Upload
everytimeyoulie
View
243
Download
0
Embed Size (px)
Citation preview
8/9/2019 01.2 COBIT
1/49
8/9/2019 01.2 COBIT
2/49
8/9/2019 01.2 COBIT
3/49
Characteristics of Useful Information:
• Effectiveness
• Efficiency
• Confidentiality
• Integrity
• Availability
• Compliance
• Reliability
8/9/2019 01.2 COBIT
4/49
8/9/2019 01.2 COBIT
5/49
• Provide a renewed and authoritativegovernance and management framework forenterprise information and related technology
• Integrates all other major ISACA frameworksand guidance
• Align with other major frameworks andstandards
8/9/2019 01.2 COBIT
6/49
8/9/2019 01.2 COBIT
7/49
• A comprehensive information model
• Guidance on how to use an established
governance and management framework(COBIT 5) to address common information
governance and management issues
• An understanding of the reasons information
needs to be managed and governed in an
appropriate way
8/9/2019 01.2 COBIT
8/49
• High-quality information
• Strategic goals and realize business benefits
•
Achieve operational excellence• Maintain IT-related risk at an acceptable level
• Optimize the cost of IT services and technology
•
Support compliance with relevant laws,regulations, contractual agreements and policies
8/9/2019 01.2 COBIT
9/49
• Good governance and management ofinformation and technology (IT) assets.
• IT as any other significant part of the business.
• External legal, regulatory and contractualcompliance requirements
• COBIT 5, a comprehensive framework that assists
enterprises to achieve their goals and delivervalue through effective governance andmanagement of enterprise IT of enterprise IT.
8/9/2019 01.2 COBIT
10/49
• Board of directors and executive management(CEO, CFO, COO)
• Business process owners, business process
architects• Information architects, information solution
builders, information managers, IT architects, ITdevelopers
•
CIO and IT management, technology serviceproviders (internal and external), applicationmanagers
8/9/2019 01.2 COBIT
11/49
• IT operations
• IT security, continuity professionals
• Assurance professionals
• External audit
• Records management professionals,knowledge managers
• Data governance and managementprofessionals
8/9/2019 01.2 COBIT
12/49
• Government and regulators
• Education
• Privacy professionals• Compliance and risk professionals
• Data owners
8/9/2019 01.2 COBIT
13/49
8-13
8/9/2019 01.2 COBIT
14/49
• Create optimal value from IT
• Enables information and related technology to
be governed and managed• The COBIT 5 principles and enablers are
generic and useful for enterprises of all sizes,
whether commercial, not-for-profit or in the
public sector.
8/9/2019 01.2 COBIT
15/49
COBIT 5 Principles
15
Source: COBIT® 5, figure 2. © 2012 ISACA® All rights reserved.
8/9/2019 01.2 COBIT
16/49
8/9/2019 01.2 COBIT
17/49
The following slides summarise the major changesin COBIT 5 content and how they may impactGovernance of Enterprise InformationTechnology (GEIT) implementation/improvement:
1. New GEIT Principles2. Increased Focus on Enablers
3. New Process Reference Model
4. New and Modified Processes
5. Practices and Activities
6. Goals and Metrics
7. Inputs and Outputs
8. RACI Charts
9. Process Capability Maturity Models and Assessments
17
8/9/2019 01.2 COBIT
18/49
COBIT 5 Principles
18
Source: COBIT® 5, figure 2. © 2012 ISACA® All rights reserved.
8/9/2019 01.2 COBIT
19/49
Principle 1. MeetingStakeholder Needs:
19Source: COBIT® 5, figure 4. © 2012 ISACA® All rights reserved.
8/9/2019 01.2 COBIT
20/49
• Stakeholder needs can be related to a set ofgeneric enterprise goals.
• These enterprise goals have been developed usingthe Balanced Scorecard (BSC) dimensions.
• The enterprise goals are a list of commonly usedgoals that an enterprise has defined for itself.
• Although this list is not exhaustive, most enterprise-specific goals can be easily mapped onto one ormore of the generic enterprise goals.
20
8/9/2019 01.2 COBIT
21/49
21Source: COBIT® 5, figure 5. © 2012 ISACA® All rights reserved.
8/9/2019 01.2 COBIT
22/49
8/9/2019 01.2 COBIT
23/49
COBIT 5 Principles
23
Source: COBIT® 5, figure 2. © 2012 ISACA® All rights reserved.
8/9/2019 01.2 COBIT
24/49
8/9/2019 01.2 COBIT
25/49
COBIT 5 Principles
25
Source: COBIT® 5, figure 2. © 2012 ISACA® All rights reserved.
8/9/2019 01.2 COBIT
26/49
• COBIT 5 aligns with the latest relevant other standardsand frameworks used by enterprises:
– Enterprise: COSO, COSO ERM, ISO/IEC 9000, ISO/IEC 31000
– IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series,TOGAF, PMBOK/PRINCE2, CMMI
– Etc.
• COBIT 5 the overarching governance and managementframework integrator
• ISACA plans a capability to facilitate COBIT usermapping of practices and activities to third-partyreferences
8/9/2019 01.2 COBIT
27/49
COBIT 5 Principles
27
Source: COBIT® 5, figure 2. © 2012 ISACA® All rights reserved.
8/9/2019 01.2 COBIT
28/49
• Factors that, individually andcollectively, influence whethersomething will work—in thecase of COBIT, governance and
management over enterprise IT
• Driven by the goals cascade,i.e., higher-level IT-relatedgoals define what the different
enablers should achieve• Described by the COBIT 5
framework in seven categories
8/9/2019 01.2 COBIT
29/49
8/9/2019 01.2 COBIT
30/49
COBIT 5 Principles
30
Source: COBIT® 5, figure 2. © 2012 ISACA® All rights reserved.
8/9/2019 01.2 COBIT
31/49
Principle 5: Separating Governancefrom Management
• Governance
• Management
31
8/9/2019 01.2 COBIT
32/49
32Source: COBIT® 5, figure 15. © 2012 ISACA® All rights reserved.
8/9/2019 01.2 COBIT
33/49
The following slides summarise the major changesin COBIT 5 content and how they may impactGovernance of Enterprise InformationTechnology (GEIT) implementation/improvement:
1. New GEIT Principles2. Increased Focus on Enablers
3. New Process Reference Model
4. New and Modified Processes
5. Practices and Activities
6. Goals and Metrics
7. Inputs and Outputs
8. RACI Charts
9. Process Capability Maturity Models and Assessments
33
8/9/2019 01.2 COBIT
34/49
34Source: COBIT®
5, figure 12. © 2012 ISACA®
All rights reserved.
8/9/2019 01.2 COBIT
35/49
The following slides summarise the major changesin COBIT 5 content and how they may impactGovernance of Enterprise InformationTechnology (GEIT) implementation/improvement:
1. New GEIT Principles2. Increased Focus on Enablers
3. New Process Reference Model
4. New and Modified Processes
5. Practices and Activities
6. Goals and Metrics
7. Inputs and Outputs
8. RACI Charts
9. Process Capability Maturity Models and Assessments
35
8/9/2019 01.2 COBIT
36/49
36
Source: COBIT® 5, figure 16. © 2012 ISACA® All rights reserved.
8/9/2019 01.2 COBIT
37/49
The following slides summarise the major changesin COBIT 5 content and how they may impactGovernance of Enterprise InformationTechnology (GEIT) implementation/improvement:
1. New GEIT Principles2. Increased Focus on Enablers
3. New Process Reference Model
4. New and Modified Processes
5. Practices and Activities
6. Goals and Metrics
7. Inputs and Outputs
8. RACI Charts
9. Process Capability Maturity Models and Assessments
37
8/9/2019 01.2 COBIT
38/49
38
8/9/2019 01.2 COBIT
39/49
8/9/2019 01.2 COBIT
40/49
The following slides summarise the major changesin COBIT 5 content and how they may impactGovernance of Enterprise InformationTechnology (GEIT) implementation/improvement:
1. New GEIT Principles2. Increased Focus on Enablers
3. New Process Reference Model
4. New and Modified Processes
5. Practices and Activities
6. Goals and Metrics
7. Inputs and Outputs
8. RACI Charts
9. Process Capability Maturity Models and Assessments
40
8/9/2019 01.2 COBIT
41/49
The following slides summarise the major changesin COBIT 5 content and how they may impactGovernance of Enterprise InformationTechnology (GEIT) implementation/improvement:
1. New GEIT Principles2. Increased Focus on Enablers
3. New Process Reference Model
4. New and Modified Processes
5. Practices and Activities
6. Goals and Metrics
7. Inputs and Outputs
8. RACI Charts
9. Process Capability Maturity Models and Assessments
41
8/9/2019 01.2 COBIT
42/49
The following slides summarise the major changesin COBIT 5 content and how they may impactGovernance of Enterprise InformationTechnology (GEIT) implementation/improvement:
1. New GEIT Principles2. Increased Focus on Enablers
3. New Process Reference Model
4. New and Modified Processes
5. Practices and Activities
6. Goals and Metrics
7. Inputs and Outputs
8. RACI Charts
9. Process Capability Maturity Models and Assessments
42
8/9/2019 01.2 COBIT
43/49
The following slides summarise the major changesin COBIT 5 content and how they may impactGovernance of Enterprise InformationTechnology (GEIT) implementation/improvement:
1. New GEIT Principles2. Increased Focus on Enablers
3. New Process Reference Model
4. New and Modified Processes
5. Practices and Activities
6. Goals and Metrics
7. Inputs and Outputs
8. RACI Charts (Responsibility Charting)
9. Process Capability Maturity Models and Assessments
43
8/9/2019 01.2 COBIT
44/49
44
Source: COBIT ® 5: Enabling Processes, page 31. © 2012 ISACA® All rights reserved.
Source: COBIT® 4.1, page 39. © 2007 IT Governance Institute® All rights reserved.
8/9/2019 01.2 COBIT
45/49
The following slides summarise the major changesin COBIT 5 content and how they may impactGovernance of Enterprise InformationTechnology (GEIT) implementation/improvement:
1. New GEIT Principles2. Increased Focus on Enablers
3. New Process Reference Model
4. New and Modified Processes
5. Practices and Activities
6. Goals and Metrics
7. Inputs and Outputs
8. RACI Charts
9. Process Capability Maturity Models and Assessments
45
8/9/2019 01.2 COBIT
46/49
COBIT 4.1/5
46© 2012 ISACA®
All rights reserved.
8/9/2019 01.2 COBIT
47/49
• What materials support the COBIT Assessment Programmeapproach?
– COBIT Process Assessment Model (PAM): Using COBIT4.1 — Serves as a base reference document for theperformance of a capability assessment of anorganisation’s current IT processes against COBIT 4.1
– COBIT Assessor Guide: Using COBIT 4.1 — Provides detailson how to undertake a full ISO-compliant assessment
– COBIT Self-assessment Guide: Using COBIT 4.1 —
Providesguidance on how to perform a basic self-assessment ofan organisation’s current IT process capability levelsagainst COBIT 4.1 processes
• The above materials exist to support COBIT 4.1-based assessmentsnow; versions will be produced to support COBIT 5-based
assessments.
47
8/9/2019 01.2 COBIT
48/49
• COBIT 4.1, Val IT and Risk IT users wishingto move to the new COBIT AssessmentProgramme approach will need torealign their previous ratings, adopt andlearn the new method, and initiate anew set of assessments in order to gainthe benefits of the new approach.
• Although some of the informationgathered from previous assessments
may be reusable, care will be needed inmigrating this information forwardbecause there are significantdifferences in requirements.
48
8/9/2019 01.2 COBIT
49/49
• COBIT 4.1, Val IT and Risk IT userswishing to continue with the CMM-
based approach, either as aninterim or ongoing approach, canuse the COBIT 5 guidance, but mustuse the COBIT 4.1 generic attribute
table without the high-level maturitymodels.