Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Welingkar Presentation On Cobit And Iso 1799 And Bs 7799

1,410 views

Published on

This presentation, I along with my team mates........ Vishal, Anju, Sonali, Shivangi, Charu, Khyati and Shreeya made to Anand Jangid Sir....... in respect with the subject Governance & Compliance in Trimester 5 in MBA from welingkar on 18th Sept 2009

Published in: Education, Technology, Business
  • Be the first to comment

  • Be the first to like this

Welingkar Presentation On Cobit And Iso 1799 And Bs 7799

  1. 1. Information Security Governance: COBIT or ISO 17799/ BS 7799<br /> Presented by-<br />Abhinav Goyal AnjuBhadoria<br />Charu Sharma Khyati Shah<br />Shivangi Gupta ShreeyaDhingra<br />Sonali Gupta Vishal Jain<br />
  2. 2. Fundamentals….<br />History Of Cobit<br /><ul><li>ISACF Control Objectives in 1992
  3. 3. 1st Edition in 1996
  4. 4. 2nd Edition in 1998
  5. 5. 3rd Edition in 2000
  6. 6. 4th Edition in 2005
  7. 7. IT Governance and its importance
  8. 8. International Standards</li></ul>Cobit is developed by ISACA and the IT Governance Institute (ITGI) in order to implement IT Governance in organizations<br />Control Objectives for Information and Related Technology.<br />
  9. 9. <ul><li>COBIT Focuses on What – Not How!
  10. 10. Proactive, Not Reactive!
  11. 11. Adaptable to Organizations
  12. 12. Common Sense – maximize benefits of IT while providing IT governance and control.</li></ul>Executive Summary - “There is a method…”<br />Framework - “The method is…”<br />Control Objectives - “The minimum controls are…”<br />Audit Guidelines - “Here’s how you audit…”<br />Management Guidelines - “Here’s how you measure your performance…”<br />Implementation Guide - “Here’s how you implement…”<br />The Cobit Model<br />
  13. 13. Cobit Framework<br /><ul><li>4 Domains
  14. 14. Plan & Organize (PO)
  15. 15. Acquire & Implement (AI)
  16. 16. Deliver & Support (DS)
  17. 17. Monitor & Evaluate (ME)
  18. 18. 34 High Level Control Objectives
  19. 19. 215 Detailed Control Objectives </li></li></ul><li>
  20. 20. Information Criteria:<br />Effectiveness<br />Efficiency <br />Confidentiality<br />Integrity<br />Availability<br />Compliance<br />Reliability<br />Business Processes<br />PO1 Define a Strategic IT Plan<br />PO2 Define the Information Architecture<br />PO3 Determine Technological Direction<br />PO4 Define the IT Organization and Relationships<br />PO5 Manage the IT Investment<br />PO6 Communicate Management Aims and Direction<br />PO7 Manage Human Resources<br />PO8 Ensure Compliance with External Requirements<br />PO9 Assess Risks<br />PO10 Manage Projects<br />PO11 Manage Quality<br />IT Resources<br />Data<br />Applications<br />Technology<br />Facilities<br />People<br />ME1 Monitor the Process<br />ME2 Assess Internal Control Adequacy<br />ME3 Obtain Independent Assurance<br />ME4 Provide for Independent Audit<br />Monitor & Evaluate<br />Plan & <br />Organize<br />DS1 Define and Manage Service Levels<br />DS2 Manage Third-Party Services<br />DS3 Manage Performance and Capacity<br />DS4 Ensure Continuous Service<br />DS5 Ensure Systems Security<br />DS6 Identify and Allocate Costs<br />DS7 Educate and Train Users<br />DS8 Assist and Advise Customers<br />DS9 Manage the Configuration<br />DS10 Manage Problems and Incidents<br />DS11 Manage Data<br />DS12 Manage Facilities<br />DS13 Manage Operations<br />Deliver &<br />Support<br />Acquire &<br />Implement<br />AI1 Identify Automated Solutions<br />AI2 Acquire and Maintain Application Software<br />AI3 Acquire and Maintain Technology Infrastructure<br />AI4 Develop and Maintain Procedures<br />AI5 Install and Accredit Systems<br />AI6 Manage Changes<br />
  21. 21. <ul><li>Management
  22. 22. Describes what needs to be taken into account when making IT related decisions and investments; helps balance risk and control investment.
  23. 23. IT Providers
  24. 24. Provides clear expectations on minimum controls in IT environments
  25. 25. IT Users
  26. 26. Assurance over security and controls (internal & external providers)
  27. 27. Auditors
  28. 28. List of control objectives and minimum controls
  29. 29. Substantiation of opinion
  30. 30. Self Assessment Tool for All Groups</li></ul>Users of COBIT<br />
  31. 31. BS 7799<br />ISO 17799<br />INTRODUCTION<br />
  32. 32. ISO 17799 / BS 7799<br />SECURITY PARAMETERS<br />ORGANISATIONAL AND INFORMATION SECURITY<br />STRUCTURE<br />RISK ASSESSMENT AND TREATMENT<br />ASSET MANAGEMENT<br />SECURITY POLICY<br />HUMAN RESOURCE SECURITY<br />
  33. 33. ISO 17799 / BS 7799<br />PHYSICAL SECURITY<br />ACQUISITION, DEVELOPMENT AND MAINTAINANCE<br />COMMUNICATION AND OPERATIONAL SECURITY<br />INCIDENTAL MANAGEMENT<br />BUSINESS CONTINUITY<br />ACCESS CONTROL<br />INFORMATION SYSTEMS<br />COMPLIANCE<br />
  34. 34. ISO 17799<br />
  35. 35. ISO 17799 Overview<br />
  36. 36. ISO 17799 modules<br />
  37. 37. ISO 17799 Controls<br />
  38. 38. ISO 17799 Controls<br />
  39. 39. ISO 17799 Controls<br />
  40. 40. ISO 17799 Controls<br />
  41. 41. Differences <br />
  42. 42. Differences <br />
  43. 43. What do we want to achieve with IT?<br />
  44. 44. How we can achieve these IT goals<br />
  45. 45. How we can achieve these IT goals<br />
  46. 46. How we can achieve these IT goals:Where are the methods strong in?<br />
  47. 47. How can we achieve these IT goals:continuous IT improvement<br />
  48. 48. ThankYou<br />

×