Recommendation For IT Governance Using The COBIT 4.1
2y ago
33 Views
1 Downloads
693.05 KB
17 Pages
Report/dmca
Download PDF

Transcription

Recommendation forIT Governance Using theCOBIT 4.1 FrameworkWilliam F. Slater, III, MBA, M.S., PMP, CISSP, CISAWeek 7 AssignmentCYBR 615 – Cybersecurity Governance and ComplianceJanuary 27, 2013January 27, 2013A Brief Presentation on IT Governance and COBIT - William F. Slater III1

Agenda Key Trends that Will Shape the Future of ITWhat is IT Governance?Recommendations for IT GovernanceCommon Pitfalls of IT GovernanceRecommendations for COBIT-based IT GovernanceCOBIT 4.1 vs. COBIT 5.0ConclusionReferencesJanuary 27, 2013A Brief Presentation on IT Governance and COBIT - William F. Slater III2

Key Trends That Will Shape the Future of IT Measuring and Managing EVERYTHINGControlling Costs of EVERYTHINGOptimization of EVERYTHINGAutomation of EVERYTHING using smart applications and smart hardwareTrying to be as “GREEN” as possible in EVERYTHINGTrying to get EVERYTHING done with as few people as possible, even ZERO peopleEVERYTHING will be under Risk Management and Information Security management(i.e. ISO 27001)EVERYTHING will be under Service Management (i.e. ITIL and ISO 20000)Continuous Process Improvement in EVERYTHINGWatch word: Save Your Company Money by optimizing EVERYTHING, continuallyimproving EVERYTHING and adding business valueThe move to the Cloud to save money and increase efficiencies will continue toINCREASEEVERYTHING will be subject to compliance and AUDITING EVERYTHING is “On the Table” January 27, 2013A Brief Presentation on IT Governance and COBIT - William F. Slater III3

What Is IT Governance? IT Governance is a management-backedinitiative that will implement a structuredframework that will allow management tostrategically align, measure, and manageInformation Technology resources in a waythat will increase their visibility and value tothe business, which reducing risk andproviding a means of continual improvement. IT Governance requires strong managementand management support to be successfulJanuary 27, 2013A Brief Presentation on IT Governance and COBIT - William F. Slater III4

IT Governance Focus Areas Strategic alignment focuses on ensuring the linkage of business and IT plans; defining,maintaining and validating the IT value proposition; and aligning IT operations withenterprise operations.Value delivery is about executing the value proposition throughout the delivery cycle,ensuring that IT delivers the promised benefits against the strategy, concentrating onoptimizing costs and proving the intrinsic value of IT.Resource management is about the optimal investment in, and the propermanagement of, critical IT resources: applications, information, infrastructure andpeople. Key issues relate to the optimization of knowledge and infrastructure.Risk management requires risk awareness by senior corporate officers, a clearunderstanding of the enterprise’s appetite for risk, understanding of compliancerequirements, transparency about the significant risks to the enterprise and embeddingof risk management responsibilities into the organization.Performance measurement tracks and monitors strategy implementation, projectcompletion, resource usage, process performance and service delivery, using, forexample, balanced scorecards that translate strategy into action to achieve goalsFrom COBIT 4.1 Guidemeasurable beyond conventional accounting.By ISACAJanuary 27, 2013A Brief Presentation on IT Governance and COBIT - William F. Slater III5

Recommendations for ITGovernance Adopt an IT Governance Framework IT Governance requires strong management andmanagement support to be successful An IT Governance Framework will–––––Align IT capabilities with business goals and needsAllow IT to be measured and managed in a structured wayIncrease the value of IT to the organizationReduce riskAllow IT to be continual improvedFrom COBIT 4.1 GuideBy ISACAJanuary 27, 2013A Brief Presentation on IT Governance and COBIT - William F. Slater III6

Common Pitfalls of IT Governance Who does what now?– Key blueprints, standards and best practicesthat are not well communicated. Thechallenges in effectively communicating theenterprise architecture is oftenunderestimated. The governance processitself can also be a challenge to communicate.–Keen to govern–January 27, 2013Governance initiatives with excessively broadscope. The assumption is often made thatgovernance must cover the entireorganization. Rolling out a new governanceprocess is challenging and best doneincrementally. Processes, actions and decisions that lacktransparency. Transparency facilitatesunderstanding and trust in the governanceprocess.I watch you, you watch me– Over reliance on governance software(garbage-in garbage-out).The black box processWe do the what now?– Governance stakeholders that lackaccountability ― making them unmoEvatedparticipants.Magic software–Governance participants that lack theauthority to perform their roles.I'll get right on it!– Teams that evaluate themselves and otherconflicts of interest.Maturity please–Organizations that undertake acomprehensive governance process beforereaching the requisite level of organizationalmaturity.A Brief Presentation on IT Governance and COBIT - William F. Slater IIIFrom Simplicable.com7

CommonPitfalls of ITGovernanceFrom Simplicable.comJanuary 27, 2013A Brief Presentation on IT Governance and COBIT - William F. Slater III8

What Is COBIT? ISACA’s IT Governance Framework It is well-structured, easy to follow, and when implemented, itwill allow this organization to accomplish each of theseobjectives:– Alignment of IT capabilities with business goals and needs– Establishment of performance objectives and Measurement ofprogress– Increase the value of IT to the organization– Reduce risk– Continual improvement Currently on Version 5, but version 4.1 is still in common useFrom COBIT 4.1 GuideBy ISACAJanuary 27, 2013A Brief Presentation on IT Governance and COBIT - William F. Slater III9

The COBITTop-DownGovernancePyramidFrom COBIT 4.1 GuideBy ISACAJanuary 27, 2013A Brief Presentation on IT Governance and COBIT - William F. Slater III10

COBIT Components: TheInterrelationshipsFrom COBIT 4.1 GuideBy ISACAJanuary 27, 2013A Brief Presentation on IT Governance and COBIT - William F. Slater III11

COBIT’s Information Criteria Effectiveness deals with information being relevant and pertinent to the businessprocess as well as being delivered in a timely, correct, consistent and usablemanner.Efficiency concerns the provision of information through the optimal (mostproductive and economical) use of resources.From COBIT 4.1 GuideConfidentiality concerns the protection of sensitive information from By ISACAunauthorized disclosure.Integrity relates to the accuracy and completeness of information as well as to itsvalidity in accordance with business values and expectations.Availability relates to information being available when required by the businessprocess now and in the future. It also concerns the safeguarding of necessaryresources and associated capabilities.Compliance deals with complying with the laws, regulations and contractualarrangements to which the business process is subject, i.e., externally imposedbusiness criteria as well as internal policies.Reliability relates to the provision of appropriate information for management tooperate the entity and exercise its fiduciary and governance responsibilities.January 27, 2013A Brief Presentation on IT Governance and COBIT - William F. Slater III12

Recommendations forCOBIT-based IT Governance COBIT is a mature IT Governance Framework thatoffers many measurable benefits Adoption of COBIT will allow this organization toachieve the following goals– Alignment of IT capabilities with business goals and needs– Establishment of goals, and measurement oandmanagement of IT in a structured way– Increase the value of IT to the organization– Risk reduction– Continual improvement of ITFrom COBIT 4.1 GuideBy ISACAJanuary 27, 2013A Brief Presentation on IT Governance and COBIT - William F. Slater III13

COBIT 4.1 vs. COBIT 5.0 COBIT 5.0 is very similar to COBIT 4.1, exceptthat is more prescriptive on the use ofBalanced Scorecards, measurement,management, and continual improvement.January 27, 2013A Brief Presentation on IT Governance and COBIT - William F. Slater III14

Conclusion IT Governance offers the best hope for well-managed ITResources. IT Governance requires strong management and managementsupport to be successful COBIT is well-structured, easy to follow, and whenimplemented, it will allow this organization to accomplisheach of these objectives:– Alignment of IT capabilities with business goals and needs– Establishment of performance objectives and Measurement ofprogress– Increase the value of IT to the organization– Risk reduction– Continual improvementFrom COBIT 4.1 GuideBy ISACAJanuary 27, 2013A Brief Presentation on IT Governance and COBIT - William F. Slater III15

References ISACA. (2012) The ISACA website. Retrieved from onhttp://ww.isaca.org on December 15, 2012. Simplicable.com (2011). 8 Common IT Governance Pitfalls.Retrieved from www.simplicable.com on May 15, 2011.January 27, 2013A Brief Presentation on IT Governance and COBIT - William F. Slater III16

References ISO. (2006). ISO 17021 - Conformity assessment — Requirements for bodies providing audit and certification ofmanagement systems. Retrieved from http://isiri.org/portal/File/ShowFile.aspx?ID 746a125a-d702-477e-8e23165d321dd57a on July 18, 2011.ISO. (2011). ISO 19011 - Guidelines for auditing management systems. Retrieved 78899282521.pdf on July 18, 2011.LaChapelle, E. (2011). ISO 27001 Lead Auditor Course Material from PECB (www.pecb.org). From a course delivered inDallas, TX in July 2011.Lincke, S. (2011). The Small Business Information Security Workbook. Retrieved fromhttp://itm.iit.edu/netsecure11/SusanLincke SmallBizSecWorkbook.pdf on May 15, 2012.SANS. (2012. SANS IT Audit Courses. Retrieved from http:// it-audit.sans.org on December 14, 2012.Senft, S., et al. (2013). Information Technology Control and Audit, fourth edition.Boca Raton, FL: CRC Press.THEIIA. 2012. The Institute of Internal Auditors. Retrieved from on/pages/cia-certification.aspx on December 16, 2012.Wikipedia. (2012). Information Technology Audit. Retrieved fromhttp://en.wikipedia.org/wiki/Information technology audit on December 15, 2012.Wright, C. S. (2007). A Taxonomy of Information Systems Audits Assessments and Reviews. Retrieved fromhttp://www.sans.org/reading tems-audits-assessmentsreviews 1801 July 23, 2007.January 27, 2013A Brief Presentation on IT Governance and COBIT - William F. Slater III17

COBIT 4.1 vs. COBIT 5.0 COBIT 5.0 is very similar to COBIT 4.1, except that is more prescriptive on the use of Balanced Scorecards, measurement, management, and continual improvement. January 27, 2013 A Brief Pr

Related Books

Banner Health’s Journey Towards Information Governance

Banner Health’s Journey Towards Information Governance

6/7 FÄRGPLOTTER Modell GP-1650/1850 - Furuno

6/7 FÄRGPLOTTER Modell GP-1650/1850 - Furuno

6/7 FÄRGPLOTTER Modell GP-1650W/1850W - Furuno

6/7 FÄRGPLOTTER Modell GP-1650W/1850W - Furuno

User Maunal-iPOLiS Mobile-Android-SWEDISH-v2,6

User Maunal-iPOLiS Mobile-Android-SWEDISH-v2,6

Corporate Data Governance Best Practices

Corporate Data Governance Best Practices

IT Governance Charter

IT Governance Charter

ETHICS, GOVERNANCE AND SUSTAINABILITY

ETHICS, GOVERNANCE AND SUSTAINABILITY

IT GOVERNANCE USING C T AND V IT - csbweb01.uncw.edu

IT GOVERNANCE USING C T AND V IT - csbweb01.uncw.edu

Get started with ServiceNow governance

Get started with ServiceNow governance

IT GOVERNANCE IN DIGITAL TRANSFORMATION A COBIT 5

IT GOVERNANCE IN DIGITAL TRANSFORMATION A COBIT 5

IT Governance Audit with COBIT 5 Framework on DSS Domain

IT Governance Audit with COBIT 5 Framework on DSS Domain

The SAS Title Data Governance Framework: A Blueprint for .

The SAS Title Data Governance Framework: A Blueprint for .

PopularTags

Recent Views