principle 4. Enabling a Holistic Approach Enabler Performance ManagementActual OutcomesActual Functioning Source: COBIT 5, figure 13. 2012 ISACA All rights reserved. 30. COBIT 5 Principle 5Principle 5. Separating Governance from Management Different activities (EDM)and differentresponsibilities Interactionsbetween them arefacilitated throughthe Enablers (PBRM)Source: COBIT 5, figure 15. 2012 ISACA All rights reserved. 31. Implementation Guidance Source: COBIT 5, figure 17. 2012 ISACA All rights reserved. 32. Process Capability ModelSource: COBIT 5, figure 19. 2012 ISACA All rights reserved. 33. What is COBIT 5 TOCThe Framework documentbreaking it down A Business Framework for the Governance and Management of Enterprise IT Executive Summary 2 pages Overview of COBIT 5 2 pages A chapter on each of the five principles 17 pages; 2 to 6 pages each Implementation Guidance 5 pages intro to the Guide The COBIT 5 Process Capability Model 5 pages intro to the Model Appendices: References 1 page Goals Maps 5 pages Stakeholder Needs and Enterprise Goals 2 pages Mapping with the Most Relevant Related Standards and Frameworks 5 pages COBIT 5 Information Model and COBIT 4.1 Information Criteria 1 page Detailed Description of seven COBIT 5 Enablers 23 pages; 2 to 6 pages each Glossary 5 pages 34. COBIT 5: Enabling ProcessesEnabling Processes Enabler Guidebreaking it down A detailed reference guide to the processes that are defined in the COBIT 5 process reference model. Introduction Goals Cascade and Metrics Process Model Process Reference Model Process Reference Guide Contents Detailed process-related content structure Inputs and Outputs Generic Guidance for Processes Detailed process content for each process Appendices: Mapping COBIT 5 with legacy ISACA Frameworks Goals Maps 35. What is COBIT 5Enabling Processes Enabler Guidebreaking it down A detailed reference guide to the processes that are defined in the COBIT 5 process reference model. Introduction 1 page Goals Cascade and Metrics 6 pagesrepeats & extends Process Model 3 pagesframework Process Reference Model 2 pages Process Reference Guide Contents 3 pages Detailed process-related content structure See slide 36 for structure Inputs and Outputs Broad or universal inputs and outputs Generic Guidance for Processes one link to the Process Capability Model Detailed process content for each process 186 pages; 3- 9 pages each Appendices: Mapping COBIT 5 with legacy ISACA Frameworks 8 pages Goals Maps 5 pages; repeat of maps in the framework 36. Enabling ProcessesEnabler Dimensions Processes Each process is defined,ProcessGoals driven bycreated, operated, andReference RACI chartsgoals cascadeadjusted / updated or retired.Model ProcessCapability Limited Model number of example Process metricsCapability AssessmentsSource: COBIT 5: Enabling Processes, figure 8. 2012 ISACA All rights reserved. 37. Process Reference Model 38. Process ContentEnabling Processes: Content Structure for All Processes Process Identification Process Description Process Purpose Statement Goal Cascade Information Process Goals and Metrics RACI Chart Detailed Description of Process Practices Practice title and description but remember the Practice inputs and outputs w/indication of origin & destination broad or universal Process activities further detailing the practices inputs Related Guidance 39. An Example ProcessAPO05 Manage Portfolio Process Identification, Process Description, Process Purpose Statement 40. An Example ProcessAPO05 Manage Portfolio Goal Cascade Information 41. An Example ProcessAPO05 Manage Portfolio Process Goals and Metrics 42. An Example Process 43. An Example ProcessAPO05 Manage Portfolio Detailed Description of Process Practices 44. An Example ProcessAPO05 Manage Portfolio Detailed Description of Process Practices 45. An Example ProcessAPO05 Manage Portfolio Related Guidance 46. Learning ObjectivesAppreciate the Background Behind COBIT 5Understand the Five COBIT 5 PrinciplesUnderstand the Seven COBIT 5 EnablersKnow How to Navigate the COBIT 5 framework documentKnow How to Navigate COBIT 5: Enabling Processes 47. Implementation ChallengesSource: Global Status Report on the Governance of Enterprise IT (GEIT) 2011. Rolling Meadows,IL: ISACA & ITGI, 2011. 48. [email protected] [email protected]