Transcription
COBIT 5 Used in a SecurityReviewJohn Kenneth BarchieCISM, CRISC, CISSPwww.barchieconsulting.com1
COBIT 5 Tools of the Framework GovernanceEnablersPrinciplesBMISReplaces/Augments COSO for SOXPCA replaces CMM–2N,P,L,F
COBIT 5 Governance Love this graphic3
COBIT 5 Difference betweenGovernance and ManagementEvaluate4DirectMonitor(EDM processes)
COBIT 5 Principles5
COBIT 5 Product Family6
COBIT 5 Enablers7
COBIT 5 and BMIS8
COBIT 5 Goals Cascade9
COBIT 5 Generic Enabler Model10
COBIT 5 Information Enabler Model11
COBIT 5 Goodbye CMMProcessCapabilityAttributeProcess Optimization andinnovationProcess Control andManagementProcess DeploymentProcess DefinitionWork Product ManagementPerformance ManagementProcess Performance –Be Careful with Ad Hoc-jkb12
COBIT 5 Other tools not used in thisreport 13RACI chartsMapping of Goals to ProcessesMapping of Stakeholder needsVal ITDirection DiagramMetrics
Actually used in supplement14
Use of the Metrics15
RACI Chart16
Set up a table to show activitiesCOBIT 5 ReferencePCI DSS ReferenceEDM01.0117COBIT 5 recommended activity12.1Determine the significance of IT and its role with respect to the business.EDM01.0112.1.1Consider external regulations, laws and contractual obligations and determinehow they should be applied within the governance of enterprise IT.EDM03.0112.1.2Proactively evaluate IT risk factors in advance of pending strategic enterprisedecisions and ensure that risk-aware enterprise decisions are made.EDM03.0112.1.2Determine that IT use is subject to appropriate risk assessment and evaluation,as described in relevant international and national standardsEDM03.0212.1.2Direct the integration of the IT risk strategy and operations with the enterprisestrategic risk decisions and operations.
COBIT 5 Report Tools UsedSetting the Scope18
COBIT 5 Providing the ProcessCapabilities Assessment19
COBIT 5 Documenting the Enablers Network Diagrams– Risk Assessments–20Iterative descriptionsProvided Training
COBIT 5 Stakeholder Needs 21Understand the riskUnderstand the cost of doing businessDirect and Monitor Management
COBIT 5 Advantages Page 17The starting point of governance and managementactivities are the stakeholder needs related to enterprise IT. Creates a more holistic, integrated and complete viewof enterprise governance and management of IT that:- Is consistent- Provides an end‐to‐end view on all IT‐related matters- Provides a systemic view Creates a common language between IT and business for theenterprise governance and management of IT22
Thank you for your time, Questions? John Kenneth Barchie, CISM, CRISC etc –Sr. Security Consultant for IPI International –President of Barchie Consulting .barchieconsulting.comPresident of (ISC)2 Silicon Valley Chapter valley-chapter.orgGod Bless!
COBIT 5 Information Enabler Model. 12 COBIT 5 Goodbye CMM Process Performance – . Microsoft PowerPoint - CoBIT 5 used in an information security review.ppt Author: John Created Date: 4/16/2012 12:33:08 PM .File Size: 1MB
