This document provides an overview of best practices, concepts, frameworks, standards, and methodologies related to enterprise IT governance. It covers key areas such as strategy, continuous improvement, governance, project management, risk management, benefits realization, IT service management, enterprise architecture, quality management, information security, and business continuity. Frameworks mentioned include COBIT, ISO standards, ITIL, TOGAF, PRINCE2, Val IT, and NIST. The CGEIT exam focuses on enterprise IT governance with emphasis on strategic management, benefits realization, and risk optimization.

1. CGEIT
Best Practices
and Concepts
http://80na20.blogspot.com
Strategy
Boston Consulting Group (BSG) Matrix
Balanced Scorecard (BSC)
Key Concepts
SWOT analysis
Gap Analysis
Porter five forces analysis
Ansoff Matrix
Jo-Hari Window
Continuous
Improvement
Cycles
DMAIC Cycle
DMADV Cycle
PDCA Cycle
7 phases of the
Implementation Life Cycle
Boyd Cycle (OODA)
Agility Loops
Governance
COBIT 5
ISO 38500
ISO/IEC 38500:2015
Information technology --
Governance of IT for the organization
ISO/IEC TR 38502:2014
Information technology --
Governance of IT --
Framework and model
ISO 27014:2013
Information technology -- Security techniques
-- Governance of information security
ISO 17998:2012
Information technology -- SOA Governance Framework
SOA - service-oriented architecture
Strategic alignment model (SAM)
Key Concepts
Stakeholders
RACI charts
Project Management
PMBoK
PRINCE2
Managing Successful Programmes (MSP)
Key Concepts
Project, Program, & Portfolio Management
PERT charts
SOW – statement of work
Gantt chart
Risk Management
ISO 31000
ISO 31000:2009, Risk management – Principles
and guidelines, provides principles, framework
and a process for managing risk.
COSO Framework ERM
ISO 27005
ISO/IEC 27005:2011
Information technology -- Security
techniques -- Information security
risk management
RISK IT
Management of Risk (M_o_R)
COBIT5 for Risk
OCTAVE
NIST 800-37 rev.1 Guide for Applying
the Risk Management Framework to
Federal Information Systems: a
Security Life Cycle Approach
NIST 800-39
Managing Information Security Risk: Organization,
Mission, and Information System View
Key Concepts
Business Impact
Key Risk Indicators (KRIs)
Types of risk – quantitative and qualitative
Root cause analysis
Delphi technique
Monte Carlo simulation
Risk Treatments
Avoidance (eliminate, withdraw
from or not become involved)
Reduction (optimize – mitigate)
Sharing (transfer – outsource or insure)
Retention (accept and budget)
...
Benefits realization,
Resource Optimization
Val IT
COBIT5 for Business Benefits Realization
Key Concepts
The Business Case
Cost-benefit analysis (CBA)
Internal rate of return (IRR)
Net present value (NPV)
Payback period
Retorn on investment (ROI)
Total Cost of Ownership (TCO)
Benchmarking
SMART
Metrics, KPI, KGI, CSF
ITSM + Enterprise
Architecture (EA)
ITIL v3
ITIL Service Strategy
ITIL Service Design
ITIL Service Transition
ITIL Service Operation
ITIL Continual Service Improvement (CSI)
ISO 20000
ISO/IEC 20000-1:2011
Information technology -- Service management --
Part 1: Service management system requirements
ISO/IEC 20000-2:2012
Information technology -- Service management
-- Part 2: Guidance on the application of service
management systems
ISO/IEC TR 20000-4:2010
Information technology -- Service management
-- Part 4: Process reference model
...
The Open Group Architecture Framework (TOGAF)
COBIT5 Implementation
Zachman Framework
Quality Management
Six Sigma
ISO 9001ISO 9001:2015
Quality management systems -- Requirements
Total Quality Management (TQM)
EFQM - European Foundation for Quality Management
Information Security
ISO 27001
ISO/IEC 27001:2013
Information technology -- Security techniques --
Information security management systems --
Requirements
ISO/IEC 27002:2013
Information technology -- Security techniques --
Code of practice for information security controls
ISO/IEC 27013:2015
Information technology -- Security techniques --
Guidance on the integrated implementation of
ISO/IEC 27001 and ISO/IEC 20000-1
...
COBIT5 for Information Security
Business Model for Information Security (BMIS)
NIST 800-100 Information Security
Handbook: A Guide for Managers
SABSA (Sherwood Applied Business Security Architecture
http://sabsa.org/
NIST 800-53 rev.4
Security and Privacy Controls for Federal
Information Systems and Organizations
Business
Continuity
ISO 22301
ISO 22301:2012
Societal security -- Business continuity management
systems --- Requirements
ISO 22313:2012
Societal security -- Business continuity management systems -- Guidance
ISO/IEC 27031:2011
Information technology -- Security techniques -- Guidelines
for information and communication technology readiness
for business continuity
BS 25999
ANSI/ASIS/BSI BCM.01.2010
Business Continuity Management Systems:
Requirements with Guidance for Use
NIST SP 800-34 rev.1
Contingency Planning Guide for Federal Information Systems
CMMI and etc
Capability Maturity Model Integration (CMMI)
ISO 15504
ISO/IEC TR 20000-4:2010
Information technology -- Service management
-- Part 4: Process reference model
ISO/IEC 15504-3:2004
Information technology -- Process assessment --
Part 3: Guidance on performing an assessment
COBIT 5 Assessment Programme
Outsoursing
ISO 37500-2014 Guidance on outsourcing
Outsourcing Professional Body of Knowledge - OPBOK Version 10
NOA Outsourcing Life Cycle
NIST 800-35 Guide to Information Technology Security Services
Information Management
COBIT 5 Enabling Information
Key Concepts
DIKW
Other
ASL - Application Services Library
BiSL - Business Information Services Library
eTOM - Enhanced Telecom Operations Map
eSCM - eSourcing Capability Model
ISPL - Information Services Procurement Library
...
Domains
Domain 1: Framework for the Governance of Enterprise IT (25%)
Domain 2: Strategic Management (20%)
Domain 3: Benefits Realization (16%)
Domain 4: Risk Optimization (24%)
Domain 5: Resource Optimization (15%)
mm CGEIT draft.mmap - 16.10.2016 - Mindjet