Overview on International Standards and Frameworks COBIT ...
Upcoming SlideShare
Loading in...5
×
 

Overview on International Standards and Frameworks COBIT ...

on

  • 1,530 views

 

Statistics

Views

Total Views
1,530
Views on SlideShare
1,528
Embed Views
2

Actions

Likes
0
Downloads
129
Comments
0

1 Embed 2

http://www.slideshare.net 2

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Overview on International Standards and Frameworks COBIT ... Overview on International Standards and Frameworks COBIT ... Presentation Transcript

    • Overview on International Standards and Frameworks COBIT, ValIT, ITIL, ISO27000 & Co. Jimmy Heschl, CISA, CISM, CGEIT KPMG Austria & COBIT Steering Committee
    • Some Personal Information KPMG Austria Senior Manager IRM - Information Risk Management IT Advisory Implementation of IT governance, based on COSO, COBIT, ITIL, 2700x, … Board member of ISACA Austria Member of the COBIT Steering Committee and Task Force “FF” Book: IT Governance Involved in developing COBIT 4.0 & 4.1 Responsible for COBIT Mapping Project(s) Author of COBIT Mapping – Overview of International IT Guidance, 2nd Edition COBIT Mapping – Mapping of ISO/IEC 17799:2000/5 with COBIT COBIT Mapping – Mapping of ITIL with COBIT Aligning COBIT 4.1, ITIL v3 and ISO/IEC27002 for Business Benefit COBIT for Service Managers … CISA, CISM, CGEIT, ITIL Foundation, ITIL Service Management, ... © 2008 KPMG Austria GmbH, österreichisches Mitglied von KPMG International, einer Genossenschaft schweizerischen Rechts. Alle Rechte vorbehalten. Gedruckt in Österreich. KPMG und das KPMG-Logo sind eingetragene Markenzeichen von KPMG International. Jimmy Heschl 1
    • Standards Demand for compliance Supporting Legislation concerning COBIT Internal Control Over ValIT Financial Reporting ITIL / ISO20000 Risk management ISO2700x Special legislation AS8015 / ISO38500 Your customers ! CMMI Demand for Performance PMBOK ??? PRINCE2 TOGAF … and many more © 2008 KPMG Austria GmbH, österreichisches Mitglied von KPMG International, einer Genossenschaft schweizerischen Rechts. Alle Rechte vorbehalten. Gedruckt in Österreich. KPMG und das KPMG-Logo sind eingetragene Markenzeichen von KPMG International. Jimmy Heschl 2
    • The disaster with the supporting guidance IT requirements and guidance are constantly evolving Organizations have different options Compliance with one framework Compliance with multiple framework Ignore frameworks and re-invent the wheel The guidance differ Level of detail Focus Target audience History Approach The implementation guides and implementation methodologies differ Individuals tend to fight for ‘their’ framework There is no ‘silver bullet’ approach © 2008 KPMG Austria GmbH, österreichisches Mitglied von KPMG International, einer Genossenschaft schweizerischen Rechts. Alle Rechte vorbehalten. Gedruckt in Österreich. KPMG und das KPMG-Logo sind eingetragene Markenzeichen von KPMG International. Jimmy Heschl 3
    • ISO/IEC38500 AS8015 4
    • ISO/IEC38500 / AS8015 “Corporate governance of information Technology” Based on AS8015-2005 Australian Standard for Corporate Governance of Information and Communication Technology (ICT) First Standard on ITG internationally Not requirements based, but principles based © 2008 KPMG Austria GmbH, österreichisches Mitglied von KPMG International, einer Genossenschaft schweizerischen Rechts. Alle Rechte vorbehalten. Gedruckt in Österreich. KPMG und das KPMG-Logo sind eingetragene Markenzeichen von KPMG International. Jimmy Heschl 5
    • Principles Responsibility Responsibility Human Human Strategy Strategy Behaviour Behaviour ICT ICT Governance Governance Conformance Conformance Acquisition Acquisition Performance Performance © 2008 KPMG Austria GmbH, österreichisches Mitglied von KPMG International, einer Genossenschaft schweizerischen Rechts. Alle Rechte vorbehalten. Gedruckt in Österreich. KPMG und das KPMG-Logo sind eingetragene Markenzeichen von KPMG International. Jimmy Heschl 6
    • COBIT 7
    • COBIT COBIT® = Control OBjectives for Information and Related Technology Process-oriented framework for IT Governance Focused on business goals and how IT supports their achievement A tool for Business management IT management IT process managers First developed in 1992 Issued by IT Governance Institute Content is managed by the COBIT Steering Committee Accepted globally as the de facto control framework for IT Governance Documents can be downloaded from www.isaca.org © 2008 KPMG Austria GmbH, österreichisches Mitglied von KPMG International, einer Genossenschaft schweizerischen Rechts. Alle Rechte vorbehalten. Gedruckt in Österreich. KPMG und das KPMG-Logo sind eingetragene Markenzeichen von KPMG International. Jimmy Heschl 8
    • COBIT Framework © 2008 KPMG Austria GmbH, österreichisches Mitglied von KPMG International, einer Genossenschaft schweizerischen Rechts. Alle Rechte vorbehalten. Gedruckt in Österreich. KPMG und das KPMG-Logo sind eingetragene Markenzeichen von KPMG International. Jimmy Heschl 9
    • COBIT IT Process Plan and Organise PO1 Define a strategic IT plan PO2 Define the information architecture PO3 Determine technological direction PO4 Define the IT processes, organisation and Monitor and Evaluate INFORMATION relationships PO5 Manage the IT investment ME1 Monitor and evaluate IT performance • Efficiency PO6 Communicate management aims and direction ME2 Monitor and evaluate internal control • Effectiveness PO7 Manage IT human resources ME3 Ensure regulatory compliance • Confidentiality PO8 Manage quality ME4 Provide IT governance • Integrity • Availability PO9 Assess and manage IT risks • Compliance PO10 Manage projects Monitor and • Reliability Evaluate Plan and Organise IT RESSOURCES • Applications • Information • Infrastructure • People Deliver and Support Deliver and DS1 Define and manage service levels Support DS2 Manage third-party services Acquire and Acquire and Implement DS3 Manage performance and capacity Implement AI1 Identify automated solutions DS4 Ensure continuous service AI2 Acquire and maintain application software DS5 Ensure systems security AI3 Acquire and maintain technology infrastructure DS6 Identify and allocate costs AI4 Enable operation and use DS7 Educate and train users AI5 Procure IT resources DS8 Manage service desk and incidents AI6 Manage changes DS9 Manage the configuration AI7 Install and accredit solutions and changes DS10 Manage problems DS11 Manage data DS12 Manage the physical environment DS13 Manage operations © 2008 KPMG Austria GmbH, österreichisches Mitglied von KPMG International, einer Genossenschaft schweizerischen Rechts. Alle Rechte vorbehalten. Gedruckt in Österreich. KPMG und das KPMG-Logo sind eingetragene Markenzeichen von KPMG International. Jimmy Heschl 10
    • COBIT – Components and interrelationships achieve Business Goals achieve define IT Goals Framework define IT Processes co audite n n into tro n dow broke lle by d d with d by re Key su Value ea Activities m Drivers Control derived Control why Outcome from Objectives performed by Tests Risk ce im for outcome fo an Drivers ith ple rm rm w m d at fo wi en te ur er th ted di rp it au y fo Performance Control based RACI Chart Outcome Maturity Control Indicators Design on Measures Models Practices Tests © 2008 KPMG Austria GmbH, österreichisches Mitglied von KPMG International, einer Genossenschaft schweizerischen Rechts. Alle Rechte vorbehalten. Gedruckt in Österreich. KPMG und das KPMG-Logo sind eingetragene Markenzeichen von KPMG International. Jimmy Heschl 11
    • ValIT 12
    • A New Perspective IT Investments Investments in IT-enabled Change Source: John Thorp © 2008 KPMG Austria GmbH, österreichisches Mitglied von KPMG International, einer Genossenschaft schweizerischen Rechts. Alle Rechte vorbehalten. Gedruckt in Österreich. KPMG und das KPMG-Logo sind eingetragene Markenzeichen von KPMG International. Jimmy Heschl 13
    • The Four “Ares”- continually asking: Strategy: Strategy: Architecure: Architecure: Are we doing Are we doing Are we doing Are we doing the right the right them the right them the right things? things? way? way? Value: Value: Delivery: Delivery: Are we Are we Are they Are they getting the getting the getting done getting done benefits? benefits? well? well? © 2008 KPMG Austria GmbH, österreichisches Mitglied von KPMG International, einer Genossenschaft schweizerischen Rechts. Alle Rechte vorbehalten. Gedruckt in Österreich. KPMG und das KPMG-Logo sind eingetragene Markenzeichen von KPMG International. Jimmy Heschl 14
    • Keys to Success: Val IT Principles Results CIO Interviews IT-enabled investments will be managed as a portfolio of investments. IT-enabled investments will include the full scope of activities that are required to achieve business value. IT-enabled investments will be managed through their full economic life cycle. Value delivery practices will recognize that there are different categories of investments that will be evaluated and managed differently. Value delivery practices will define and monitor key metrics and will respond quickly to any changes or deviations. Value delivery practices will engage all stakeholders and assign appropriate accountability for the delivery of capabilities and the realization of business benefits. Value delivery practices will be continually monitored, evaluated and improved. © 2008 KPMG Austria GmbH, österreichisches Mitglied von KPMG International, einer Genossenschaft schweizerischen Rechts. Alle Rechte vorbehalten. Gedruckt in Österreich. KPMG und das KPMG-Logo sind eingetragene Markenzeichen von KPMG International. Jimmy Heschl 15
    • Val IT Initiative- Deliverables Available for free download from: www.isaca.org or www.itgi.org © 2008 KPMG Austria GmbH, österreichisches Mitglied von KPMG International, einer Genossenschaft schweizerischen Rechts. Alle Rechte vorbehalten. Gedruckt in Österreich. KPMG und das KPMG-Logo sind eingetragene Markenzeichen von KPMG International. Jimmy Heschl 16
    • ITIL v2 ITIL v3 17
    • ITIL v2 IT Infrastructure Library Consists of numerous books 2 Books are used Issued by OGC Best practice for IT service management Certification Personnel Organizations • BS15000 • ISO20000 ITIL v3 © 2008 KPMG Austria GmbH, österreichisches Mitglied von KPMG International, einer Genossenschaft schweizerischen Rechts. Alle Rechte vorbehalten. Gedruckt in Österreich. KPMG und das KPMG-Logo sind eingetragene Markenzeichen von KPMG International. Jimmy Heschl 18
    • ITIL v2 Overview © 2008 KPMG Austria GmbH, österreichisches Mitglied von KPMG International, einer Genossenschaft schweizerischen Rechts. Alle Rechte vorbehalten. Gedruckt in Österreich. KPMG und das KPMG-Logo sind eingetragene Markenzeichen von KPMG International. Jimmy Heschl 19
    • ISO20000 Management System for Service Management Management‘s responsibility Documentation Competencies, Awareness, Trainings ITSM Implementation • Plan, Do, Check, Act Scope Based on ITIL v2 Processes • Service Delivery • Service Support Additional processes • Relationship management - Business relations - Supplier relationship • Information security management © 2008 KPMG Austria GmbH, österreichisches Mitglied von KPMG International, einer Genossenschaft schweizerischen Rechts. Alle Rechte vorbehalten. Gedruckt in Österreich. KPMG und das KPMG-Logo sind eingetragene Markenzeichen von KPMG International. Jimmy Heschl 20
    • ITIL – Version 3 SERVICE STRATEGY SERVICE DESIGN • Financial Management • Service Catalogue Management • Return on Investment • Service Level Management • Service Portfolio Mgmnt • Capacity Management • Demand Management • Availability Management • IT Service Continuity Management • Information Security Management • Supplier Management SERVICE TRANSITION • Transition Planning and Support • Change Management SERVICE OPERATION • Service Asset & Configuration • Event Management Management • Incident Management • Release & Deployment • Request Fulfilment CONTINUAL SERVICE Management • Problem Management IMPROVEMENT • Service Validation • Access Management • Evaluation • 7-Step Improvement Process • Knowledge Management © 2008 KPMG Austria GmbH, österreichisches Mitglied von KPMG International, einer Genossenschaft schweizerischen Rechts. Alle Rechte vorbehalten. Gedruckt in Österreich. KPMG und das KPMG- Logo sind eingetragene Markenzeichen von KPMG International. Jimmy Heschl 21
    • ISO/IEC 27002 Issued by ISO Best Practice for Information Security Defines Security Categories Control Objectives Illustrative Controls History CoP for Security Management BS7799 Part 1 ISO/IEC 17799:2000 ISO/IEC 17799:2005 Certification for organizations available ISO/IEC 27001:2005 BS7799 Part 2 © 2008 KPMG Austria GmbH, österreichisches Mitglied von KPMG International, einer Genossenschaft schweizerischen Rechts. Alle Rechte vorbehalten. Gedruckt in Österreich. KPMG und das KPMG- Logo sind eingetragene Markenzeichen von KPMG International. Jimmy Heschl 22
    • There are many, many more of them (NOTE: THIS IS AN INCOMPLETE LIST!) Software Development Architecture Frameworks CMM / CMMI TOGAF TickIT Zachmann V-Model Continuity Management ASF BS25999 ISO 12207 (SW Lifecycle BCI GPG Mgmt) DRII Risk and Security Management Project Management ISO27005 PRINCE2 ISF Framework PMBOK NIST Quality Management GAO ISO9000 PCI SixSigma GBPM WYOWTI © 2008 KPMG Austria GmbH, österreichisches Mitglied von KPMG International, einer Genossenschaft schweizerischen Rechts. Alle Rechte vorbehalten. Gedruckt in Österreich. KPMG und das KPMG- Logo sind eingetragene Markenzeichen von KPMG International. Jimmy Heschl 23
    • Gartner‘s Advise Combine COBIT and ITIL for Powerful IT Governance Strong framework tools are essential for ensuring IT resources are aligned with an enterprise‘s business objectives, and that services and information meet quality, fiduciary and security needs. Bottom Line: COBIT and ITIL are not mutually exclusive and can be combined to provide a powerful IT governance, control and best- practice framework in IT service management. Enterprises that want to put their ITIL program into the context of a wider control and governance framework should use COBIT. Source: Technical Guidelines, TG-16-1849, S.Mingay, S. Bittinger TG- 16- S.Mingay, © 2008 KPMG Austria GmbH, österreichisches Mitglied von KPMG International, einer Genossenschaft schweizerischen Rechts. Alle Rechte vorbehalten. Gedruckt in Österreich. KPMG und das KPMG- Logo sind eingetragene Markenzeichen von KPMG International. Jimmy Heschl 24
    • Forrester‘s Advise Establish frameworks to ease Governance Implementation First COBIT for overall governance Then ITIL for service delivery and management Then ISO 17799 for information security Balanced Scorecard for measurement and communication Source: Helping Business Thrive On Technology Change, A Road Map To Comprehensive IT Governance, Craig Symons © 2008 KPMG Austria GmbH, österreichisches Mitglied von KPMG International, einer Genossenschaft schweizerischen Rechts. Alle Rechte vorbehalten. Gedruckt in Österreich. KPMG und das KPMG- Logo sind eingetragene Markenzeichen von KPMG International. Jimmy Heschl 25
    • Jimmy’s Big Picture Download from www.isaca.org ERM Sarbanes Oxley 8. EU Audit Basel II Directive Solvency II COSO Governance COBIT® Service Management Quality Management Project Management App. Development Risk & Security Management IT Planning COBIT ValIT CMMI Operations IT-Operations SixSigma ISO9000 V- ISO BS PMI ITIL Model 27002 25999 PRINCE2 ISO20000 27001 © 2008 KPMG Austria GmbH, österreichisches Mitglied von KPMG International, einer Genossenschaft schweizerischen Rechts. Alle Rechte vorbehalten. Gedruckt in Österreich. KPMG und das KPMG- Logo sind eingetragene Markenzeichen von KPMG International. Jimmy Heschl 26
    • Jimmy’s Advise Download COBIT publications and the other good practices Switch on your brain and read the guidance available Stop any religious war Get your stakeholders on board Get a clear picture of where you are and where you want to be Define the way to go and clear metrics Do it! Improve IT Prove your improvement © 2008 KPMG Austria GmbH, österreichisches Mitglied von KPMG International, einer Genossenschaft schweizerischen Rechts. Alle Rechte vorbehalten. Gedruckt in Österreich. KPMG und das KPMG- Logo sind eingetragene Markenzeichen von KPMG International. Jimmy Heschl 27
    • When the wind blows, some build walls … … some build windmills. © 2008 KPMG Austria GmbH, österreichisches Mitglied von KPMG International, einer Genossenschaft schweizerischen Rechts. Alle Rechte vorbehalten. Gedruckt in Österreich. KPMG und das KPMG- Logo sind eingetragene Markenzeichen von KPMG International. Jimmy Heschl 28