• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Welingkar Presentation On Cobit And Iso 1799 And Bs 7799
 

Welingkar Presentation On Cobit And Iso 1799 And Bs 7799

on

  • 1,437 views

This presentation, I along with my team mates........ Vishal, Anju, Sonali, Shivangi, Charu, Khyati and Shreeya made to Anand Jangid Sir....... in respect with the subject Governance & Compliance in ...

This presentation, I along with my team mates........ Vishal, Anju, Sonali, Shivangi, Charu, Khyati and Shreeya made to Anand Jangid Sir....... in respect with the subject Governance & Compliance in Trimester 5 in MBA from welingkar on 18th Sept 2009

Statistics

Views

Total Views
1,437
Views on SlideShare
1,428
Embed Views
9

Actions

Likes
0
Downloads
40
Comments
0

3 Embeds 9

http://www.slideshare.net 4
http://www.linkedin.com 4
https://www.linkedin.com 1

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Investors Have Lost Trust and ConfidenceEnronAdelphia CommunicationsXeroxMartha StewartAccounting fraudsRestatementsAccounting irregularities. Activities of both ISACF and the ITGI will be handled by the renamed entity, ensuring that the leading-edge research, publishing andIT governance:IT governance is the responsibility of executives and the board of directors, and consists of the leadership, organisational structures and processes that ensure that the enterprise’s IT sustains and extends the organisation’s strategies and objectives.What is CobitControl Objectives for Information and related Technology (COBIT®) provides good practices across a domain and processframework and presents activities in a manageable and logical structure. COBIT’s good practices represent the consensus of experts.They are strongly focused more on control, less on execution. These practices will help optimise IT-enabled investments, ensureservice delivery and provide a measure against which to judge when things do go wrong.For IT to be successful in delivering against business requirements, management should put an internal control system or frameworkin place. The COBIT control framework contributes to these needs by:• Making a link to the business requirements• Organising IT activities into a generally accepted process model• Identifying the major IT resources to be leveraged• Defining the management control objectives to be consideredImportance of controlsControl - The policies, procedures, practices, and organizational structures designed to provide reasonable assurance that business objectives will be achieved and that undesired events will be prevented or detected and corrected.Increased Government Regulation(s) require focus on Enterprise Risk ManagementCOSO (Committee of Sponsoring Organizations) FrameworkDependence on Financial SystemsIncreased Need for Standard IT Processes and ProjectsRequirements for Enhanced IT Controls
  • Originally COBIT was released and used primarily by the IT assurance community. After the addition of Management Guidelines in 1998, COBIT has become the internationally accepted framework for IT governance and control, providing management tools such as metrics and maturity models to complement the control framework.ISO/IEC 17799:2000-The Code of Practice for Information Security Management is an international standard, based on BS 7799-1. It is presented as best practice for implementing information security management.COBIT by its nature is broader and ISO/IEC 17799 tends to be deeper in the area of security.ISSUER- COBIT IT Governance Institute, USA .ISO/IEC 17799:2000 International Organization for Standardization and International Electrotechnical Commission Joint Technical Committee (ISO/IEC JTC 1), Switzerland

Welingkar Presentation On Cobit And Iso 1799 And Bs 7799 Welingkar Presentation On Cobit And Iso 1799 And Bs 7799 Presentation Transcript

  • Information Security Governance: COBIT or ISO 17799/ BS 7799
    Presented by-
    Abhinav Goyal AnjuBhadoria
    Charu Sharma Khyati Shah
    Shivangi Gupta ShreeyaDhingra
    Sonali Gupta Vishal Jain
  • Fundamentals….
    History Of Cobit
    • ISACF Control Objectives in 1992
    • 1st Edition in 1996
    • 2nd Edition in 1998
    • 3rd Edition in 2000
    • 4th Edition in 2005
    • IT Governance and its importance
    • International Standards
    Cobit is developed by ISACA and the IT Governance Institute (ITGI) in order to implement IT Governance in organizations
    Control Objectives for Information and Related Technology.
    • COBIT Focuses on What – Not How!
    • Proactive, Not Reactive!
    • Adaptable to Organizations
    • Common Sense – maximize benefits of IT while providing IT governance and control.
    Executive Summary - “There is a method…”
    Framework - “The method is…”
    Control Objectives - “The minimum controls are…”
    Audit Guidelines - “Here’s how you audit…”
    Management Guidelines - “Here’s how you measure your performance…”
    Implementation Guide - “Here’s how you implement…”
    The Cobit Model
  • Cobit Framework
    • 4 Domains
    • Plan & Organize (PO)
    • Acquire & Implement (AI)
    • Deliver & Support (DS)
    • Monitor & Evaluate (ME)
    • 34 High Level Control Objectives
    • 215 Detailed Control Objectives
  • Information Criteria:
    Effectiveness
    Efficiency
    Confidentiality
    Integrity
    Availability
    Compliance
    Reliability
    Business Processes
    PO1 Define a Strategic IT Plan
    PO2 Define the Information Architecture
    PO3 Determine Technological Direction
    PO4 Define the IT Organization and Relationships
    PO5 Manage the IT Investment
    PO6 Communicate Management Aims and Direction
    PO7 Manage Human Resources
    PO8 Ensure Compliance with External Requirements
    PO9 Assess Risks
    PO10 Manage Projects
    PO11 Manage Quality
    IT Resources
    Data
    Applications
    Technology
    Facilities
    People
    ME1 Monitor the Process
    ME2 Assess Internal Control Adequacy
    ME3 Obtain Independent Assurance
    ME4 Provide for Independent Audit
    Monitor & Evaluate
    Plan &
    Organize
    DS1 Define and Manage Service Levels
    DS2 Manage Third-Party Services
    DS3 Manage Performance and Capacity
    DS4 Ensure Continuous Service
    DS5 Ensure Systems Security
    DS6 Identify and Allocate Costs
    DS7 Educate and Train Users
    DS8 Assist and Advise Customers
    DS9 Manage the Configuration
    DS10 Manage Problems and Incidents
    DS11 Manage Data
    DS12 Manage Facilities
    DS13 Manage Operations
    Deliver &
    Support
    Acquire &
    Implement
    AI1 Identify Automated Solutions
    AI2 Acquire and Maintain Application Software
    AI3 Acquire and Maintain Technology Infrastructure
    AI4 Develop and Maintain Procedures
    AI5 Install and Accredit Systems
    AI6 Manage Changes
    • Management
    • Describes what needs to be taken into account when making IT related decisions and investments; helps balance risk and control investment.
    • IT Providers
    • Provides clear expectations on minimum controls in IT environments
    • IT Users
    • Assurance over security and controls (internal & external providers)
    • Auditors
    • List of control objectives and minimum controls
    • Substantiation of opinion
    • Self Assessment Tool for All Groups
    Users of COBIT
  • BS 7799
    ISO 17799
    INTRODUCTION
  • ISO 17799 / BS 7799
    SECURITY PARAMETERS
    ORGANISATIONAL AND INFORMATION SECURITY
    STRUCTURE
    RISK ASSESSMENT AND TREATMENT
    ASSET MANAGEMENT
    SECURITY POLICY
    HUMAN RESOURCE SECURITY
  • ISO 17799 / BS 7799
    PHYSICAL SECURITY
    ACQUISITION, DEVELOPMENT AND MAINTAINANCE
    COMMUNICATION AND OPERATIONAL SECURITY
    INCIDENTAL MANAGEMENT
    BUSINESS CONTINUITY
    ACCESS CONTROL
    INFORMATION SYSTEMS
    COMPLIANCE
  • ISO 17799
  • ISO 17799 Overview
  • ISO 17799 modules
  • ISO 17799 Controls
  • ISO 17799 Controls
  • ISO 17799 Controls
  • ISO 17799 Controls
  • Differences
  • Differences
  • What do we want to achieve with IT?
  • How we can achieve these IT goals
  • How we can achieve these IT goals
  • How we can achieve these IT goals:Where are the methods strong in?
  • How can we achieve these IT goals:continuous IT improvement
  • ThankYou