ISACA is an international professional association focused on IT governance, assurance, risk, privacy, and security. It has over 121,000 members globally, including over 55,000 in North America. ISACA offers four certifications (CISA, CISM, CRISC, CGEIT) and publishes various knowledge resources to help members stay up to date. It generates revenue through membership fees, certification exams, educational programs, and publications. ISACA has a global governance structure comprised of boards, committees, and volunteers to direct its strategy, operations, and knowledge development activities.
ORCID in publishing, grant management, and research evaluation workflow (N. M...ORCID, Inc
The document discusses how ORCID (Open Researcher and Contributor ID) can be integrated into publishing, grant management, and research evaluation workflows. It provides examples of how ORCID is being used in these areas, such as a video about its use in peer review and grant management. It also describes Italy's goal through its ORCID consortium of having 80% of Italian researchers have an ORCID ID linked to their research outputs by the end of 2016 to support its national research assessment exercise.
This document discusses cybersecurity trends in Europe. It outlines key drivers of improving cybersecurity like consumerization, regulatory pressures, and emerging threats. It describes the lifecycle of advanced persistent threats and differences between targeted attacks. European strategies on cybersecurity and the Network Information Security Directive are presented. The directive aims to enhance resilience to cyber threats and ensure network security across the EU. Requirements for competent authorities, cooperation between states, and risk management are discussed. Implementation in France and guidance from ISACA on applying the European framework are also summarized.
This document provides an overview of COBIT 5 for Information Security from ISACA. It begins with background on Robert Stroud, the author and Vice President of Strategy & Innovation at ISACA. It then discusses key industry trends related to information security. The document provides an overview of COBIT 5 and its product family as it relates to information security. It explains the components and contents of COBIT 5 for Information Security, including drivers, benefits, definitions, and guidance on using the enablers to implement information security. Appendices provide more detailed guidance on specific COBIT 5 processes from an information security perspective, including EDM03 Ensure Risk Optimization, APO13 Manage Security, and BAI06 Manage Change
The document provides an introduction to ISTQB (International Software Testing Qualifications Board). ISTQB is a non-profit organization that defines and maintains an international testing certification scheme. It aims to advance the software testing profession by defining a body of knowledge, connecting the international testing community, and encouraging research. ISTQB certifications are recognized worldwide and provide benefits for individuals, companies, training providers, and the overall testing profession. The document outlines ISTQB's mission, values, working groups, certification levels, and benefits of the certification scheme.
This talk was given in GeoSTQB webinar on June 15, 2020. Several strengthening trends are discussed. Testing careers are evolving – there are entries into testing and out of testing. Testing is becoming a role for everyone. ISTQB, as the world’s largest testing association, provides guidance into different testing activities, supporting testing careers. Another influential aspect is the on-march of agile teams, where testing is a whole team responsibility. Then there is test automation - that is an ever-increasing domain within testing. Test automation is not taking tester jobs away, but it is transforming them, giving tools for testing. Then there is DevOps – placing testing in the middle of a largely automated delivery pipeline. There is a place for manual testing, too, but test automation has a big meaning here. Finally, Artificial Intelligence is transforming all IT task, including testing. Automation of activities can now or soon be done in a scale that wasn’t possible earlier. Do we have reason to fear for our jobs? No – AI is best placed as yet another aid for the increasing demand of good quality in software, that is more complex than ever. Soon, we couldn’t cope without AI.
ION Trinidad and Tobago, 5 February 2015 - Chris Grundemann from the Internet Society Deploy360 Programme explains the programme, its goals, other projects of the team, and the ION Conferences, while welcoming participants to Port of Spain.
Strategic Engagement Director, Pablo Hinojosa, gives an overview of security-related activities at APNIC at Internet Week Japan from 28 November to 1 December 2017.
ORCID in publishing, grant management, and research evaluation workflow (N. M...ORCID, Inc
The document discusses how ORCID (Open Researcher and Contributor ID) can be integrated into publishing, grant management, and research evaluation workflows. It provides examples of how ORCID is being used in these areas, such as a video about its use in peer review and grant management. It also describes Italy's goal through its ORCID consortium of having 80% of Italian researchers have an ORCID ID linked to their research outputs by the end of 2016 to support its national research assessment exercise.
This document discusses cybersecurity trends in Europe. It outlines key drivers of improving cybersecurity like consumerization, regulatory pressures, and emerging threats. It describes the lifecycle of advanced persistent threats and differences between targeted attacks. European strategies on cybersecurity and the Network Information Security Directive are presented. The directive aims to enhance resilience to cyber threats and ensure network security across the EU. Requirements for competent authorities, cooperation between states, and risk management are discussed. Implementation in France and guidance from ISACA on applying the European framework are also summarized.
This document provides an overview of COBIT 5 for Information Security from ISACA. It begins with background on Robert Stroud, the author and Vice President of Strategy & Innovation at ISACA. It then discusses key industry trends related to information security. The document provides an overview of COBIT 5 and its product family as it relates to information security. It explains the components and contents of COBIT 5 for Information Security, including drivers, benefits, definitions, and guidance on using the enablers to implement information security. Appendices provide more detailed guidance on specific COBIT 5 processes from an information security perspective, including EDM03 Ensure Risk Optimization, APO13 Manage Security, and BAI06 Manage Change
The document provides an introduction to ISTQB (International Software Testing Qualifications Board). ISTQB is a non-profit organization that defines and maintains an international testing certification scheme. It aims to advance the software testing profession by defining a body of knowledge, connecting the international testing community, and encouraging research. ISTQB certifications are recognized worldwide and provide benefits for individuals, companies, training providers, and the overall testing profession. The document outlines ISTQB's mission, values, working groups, certification levels, and benefits of the certification scheme.
This talk was given in GeoSTQB webinar on June 15, 2020. Several strengthening trends are discussed. Testing careers are evolving – there are entries into testing and out of testing. Testing is becoming a role for everyone. ISTQB, as the world’s largest testing association, provides guidance into different testing activities, supporting testing careers. Another influential aspect is the on-march of agile teams, where testing is a whole team responsibility. Then there is test automation - that is an ever-increasing domain within testing. Test automation is not taking tester jobs away, but it is transforming them, giving tools for testing. Then there is DevOps – placing testing in the middle of a largely automated delivery pipeline. There is a place for manual testing, too, but test automation has a big meaning here. Finally, Artificial Intelligence is transforming all IT task, including testing. Automation of activities can now or soon be done in a scale that wasn’t possible earlier. Do we have reason to fear for our jobs? No – AI is best placed as yet another aid for the increasing demand of good quality in software, that is more complex than ever. Soon, we couldn’t cope without AI.
ION Trinidad and Tobago, 5 February 2015 - Chris Grundemann from the Internet Society Deploy360 Programme explains the programme, its goals, other projects of the team, and the ION Conferences, while welcoming participants to Port of Spain.
Strategic Engagement Director, Pablo Hinojosa, gives an overview of security-related activities at APNIC at Internet Week Japan from 28 November to 1 December 2017.
2013 cambridge picti (bic) hassan kassem,chairman of pita How2Innovation
PICTI 2.0 is a Business and Innovation Centre (BIC) that aims to improve upon the previous PICTI 1.0 incubator program. The BIC will provide pre-incubation, incubation, and acceleration services to help develop business ideas into startup companies. It utilizes a hybrid model of both physical and virtual support across the West Bank and Gaza. The goal is to support more projects and ideas, increase the number of successful startups, and lower the financial risks compared to PICTI 1.0. Services include training, mentoring, prototyping support, and helping companies access funding. To date, the BIC has supported over 100 ideas and currently incubates 39 active startup projects between the West
This document provides an agenda and background information for the Portfolio Management Special Interest Group's Annual General Meeting. The summary is:
The AGM will include presentations on the SIG's strategy and plans, the chairman's report on the past year's activities, and the election of the upcoming year's committee. The SIG aims to promote portfolio management practices, provide a forum for professionals to share experiences and ideas, encourage collaboration, and contribute to the development of best practices. The chairman's report will cover the SIG's accomplishments in the areas of developing new knowledge, engaging membership, disseminating knowledge, and working with the APM over the past year. It will also propose plans and focus areas for the coming year.
This document outlines the agenda and discussions from a Portfolio Management Special Interest Group meeting. The meeting included presentations on techniques for maintaining a balanced portfolio and influencing portfolio management. An open discussion session addressed topics like prioritization criteria and understanding the difference between prioritized and optimized portfolios. The SIG committee also discussed strategies around developing and disseminating knowledge, engaging senior executives, and getting more member involvement. Upcoming events were noted along with plans to deliver the SIG's strategy.
The Internet Society is a global non-profit organization with over 110 chapters worldwide and 80,000 members and supporters. Its goals are to promote the open development and use of the Internet through encouraging open protocols and standards, providing information about the Internet, and leading discussions on Internet evolution. The Deploy360 programme works to advance the real-world deployment of Internet protocols and technologies like IPv6, DNSSEC, and securing BGP by providing technical resources and educational events for network operators, developers and others.
CNCERT Conference 2017: Capacity development in the Asia PacificAPNIC
APNIC Security Specialist Adli Wahid presented on APNIC's security outreach and capacity development activities at the CNCERT Conference 2017 in Qingdao, China from 22 to 24 May 2017.
Using Standards to CreateBest-of-Breed Assessment SolutionsCito
The document discusses standards for assessment including Learning Tools Interoperability (LTI) and Question and Test Interoperability (QTI). LTI allows for integration of learning modules between systems, while QTI focuses on exchanging item and test data between platforms. Both standards aim to prevent vendor lock-in and facilitate system integration, but have limitations like low compliance requirements for QTI and lack of context sharing for LTI. The presentation concludes that while useful, the standards require improvements and continued development to fully achieve their goals.
This document provides an agenda and overview for implementing an Information Security Management System (ISMS) using an ISMS Implementation Toolkit. It discusses what an ISMS toolkit is and important considerations when using one. It then lists the top 5 ISMS toolkits and provides details on the author's own toolkit. Finally, it outlines a 20+1 step process for implementing an ISMS using the toolkit, with each step briefly described.
The document provides an overview of the International Software Testing Qualifications Board (ISTQB). It discusses ISTQB's mission to advance the software testing profession through defining a body of knowledge, connecting the international testing community, and encouraging research. ISTQB offers certification programs at the Foundation, Advanced, and Expert levels, and its syllabi are available in many languages. Surveys have found benefits of ISTQB certification for both professionals and their employers, including improved productivity, recognition of skills, and increased marketability. The document also summarizes ISTQB's Agile Tester Extension, which aims to satisfy the growing demand for skills in agile testing environments.
We held a webinar in December to provide updates on SFIA and the SFIA 8 project in particular.
The webinar is available on the SFIA Foundation Youtube channel - we plan to grow the channel so please subscribe.
Deputy Director General, Sanjaya, attended the Indonesian Network Information Centre's (IDNIC) 2017 OPM and gave an update on APNIC services and activities, including IPv6 deployment measurement information.
The document provides an overview of Jisc's Learning Analytics project which aims to help higher education institutions in the UK improve student retention, achievement, and employability through the application of learning analytics techniques. The project involves three core strands: a learning analytics service, toolkit, and community. It also discusses the architecture, data structures, how institutions can get involved, and provides examples of analytics activities at different universities.
Agile Testing cerfiticate from ISTQB available later this year. This presentation is about agile testing in general, some research findings about certificates (extract of Finnish figures from ISTQB global survey), and a few notes about the new certificate and related courses. Presentation at Testaus2014 seminar.
Testaus 2014 -seminaari. Kari Kakkonen, FiSTB-puheenvuoro.Tieturi Oy
The document discusses agile testing and the ISTQB Agile Testing certificate. It provides background on ISTQB and the Finnish Software Testing Board (FiSTB). It then summarizes the proposed contents of the Agile Testing certificate, including agile principles, practices, processes, methods, techniques and tools. Finally, it recommends the certificate for experienced testers new to agile, junior testers working in agile, and developers taking on testing roles in agile projects.
ISTQB - Certifying Software Testers Worldwide Noor Khalied
This document provides information about iSQI, a leading provider of software certification examinations. Some key points:
- iSQI is headquartered in Germany and founded in 2004, offering over 10 certifications related to software testing, requirements engineering, project management, and other IT roles.
- It has over 1000 members across Germany, Switzerland and Austria, and provides certifications to professionals in over 70 countries on 6 continents.
- Popular certifications include ISTQB certified tester and IREB certified requirements engineering professional.
- iSQI aims to standardize training and certification for software professionals to improve skills, career development, and value to employers through increased competence and quality.
Taiwan Startup Stadium is here! Though an official grand opening will be held after renovations are completed at Zhongshan Soccer Stadium in Taipei early next year, TSS has already moved in to its temporary HQ and begun launching its domestic and international initiatives, including Accelerator Bootcamp for startups applying to overseas accelerators, community outreach with local Taiwan startup ecosystem partners, and international outreach opportunities for startups.
Here's what the first two months at TSS have looked like!
This document provides information about the Internet Society and its Deploy360 program. The Internet Society is a nonprofit organization founded in 1992 to promote an open and globally connected Internet. Its Deploy360 program aims to advance the real-world deployment of Internet protocols like IPv6 and DNSSEC by providing hands-on technical resources and educational events for network operators, developers and other stakeholders. The program maintains an online knowledge repository and engages with audiences on social media and through conferences around the world. It seeks input from participants on additional content and features that could help further the adoption of open Internet standards.
This document outlines NetLogic Microsystems' product development methodology, with an emphasis on the central role of intellectual property (IP). It discusses how NM prioritized developing high-quality patents from the start, establishing programs and committees focused on continuously generating new patentable ideas. The methodology involved understanding customers' leading requirements to develop product, technology, and patent roadmaps that addressed market needs. It also highlights how NM differentiated itself by creating new values for customers related to performance, power efficiency, quality, and delivery.
The document discusses the PokJa Evaluasi TIK - DeTIKNas group, which evaluates information and communication technology in government agencies. The group provides improvement recommendations to evaluated agencies through the National ICT Council and reports to the Minister of Communication and Informatics. It presents frameworks and guidelines for IT evaluation, assurance, value creation, and project management that the group refers to in its work. These include recommendations from the Swiss Federal Audit Office and standards from ISACA. The presentation encourages open information and discussion on the group's evaluation activities.
2013 cambridge picti (bic) hassan kassem,chairman of pita How2Innovation
PICTI 2.0 is a Business and Innovation Centre (BIC) that aims to improve upon the previous PICTI 1.0 incubator program. The BIC will provide pre-incubation, incubation, and acceleration services to help develop business ideas into startup companies. It utilizes a hybrid model of both physical and virtual support across the West Bank and Gaza. The goal is to support more projects and ideas, increase the number of successful startups, and lower the financial risks compared to PICTI 1.0. Services include training, mentoring, prototyping support, and helping companies access funding. To date, the BIC has supported over 100 ideas and currently incubates 39 active startup projects between the West
This document provides an agenda and background information for the Portfolio Management Special Interest Group's Annual General Meeting. The summary is:
The AGM will include presentations on the SIG's strategy and plans, the chairman's report on the past year's activities, and the election of the upcoming year's committee. The SIG aims to promote portfolio management practices, provide a forum for professionals to share experiences and ideas, encourage collaboration, and contribute to the development of best practices. The chairman's report will cover the SIG's accomplishments in the areas of developing new knowledge, engaging membership, disseminating knowledge, and working with the APM over the past year. It will also propose plans and focus areas for the coming year.
This document outlines the agenda and discussions from a Portfolio Management Special Interest Group meeting. The meeting included presentations on techniques for maintaining a balanced portfolio and influencing portfolio management. An open discussion session addressed topics like prioritization criteria and understanding the difference between prioritized and optimized portfolios. The SIG committee also discussed strategies around developing and disseminating knowledge, engaging senior executives, and getting more member involvement. Upcoming events were noted along with plans to deliver the SIG's strategy.
The Internet Society is a global non-profit organization with over 110 chapters worldwide and 80,000 members and supporters. Its goals are to promote the open development and use of the Internet through encouraging open protocols and standards, providing information about the Internet, and leading discussions on Internet evolution. The Deploy360 programme works to advance the real-world deployment of Internet protocols and technologies like IPv6, DNSSEC, and securing BGP by providing technical resources and educational events for network operators, developers and others.
CNCERT Conference 2017: Capacity development in the Asia PacificAPNIC
APNIC Security Specialist Adli Wahid presented on APNIC's security outreach and capacity development activities at the CNCERT Conference 2017 in Qingdao, China from 22 to 24 May 2017.
Using Standards to CreateBest-of-Breed Assessment SolutionsCito
The document discusses standards for assessment including Learning Tools Interoperability (LTI) and Question and Test Interoperability (QTI). LTI allows for integration of learning modules between systems, while QTI focuses on exchanging item and test data between platforms. Both standards aim to prevent vendor lock-in and facilitate system integration, but have limitations like low compliance requirements for QTI and lack of context sharing for LTI. The presentation concludes that while useful, the standards require improvements and continued development to fully achieve their goals.
This document provides an agenda and overview for implementing an Information Security Management System (ISMS) using an ISMS Implementation Toolkit. It discusses what an ISMS toolkit is and important considerations when using one. It then lists the top 5 ISMS toolkits and provides details on the author's own toolkit. Finally, it outlines a 20+1 step process for implementing an ISMS using the toolkit, with each step briefly described.
The document provides an overview of the International Software Testing Qualifications Board (ISTQB). It discusses ISTQB's mission to advance the software testing profession through defining a body of knowledge, connecting the international testing community, and encouraging research. ISTQB offers certification programs at the Foundation, Advanced, and Expert levels, and its syllabi are available in many languages. Surveys have found benefits of ISTQB certification for both professionals and their employers, including improved productivity, recognition of skills, and increased marketability. The document also summarizes ISTQB's Agile Tester Extension, which aims to satisfy the growing demand for skills in agile testing environments.
We held a webinar in December to provide updates on SFIA and the SFIA 8 project in particular.
The webinar is available on the SFIA Foundation Youtube channel - we plan to grow the channel so please subscribe.
Deputy Director General, Sanjaya, attended the Indonesian Network Information Centre's (IDNIC) 2017 OPM and gave an update on APNIC services and activities, including IPv6 deployment measurement information.
The document provides an overview of Jisc's Learning Analytics project which aims to help higher education institutions in the UK improve student retention, achievement, and employability through the application of learning analytics techniques. The project involves three core strands: a learning analytics service, toolkit, and community. It also discusses the architecture, data structures, how institutions can get involved, and provides examples of analytics activities at different universities.
Agile Testing cerfiticate from ISTQB available later this year. This presentation is about agile testing in general, some research findings about certificates (extract of Finnish figures from ISTQB global survey), and a few notes about the new certificate and related courses. Presentation at Testaus2014 seminar.
Testaus 2014 -seminaari. Kari Kakkonen, FiSTB-puheenvuoro.Tieturi Oy
The document discusses agile testing and the ISTQB Agile Testing certificate. It provides background on ISTQB and the Finnish Software Testing Board (FiSTB). It then summarizes the proposed contents of the Agile Testing certificate, including agile principles, practices, processes, methods, techniques and tools. Finally, it recommends the certificate for experienced testers new to agile, junior testers working in agile, and developers taking on testing roles in agile projects.
ISTQB - Certifying Software Testers Worldwide Noor Khalied
This document provides information about iSQI, a leading provider of software certification examinations. Some key points:
- iSQI is headquartered in Germany and founded in 2004, offering over 10 certifications related to software testing, requirements engineering, project management, and other IT roles.
- It has over 1000 members across Germany, Switzerland and Austria, and provides certifications to professionals in over 70 countries on 6 continents.
- Popular certifications include ISTQB certified tester and IREB certified requirements engineering professional.
- iSQI aims to standardize training and certification for software professionals to improve skills, career development, and value to employers through increased competence and quality.
Taiwan Startup Stadium is here! Though an official grand opening will be held after renovations are completed at Zhongshan Soccer Stadium in Taipei early next year, TSS has already moved in to its temporary HQ and begun launching its domestic and international initiatives, including Accelerator Bootcamp for startups applying to overseas accelerators, community outreach with local Taiwan startup ecosystem partners, and international outreach opportunities for startups.
Here's what the first two months at TSS have looked like!
This document provides information about the Internet Society and its Deploy360 program. The Internet Society is a nonprofit organization founded in 1992 to promote an open and globally connected Internet. Its Deploy360 program aims to advance the real-world deployment of Internet protocols like IPv6 and DNSSEC by providing hands-on technical resources and educational events for network operators, developers and other stakeholders. The program maintains an online knowledge repository and engages with audiences on social media and through conferences around the world. It seeks input from participants on additional content and features that could help further the adoption of open Internet standards.
This document outlines NetLogic Microsystems' product development methodology, with an emphasis on the central role of intellectual property (IP). It discusses how NM prioritized developing high-quality patents from the start, establishing programs and committees focused on continuously generating new patentable ideas. The methodology involved understanding customers' leading requirements to develop product, technology, and patent roadmaps that addressed market needs. It also highlights how NM differentiated itself by creating new values for customers related to performance, power efficiency, quality, and delivery.
The document discusses the PokJa Evaluasi TIK - DeTIKNas group, which evaluates information and communication technology in government agencies. The group provides improvement recommendations to evaluated agencies through the National ICT Council and reports to the Minister of Communication and Informatics. It presents frameworks and guidelines for IT evaluation, assurance, value creation, and project management that the group refers to in its work. These include recommendations from the Swiss Federal Audit Office and standards from ISACA. The presentation encourages open information and discussion on the group's evaluation activities.
This document outlines an on-demand advisory service for CIOs and IT leadership teams. It notes that IT currently spends 80% of its budget on maintaining legacy systems, leaving little for innovation. This creates a gap between IT and business leaders seeking digital transformation. The advisory service aims to help CIOs address this "80/20 paradox" and consolidate IT's strategic role by driving the greatest business value. The seasoned CIO advisor provides independent and tailored guidance drawing on their experience and expertise.
1. The document discusses cloud evolution and regulatory pressures over the past 5 years, SCOR's experience with cloud implementations since 2012, and cloud trends.
2. SCOR's cloud strategy focuses on developing digital capabilities using centralized private cloud or select cloud SAAS. SCOR implements security and compliance controls and works toward SOC certifications for client services.
3. Lessons learned include that cloud complexity requires risk assessments, contractual protections, and internal control frameworks during selection and management. Monitoring competitive cloud industry trends is also important.
Digital Marketing Trends in 2024 | Guide for Staying AheadWask
https://www.wask.co/ebooks/digital-marketing-trends-in-2024
Feeling lost in the digital marketing whirlwind of 2024? Technology is changing, consumer habits are evolving, and staying ahead of the curve feels like a never-ending pursuit. This e-book is your compass. Dive into actionable insights to handle the complexities of modern marketing. From hyper-personalization to the power of user-generated content, learn how to build long-term relationships with your audience and unlock the secrets to success in the ever-shifting digital landscape.
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdfflufftailshop
When it comes to unit testing in the .NET ecosystem, developers have a wide range of options available. Among the most popular choices are NUnit, XUnit, and MSTest. These unit testing frameworks provide essential tools and features to help ensure the quality and reliability of code. However, understanding the differences between these frameworks is crucial for selecting the most suitable one for your projects.
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
Skybuffer SAM4U tool for SAP license adoptionTatiana Kojar
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
Taking AI to the Next Level in Manufacturing.pdfssuserfac0301
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on automated letter generation for Bonterra Impact Management using Google Workspace or Microsoft 365.
Interested in deploying letter generation automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxSitimaJohn
Ocean Lotus cyber threat actors represent a sophisticated, persistent, and politically motivated group that poses a significant risk to organizations and individuals in the Southeast Asian region. Their continuous evolution and adaptability underscore the need for robust cybersecurity measures and international cooperation to identify and mitigate the threats posed by such advanced persistent threat groups.
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...alexjohnson7307
Predictive maintenance is a proactive approach that anticipates equipment failures before they happen. At the forefront of this innovative strategy is Artificial Intelligence (AI), which brings unprecedented precision and efficiency. AI in predictive maintenance is transforming industries by reducing downtime, minimizing costs, and enhancing productivity.
2. ISACA en résumé : Membership
• 121 K au 30 Nov 2014 (+4%)
– NA 55 K, Europe 32 K, Asia 25 K, LA 5 K, Oceania 4 K
– Europe 32 K
• UK 4,9 K Spain 1,6 K
• Germany 2,4 K Switzerland 1,4 K
• South Africa 2,3 K Italy 1,3 K
• Nigeria 1,9 K Kenya 1,3 K
• Netherlands 1,7 K Belgium 0,9 K
– France 0,9 K (pas dans le top 10 européen)
– Plus de membres au Québec avec une population 10X <
– Très fort potentiel de croissance
– Professional, Student (1,8K), Academic (0,8K), Retired
Membership (0,3K)
Patrick Stachtchenko AFAI : 15 janvier 2015 2
3. ISACA en résumé : Certification
Candidats Total
• CISA 19 K 107 K
• CISM 5 K 24 K
• CRISC 2 K 17 K
• CGEIT 1 K 6 K
• Depuis 2013, certificats proposés: COBIT 5, Cybersecurity
• CISA proposé en 11 langues
• 333 CISA en France!
• Fort potentiel de croissance
Patrick Stachtchenko AFAI : 15 janvier 2015 3
4. ISACA en résumé : Education
• Conférences/Workshops dans 5 régions
– CACS dans chaque région
– EUROCACS 2014 Madrid
• Conférence de 3 jours (5 tracks)
• + 8 Workshops (1 ou 2 jours)
– Autres : « COBIT 5 » (2j), « Governance, Risk and Control » (3j),..
• On line training
– Webinars (1 h): > 35 webinars en 2014
• Ex : Data Protection and Privacy: How what you don’t know can hurt you
– Virtual Conferences (1 day)
• Evolving Security for a Maturing Cloud
• Training Courses
– Training Weeks
– On site training
– Elearning Campus
Patrick Stachtchenko AFAI : 15 janvier 2015 4
5. ISACA en résumé : Knowledge 2014
• White papers
– Issues that have just begun to, or will soon impact enterprise operations
• Research projects
• Knowledge Center
– Over 100 topics
– Discussions, Documents and Publications, Events and Online Learning, Journal
Articles, User Contributed External Links, Wikis, Blog Posts
• Academia
– Model Curricula
– Teaching Material (for Academia advocates)
• Elibrary
– All ISACA publications
– 525 external books
• Career Center
Patrick Stachtchenko AFAI : 15 janvier 2015 5
6. ISACA en résumé : Knowledge 2014
• Deliver, Service and Support Audit/Assurance Programs 1-6 (25 p / process)
• A Global Look at IT Audit Best Practices (45 p)
• IT Control Objectives for Sarbanes Oxley using COBIT 5, 3rd Edition (142 p)
• Build, Acquire and Implement Audit/Assurance Programs 1-10 (25 p / process)
• Risk Scenarios Using COBIT 5 for Risk (294 p)
• Align, Plan and Organize Audit/Assurance Programs 1-13 (25 p / process)
• European Cybersecurity Implementation Series
– Overview (26 pages)
– Assurance (24 pages)
– Resilience (25 pages)
– Risk Guidance (24 pages)
– Audit/Assurance Program (47 pages)
Patrick Stachtchenko AFAI : 15 janvier 2015 6
7. ISACA en résumé : Knowledge 2014
• Cybersecurity : What the Board of Directors Needs to Ask? (20 p)
• Implementating the NIST Cybersecurity Framework (108 p)
• COBIT 5 Principles : Where did they come from? (12 p)
• Advance Persistent Threat Awareness Study Results (20 p)
• ITAF 3rd Edition (148 p)
• Controls and Assurance in the Cloud : Using COBIT 5 (266 p)
• Relating the COSO Internal Control Integrated Framework and COBIT (22 p)
• Vendor Management Using COBIT 5 (178 p)
• Evaluate, Direct and Monitor Programs 1-5 (25 p / process)
• Genrating Value from Big Data Analytics (12 p)
Patrick Stachtchenko AFAI : 15 janvier 2015 7
8. ISACA en résumé : Knowledge 2013
• Security as a Service (18 p)
• COBIT 5 : Enabling Information (90 p)
• Advanced Persistent Threats : How to manage the Risk to Your
Business? (132 p)
• COBIT 5 for Risk (244 p)
• Configuration Management Using COBIT 5 (88 p)
• Privacy and Big Data (12 p)
• Transforming Cybersecurity (190 p)
• COBIT 5 for Assurance (318 p)
Patrick Stachtchenko AFAI : 15 janvier 2015 8
9. ISACA en résumé : Knowledge 2013
• Responding to Targeted Cyberattacks (88 p)
• Cloud Governance : Questions Boards of Directors Need to Ask? (9 p)
• Big Data : Impacts and Benefits (14 p)
• Software Assurance Audit/Assurance Program (35 p)
• Identity Management Audit/Assurance Program (40 p)
• COBIT Assessment Programme Using COBIT 5 (144 p)
• Outsourced IT Environments Audit/Assurance Program (39 p)
• Personally Identifiable Information Audit/Assurance Program (34 p)
Patrick Stachtchenko AFAI : 15 janvier 2015 9
10. ISACA en résumé : Knowledge 2015
• DevOps Series 1st Q
• Getting Started With Governance 1st Q
• Industrial Control Systems (ICS) 2nd Q
• Internal Controls 1st Q
• Operational Risk Management/Basel Using COBIT 5 ?
• PCI DSS (Payment Card Industry Data Security Standard) 1st Q
• Security, Audit and Control Features SAP ERP, 4th Edition 1st Q
• + Travaux des comités et task forces (Emerging Business and
Technology Committee, Privacy Task Force, Audit/Assurance
Programs based on COBIT 5, etc…)
Patrick Stachtchenko AFAI : 15 janvier 2015 10
Ensemble du knowledge développé en respectant les principes de COBIT 5
11. ISACA en résumé : Organisation projet Knowledge
• Board of Directors
• Strategy Advisory Council
• Knowledge Board
• Framework Committee
• Guidance and Practices Committee
• Emerging Business and Technology Committee
• Task Force
• Development Team
• Expert Reviewers
Patrick Stachtchenko AFAI : 15 janvier 2015 11
12. ISACA en résumé : Organisation projet Knowledge
Board of Directors
Patrick Stachtchenko AFAI : 15 janvier 2015 12
President Robert E Stroud, CGEIT, CRISC USA
VP Steven Babb, CGEIT, CRISC, ITIL United Kingdom
VP Garry Barnes, CISA, CISM, CGEIT, CRISC, MAICD Australia
VP Rob Clyde, CISM USA
VP Ramsés Gallego, CISM, CGEIT, CCSK, CISSP, SCPM, Six Sigma Black Belt Spain
VP Theresa Grafenstine, CISA, CGEIT, CRISC, CIA, CGAP, CGMA, CPA USA
VP
R Vittal Raj, CISA, CISM, CGEIT, CRISC, CFE, CIA, CISSP, FCA, COBIT 5
Foundation Accredited Trainer
India
Director Debbie Lew, CISA, CRISC USA
Director Frank Yam, CISA, CCP, CFE, CFSA, CIA, FFA, FHKCS, FHKIoD, FHKITJC Hong Kong
Director
Alexander Zapata Lenis, CISA, CGEIT, CRISC, COBIT Certified Assessor,
COBIT 5 Implementation, PMP, ISO 22301 Lead Implementer, ITIL, ISO
27001 Foundations
Mexico
PP Tony Hayes, CGEIT, AFCHSE, CHE, FACS, FCPA, FIIA Australia
PP Greg Grocholski, CISA USA
13. ISACA en résumé : Organisation projet Knowledge
Governance Advisory Council
Patrick Stachtchenko AFAI : 15 janvier 2015 13
Chair Marios Damianides, CISA, CISM USA
Member Lynn Lawton, CISA, CRISC Russian Federation
Member Michael Cangemi USA
Member Gregory T. Grocholski, CISA USA
Member Jeff Spivey, CRISC USA
Member Robert E Stroud, CGEIT, CRISC USA
Member Tony Hayes, CGEIT Australia
Member Howard Nicholson, CISA, CGEIT, CRISC Australia
14. ISACA en résumé : Organisation projet Knowledge
Knowledge Board
Patrick Stachtchenko AFAI : 15 janvier 2015 14
Chair Steven Babb, CGEIT, CRISC United Kingdom
Member Sushil Chatterji, CGEIT Singapore
Member Rosemary Amato, CISA Netherlands
Member Neil Barlow, CISA, CISM, CRISC United Kingdom
Member Jamie Pasfield, CGEIT United Kingdom
Member Ivan Lopez, CISA, CISM Germany
Member Charlie Blanchard, CISA, CISM, CRISC USA
Member Phil Lageschulte, CGEIT USA
Member Anthony Noble, CISA USA
15. ISACA en résumé : Organisation projet Knowledge
Framework Committee
Patrick Stachtchenko AFAI : 15 janvier 2015 15
Chair Sushil Chatterji, CGEIT Singapore
Member Andre Pitkowski, CGEIT, CRISC Brasil
Member Sylvia Tosar, CGEIT Uruguay
Member Jimmy Heschl, CISA, CISM, CGEIT Austria
Member David Cau France (Lux)
Member Tichaona Zororo, CISA, CISM, CGEIT, CRISC South Africa
Member Joanne De Vito De Palma USA
Member Katherine McIntosh, CISA USA
Member Paras Shah, CISA, CGEIT, CRISC Australia
16. ISACA en résumé : Organisation projet Knowledge
Practices and Guidance Committee
Patrick Stachtchenko AFAI : 15 janvier 2015 16
Chair Phil James Lageschulte, CGEIT USA
Member Siang Jun Julia Yeo, CISA, CRISC Singapore
Member Aureo Monteiro Tavares da Silva, CISM, CGEIT Brasil
Member M. Yves Marcel Le Roux, CISM France
Member James Seaman, CISM, CRISC United Kingdom
Member Nikolaos Zacharopoulos, CISA Germany
Member John Erick Jasinski, CISA, CGEIT USA
Member Jotham Nyamari, CISA USA
Member Gurvinder P. Singh, CISA, CISM, CRISC Australia
17. ISACA en résumé : Organisation projet Knowledge
Emerging Business and Technology Committee
Patrick Stachtchenko AFAI : 15 janvier 2015 17
Chair Jamie Pasfield, CGEIT United Kingdom
Member William Gee, CISA, CRISC China
Member Victor Chapela, CRISC Mexico
Member Bhavesh Bhagat, CISM, CGEIT USA
Member Daniel Blum USA
Member Norman Marks USA
Member Usha Devarajah Australia
18. ISACA en résumé : Organisation projet Knowledge
Cybersecurity Task Force
Patrick Stachtchenko AFAI : 15 janvier 2015 18
Chair Eddie Schwartz, CISA, CISM, CISSP, MCSE, PMP USA
Member Manuel Aceves, CISA, CISM, CGEIT, CRISC, CISSP, FCITSM Mexico
Member Sanjay Bahl, CISM, CIPP India
Member Neil Patrick Barlow, CISA, CISM, CRISC, CISSP UK
Member Brent Conran, CISA, CISM, CISSP USA
Member Derek Grocke Australia
Member Samuel Linares, CISA, CISM, CGEIT, CRISC, CISSP, GICSP Spain
Member Marc Sachs USA
19. ISACA en résumé : Organisation projet Knowledge
Development Team
Patrick Stachtchenko AFAI : 15 janvier 2015 19
Lead Rolf M. von Roessing, CISA, CISM, CGEIT, CISSP, FBCI Switzerland
Member Vilius Benetis, Ph.D., CISA, CRISC Lithuania
Member Christos K. Dimitriadis Ph.D., CISA, CISM, CRISC Greece
Member Ivo Ivanovs, CISA, CISM, MCSE Latvia
Member Samuel Linares, CISA, CISM, CGEIT, CRISC, CISSP, GICSP Spain
Member Charlie McMurdie UK
Member Andreas Teuscher, CISA, CGEIT, CRISC Germany
20. ISACA en résumé : Organisation projet Knowledge
Expert Reviewers
Patrick Stachtchenko AFAI : 15 janvier 2015 20
Expert Jesper Hansen, CISM, CRISC, CISSP, ESL Denmark
Expert Martins Kalkis, CISM Latvia
Expert Aare Reintam, CISA Estonia
Expert Andrea Rigoni UK
Expert Marc Vael Ph.D., CISA, CISM, CGEIT, CRISC, CISSP Belgium
21. ISACA en résumé : Journal
• Journal : 2014 et 2015 (60 pages par numéro et 6
numéros par an)
– Data Privacy
– The IS Audit Transformation
– Big Data
– Governance and Management of IT
– Mobile Devices
– Cybersecurity
– Analytics and Risk Intelligence
• En 2015, articles disponibles tous les 15 jours.
Patrick Stachtchenko AFAI : 15 janvier 2015 21
22. ISACA en résumé : Solidité Financière
• Revenues
– 47,0 M$ en 2013
– 43,5 M$ en 2012
• Certification 40%
• Membership 29%
• Education 16%
• Publications 9%
• Autres 6%
• Résultats
– 6,9 M$ en 2013
– 7,7 M$ en 2012
• Réserves
– 72,0 M$ en 2013
– 65,1 M$ en 2012
Patrick Stachtchenko AFAI : 15 janvier 2015 22
23. ISACA en résumé
COBIT 5 : Etude Globale sur la Gouvernance 2014
23
AFAI : 15 janvier 2015
Patrick Stachtchenko
24. Stratégie ISACA 2022
Patrick Stachtchenko AFAI : 15 janvier 2015 24
« By 2022, ISACA should become the foremost global
organization on the topic of trust in and value from information
and information systems, providing constituents with distinctive
knowledge and services. ISACA must also provide an expanded
set of offerings to help constituents and others enhance the
governance and management of information and information
systems assets in order to enhance trust in and capture optimal
value from IS investments. »
27. ISACA : Structures de Gouvernance
Governance
• ISACA Board of Directors and IT Governance Institute
Board of Trustees
– Governance Advisory Council
– Strategic Advisory Council
– Finance Committee
– Leadership Development Committee
– Audit Committee
• Board and Committee Volunteers by Geographic Area:
– Area 1: Asia
– Area 2: Central and South America
– Area 3: Europe and Africa
– Area 4: North America
– Area 5: Oceania
Patrick Stachtchenko AFAI : 15 janvier 2015 27
28. ISACA : Structures de Gouvernance
Credentialing : Certification and Career Management Board
• CGEIT Certification Committee
– CGEIT Test Enhancement Subcommittee
• CISA Certification Committee
– CISA Test Enhancement Subcommittee
• CISM Certification Committee
– CISM Test Enhancement Subcommittee
• CRISC Certification Committee
– CRISC Test Enhancement Subcommittee
• Professional Standards and Career Management
Committee
– Academic Program Subcommittee
Knowledge : Knowledge Board
• Knowledge Management and Education Committee
– Conference Program Development Subcommittee
– Publications Subcommittee
• Emerging Business and Technology Committee
• Framework Committee
• Guidance & Practices Committee
Patrick Stachtchenko AFAI : 15 janvier 2015 28
Relations : Relations Board
• Chapter Support Committee
• Communities Committee
• Young Professionals Subcommittee
• Enterprise Advocacy Committee
• Membership Growth & Retention
Committee
• Student and Academic
Subcommittee
• Professional Advocacy Committee
• ISO Liaison Subcommittee
• GRA Committee
• GRA Regional Subcommittee Area 1
• GRA Regional Subcommittee Area 2
• GRA Regional Subcommittee Area 3
• GRA Regional Subcommittee Area 4
• GRA Regional Subcommittee Area 5
+ Task Forces
29. ISACA : Structures de Gouvernance
316 personnes dans les comités (hors task forces, experts, etc..)
NA : 121, EU 75: , AS : 47, LA : 40, OC : 33
• USA 104
• Australie 28
• UK 20
• Canada 17
• India 12
• Singapore 9
• Mexico 9
• Germany 7
• Japan 7
• Argentine 7
• Brazil 7
• China 5
• South Africa 5
• Kenya 5
Patrick Stachtchenko AFAI : 15 janvier 2015 29
• 3 pays : 4 personnes
• 5 pays : 3 personnes
• 11 pays : 2 personnes
• France : 1 ou 2 personnes
31. Illustration : Approche vue globale
– COBIT 5 Framework
• A Business Framework for the Governance and Management of Enterprise IT (94 p)
– COBIT 5 Enabler Guides
• Processes (37 IT processes) (230 p), Information (Business and IT) (90 p), …
– COBIT 5 Professional Guides
• Implementation (78 p) + Toolkit (17 fichiers), Risk (244 p) and Risk Scenarios (294 p), Assurance (318 p),
Security (220 p), …
– Practices and Guidance using COBIT 5
• Configuration Management (88 p), Vendor Management (178 p), ...
• COBIT Assessment Program : Model (144 p), Self Assessment (24 p), User Guide
– White Papers / Vision Series / Studies / Surveys
• Social Media, Business Benefits and Security, Governance and Assurance Perspectives (10 p)
• Cloud Computing, Business Benefits with Security, Governance and Assurance Perspectives (10 p)
• Big Data Impacts and Benefits (14 p), Top Business / Technology Issues Survey Results (34 p), …
– Professionals Standards and Guidance
• ITAF, A Professional Practices Framework for IS Audit / Assurance, 3rd Edition (148 p)?
– Audit/Assurance Programs
• EDM/APO/DSS/BAI (25p /P), Software Assurance (35 p), Outsourcing IT Environments (39 p), BYOD (39 p), …
– Knowledge Center (Over 100 topics : for each topic discussions, documents and publications,
events, journal articles, external links, wikis, blog posts)
• Performance Management, Business Analytics, Casinos and Gambling, Solvency 2, OS/400,…
– COBIT Focus (4 x year) : COBIT Case studies, Articles, Updates, …
– COBIT 5 Online : Multiphase project. Capabilities for accessing, understanding and applying COBIT 5
Patrick Stachtchenko AFAI : 15 janvier 2015 31
32. Illustration : Approche vue spécifique
Sécurité de l’information
– COBIT 5 Professional Guides
• Information Security (220 p)
– Practices and Guidance using COBIT 5
• Securing Mobile Devices (138 p), Transforming Cyber Security (190 p), European
Cybersecurity Implementation Series (146 p),…
– White Papers / Vision Series / Studies / Surveys
• Cybersecurity : What the Board of Directors Needs to Ask? (20 p)
• Security as a Service: Business Benefits with Security, Governance and Assurance
Perspectives (18p)
• Business Continuity Management, Emerging Trends (15 p)
• Web Application Security, Business and Risk Considerations (16 p)
• Security Considerations for Cloud Computing (80 p)
• Advanced Persistent Threat Awareness Study Results (20 p), …
– Audit / Assurance programs
• VPN Security (33 p), Biometrics (47 p), Voice-over Internet Protocol (VoIP) (42 p), …
– Knowledge Center
• Security Tools, Physical Security, Network Security, …
– COBIT 5 Online
• Specific Security View
Patrick Stachtchenko AFAI : 15 janvier 2015 32
33. COBIT 5 Deliverables : A Business Framework for the
Governance and Management of Enterprise IT (94 pages)
• Executive Summary
• Overview of COBIT 5
• Principle 1 : Meeting Stakeholders Needs
• Principle 2 : Covering the Enterprise from End-to-end
• Principle 3 : Applying a Single Integrated Framework
• Principle 4 : Enabling a Holistic Approach
• Principle 5 : Separating Governance from Management
• Implementation Guidance
• The COBIT 5 Process Capability Model
• Appendices
33Patrick Stachtchenko AFAI : 15 janvier 2015
34. COBIT 5 Deliverables : A Business Framework for the
Governance and Management of Enterprise IT
• Appendix A : References
• Appendix B : Detailed Mapping 17 Enterprise Goals –17 IT- related Goals
• Appendix C : Detailed Mapping 17 IT‐related Goals – 32 IT-related Processes
• Appendix D : 22 Stakeholder Needs and 17 Enterprise Goals
• Appendix E : Mapping of COBIT 5 with most relevant related standards and frameworks
(ISO/IEC 38500, ITIL V3 2011 - ISO/IEC 20000, ISO/IEC 27000 Series, ISO/IEC
3100 Series, TOGAF, CMMI, PRINCE2)
• Appendix F : Comparison between COBIT 5 Information Reference Model and the COBIT
4.1 information criteria
• Appendix G : Detailed description of COBIT 5 Enablers
• Appendix H : Glossary
• Appendix G: Detailed description of COBIT 5 Enablers
• Introduction
• COBIT 5 Enabler : Principles, Policies and Frameworks
• COBIT 5 Enabler : Processes
• COBIT 5 Enabler : Organisational Structures
• COBIT 5 Enabler : Culture, Ethics and Behaviour
• COBIT 5 Enabler : Information
• COBIT 5 Enabler : Services, Infrastructures and Applications
• COBIT 5 Enabler : People, Skills and Competencies
34Patrick Stachtchenko AFAI : 15 janvier 2015
35. COBIT 5 Deliverables : Enabling Processes (230 pages)
• Introduction
• The Goals Cascade and Metrics for Enterprise Goals and IT-related Goals
– COBIT 5 Goals Cascade : Stakeholders Drivers, Stakeholders Needs, Enterprise Goals, IT Goals, Enabler Goals
– Using the COBIT 5 Goals Cascade
– Metrics : Enterprise, IT
• The COBIT 5 Process Model
– Enabler Performance Management
• The COBIT 5 Process Reference Model
– Governance and Management Processes (5 governance processes and 32 management processes)
– Reference Model
• COBIT 5 Process Reference Guide Contents
– Generic Guidance for Processes :
• EDM : Evaluate, Direct and Monitor
• APO : Align, Plan and Organize
• BAI : Build, Acquire and Implement
• DSS : Deliver, Service and Support
• MEA : Monitor, Evaluate and Assess
• Appendix A : Mapping between COBIT 5 and legacy ISACA Frameworks (COBIT 4.1, Val IT
2.0, Risk IT Management Practices)
• Appendix B : Detailed Mapping 17 Enterprise Goals and 17 IT-related Goals
• Appendix C : Detailed Mapping 17 IT-related Goals and 37 IT‐related Processes
35
• 129 IT Process Goals
• 266 IT Process Goal Metrics
• 207 IT Practices
• 26 business and IT roles in IT Practices
• 1108 IT Activities
17 Enterprise Goals, 17 IT-related Goals, 59 IT-related Goals metrics
Patrick Stachtchenko AFAI : 15 janvier 2015
36. COBIT 5 Deliverables : Enabling Processes
• Process identification : Label, Name, Area, Domain
• Process description
• Process purpose statement
• IT goals and metrics supported
• 17 IT Goals, 59 IT-related Goals Metrics
• Process goals and metrics
• Governance : 15 IT Process Goals and 37 IT Process Goal metrics
• Management : 114 IT Process Goals and 229 IT Process Goal metrics
• RACI chart
• 26 Business and IT Roles concerned with the 207 IT Practices
• Detailed description of the process practices
• Description, inputs and outputs with origin/destination, activities
• Governance : 12 IT Governance Practices and 79 IT Governance Activities
• Management : 195 IT Management Practices and 1029 IT Management Activities
• Related guidance
36Patrick Stachtchenko AFAI : 15 janvier 2015
37. COBIT 5 Deliverables : Enabling Information (90 pages)
• Introduction: Benefits, Target Audience, Prerequisite Knowledge, Overview and Scope
• COBIT 5 Principles applied to Information
– COBIT 5 Principles
• Goals Cascade for the Enterprise (Function Goals)
• Examples of Information Items that support the Enterprise Value Chain Goals (Governance, Management
and Operations Items for 8 Functional areas : Human Resources (22 items), Procurement (20 items), …)
• Examples of Information Items supporting IT-related Goals (Quality Criteria, Related Metrics) (69 items)
• The COBIT 5 Information Model
– COBIT 5 Information Model Overview
• Information Stakeholders : Examples for Customer Data (8), IT Strategy (8), Supply Chain Software
Specification Document (6), Hospital Patient Records (9) (Description, Stakes)
• Information Goals : Examples for each of the 15 information quality criteria
• Lifecycle : Examples for Supplier Information, Retention Requirements, IT Change Management Data
• Good Practices : Examples for the 11 information attributes
– Additional Examples of COBIT 5 Information Model Use
• 5 sample use cases : Building IS Specifications, Definition of Information Protection Requirements, etc..
• Comprehensive Information Item Description : Illustration for Risk Profile (Lifecycle and stakeholders, Goals,
Good Practices, Link to other enablers)
• Addressing Information Governance and Management Issues Using COBIT 5
– Information Governance and Management Issues Reviewed in this Chapter (9 issues)
• For each Issue : Issue Description and Business Context, Affected Information, Affected Goals, Enablers to
Address the Issue
• Appendix A : Reference to other Guidance (DAMA-DMBOK Framework, ISO 15489-1:2001)
• Appendix B : Example Information Items Supporting Functional Area Goals (8 areas, 179 items)
• Appendix C : Example Information Items Supporting IT-related Goals (1 area, 69 items) 37
Patrick Stachtchenko AFAI : 15 janvier 2015
38. COBIT 5 Deliverables : Information Security (220 pages)
• Executive Summary: Introduction, Drivers, Benefits, Target Audience, Conventions
• Information Security
• Information Security Defined
• COBIT 5 Principles
• Using COBIT 5 Enablers for Implementing Information Security in Practice
• Introduction
• Enabler : Principles, Policies and Frameworks
• Enabler : Processes
• Enabler : Organizational Structures
• Enabler : Culture, Ethics and Behaviour
• Enabler : Information
• Enabler : Services, Infrastructure and Applications
• Enabler : People, Skills and Competencies
• Adapting COBIT 5 for Information Security to the Enterprise Environment
• Introduction
• Implementing Information Security Initiatives
• Using COBIT 5 to connect to other frameworks, models, good practices and standards
• Appendix A to G : Detailed Guidance for each of the 7 categories of enablers
• Appendix H : Detailed Mappings
• Acronyms, Glossary
38Patrick Stachtchenko AFAI : 15 janvier 2015
39. COBIT 5 Deliverables : Information Security
• Appendix A Detailed Guidance : Principles, Policies and Frameworks
• 3 high level security principles with 12 elements : Objective and description
• 13 types of policies : scope, validity, goals (5 driven by security function, 8 driven by other functions)
• Appendix B Detailed Guidance Processes (see next page)
• Appendix C Detailed Guidance : Organizational Structures
• 5 types of security-related organizational structures : Composition, Mandate, Operating principles,
Span of control, Authority level, Delegation rights, Escalation path, RACI chart, Inputs/Outputs
• Appendix D Detailed Guidance : Culture, Ethics and Behaviour
• 8 types of security-related expected behaviours
• Appendix E Detailed Guidance : Information
• 34 types of security-related information stakeholders
• 10 types of security related information : goals, life cycle, good practice
• Appendix F Detailed Guidance : Services, Infrastructure and Applications
• 10 types of security services : 27 security-related service capabilities (supporting technology, benefit,
quality goal, metric)
• Appendix G Detailed Guidance : People, Skills and Competencies
• 7 types of security set of skills and competencies : description, experience, education, qualifications,
knowledge, technical skills, behavioural skills, related role structure
• Appendix H Detailed Mappings (ISO/IEC 27001, ISO/IEC 27002, ISF, NIST)
39Patrick Stachtchenko AFAI : 15 janvier 2015
40. COBIT 5 Deliverables : Information Security
Processes Enabler
• Process Identification : Label, Name, Area, Domain
• Process Description
• Process Purpose Statement
• Security-specific Process Goals and Metrics
• Governance : 8 Security Process Goals and 17 Security Process Goals related Metrics
• Management : 71 Security Process Goals and 137 Security Process Goals related Metrics
• Security-specific Process Practices, Inputs/Outputs and Activities
• Description of governance/management practice, security-specific inputs and outputs in addition to
COBIT 5 inputs and outputs with origin/destination, security-specific activities in addition to COBIT
5 activities
• Governance : 12 Security Governance Practices and 31 Security Governance Activities
• Management : 176 Security Management Practices and 347 Security Management Activities
• Related Guidance
40Patrick Stachtchenko AFAI : 15 janvier 2015
41. COBIT 5 Deliverables : Risk (244 pages)
• Executive Summary: Introduction, Terminology, Drivers, Benefits, Target Audience, Overview
and Guidance on use of Publication, Prerequisite Knowledge
• Risk and Risk Management
• The Governance Objective : Value Creation
• Risk : Risk Categories, Risk Duality, Interrelationship between Inherent, Current and Residual Risk
• Scope of Publication (Two Perspectives on Risk : Risk Function and Risk Management Perspectives)
• Applying the COBIT 5 Principles to Managing Risks
• The Risk Function Perspective
• Introduction to Enablers
• The 7 Enablers
• The Risk Management Perspective and using COBIT 5 Enablers
• Core Risk Processes
• Risk Scenarios
• Generic Risk Scenarios
• Risk Aggregation
• Risk Response
• How this Publication Aligns with Other Standards
• ISO 31000, ISO/IEC 27005:2011, COSO ERM
• Appendix A : Glossary
• Appendix B : Detailed Risk Governance and Management Enablers
• Appendix C : Core Risk Management Processes
• Appendix D : Using COBIT 5 Enablers to Mitigate IT Risk Scenarios (20 scenarios)
• Appendix E : Comparison of Risk IT with COBIT 5
• Appendix F : Comprehensive Risk Scenario Template
41Patrick Stachtchenko AFAI : 15 janvier 2015
42. COBIT 5 Deliverables : Risk
• Appendix A. Detailed Guidance : Principles, Policies and Frameworks
• 7 high level risk principles : Principle and Explanation
• 18 types of risk policies : Scope, Validity, Management Commitment and Accountability, Risk
Governance, Risk Management Framework
• Appendix B. Detailed Guidance Processes (see next page)
• 12 key risk function supporting processes
• 2 key risk management supporting processes
• Appendix C. Detailed Guidance : Organizational Structures
• 5 key risk-related organizational structures : Composition, Mandate, Operating principles, Span of
control, Authority level, Delegation rights, Escalation path, RACI chart, Inputs/Outputs
• 17 other relevant structures for Risk : Description, Role in risk process
• Appendix D. Detailed Guidance : Culture, Ethics and Behavior
• 8 types of general behavior, 8 types of risk professional behavior, 7 types of management behavior
• Appendix E. Detailed Guidance : Information
• 13 types of risk related information items : stakeholders, stakes, goals, life cycle, good practices, links
to other enablers
• Appendix F. Detailed Guidance : Services, Infrastructure and Applications
• 6 types of risk services (description, goal, benefit, good practice, stakeholders, metric)
• 3 types of risk infrastructure (description), 5 types of risk applications (description)
• Appendix G. Detailed Guidance : People, Skills and Competencies
• 11 types of risk set of skills and competencies (description) and 2 risk roles (description, experience,
education, qualifications, knowledge, technical skills, behavioral skills, related role structure)
42Patrick Stachtchenko AFAI : 15 janvier 2015
43. COBIT 5 Deliverables : Risk
• Process Identification : Label, Name, Area, Domain
• Process Description
• Process Purpose Statement
• Risk-specific Process Goals and Metrics
• Risk Function
• Governance : 5 Risk Process Goals and 12 Risk Process Goals related Metrics
• Management : 14 Risk Process Goals and 24 Risk Process Goals related Metrics
• Risk-specific Process Practices, Inputs/Outputs and Activities
• Description of governance/management practice, risk-specific inputs and outputs in
addition to COBIT 5 inputs and outputs with origin/destination, risk-specific activities in
addition to COBIT 5 activities
• Risk Function
• Governance : 9 Risk Governance Practices and 28 Risk Governance Activities
• Management : 50 Risk Management Practices and 80 Risk Management Activities
• Risk Management
• Governance : 2 Risk Governance Practices and 12 Risk Governance Activities (69 actions)
• Management : 6 Risk Management Practices and 26 Risk Management Activities (103 actions)
43Patrick Stachtchenko AFAI : 15 janvier 2015
44. COBIT 5 Deliverables : Assurance (318 pages)
• Executive Summary: Introduction and Objectives, Drivers, Benefits, Target Audience,
Document Overview and Guidance on its use, Prerequisite Knowledge
• Assurance
• Assurance defined : 3 party relationship, subject matter, suitable criteria, execution, conclusion
• Scope of Publication: Two Perspectives, Assurance Function and Assurance
• Principles of providing Assurance (Engagement types)
• Assurance Function Perspective : Using COBIT 5 Enablers for Governing and Managing an
Assurance Function
• Introduction to Enablers
• The 7 Enablers
• Assessment Perspective : Providing Assurance Over a Subject Matter
• Core Assurance Processes
• Introduction and Overview of the Assessment Approach
• Determine the scope of the Assurance Initiative (Phase A)
• 3 aspects to be taken into account (stakeholders, goals, 7 enablers), 14 steps, an example
• Understand the Enablers, Set Suitable Assessment Criteria and Perform the Assessment (Phase B)
• Achievement of goals (2 steps), 7 enablers (37 steps)
• Generic Approach for Communicating on an Assurance Initiative (Phase C)
• 2 aspects (document and communicate) and 5 steps
• How this publication relates to other Standards
• ITAF, 2nd Edition, International Professional Practices Framework (IPPF) for Internal Auditing
Standards 2013, Statement on Standards for Attestation Engagements N° 16 (SSAE 16)
• Appendix A : Glossary
• Appendix B : Detailed Enablers For Assurance Governance and Management
• Appendix C : Core Assurance Processes
• Appendix D : Example Audit / Assurance Programmes (3 examples : Change Management,
Risk Management, BYOD) 44
Patrick Stachtchenko AFAI : 15 janvier 2015
45. COBIT 5 Deliverables : Assurance
• Appendix A. Detailed Guidance : Principles, Policies and Frameworks
• 4 areas : Covered by ITAF, 2nd Edition (18 sections of ITAF)
• Appendix B. Detailed Guidance Processes (see next page)
• 11 key processes supporting assurance provisioning
• 3 key core assurance processes
• Appendix C. Detailed Guidance : Organizational Structures
• 4 key assurance-related organizational structures : Composition, Mandate, Operating principles,
Span of control, Authority level, Delegation rights, Escalation path, RACI chart, Inputs/Outputs
• 12 other relevant structures for Assurance : Description, Stake in Assurance provisioning
• Appendix D. Detailed Guidance : Culture, Ethics and Behavior
• 5 types of enterprise wide behavior, 8 types of assurance professional behavior, 10 types of
management behavior : Behavior, Key Objective/Suitable criteria/outcome,
Communication/Enforcement actions, Incentives and rewards actions, Raising awareness actions
• Appendix E. Detailed Guidance : Information
• 18 types of information items supporting assurance : stakeholders, stakes, goals, life cycle, good
practices, links to other enablers
• 5 types of additional information items input : description
• Appendix F. Detailed Guidance : Services, Infrastructure and Applications
• 8 types of assurance services (description, goal, benefit, good practice, stakeholders)
• 8 types of assurance supporting applications (description, goal, benefit, good practice, stakeholders)
• Appendix G. Detailed Guidance : People, Skills and Competencies
• 16 types of assurance set of skills and competencies : description, experience, education,
qualifications, knowledge, technical skills, behavioral skills 45
Patrick Stachtchenko AFAI : 15 janvier 2015
46. COBIT 5 Deliverables : Assurance
• Process Identification : Label, Name, Area, Domain
• Process Description
• Process Purpose Statement
• Assurance-specific Process Goals and Metrics
• Processes Supporting Assurance Provisioning
• Governance : 8 Assurance Process Goals and 11 Assurance Process Goals related Metrics
• Management : 11 Assurance Process Goals and 19 Assurance Process Goals related Metrics
• Core Assurance Processes
• Management : 11 Assurance Process Goals and 17 Assurance Process Goals related Metrics
• Assurance-specific Process Practices, Inputs/Outputs and Activities
• Description of governance/management practice, assurance-specific inputs and outputs
in addition to COBIT 5 inputs and outputs with origin/destination, assurance-specific
activities in addition to COBIT 5 activities
• Processes Supporting Assurance Provisioning
• Governance : 9 Assurance Governance Practices and 28 Assurance Governance Activities
• Management : 50 Assurance Management Practices and 80 Assurance Management Activities
• Core Assurance Processes
• Management : 17 Core Assurance Practices and 88 Core Assurance Activities (124 actions)
46Patrick Stachtchenko AFAI : 15 janvier 2015
47. COBIT 5 Deliverables : Implementation (78 pages)
• Introduction
• Positioning GEIT
• Taking the first steps towards GEIT
• Identifying implementation challenges and success factors
• Enabling change
• Implementation life cycle tasks, roles and responsibilities
• Using the COBIT 5 components
• Appendix A : Mapping Pain Points to COBIT 5 Processes
• Appendix B : Example Decision Matrix
• Appendix C : Mapping Example Risk Scenarios to COBIT 5 Processes
• Appendix D : Example Business Case
• Appendix E : COBIT 4.1 Maturity Attribute Table
47Patrick Stachtchenko AFAI : 15 janvier 2015
48. COBIT 5 Deliverables : Securing Mobile Devices (138 pages)
• Introduction : What is a mobile device? Mobile Device Use – Past Present Future
• Mobile Device Impact on Business and Society : Mobility and Flexibility, Patterns of
Work, Organizational Perimeter, Other Impacts
• Threats, Vulnerabilities and Associated Risks : Physical, Organizational, Technical
• Security Governance : Business Case, Standardized Enterprise Solutions, BYOD,
Combines Scenario, Private Use of Mobile Devices, Defining the Business Case
• Security Management for Mobile Devices : Categories and Classification, Existing
Security Controls, 7 Enablers
• Hardening Mobile Devices : Device and SIM card, Permanent Storage, Removable
Storage and Devices, Connectivity, Remote Functionality
• Mobile Device Security Assurance: Auditing and Reviewing Mobile Devices,
Investigation and Forensics for Mobile Devices
• Guiding Principles for Mobile Device Security : 8 principles
• Appendix A. Mappings of COBIT 5 and COBIT 5 for Information Security
• Appendix B. Hardening Mobile Devices
• Appendix C. Sample Audit Steps in Forensics and Investigation
48Patrick Stachtchenko AFAI : 15 janvier 2015
49. 49
COBIT 5 Online
Patrick Stachtchenko AFAI : 15 janvier 2015
Copyright ISACA
ISACA has begun a project to create a replacement for COBIT Online,
which will support COBIT 5
The new online service will include features such as :
• Access to publications in the COBIT 5 product family
• Access to other, non-COBIT, ISACA content and current, relevant GEIT
material
• Ability to customize COBIT to fit the needs of your enterprise with
access for multiple users
• Access to tools : Goals planner, RACI Planner,…
These capabilities will be made available in a phased schedule,
providing greater functionality through the course of the year-long
rollout.
COBIT 5 Online