SlideShare a Scribd company logo

PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500

PECB
PECB

This document discusses how COBIT 5 and ISO 38500 can be aligned for effective IT governance. It provides an overview of COBIT 5 including its product family, principles, processes, and implementation guidance. It also summarizes ISO 38500 and its six principles for corporate governance of IT. The document emphasizes that both frameworks take a holistic approach to IT governance covering the entire enterprise and can be used together to establish effective IT governance.

Education
1 of 40
Aligning COBIT 5 and ISO 385000 for Effective IT Governance By Orlando Olumide Odejide www.pecb.com www.trainingheights.net 38500
Summary • What does COBIT have to offer and what is contained in the extensive body of knowledge called COBIT 5. • What is complementary that ISO 38500 brings to an organization.
COBIT 5 Product Family • COBIT 5 framework is built on 5 basic principles, which are covered in detail, and includes extensive guidance on enablers for governance and management of enterprise IT. • COBIT 5 Product Family include various products which include: – COBIT 5 Framework. – COBIT Enabler Guides (Enabling Process, Enabling Information). – COBIT 5 Professional Guides (Implementation, Information Security, Assurance and Risk).
COBIT 5 Product Family 4 Source: COBIT® 5, figure 11. © 2012 ISACA® All rights reserved.
Information • Information is a key resource for all enterprises, and from the time that information is created to the moment that it is destroyed, technology plays a significant role. • Information technology in increasingly advanced and has become pervasive in enterprises and in social, public and business environments.
Business Concerns • Maintain high-quality information to support business decisions • Generate business value from IT-enabled investments i.e. achieve strategic goals and realize business benefits through effective and innovative use of IT. • Achieve operational excellence through the reliable and efficient application of technology. • Maintain IT-related risk at an acceptable level. • Optimize the cost of IT services and technology. • Comply with ever-increasing relevant laws, regulations, contractual agreements and policies.
Major drivers for the development of COBIT 5 are: 1. Provide more stakeholders a say in determining what they expect from information and related technology (what benefits, at what acceptable level of risk and at what costs) and what their priorities are in ensuring that expected value is actually being delivered. 2. Address the increasing dependency of enterprise success on external business and IT parties such as outsourcers, suppliers, consultants, cloud and other service providers, on a diverse set of internal means and mechanism to deliver the expected value. 3. Deal with the amount of information, which has increased significantly. How do enterprises select the relevant and credible information that will lead to effective and efficient business decisions. 4. Deal with much more pervasive IT, it is more and more an integral part of the business. Often, it is no longer satisfactory to have IT separate even if it is aligned to the business. 5. Provide further guidance in the area of innovation and emerging technologies; this is about creativity, inventiveness, developing new products, making the existing products more compelling to customers and reaching new types of customers.
5 Principles • Meeting Stakeholder Needs • Covering the Enterprise End-to-end • Applying a Single Integrated Framework • Enabling a Holistic Approach • Separating Governance from Management
Principle 1: Meeting Stakeholder Needs • Enterprises exist to create value for their stakeholders. • Value Creation is a Governance objective for every organization. • Value creation means realizing benefits at an optimal resource cost while optimizing risk. • Benefits may take many forms e.g. financial for commercial enterprises or public service fir government entities. • Governance is about negotiating and deciding amongst different stakeholders’ value interests. • Governance system should consider all stakeholders when making benefit, risk and resource assessment decisions.
COBIT Goals Cascade • Stakeholder Drivers Influence Stakeholder Needs • Stakeholder Needs Cascade to Enterprise Goals • Enterprise Goals Cascade to IT-related Goals • IT-related Goals cascade to Enabler Goals COBIT has borrowed from Balanced Scorecard and has aligned both its Enterprise and IT-related Goals to the 4 Balanced Scorecard Perspectives. COBIT has a list of 17 Enterprise Goals that is vastly applicable to every kind of organization. COBIT also has a list of 17 IT-related Goals that is applicable to every size and type of IT organization. COBIT also has an extensive list if 22 business needs.
Covering the Enterprise End-To-End • COBIT 5 addresses the governance and management of information and related technology from an enterprise wide end-to-end perspective. • COBIT 5 integrated governance of enterprise IT into enterprise governance. That is, the governance system for enterprise IT proposed by COBIT 5 integrates seamlessly in any governance system. COBIT 5 aligns with the latest views on governance. • Covers all functions and processes required to govern and manage enterprise information and related technologies wherever that information maybe processed. Given this extended enterprise scope, COBIT 5 addresses all the relevant internal and external IT services, as well as internal and external business processes.
Governance Approach • Governance Approach includes the Governance Enablers and Governance Scope. • Owners and Stakeholders Delegate to the Governing Body and there are in turn Accountable to them. • Governing Body Set the Direction for Management and they also are in turn Monitor them. • Management Instructs and Aligns Operations and Execution and they in turn Report to them.
Principle 3: Applying a Single Integrated Framework • It aligns with other latest relevant standards and framework, and thus allows the enterprise to use COBIT 5 as the overarching governance and management framework integrator. • It is complete in enterprise coverage, providing a basis to integrate effectively other frameworks, standards and practices used. • A single overarching framework serves as a consistent and integrated source of guidance in a non-technical, technology- agnostic common language. • It provides a simple architecture for structuring guidance materials and producing consistent product set. • It integrated and knowledge previously dispersed over different ISACA frameworks. ISACA has researched the key areas of enterprise governance for many years and has developed frameworks such as COBIT, VAL IT, Risk IT, BMIS and ITAF to provide guidance and assistance to enterprises. COBIT 5 is a single and integrated framework because:
Principle 4: Enabling a Holistic Approach • Principles, policies and frameworks are the vehicle to translate he desired behavior into practical guidance for day-to-day management. • Processes describe an organized set of practices and activities to achieve certain objectives and produce a set of outputs in support of achieving overall IT-related goals. • Organisational Structures are the key decision-making entities in an enterprise. • Culture, ethics and behavior of individuals and of the enterprise are very often underestimated as a success factor in governance and management activities. • Information is pervasive throughout any organization and includes all information produced and used by the enterprise. Information is very often the key product of the enterprise itself. • Services, Infrastructure and Application include the Infrastructure, Technology and Applications that provide the enterprise with Information Technology processing and services. • People, Skills and competencies are linked to people and are required for successful completion of all activities and for making correct decisions and taking corrective actions. COBIT 5 Enablers (7)
7 Enablers in a Diagram.
COBIT 5 Enabling Process
Principle 5: Separating Governance from Management • The COBIT 5 framework makes clear distinction between governance and management. These 2 disciples encompass different types of activities, require different organizational structures and serve different purposes. • The COBIT 5 view on this key distinction between governance and management is: – Governance ensures that stakeholders needs, conditions and options are evaluated to determine balanced, agreed-on enterprise objectives to be achieved; setting direction through prioritization and decision making; and monitoring performance and compliance against agreed-on direction and objectives. – Management plans, builds, runs and monitors activities in alignment with the direction set by the governance body to achieve the enterprise objectives. Governance and Management
COBIT Governance and Management Key Areas
37 Processes for Governance and Management of Enterprise IT (Process Reference Model)
Implementation Guidance • Optimal value can be realized from leveraging COBIT only if it effectively adopted and adapted to suit each enterprise's unique environment. • Each implementation approach will also need to address specific challenges, including managing changes to culture and behavior. • The implementation guidance allows – Making a business case for the implementation and improvement of governance and management of IT – Recognizing typical pain points and trigger events – Creating the appropriate environment for implementation – Leveraging COBIT to identify gaps and guide the development of enablers such as policies, processes, principles, organizational structures, roles and responsibilities. Introduction
Key success factors for successful implementation include: • Top Management providing the direction and mandate for the initiative, as well as visible ongoing commitment and support. • All parties supporting the governance and management processes to understand the business and IT objectives. • Ensuring effective communication and enablement of necessary changes • Tailoring COBIT and other supporting good practices and standards to fit the unique context of the enterprise • Focusing on quick wins and prioritizing the most beneficial improvements that are easiest to implement.
Enterprise Context • Ethics and Culture • Applicable Laws, regulations and policies • Mission, vision and values • Governance policies and practices • Business plans and strategic intentions • Operating model and level of maturity • Management Style • Risk Appetite • Capabilities and available resources • Industry practices Factors in the Internal an External Enterprise Environment
7 Phases of the Implementation Lifecycle
COBIT 5 Process Capability Model
6 Levels of Capability Level Attributes Description 0 = Incomplete 0 Attribute The process is not implemented or fails to achieve its intended purpose. 1 = Performed 1 Attribute The implemented process achieves its process purpose. 2 = Managed 2 Attribute The previously described performed process is now implemented in a managed fashion and its work products are appropriately established, controlled and maintained. 3 = Established 3 Attribute The previously described managed process is now implemented using a defined process that is a capable of achieving its process outcomes. 4 = Predictable 4 Attribute The previously described established process now operates within defined limits to achieve its process outcomes. 5 = Optimizing 5 Attribute The previously described predictable process is continuously improved to meet relevant current and projected business goals.
ISO 38500: Corporate Governance for the Management of IT • The objective of ISO 38500 is to provide a structure of principles for directors (including owners, board members, directors, partners and senior executives) to use when evaluating, directing and monitoring the use of IT in their organizations. • This standard provides a structure for effective governance of IT to assist those at the highest level of organizations to understand and fulfill their legal, regulatory and ethical obligations regarding their organizations’ use of IT. • The scope of the standard is to provide guiding principles for directors of organizations on the effective, efficient and acceptable use of IT within their organizations. • It is applicable for all organizations, from the smallest to the largest, regardless of purpose, design or ownership structure.
The Model • Evaluate the current and future use of IT. • Direct preparation and implementation of plans and policies to ensure that the use of IT meets business objectives. • Monitor conformance to policies and performance against the plans. • The standard sets out six principles for good corporate governance of IT. • The principles express preferred behavior to guide decision making. • The statement of each principle refers to what should happen, but does not prescribe how, when or by whom the principles would be implemented; these aspects are dependent on the nature of the organization implementing the principles. It is similar to a capability maturity model description of an ideal state. • Each of the principles is then tied into the model to provide a best practice for each principle, see the image next. Directors should govern IT through three main tasks:
Model
Principle 1: Responsibility • The business (customer) and IT (provider) should collaborate in a partnership model utilising effective communications based on a positive and trusted relationship and demonstrating clarity regarding responsibility and accountability. • For larger enterprises, an IT executive committee (also referred to as the IT strategy committee) acting on behalf of the board and chaired by a board member is a very effective mechanism for evaluating, directing and monitoring the use of IT in the enterprise and for advising the board on critical IT issues. • Directors of small and medium-sized enterprises with a simpler command structure and shorter communication paths need to take a more direct approach when overseeing IT activities. • In all cases, appropriate governance organisational structures, roles and responsibilities are required to be mandated from the governing body, providing clear ownership and accountability for important decisions and tasks. • This should include relationships with key third-party IT service providers.
Principle 2: Strategy • IT strategic planning is a complex and critical undertaking requiring close co-ordination amongst enterprise wide business unit and IT strategic plans. • It is also vital to prioritize the plans most likely to achieve the desired benefits and to allocate resources effectively. • High-level goals need to be translated into achievable tactical plans, ensuring minimal failures and surprises. • The goal is to deliver value in support of strategic objectives while considering the associated risk in relation to the board’s risk appetite. • While it is important to cascade plans in a top-down fashion, the plans must also be flexible and adaptable to meet rapidly changing business requirements and IT opportunities.
Principle 2: Strategy Continued • Furthermore, the presence or absence of IT capabilities can either enable or hinder business strategies; therefore, IT strategic planning should include transparent and appropriate planning of IT capabilities. • This should include assessment of the ability of the current IT infrastructure and human resources to support future business requirements and consideration of future technological developments that might enable competitive advantage and/or optimize costs. • IT resources include relationships with many external product vendors and service providers, some of whom likely play a critical role in supporting the business. • Governance of strategic sourcing is thus a very significant strategic planning activity requiring executive-level direction and oversight.
Principle 3: Acquisition • IT solutions exist to support business processes and therefore care must be taken to not consider IT solutions in isolation or as just a ‘technology’ project or service. • On the other hand, an inappropriate choice of technology architecture, a failure to maintain a current and appropriate technical infrastructure, or an absence of skilled human resources can result in project failure, an inability to sustain business operations or a reduction in value to the business. • Acquisitions of IT resources should be considered as a part of wider IT-enabled business change. The acquired technology must also support and operate with existing and planned business processes and IT infrastructures. • Implementation is also not just a technology issue, but rather a combination of organisational change, revised business processes, training and enabling the change. • Therefore, IT projects should be undertaken as part of wider enterprisewide change programmes that include other projects satisfying the full range of activities required to help ensure a successful outcome.
Principle 4: Performance • Effective performance measurement depends on two key aspects being addressed: the clear definition of performance goals and the establishment of effective metrics to monitor achievement of goals. • A performance measurement process is also required to help ensure that performance is monitored consistently and reliably. • Effective governance is achieved when goals are set from the top down and aligned with high-level, approved business goals, and metrics are established from the bottom up and aligned in a way that enables the achievement of goals at all levels to be monitored by each layer of management. • Two critical governance success factors are the approval of goals by stakeholders, and the acceptance of accountability for achievement of goals by directors and managers. • IT is a complex and technical topic; therefore, it is important to achieve transparency by expressing goals, metrics and performance reports in language meaningful to the stakeholders so that appropriate actions can be taken.
Principle 5: Conformance • In today’s global marketplace, enabled by the Internet and advanced technologies, enterprises need to comply with a growing number of legal and regulatory requirements. • Because of corporate scandals and financial failures in recent years, there is a heightened awareness in the boardroom of the existence and implications of tougher laws and regulations. • Stakeholders require increased assurance that enterprises are complying with laws and regulations and conforming to good corporate governance practice in their operating environment. • In addition, because IT has enabled seamless business processes between enterprises, there is also a growing need to help ensure that contracts include important IT-related requirements in areas such as privacy, confidentiality, intellectual property and security.
Principle 5: Conformance Continued • Directors need to ensure that compliance with external requirements is dealt with as a part of strategic planning rather than as a costly afterthought. • They also need to set the tone at the top and establish policies and procedures for their management and staff to follow, to ensure that the goals of the enterprise are realised, risk is minimised and compliance is achieved. • Top management must strike an appropriate balance between performance and conformance, ensuring that performance goals do not jeopardise compliance and, conversely, that the conformance regime is appropriate and does not overly restrict the operation of the business.
Principle 6: Human Behaviour • The implementation of any IT-enabled change, including IT governance itself, usually requires significant cultural and behavioral change within enterprises as well as with customers and business partners. • This can create fear and misunderstanding amongst staff, so implementation needs to be managed carefully if personnel are to remain positively engaged. • Directors must clearly communicate goals and be seen as positively supporting the proposed changes. Training and skills enhancement of personnel are key aspects of change— especially given the rapidly moving nature of technology. • People are affected by IT at all levels in an enterprise, as stakeholders, managers and users, or as specialists providing IT-related services and solutions to the business.
Principle 6: Human Behavior Continued • Beyond the enterprise, IT affects customers and business partners and increasingly enables self-service and automated intercompany transactions within countries and across borders. • While IT-enabled business processes bring new benefits and opportunities, they also carry increasing types of risk. • Issues such as privacy and fraud are growing concerns for individuals, and these and other types of risk need to be managed if people are to trust the IT systems they use. • Information systems can also dramatically affect working practices by automating manual procedures.
ISO 38500 (Evaluate, Direct and Monitor) • COBIT in itself enables good governance. • The Governance domain in the COBIT process model had five processes, and each of these processes has EDM practices defined. • This is the main location in COBIT 5 where governance- related activities are defined.
Effective IT Governance = COBIT 5+ ISO 38500.
Thank You and Questions orlando@trainingheights.net N.B: Some Content, Diagrams and Trademarks belong to ISACA COBIT and ISO 38500 Documents.

Recommended

Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001PECB
 
ISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
cobit 2019 presentation.pdf
cobit 2019 presentation.pdfcobit 2019 presentation.pdf
cobit 2019 presentation.pdfmohammed539963
 
COBIT 2019 Overview_v1.1.pdf
COBIT 2019 Overview_v1.1.pdfCOBIT 2019 Overview_v1.1.pdf
COBIT 2019 Overview_v1.1.pdfMartinPatrici
 
An Introduction to IT Management with COBIT 2019
An Introduction to IT Management with COBIT 2019An Introduction to IT Management with COBIT 2019
An Introduction to IT Management with COBIT 2019Gregor Polančič
 
Cobit 5 - An Overview
Cobit 5 - An OverviewCobit 5 - An Overview
Cobit 5 - An OverviewAnurag Purohit
 
ISO 27005:2022 Overview 221028.pdf
ISO 27005:2022 Overview 221028.pdfISO 27005:2022 Overview 221028.pdf
ISO 27005:2022 Overview 221028.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Cobit 2019 framework by ISACA
Cobit 2019 framework by ISACACobit 2019 framework by ISACA
Cobit 2019 framework by ISACAMDFazlaRabbiAbir
 

Recommended

Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001PECB
 
ISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
cobit 2019 presentation.pdf
cobit 2019 presentation.pdfcobit 2019 presentation.pdf
cobit 2019 presentation.pdfmohammed539963
 
COBIT 2019 Overview_v1.1.pdf
COBIT 2019 Overview_v1.1.pdfCOBIT 2019 Overview_v1.1.pdf
COBIT 2019 Overview_v1.1.pdfMartinPatrici
 
An Introduction to IT Management with COBIT 2019
An Introduction to IT Management with COBIT 2019An Introduction to IT Management with COBIT 2019
An Introduction to IT Management with COBIT 2019Gregor Polančič
 
Cobit 5 - An Overview
Cobit 5 - An OverviewCobit 5 - An Overview
Cobit 5 - An OverviewAnurag Purohit
 
ISO 27005:2022 Overview 221028.pdf
ISO 27005:2022 Overview 221028.pdfISO 27005:2022 Overview 221028.pdf
ISO 27005:2022 Overview 221028.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Cobit 2019 framework by ISACA
Cobit 2019 framework by ISACACobit 2019 framework by ISACA
Cobit 2019 framework by ISACAMDFazlaRabbiAbir
 
HITRUST 101: All the basics you need to know
HITRUST 101: All the basics you need to knowHITRUST 101: All the basics you need to know
HITRUST 101: All the basics you need to know➲ Stella Bridges
 
CISA Training - Chapter 1 - 2016
CISA Training - Chapter 1 - 2016CISA Training - Chapter 1 - 2016
CISA Training - Chapter 1 - 2016Hafiz Sheikh Adnan Ahmed
 
Understanding IT Governance and Risk Management
Understanding IT Governance and Risk ManagementUnderstanding IT Governance and Risk Management
Understanding IT Governance and Risk Managementjiricejka
 
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise ITCOBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise ITMark Constable
 
CISA Training - Chapter 4 - 2016
CISA Training - Chapter 4 - 2016CISA Training - Chapter 4 - 2016
CISA Training - Chapter 4 - 2016Hafiz Sheikh Adnan Ahmed
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Dinesh O Bareja
 
Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Hendri Eka Saputra
 
IT Governance Framework
IT Governance FrameworkIT Governance Framework
IT Governance FrameworkSherri Booher
 
CISA Training - Chapter 3 - 2016
CISA Training - Chapter 3 - 2016CISA Training - Chapter 3 - 2016
CISA Training - Chapter 3 - 2016Hafiz Sheikh Adnan Ahmed
 
COBIT 5.0 Vs ISO / IEC 38500 (IT Governance)
COBIT 5.0 Vs ISO / IEC 38500 (IT Governance)COBIT 5.0 Vs ISO / IEC 38500 (IT Governance)
COBIT 5.0 Vs ISO / IEC 38500 (IT Governance)ISACA Riyadh
 
Introduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementIntroduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementChristian F. Nissen
 
IT Governance Made Easy
IT Governance Made EasyIT Governance Made Easy
IT Governance Made EasyJerry Bishop
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementationRalf Braga
 
COBIT®5 - Assessor
COBIT®5 - AssessorCOBIT®5 - Assessor
COBIT®5 - AssessorMirosław Dąbrowski C-level IT manager, CEO, Agile, ICF Coach, Speaker
 
Iso 20000 standard implementation
Iso 20000 standard implementationIso 20000 standard implementation
Iso 20000 standard implementationIITSW Company
 
Qap cobit2019-20181111
Qap cobit2019-20181111Qap cobit2019-20181111
Qap cobit2019-20181111Patrick Soenen
 
IT Governance – The missing compass in a technology changing world
IT Governance – The missing compass in a technology changing world IT Governance – The missing compass in a technology changing world
IT Governance – The missing compass in a technology changing worldPECB
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 ismsCraig Willetts ISO Expert
 
CISA Training - Chapter 5 - 2016
CISA Training - Chapter 5 - 2016CISA Training - Chapter 5 - 2016
CISA Training - Chapter 5 - 2016Hafiz Sheikh Adnan Ahmed
 
Initiating IT Governance Strategy to Identify Business Needs
Initiating IT Governance Strategy to Identify Business NeedsInitiating IT Governance Strategy to Identify Business Needs
Initiating IT Governance Strategy to Identify Business NeedsPECB
 
COBIT 5 IT Governance Model: an Introduction
COBIT 5 IT Governance Model: an IntroductionCOBIT 5 IT Governance Model: an Introduction
COBIT 5 IT Governance Model: an Introductionaqel aqel
 

More Related Content

What's hot

HITRUST 101: All the basics you need to know
HITRUST 101: All the basics you need to knowHITRUST 101: All the basics you need to know
HITRUST 101: All the basics you need to know➲ Stella Bridges
 
Understanding IT Governance and Risk Management
Understanding IT Governance and Risk ManagementUnderstanding IT Governance and Risk Management
Understanding IT Governance and Risk Managementjiricejka
 
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise ITCOBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise ITMark Constable
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Dinesh O Bareja
 
Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Hendri Eka Saputra
 
IT Governance Framework
IT Governance FrameworkIT Governance Framework
IT Governance FrameworkSherri Booher
 
COBIT 5.0 Vs ISO / IEC 38500 (IT Governance)
COBIT 5.0 Vs ISO / IEC 38500 (IT Governance)COBIT 5.0 Vs ISO / IEC 38500 (IT Governance)
COBIT 5.0 Vs ISO / IEC 38500 (IT Governance)ISACA Riyadh
 
Introduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementIntroduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementChristian F. Nissen
 
IT Governance Made Easy
IT Governance Made EasyIT Governance Made Easy
IT Governance Made EasyJerry Bishop
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementationRalf Braga
 
Iso 20000 standard implementation
Iso 20000 standard implementationIso 20000 standard implementation
Iso 20000 standard implementationIITSW Company
 
Qap cobit2019-20181111
Qap cobit2019-20181111Qap cobit2019-20181111
Qap cobit2019-20181111Patrick Soenen
 
IT Governance – The missing compass in a technology changing world
IT Governance – The missing compass in a technology changing world IT Governance – The missing compass in a technology changing world
IT Governance – The missing compass in a technology changing worldPECB
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA
 

What's hot (20)

HITRUST 101: All the basics you need to know
HITRUST 101: All the basics you need to knowHITRUST 101: All the basics you need to know
HITRUST 101: All the basics you need to know
 
CISA Training - Chapter 1 - 2016
CISA Training - Chapter 1 - 2016CISA Training - Chapter 1 - 2016
CISA Training - Chapter 1 - 2016
 
Understanding IT Governance and Risk Management
Understanding IT Governance and Risk ManagementUnderstanding IT Governance and Risk Management
Understanding IT Governance and Risk Management
 
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise ITCOBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
 
CISA Training - Chapter 4 - 2016
CISA Training - Chapter 4 - 2016CISA Training - Chapter 4 - 2016
CISA Training - Chapter 4 - 2016
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing
 
Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)
 
IT Governance Framework
IT Governance FrameworkIT Governance Framework
IT Governance Framework
 
CISA Training - Chapter 3 - 2016
CISA Training - Chapter 3 - 2016CISA Training - Chapter 3 - 2016
CISA Training - Chapter 3 - 2016
 
COBIT 5.0 Vs ISO / IEC 38500 (IT Governance)
COBIT 5.0 Vs ISO / IEC 38500 (IT Governance)COBIT 5.0 Vs ISO / IEC 38500 (IT Governance)
COBIT 5.0 Vs ISO / IEC 38500 (IT Governance)
 
Introduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementIntroduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT management
 
IT Governance Made Easy
IT Governance Made EasyIT Governance Made Easy
IT Governance Made Easy
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementation
 
COBIT®5 - Assessor
COBIT®5 - AssessorCOBIT®5 - Assessor
COBIT®5 - Assessor
 
Iso 20000 standard implementation
Iso 20000 standard implementationIso 20000 standard implementation
Iso 20000 standard implementation
 
Qap cobit2019-20181111
Qap cobit2019-20181111Qap cobit2019-20181111
Qap cobit2019-20181111
 
IT Governance – The missing compass in a technology changing world
IT Governance – The missing compass in a technology changing world IT Governance – The missing compass in a technology changing world
IT Governance – The missing compass in a technology changing world
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation Guide
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 isms
 
CISA Training - Chapter 5 - 2016
CISA Training - Chapter 5 - 2016CISA Training - Chapter 5 - 2016
CISA Training - Chapter 5 - 2016
 

Viewers also liked

Initiating IT Governance Strategy to Identify Business Needs
Initiating IT Governance Strategy to Identify Business NeedsInitiating IT Governance Strategy to Identify Business Needs
Initiating IT Governance Strategy to Identify Business NeedsPECB
 
COBIT 5 IT Governance Model: an Introduction
COBIT 5 IT Governance Model: an IntroductionCOBIT 5 IT Governance Model: an Introduction
COBIT 5 IT Governance Model: an Introductionaqel aqel
 
3.5 ICT Policies
3.5 ICT Policies3.5 ICT Policies
3.5 ICT Policiesmrmwood
 
2012 04 16 Iso38500 Governance V1
2012 04 16 Iso38500 Governance V12012 04 16 Iso38500 Governance V1
2012 04 16 Iso38500 Governance V1Michael Boyle
 
Bsi iso27001-mapping-guide
Bsi iso27001-mapping-guideBsi iso27001-mapping-guide
Bsi iso27001-mapping-guidefloora_jj
 
Secure Cloud Adoption - Checklist
Secure Cloud Adoption - ChecklistSecure Cloud Adoption - Checklist
Secure Cloud Adoption - ChecklistSecurestorm
 
Pivotal Digital Transformation Forum: Requirements to Become a Data-Driven En...
Pivotal Digital Transformation Forum: Requirements to Become a Data-Driven En...Pivotal Digital Transformation Forum: Requirements to Become a Data-Driven En...
Pivotal Digital Transformation Forum: Requirements to Become a Data-Driven En...VMware Tanzu
 
2015 ISACA NACACS - Audit as Controls Factory
2015 ISACA NACACS - Audit as Controls Factory2015 ISACA NACACS - Audit as Controls Factory
2015 ISACA NACACS - Audit as Controls FactoryNathan Anderson
 
Roles and Responsibilities | RACI
Roles and Responsibilities | RACIRoles and Responsibilities | RACI
Roles and Responsibilities | RACIPatricia Hswe
 
ISO 27001 ISMS MEASUREMENT
ISO 27001 ISMS MEASUREMENTISO 27001 ISMS MEASUREMENT
ISO 27001 ISMS MEASUREMENTGaffri Johnson
 
Vendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskVendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskSarah Clarke
 
How to take organizations to higher testing maturity suresh bose anagha mahaj...
How to take organizations to higher testing maturity suresh bose anagha mahaj...How to take organizations to higher testing maturity suresh bose anagha mahaj...
How to take organizations to higher testing maturity suresh bose anagha mahaj...Anagha Mahajan
 
Superior it governance with iso 38500.key
Superior it governance with iso 38500.keySuperior it governance with iso 38500.key
Superior it governance with iso 38500.keyBasta Group BV
 
Risk Management and Remediation
Risk Management and RemediationRisk Management and Remediation
Risk Management and RemediationCarahsoft
 
Re-Architect Your Legacy Environment To Enable An Agile, Future-Ready Enterprise
Re-Architect Your Legacy Environment To Enable An Agile, Future-Ready EnterpriseRe-Architect Your Legacy Environment To Enable An Agile, Future-Ready Enterprise
Re-Architect Your Legacy Environment To Enable An Agile, Future-Ready EnterpriseDell World
 
Transform IT Operations with CSC
Transform IT Operations with CSCTransform IT Operations with CSC
Transform IT Operations with CSCAmazon Web Services
 
Standardization of IT Processes
Standardization of IT ProcessesStandardization of IT Processes
Standardization of IT ProcessesNatarajan V
 
Transform IT Operations and Management
Transform IT Operations and ManagementTransform IT Operations and Management
Transform IT Operations and ManagementAmazon Web Services
 

Viewers also liked (20)

Initiating IT Governance Strategy to Identify Business Needs
Initiating IT Governance Strategy to Identify Business NeedsInitiating IT Governance Strategy to Identify Business Needs
Initiating IT Governance Strategy to Identify Business Needs
 
COBIT 5 IT Governance Model: an Introduction
COBIT 5 IT Governance Model: an IntroductionCOBIT 5 IT Governance Model: an Introduction
COBIT 5 IT Governance Model: an Introduction
 
Christophe feltus introduction to iso 38500 v1 0
Christophe feltus introduction to iso 38500 v1 0Christophe feltus introduction to iso 38500 v1 0
Christophe feltus introduction to iso 38500 v1 0
 
3.5 ICT Policies
3.5 ICT Policies3.5 ICT Policies
3.5 ICT Policies
 
2012 04 16 Iso38500 Governance V1
2012 04 16 Iso38500 Governance V12012 04 16 Iso38500 Governance V1
2012 04 16 Iso38500 Governance V1
 
Bsi iso27001-mapping-guide
Bsi iso27001-mapping-guideBsi iso27001-mapping-guide
Bsi iso27001-mapping-guide
 
Secure Cloud Adoption - Checklist
Secure Cloud Adoption - ChecklistSecure Cloud Adoption - Checklist
Secure Cloud Adoption - Checklist
 
Pivotal Digital Transformation Forum: Requirements to Become a Data-Driven En...
Pivotal Digital Transformation Forum: Requirements to Become a Data-Driven En...Pivotal Digital Transformation Forum: Requirements to Become a Data-Driven En...
Pivotal Digital Transformation Forum: Requirements to Become a Data-Driven En...
 
2015 ISACA NACACS - Audit as Controls Factory
2015 ISACA NACACS - Audit as Controls Factory2015 ISACA NACACS - Audit as Controls Factory
2015 ISACA NACACS - Audit as Controls Factory
 
Roles and Responsibilities | RACI
Roles and Responsibilities | RACIRoles and Responsibilities | RACI
Roles and Responsibilities | RACI
 
ISO 27001 ISMS MEASUREMENT
ISO 27001 ISMS MEASUREMENTISO 27001 ISMS MEASUREMENT
ISO 27001 ISMS MEASUREMENT
 
Vendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskVendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the risk
 
How to take organizations to higher testing maturity suresh bose anagha mahaj...
How to take organizations to higher testing maturity suresh bose anagha mahaj...How to take organizations to higher testing maturity suresh bose anagha mahaj...
How to take organizations to higher testing maturity suresh bose anagha mahaj...
 
Superior it governance with iso 38500.key
Superior it governance with iso 38500.keySuperior it governance with iso 38500.key
Superior it governance with iso 38500.key
 
Risk Management and Remediation
Risk Management and RemediationRisk Management and Remediation
Risk Management and Remediation
 
Re-Architect Your Legacy Environment To Enable An Agile, Future-Ready Enterprise
Re-Architect Your Legacy Environment To Enable An Agile, Future-Ready EnterpriseRe-Architect Your Legacy Environment To Enable An Agile, Future-Ready Enterprise
Re-Architect Your Legacy Environment To Enable An Agile, Future-Ready Enterprise
 
Transform IT Operations with CSC
Transform IT Operations with CSCTransform IT Operations with CSC
Transform IT Operations with CSC
 
Standardization of IT Processes
Standardization of IT ProcessesStandardization of IT Processes
Standardization of IT Processes
 
IT Governance
IT GovernanceIT Governance
IT Governance
 
Transform IT Operations and Management
Transform IT Operations and ManagementTransform IT Operations and Management
Transform IT Operations and Management
 

Similar to PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500

CoBIT 5 (A brief Description)
CoBIT 5 (A brief Description)CoBIT 5 (A brief Description)
CoBIT 5 (A brief Description)Sam Mandebvu
 
Syzygal cobit5-brc
Syzygal cobit5-brcSyzygal cobit5-brc
Syzygal cobit5-brcSyzygal
 
Cobi t 4.1-brochure
Cobi t 4.1-brochureCobi t 4.1-brochure
Cobi t 4.1-brochureDeloitte
 
Cobit5 introduction
Cobit5 introductionCobit5 introduction
Cobit5 introductionMarkus Yaldu
 
Principal 4 Enabling A Holistic Approach
Principal 4 Enabling A Holistic ApproachPrincipal 4 Enabling A Holistic Approach
Principal 4 Enabling A Holistic ApproachMohammad Reda Katby
 
02-cobit5-introduction.ppt
02-cobit5-introduction.ppt02-cobit5-introduction.ppt
02-cobit5-introduction.pptElonMotta
 
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGovernance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGoutama Bachtiar
 
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGovernance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGoutama Bachtiar
 
Executive's Handbook on IT Strategy and Governance
Executive's Handbook on IT Strategy and GovernanceExecutive's Handbook on IT Strategy and Governance
Executive's Handbook on IT Strategy and GovernanceKuda Musundire CA (Z), RPA
 
Cobit5 introduction
Cobit5 introductionCobit5 introduction
Cobit5 introductionsuhaskokate
 
Governance and management of IT.pptx
Governance and management of IT.pptxGovernance and management of IT.pptx
Governance and management of IT.pptxPrashant Singh
 
Gaining and Maintaining IT & Business Alignment.pptx
Gaining and Maintaining IT & Business Alignment.pptxGaining and Maintaining IT & Business Alignment.pptx
Gaining and Maintaining IT & Business Alignment.pptxRobert Sheesley, CBA, CPHIMS
 
Lecture 06 - CoBit - Control Objectives for Information and Related Technolog...
Lecture 06 - CoBit - Control Objectives for Information and Related Technolog...Lecture 06 - CoBit - Control Objectives for Information and Related Technolog...
Lecture 06 - CoBit - Control Objectives for Information and Related Technolog...TRANANHQUAN4
 
It Governance OC CIO Nov,2013
It Governance OC CIO Nov,2013It Governance OC CIO Nov,2013
It Governance OC CIO Nov,2013James Sutter
 
It Governance OC CIO Nov,2013
It Governance OC CIO Nov,2013It Governance OC CIO Nov,2013
It Governance OC CIO Nov,2013Jim Sutter
 

Similar to PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500 (20)

CoBIT 5 (A brief Description)
CoBIT 5 (A brief Description)CoBIT 5 (A brief Description)
CoBIT 5 (A brief Description)
 
Syzygal cobit5-brc
Syzygal cobit5-brcSyzygal cobit5-brc
Syzygal cobit5-brc
 
How to pass cobit exam
How to pass cobit exam How to pass cobit exam
How to pass cobit exam
 
Cobi t 4.1-brochure
Cobi t 4.1-brochureCobi t 4.1-brochure
Cobi t 4.1-brochure
 
Cobit5 introduction
Cobit5 introductionCobit5 introduction
Cobit5 introduction
 
Cobit 4.1 indri
Cobit 4.1 indriCobit 4.1 indri
Cobit 4.1 indri
 
Principal 4 Enabling A Holistic Approach
Principal 4 Enabling A Holistic ApproachPrincipal 4 Enabling A Holistic Approach
Principal 4 Enabling A Holistic Approach
 
COBIT5-IntroductionS
COBIT5-IntroductionSCOBIT5-IntroductionS
COBIT5-IntroductionS
 
02-cobit5-introduction.ppt
02-cobit5-introduction.ppt02-cobit5-introduction.ppt
02-cobit5-introduction.ppt
 
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGovernance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 Framework
 
COBIT5 Introduction
COBIT5 IntroductionCOBIT5 Introduction
COBIT5 Introduction
 
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGovernance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 Framework
 
Executive's Handbook on IT Strategy and Governance
Executive's Handbook on IT Strategy and GovernanceExecutive's Handbook on IT Strategy and Governance
Executive's Handbook on IT Strategy and Governance
 
Cobit5 introduction
Cobit5 introductionCobit5 introduction
Cobit5 introduction
 
Governance and management of IT.pptx
Governance and management of IT.pptxGovernance and management of IT.pptx
Governance and management of IT.pptx
 
Donna Febriani
Donna FebrianiDonna Febriani
Donna Febriani
 
Gaining and Maintaining IT & Business Alignment.pptx
Gaining and Maintaining IT & Business Alignment.pptxGaining and Maintaining IT & Business Alignment.pptx
Gaining and Maintaining IT & Business Alignment.pptx
 
Lecture 06 - CoBit - Control Objectives for Information and Related Technolog...
Lecture 06 - CoBit - Control Objectives for Information and Related Technolog...Lecture 06 - CoBit - Control Objectives for Information and Related Technolog...
Lecture 06 - CoBit - Control Objectives for Information and Related Technolog...
 
It Governance OC CIO Nov,2013
It Governance OC CIO Nov,2013It Governance OC CIO Nov,2013
It Governance OC CIO Nov,2013
 
It Governance OC CIO Nov,2013
It Governance OC CIO Nov,2013It Governance OC CIO Nov,2013
It Governance OC CIO Nov,2013
 

More from PECB

DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityPECB
 
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernancePECB
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...PECB
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...PECB
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyPECB
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...PECB
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationPECB
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsPECB
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?PECB
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...PECB
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...PECB
 
Student Information Session University KTMC
Student Information Session University KTMC Student Information Session University KTMC
Student Information Session University KTMC PECB
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...PECB
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...PECB
 
Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA PECB
 
IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?PECB
 
Information Session University Egybyte.pptx
Information Session University Egybyte.pptxInformation Session University Egybyte.pptx
Information Session University Egybyte.pptxPECB
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxPECB
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023PECB
 
ISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management systemISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management systemPECB
 

More from PECB (20)

DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
 
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
 
Student Information Session University KTMC
Student Information Session University KTMC Student Information Session University KTMC
Student Information Session University KTMC
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
 
Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA
 
IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?
 
Information Session University Egybyte.pptx
Information Session University Egybyte.pptxInformation Session University Egybyte.pptx
Information Session University Egybyte.pptx
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptx
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 
ISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management systemISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management system
 

Recently uploaded

Reading and Writing Skills 11 quarter 4 melc 1
Reading and Writing Skills 11 quarter 4 melc 1Reading and Writing Skills 11 quarter 4 melc 1
Reading and Writing Skills 11 quarter 4 melc 1GloryAnnCastre1
 
Mythology Quiz-4th April 2024, Quiz Club NITW
Mythology Quiz-4th April 2024, Quiz Club NITWMythology Quiz-4th April 2024, Quiz Club NITW
Mythology Quiz-4th April 2024, Quiz Club NITWQuiz Club NITW
 
How to Fix XML SyntaxError in Odoo the 17
How to Fix XML SyntaxError in Odoo the 17How to Fix XML SyntaxError in Odoo the 17
How to Fix XML SyntaxError in Odoo the 17Celine George
 
Using Grammatical Signals Suitable to Patterns of Idea Development
Using Grammatical Signals Suitable to Patterns of Idea DevelopmentUsing Grammatical Signals Suitable to Patterns of Idea Development
Using Grammatical Signals Suitable to Patterns of Idea Developmentchesterberbo7
 
Sulphonamides, mechanisms and their uses
Sulphonamides, mechanisms and their usesSulphonamides, mechanisms and their uses
Sulphonamides, mechanisms and their usesVijayaLaxmi84
 
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITW
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITWQ-Factor HISPOL Quiz-6th April 2024, Quiz Club NITW
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITWQuiz Club NITW
 
Beauty Amidst the Bytes_ Unearthing Unexpected Advantages of the Digital Wast...
Beauty Amidst the Bytes_ Unearthing Unexpected Advantages of the Digital Wast...Beauty Amidst the Bytes_ Unearthing Unexpected Advantages of the Digital Wast...
Beauty Amidst the Bytes_ Unearthing Unexpected Advantages of the Digital Wast...DhatriParmar
 
Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...
Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...
Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...DhatriParmar
 
How to Manage Buy 3 Get 1 Free in Odoo 17
How to Manage Buy 3 Get 1 Free in Odoo 17How to Manage Buy 3 Get 1 Free in Odoo 17
How to Manage Buy 3 Get 1 Free in Odoo 17Celine George
 
Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4JOYLYNSAMANIEGO
 
Textual Evidence in Reading and Writing of SHS
Textual Evidence in Reading and Writing of SHSTextual Evidence in Reading and Writing of SHS
Textual Evidence in Reading and Writing of SHSMae Pangan
 
Q-Factor General Quiz-7th April 2024, Quiz Club NITW
Q-Factor General Quiz-7th April 2024, Quiz Club NITWQ-Factor General Quiz-7th April 2024, Quiz Club NITW
Q-Factor General Quiz-7th April 2024, Quiz Club NITWQuiz Club NITW
 
Indexing Structures in Database Management system.pdf
Indexing Structures in Database Management system.pdfIndexing Structures in Database Management system.pdf
Indexing Structures in Database Management system.pdfChristalin Nelson
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxlancelewisportillo
 
MS4 level being good citizen -imperative- (1) (1).pdf
MS4 level being good citizen -imperative- (1) (1).pdfMS4 level being good citizen -imperative- (1) (1).pdf
MS4 level being good citizen -imperative- (1) (1).pdfMr Bounab Samir
 
Narcotic and Non Narcotic Analgesic..pdf
Narcotic and Non Narcotic Analgesic..pdfNarcotic and Non Narcotic Analgesic..pdf
Narcotic and Non Narcotic Analgesic..pdfPrerana Jadhav
 
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnvESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnvRicaMaeCastro1
 
ARTERIAL BLOOD GAS ANALYSIS........pptx
ARTERIAL BLOOD GAS ANALYSIS........pptxARTERIAL BLOOD GAS ANALYSIS........pptx
ARTERIAL BLOOD GAS ANALYSIS........pptxAneriPatwari
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfJemuel Francisco
 

Recently uploaded (20)

Reading and Writing Skills 11 quarter 4 melc 1
Reading and Writing Skills 11 quarter 4 melc 1Reading and Writing Skills 11 quarter 4 melc 1
Reading and Writing Skills 11 quarter 4 melc 1
 
Mythology Quiz-4th April 2024, Quiz Club NITW
Mythology Quiz-4th April 2024, Quiz Club NITWMythology Quiz-4th April 2024, Quiz Club NITW
Mythology Quiz-4th April 2024, Quiz Club NITW
 
How to Fix XML SyntaxError in Odoo the 17
How to Fix XML SyntaxError in Odoo the 17How to Fix XML SyntaxError in Odoo the 17
How to Fix XML SyntaxError in Odoo the 17
 
Using Grammatical Signals Suitable to Patterns of Idea Development
Using Grammatical Signals Suitable to Patterns of Idea DevelopmentUsing Grammatical Signals Suitable to Patterns of Idea Development
Using Grammatical Signals Suitable to Patterns of Idea Development
 
Sulphonamides, mechanisms and their uses
Sulphonamides, mechanisms and their usesSulphonamides, mechanisms and their uses
Sulphonamides, mechanisms and their uses
 
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITW
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITWQ-Factor HISPOL Quiz-6th April 2024, Quiz Club NITW
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITW
 
Beauty Amidst the Bytes_ Unearthing Unexpected Advantages of the Digital Wast...
Beauty Amidst the Bytes_ Unearthing Unexpected Advantages of the Digital Wast...Beauty Amidst the Bytes_ Unearthing Unexpected Advantages of the Digital Wast...
Beauty Amidst the Bytes_ Unearthing Unexpected Advantages of the Digital Wast...
 
Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...
Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...
Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...
 
How to Manage Buy 3 Get 1 Free in Odoo 17
How to Manage Buy 3 Get 1 Free in Odoo 17How to Manage Buy 3 Get 1 Free in Odoo 17
How to Manage Buy 3 Get 1 Free in Odoo 17
 
Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4
 
Textual Evidence in Reading and Writing of SHS
Textual Evidence in Reading and Writing of SHSTextual Evidence in Reading and Writing of SHS
Textual Evidence in Reading and Writing of SHS
 
Q-Factor General Quiz-7th April 2024, Quiz Club NITW
Q-Factor General Quiz-7th April 2024, Quiz Club NITWQ-Factor General Quiz-7th April 2024, Quiz Club NITW
Q-Factor General Quiz-7th April 2024, Quiz Club NITW
 
Indexing Structures in Database Management system.pdf
Indexing Structures in Database Management system.pdfIndexing Structures in Database Management system.pdf
Indexing Structures in Database Management system.pdf
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
 
MS4 level being good citizen -imperative- (1) (1).pdf
MS4 level being good citizen -imperative- (1) (1).pdfMS4 level being good citizen -imperative- (1) (1).pdf
MS4 level being good citizen -imperative- (1) (1).pdf
 
Narcotic and Non Narcotic Analgesic..pdf
Narcotic and Non Narcotic Analgesic..pdfNarcotic and Non Narcotic Analgesic..pdf
Narcotic and Non Narcotic Analgesic..pdf
 
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnvESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
ESP 4-EDITED.pdfmmcncncncmcmmnmnmncnmncmnnjvnnv
 
ARTERIAL BLOOD GAS ANALYSIS........pptx
ARTERIAL BLOOD GAS ANALYSIS........pptxARTERIAL BLOOD GAS ANALYSIS........pptx
ARTERIAL BLOOD GAS ANALYSIS........pptx
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
 
INCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptx
INCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptxINCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptx
INCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptx
 

PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500

  • 1. Aligning COBIT 5 and ISO 385000 for Effective IT Governance By Orlando Olumide Odejide www.pecb.com www.trainingheights.net 38500
  • 2. Summary • What does COBIT have to offer and what is contained in the extensive body of knowledge called COBIT 5. • What is complementary that ISO 38500 brings to an organization.
  • 3. COBIT 5 Product Family • COBIT 5 framework is built on 5 basic principles, which are covered in detail, and includes extensive guidance on enablers for governance and management of enterprise IT. • COBIT 5 Product Family include various products which include: – COBIT 5 Framework. – COBIT Enabler Guides (Enabling Process, Enabling Information). – COBIT 5 Professional Guides (Implementation, Information Security, Assurance and Risk).
  • 4. COBIT 5 Product Family 4 Source: COBIT® 5, figure 11. © 2012 ISACA® All rights reserved.
  • 5. Information • Information is a key resource for all enterprises, and from the time that information is created to the moment that it is destroyed, technology plays a significant role. • Information technology in increasingly advanced and has become pervasive in enterprises and in social, public and business environments.
  • 6. Business Concerns • Maintain high-quality information to support business decisions • Generate business value from IT-enabled investments i.e. achieve strategic goals and realize business benefits through effective and innovative use of IT. • Achieve operational excellence through the reliable and efficient application of technology. • Maintain IT-related risk at an acceptable level. • Optimize the cost of IT services and technology. • Comply with ever-increasing relevant laws, regulations, contractual agreements and policies.
  • 7. Major drivers for the development of COBIT 5 are: 1. Provide more stakeholders a say in determining what they expect from information and related technology (what benefits, at what acceptable level of risk and at what costs) and what their priorities are in ensuring that expected value is actually being delivered. 2. Address the increasing dependency of enterprise success on external business and IT parties such as outsourcers, suppliers, consultants, cloud and other service providers, on a diverse set of internal means and mechanism to deliver the expected value. 3. Deal with the amount of information, which has increased significantly. How do enterprises select the relevant and credible information that will lead to effective and efficient business decisions. 4. Deal with much more pervasive IT, it is more and more an integral part of the business. Often, it is no longer satisfactory to have IT separate even if it is aligned to the business. 5. Provide further guidance in the area of innovation and emerging technologies; this is about creativity, inventiveness, developing new products, making the existing products more compelling to customers and reaching new types of customers.
  • 8. 5 Principles • Meeting Stakeholder Needs • Covering the Enterprise End-to-end • Applying a Single Integrated Framework • Enabling a Holistic Approach • Separating Governance from Management
  • 9. Principle 1: Meeting Stakeholder Needs • Enterprises exist to create value for their stakeholders. • Value Creation is a Governance objective for every organization. • Value creation means realizing benefits at an optimal resource cost while optimizing risk. • Benefits may take many forms e.g. financial for commercial enterprises or public service fir government entities. • Governance is about negotiating and deciding amongst different stakeholders’ value interests. • Governance system should consider all stakeholders when making benefit, risk and resource assessment decisions.
  • 10. COBIT Goals Cascade • Stakeholder Drivers Influence Stakeholder Needs • Stakeholder Needs Cascade to Enterprise Goals • Enterprise Goals Cascade to IT-related Goals • IT-related Goals cascade to Enabler Goals COBIT has borrowed from Balanced Scorecard and has aligned both its Enterprise and IT-related Goals to the 4 Balanced Scorecard Perspectives. COBIT has a list of 17 Enterprise Goals that is vastly applicable to every kind of organization. COBIT also has a list of 17 IT-related Goals that is applicable to every size and type of IT organization. COBIT also has an extensive list if 22 business needs.
  • 11. Covering the Enterprise End-To-End • COBIT 5 addresses the governance and management of information and related technology from an enterprise wide end-to-end perspective. • COBIT 5 integrated governance of enterprise IT into enterprise governance. That is, the governance system for enterprise IT proposed by COBIT 5 integrates seamlessly in any governance system. COBIT 5 aligns with the latest views on governance. • Covers all functions and processes required to govern and manage enterprise information and related technologies wherever that information maybe processed. Given this extended enterprise scope, COBIT 5 addresses all the relevant internal and external IT services, as well as internal and external business processes.
  • 12. Governance Approach • Governance Approach includes the Governance Enablers and Governance Scope. • Owners and Stakeholders Delegate to the Governing Body and there are in turn Accountable to them. • Governing Body Set the Direction for Management and they also are in turn Monitor them. • Management Instructs and Aligns Operations and Execution and they in turn Report to them.
  • 13. Principle 3: Applying a Single Integrated Framework • It aligns with other latest relevant standards and framework, and thus allows the enterprise to use COBIT 5 as the overarching governance and management framework integrator. • It is complete in enterprise coverage, providing a basis to integrate effectively other frameworks, standards and practices used. • A single overarching framework serves as a consistent and integrated source of guidance in a non-technical, technology- agnostic common language. • It provides a simple architecture for structuring guidance materials and producing consistent product set. • It integrated and knowledge previously dispersed over different ISACA frameworks. ISACA has researched the key areas of enterprise governance for many years and has developed frameworks such as COBIT, VAL IT, Risk IT, BMIS and ITAF to provide guidance and assistance to enterprises. COBIT 5 is a single and integrated framework because:
  • 14. Principle 4: Enabling a Holistic Approach • Principles, policies and frameworks are the vehicle to translate he desired behavior into practical guidance for day-to-day management. • Processes describe an organized set of practices and activities to achieve certain objectives and produce a set of outputs in support of achieving overall IT-related goals. • Organisational Structures are the key decision-making entities in an enterprise. • Culture, ethics and behavior of individuals and of the enterprise are very often underestimated as a success factor in governance and management activities. • Information is pervasive throughout any organization and includes all information produced and used by the enterprise. Information is very often the key product of the enterprise itself. • Services, Infrastructure and Application include the Infrastructure, Technology and Applications that provide the enterprise with Information Technology processing and services. • People, Skills and competencies are linked to people and are required for successful completion of all activities and for making correct decisions and taking corrective actions. COBIT 5 Enablers (7)
  • 15. 7 Enablers in a Diagram.
  • 16. COBIT 5 Enabling Process
  • 17. Principle 5: Separating Governance from Management • The COBIT 5 framework makes clear distinction between governance and management. These 2 disciples encompass different types of activities, require different organizational structures and serve different purposes. • The COBIT 5 view on this key distinction between governance and management is: – Governance ensures that stakeholders needs, conditions and options are evaluated to determine balanced, agreed-on enterprise objectives to be achieved; setting direction through prioritization and decision making; and monitoring performance and compliance against agreed-on direction and objectives. – Management plans, builds, runs and monitors activities in alignment with the direction set by the governance body to achieve the enterprise objectives. Governance and Management
  • 18. COBIT Governance and Management Key Areas
  • 19. 37 Processes for Governance and Management of Enterprise IT (Process Reference Model)
  • 20. Implementation Guidance • Optimal value can be realized from leveraging COBIT only if it effectively adopted and adapted to suit each enterprise's unique environment. • Each implementation approach will also need to address specific challenges, including managing changes to culture and behavior. • The implementation guidance allows – Making a business case for the implementation and improvement of governance and management of IT – Recognizing typical pain points and trigger events – Creating the appropriate environment for implementation – Leveraging COBIT to identify gaps and guide the development of enablers such as policies, processes, principles, organizational structures, roles and responsibilities. Introduction
  • 21. Key success factors for successful implementation include: • Top Management providing the direction and mandate for the initiative, as well as visible ongoing commitment and support. • All parties supporting the governance and management processes to understand the business and IT objectives. • Ensuring effective communication and enablement of necessary changes • Tailoring COBIT and other supporting good practices and standards to fit the unique context of the enterprise • Focusing on quick wins and prioritizing the most beneficial improvements that are easiest to implement.
  • 22. Enterprise Context • Ethics and Culture • Applicable Laws, regulations and policies • Mission, vision and values • Governance policies and practices • Business plans and strategic intentions • Operating model and level of maturity • Management Style • Risk Appetite • Capabilities and available resources • Industry practices Factors in the Internal an External Enterprise Environment
  • 23. 7 Phases of the Implementation Lifecycle
  • 24. COBIT 5 Process Capability Model
  • 25. 6 Levels of Capability Level Attributes Description 0 = Incomplete 0 Attribute The process is not implemented or fails to achieve its intended purpose. 1 = Performed 1 Attribute The implemented process achieves its process purpose. 2 = Managed 2 Attribute The previously described performed process is now implemented in a managed fashion and its work products are appropriately established, controlled and maintained. 3 = Established 3 Attribute The previously described managed process is now implemented using a defined process that is a capable of achieving its process outcomes. 4 = Predictable 4 Attribute The previously described established process now operates within defined limits to achieve its process outcomes. 5 = Optimizing 5 Attribute The previously described predictable process is continuously improved to meet relevant current and projected business goals.
  • 26. ISO 38500: Corporate Governance for the Management of IT • The objective of ISO 38500 is to provide a structure of principles for directors (including owners, board members, directors, partners and senior executives) to use when evaluating, directing and monitoring the use of IT in their organizations. • This standard provides a structure for effective governance of IT to assist those at the highest level of organizations to understand and fulfill their legal, regulatory and ethical obligations regarding their organizations’ use of IT. • The scope of the standard is to provide guiding principles for directors of organizations on the effective, efficient and acceptable use of IT within their organizations. • It is applicable for all organizations, from the smallest to the largest, regardless of purpose, design or ownership structure.
  • 27. The Model • Evaluate the current and future use of IT. • Direct preparation and implementation of plans and policies to ensure that the use of IT meets business objectives. • Monitor conformance to policies and performance against the plans. • The standard sets out six principles for good corporate governance of IT. • The principles express preferred behavior to guide decision making. • The statement of each principle refers to what should happen, but does not prescribe how, when or by whom the principles would be implemented; these aspects are dependent on the nature of the organization implementing the principles. It is similar to a capability maturity model description of an ideal state. • Each of the principles is then tied into the model to provide a best practice for each principle, see the image next. Directors should govern IT through three main tasks:
  • 28. Model
  • 29. Principle 1: Responsibility • The business (customer) and IT (provider) should collaborate in a partnership model utilising effective communications based on a positive and trusted relationship and demonstrating clarity regarding responsibility and accountability. • For larger enterprises, an IT executive committee (also referred to as the IT strategy committee) acting on behalf of the board and chaired by a board member is a very effective mechanism for evaluating, directing and monitoring the use of IT in the enterprise and for advising the board on critical IT issues. • Directors of small and medium-sized enterprises with a simpler command structure and shorter communication paths need to take a more direct approach when overseeing IT activities. • In all cases, appropriate governance organisational structures, roles and responsibilities are required to be mandated from the governing body, providing clear ownership and accountability for important decisions and tasks. • This should include relationships with key third-party IT service providers.
  • 30. Principle 2: Strategy • IT strategic planning is a complex and critical undertaking requiring close co-ordination amongst enterprise wide business unit and IT strategic plans. • It is also vital to prioritize the plans most likely to achieve the desired benefits and to allocate resources effectively. • High-level goals need to be translated into achievable tactical plans, ensuring minimal failures and surprises. • The goal is to deliver value in support of strategic objectives while considering the associated risk in relation to the board’s risk appetite. • While it is important to cascade plans in a top-down fashion, the plans must also be flexible and adaptable to meet rapidly changing business requirements and IT opportunities.
  • 31. Principle 2: Strategy Continued • Furthermore, the presence or absence of IT capabilities can either enable or hinder business strategies; therefore, IT strategic planning should include transparent and appropriate planning of IT capabilities. • This should include assessment of the ability of the current IT infrastructure and human resources to support future business requirements and consideration of future technological developments that might enable competitive advantage and/or optimize costs. • IT resources include relationships with many external product vendors and service providers, some of whom likely play a critical role in supporting the business. • Governance of strategic sourcing is thus a very significant strategic planning activity requiring executive-level direction and oversight.
  • 32. Principle 3: Acquisition • IT solutions exist to support business processes and therefore care must be taken to not consider IT solutions in isolation or as just a ‘technology’ project or service. • On the other hand, an inappropriate choice of technology architecture, a failure to maintain a current and appropriate technical infrastructure, or an absence of skilled human resources can result in project failure, an inability to sustain business operations or a reduction in value to the business. • Acquisitions of IT resources should be considered as a part of wider IT-enabled business change. The acquired technology must also support and operate with existing and planned business processes and IT infrastructures. • Implementation is also not just a technology issue, but rather a combination of organisational change, revised business processes, training and enabling the change. • Therefore, IT projects should be undertaken as part of wider enterprisewide change programmes that include other projects satisfying the full range of activities required to help ensure a successful outcome.
  • 33. Principle 4: Performance • Effective performance measurement depends on two key aspects being addressed: the clear definition of performance goals and the establishment of effective metrics to monitor achievement of goals. • A performance measurement process is also required to help ensure that performance is monitored consistently and reliably. • Effective governance is achieved when goals are set from the top down and aligned with high-level, approved business goals, and metrics are established from the bottom up and aligned in a way that enables the achievement of goals at all levels to be monitored by each layer of management. • Two critical governance success factors are the approval of goals by stakeholders, and the acceptance of accountability for achievement of goals by directors and managers. • IT is a complex and technical topic; therefore, it is important to achieve transparency by expressing goals, metrics and performance reports in language meaningful to the stakeholders so that appropriate actions can be taken.
  • 34. Principle 5: Conformance • In today’s global marketplace, enabled by the Internet and advanced technologies, enterprises need to comply with a growing number of legal and regulatory requirements. • Because of corporate scandals and financial failures in recent years, there is a heightened awareness in the boardroom of the existence and implications of tougher laws and regulations. • Stakeholders require increased assurance that enterprises are complying with laws and regulations and conforming to good corporate governance practice in their operating environment. • In addition, because IT has enabled seamless business processes between enterprises, there is also a growing need to help ensure that contracts include important IT-related requirements in areas such as privacy, confidentiality, intellectual property and security.
  • 35. Principle 5: Conformance Continued • Directors need to ensure that compliance with external requirements is dealt with as a part of strategic planning rather than as a costly afterthought. • They also need to set the tone at the top and establish policies and procedures for their management and staff to follow, to ensure that the goals of the enterprise are realised, risk is minimised and compliance is achieved. • Top management must strike an appropriate balance between performance and conformance, ensuring that performance goals do not jeopardise compliance and, conversely, that the conformance regime is appropriate and does not overly restrict the operation of the business.
  • 36. Principle 6: Human Behaviour • The implementation of any IT-enabled change, including IT governance itself, usually requires significant cultural and behavioral change within enterprises as well as with customers and business partners. • This can create fear and misunderstanding amongst staff, so implementation needs to be managed carefully if personnel are to remain positively engaged. • Directors must clearly communicate goals and be seen as positively supporting the proposed changes. Training and skills enhancement of personnel are key aspects of change— especially given the rapidly moving nature of technology. • People are affected by IT at all levels in an enterprise, as stakeholders, managers and users, or as specialists providing IT-related services and solutions to the business.
  • 37. Principle 6: Human Behavior Continued • Beyond the enterprise, IT affects customers and business partners and increasingly enables self-service and automated intercompany transactions within countries and across borders. • While IT-enabled business processes bring new benefits and opportunities, they also carry increasing types of risk. • Issues such as privacy and fraud are growing concerns for individuals, and these and other types of risk need to be managed if people are to trust the IT systems they use. • Information systems can also dramatically affect working practices by automating manual procedures.
  • 38. ISO 38500 (Evaluate, Direct and Monitor) • COBIT in itself enables good governance. • The Governance domain in the COBIT process model had five processes, and each of these processes has EDM practices defined. • This is the main location in COBIT 5 where governance- related activities are defined.
  • 40. Thank You and Questions orlando@trainingheights.net N.B: Some Content, Diagrams and Trademarks belong to ISACA COBIT and ISO 38500 Documents.

Editor's Notes

  1. Credits: Tony Aliu-PECB (Team Leader) Lorika Bina-PECB Narta Voca-PECB Angelo Scangas- Quality Support Group/ASQ Shannon Craddock-PJR Vanessa Delisle-TRC Bill Thoms Gretchen Merriman Phil Dobyns