Slide 1 - ISACA Sri Lanka Chapter
Upcoming SlideShare
Loading in...5
×
 

Slide 1 - ISACA Sri Lanka Chapter

on

  • 505 views

 

Statistics

Views

Total Views
505
Views on SlideShare
505
Embed Views
0

Actions

Likes
0
Downloads
5
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Slide 1 - ISACA Sri Lanka Chapter Slide 1 - ISACA Sri Lanka Chapter Presentation Transcript

  • IT Governance Frameworks Kamal Wickramanayake IT Architect – Software View kamal@swview.org - http://www.swview.org/ ISACA CXO Forum: Business Governance of Information Technology – The CXOs' Perspective 29 th of April, 2009, Hotel Galadari, Colombo, Sri Lanka
  • Special Note Most of the images that were in the original slides were removed before the slides were made public. This was done due to restrictions imposed by copyright and intellectual property laws. Links have been provided at appropriate places so that you can download and view those images from the sources.
  • Your selection?
  • ISO/IEC 38500:2008
    • International Standard for “Corporate governance of Information Technology”
    • Very abstract
  • ISO/IEC 38500:2008 – Model Figure removed before the slides were made available to the public. Interested in looking at it? Follow the steps below: 1. Download the pdf “ITGI Enables IS0-IEC 38500-2008 Adoption” from ISACA web site: http://www.isaca.org/ContentManagement/ContentDisplay.cfm?ContentID=47865 2. Look at Figure 01.
  • ISO/IEC 38500:2008 - Guidance
    • Responsibility
    • Strategy
    • Acquisition
    • Performance
    • Conformance
    • Human Behavior
    Evaluate Direct Monitor
  • COBIT ®
    • Identify controls used in process design to mitigate risks
    • Don't give the details around how to design the controls
  • COBIT ® Characteristics Process Oriented Business Focused Controls Based Measurement Driven
  • COBIT ® – Business Focus Figure removed before the slides were made available to the public. Interested in looking at it? Follow the steps below: 1. Visit http://www.isaca.org/cobit and download the pdf “COBIT 4.1 Executive Summary and Framework”. 2. Look at Figure 06.
  • TOGAF TM – As an EA Framework Figure removed before the slides were made available to the public. Interested in looking at it? Follow the steps below: 1. Visit http://www.opengroup.org/architecture/togaf8-doc/arch/ and click on “Introduction to the ADM” (Link appears under left hand side “Chapter Listing”). 2. Look at the first figure with yellow color circles.
  • COBIT ® Overall Framework
    • Please turn to page no 26 of the booklet “COBIT 4.1 Excerpt”
    • PDF version is available on-line for free
  • Val IT
    • To optimize the realization of value from IT investments
    • Complements COBIT from a business and financial perspective
    • Defines guiding principles, processes, key management practices
  • Val IT – Process Breakdown Figure removed before the slides were made available to the public. Interested in looking at it? Follow the steps below: 1. Download the pdf “The Val IT Framework 2.0 - (Extract)” from ISACA web site: http://www.isaca.org/Template.cfm?Section=COBIT6&Template=/ContentManagement/ContentDisplay.cfm&ContentID=43843 2. Look at Figure 10.
  • ITIL
    • Codifies IT Service Management (ITSM) with service lifecycles, best practices
    • Very much focused on improving the quality of services
  • ITIL - Guidance Service Strategy Service Transition Service Operation Continuous Service Improvement Service Design
  • ISO/IEC 20000:2005
    • International standard for ITSM
    • 20000-1: Identifies standard itself, how to accredit?
    • 20000-2: Code of practice (opportunities for improvement)‏
    • Based on ITIL (v2)‏
  • ISO/IEC 27000:2005
    • International standard for information security
    • 27001: Requirements for the standard
    • 27002: Code of practice
  • ISO 9000, Lean Six Sigma
    • ISO 9000: Help define a quality management system
    • Lean Six Sigma: Combined quality management approach (move faster, create value, reduce defects and rework)‏
  • Your selection?