Uploaded byShivamSharma909
PDF, PPTX194 views

Cisa domain 2 part 1 governance and management of it

InfosecTrain is a training and consulting organization established in 2016, specializing in IT security and cyber security services. The document outlines the governance and management of IT, detailing the role of corporate governance, risk management, and operational processes. It emphasizes the importance of aligning IT strategies with organizational goals and provides structured insights on key areas such as information security and business continuity planning.

Embed presentation

Download as PDF, PPTX
www.infosectrain.com PART 1 – CISA Domain 2 – Governance and Management of IT
InfosecTrain About Us InfosecTrain is one of the finest Security and Technology Training and Consulting organization, focusing on a range of IT Security Trainings and Information Security Services. InfosecTrain was established in the year 2016 by a team of experienced and enthusiastic professionals, who have more than 15 years of industry experience. We provide professional training, certification & consulting services related to all areas of Information Technology and Cyber Security.
4 PA RT 1 – C I SA D o m a i n 2 – G o ve r n a n c e a n d M a n a ge m e nt o f I T T h i s a r t i c l e c o v e r s – ➢ O v e r a l l u n d e r s t a n d i n g o f t h e d o m a i n ➢ I m p o r t a n t c o n c e p t s t o f o c u s o n f r o m e x a m p o i n t o f v i e w T h e a r t i c l e i s s p l i t i n t o 5 p a r t s a s b e l o w : • Part 1 – Corporate Governance, Governance of Enterprise IT (GEIT), Auditor’s role in GEIT • Part 2 – IT Balanced Score Card (BSC), IT Governing Committee (IT Strategy and Steering committee), Maturity and process improvement models • Part 3 – Risk Management, Human Resource Management, Sourcing Practices • Part 4 – Information Security – Roles and Responsibilities, Business Continuity Planning (BCP), Business Impact Analysis (BIA) • Part 5 – Classification of Systems and criticality analysis, Components of Business Continuity Planning (BCP), Plan Testing. C C I S O C e r t i f i c a t i o n
5 ➢ Overall understanding of the domain What is Corporate Governance? What is Governance of Enterprise IT (GEIT)? What is the role of auditor in GEIT? ➢ K n o w l e d g e o f t h e o r g a n i z a t i o n ’s t e c h n o l o g y d i r e c t i o n a n d I T a r c h i t e c t u r e a n d t h e i r i m p l i c a t i o n s f o r s e t t i n g l o n g - t e r m s t r a t e g i c d i r e c t i o n s ➢ K n o w l e d g e o f t h e p r o c e s s e s f o r t h e d e v e l o p m e n t , i m p l e m e n t a t i o n a n d m a i n t e n a n c e o f I T s t r a t e g y, p o l i c i e s , s t a n d a r d s a n d p r o c e d u r e s ➢ K n o w l e d g e o f t h e u s e o f c a p a b i l i t y a n d m a t u r i t y m o d e l s ➢ K n o w l e d g e o f p r o c e s s o p t i m i z a t i o n t e c h n i q u e s ➢ K n o w l e d g e o f I T r e s o u r c e i n v e s t m e n t a n d a l l o c a t i o n p r a c t i c e s , i n c l u d i n g p r i o r i t i z a t i o n c r i t e r i a ( e . g . , p o r t f o l i o m a n a g e m e n t , v a l u e m a n a g e m e n t , p e r s o n n e l m a n a g e m e n t ➢ K n o w l e d g e o f I T s u p p l i e r s e l e c t i o n , c o n t r a c t m a n a g e m e n t , r e l a t i o n s h i p m a n a g e m e n t a n d p e r f o r m a n c e m o n i t o r i n g p r o c e s s e s i n c l u d i n g t h i r d p a r t y o u t s o u r c i n g r e l a t i o n s h i p s PA RT 1 – C I S A D o m a i n 2 – G o v e r n a n ce a n d M a n a g e m e nt o f I T
6 ➢ K n o w l e d g e o f e n t e r p r i s e r i s k m a n a g e m e n t ( E R M ) ➢ K n o w l e d g e o f p r a c t i c e s f o r m o n i t o r i n g a n d r e p o r t i n g o f c o n t r o l s p e r f o r m a n c e ( e . g . , c o n t i n u o u s m o n i t o r i n g , q u a l i t y a s s u r a n c e [ Q A ] ) ➢ K n o w l e d g e o f q u a l i t y m a n a g e m e n t a n d q u a l i t y a s s u r a n c e ( Q A ) s y s t e m s ➢ K n o w l e d g e o f p r a c t i c e s f o r m o n i t o r i n g a n d r e p o r t i n g o f I T p e r f o r m a n c e ( e . g . , b a l a n c e d s c o r e c a r d s [ B S C s ] , k e y p e r f o r m a n c e i n d i c a t o r s [ K P I s ] ) ➢ K n o w l e d g e o f b u s i n e s s i m p a c t a n a l y s i s ( B I A ) ➢ K n o w l e d g e o f t h e s t a n d a r d s a n d p r o c e d u r e s f o r t h e d e v e l o p m e n t , m a i n t e n a n c e a n d t e s t i n g o f t h e b u s i n e s s c o n t i n u i t y p l a n ( B C P ) ➢ K n o w l e d g e o f p r o c e d u r e s u s e d t o i n v o k e a n d e x e c u t e t h e b u s i n e s s c o n t i n u i t y p l a n a n d r e t u r n t o n o r m a l o p e r a t i o n s
7 I m p o r ta nt c o n c e pt s f ro m exa m p o i nt o f v i e w : ➢ I t i s a s y s t e m b y w h i c h e n t i t y i s c o n t r o l l e d a n d d i r e c t e d ➢ S e t o f r e s p o n s i b i l i t i e s a n d p r a c t i c e s w h o p r o v i d e s t r a t e g i c d i r e c t i o n s , t h e r e b y e n s u r i n g t h a t • Goals are achievable, • Risk are properly addressed and • Organizational resources are properly utilized ➢ I n v o l v e s a s e t o f r e l a t i o n s h i p s b e t w e e n a c o m p a n y ’s m a n a g e m e n t , i t s b o a r d , i t s s h a r e h o l d e r s a n d o t h e r s t a k e h o l d e r s
8 ➢ G E I T i s o n e o f t h e d o m a i n s o f C o r p o r a t e g o v e r n a n c e ➢ G E I T i s a s y s t e m i n w h i c h a l l s t a k e h o l d e r s , i n c l u d i n g t h e b o a r d , s e n i o r m a n a g e m e n t , i n t e r n a l c u s t o m e r s a n d d e p a r t m e n t s s u c h a s f i n a n c e , p r o v i d e i n p u t i n t o t h e d e c i s i o n - m a k i n g p r o c e s s . ➢ G E I T i s t h e r e s p o n s i b i l i t y o f t h e b o a r d o f d i r e c t o r s a n d e x e c u t i v e m a n a g e m e n t .
9 ➢ P u r p o s e s o f G E I T a r e : • to direct IT endeavors to ensure that IT performance meets the objectives of aligning IT with the enterprise’s objectives and the realization of promised benefits • enable the enterprise by exploiting opportunities and maximizing benefits • IT resources should be used responsibly, and IT-related risk should be managed Appropriately ➢ K e y e l e m e n t o f G E I T i s t h e a l i g n m e n t o f b u s i n e s s a n d I T, l e a d i n g t o t h e a c h i e v e m e n t o f b u s i n e s s v a l u e . ➢ E xa m p l e s o f G E I T i n c l u d e s t h e fo l l o w i n g : • COBIT 5 is developed by ISACA, which includes five principles, five domains, 37 processes and 210 practices • The International Organization for Standardization (ISO)/International Electro-technical Commission (IEC) 27001 (ISO 27001) – provides guidance to organizations implementing and maintaining information security programs. • The Information Technology Infrastructure Library (ITIL) was developed by the UK Office of Government Commerce (OGC) • ISO/IEC 38500:2008 Corporate governance of information technology • ISO/IEC 20000 is a specification for service management that is aligned with ITIL’s service management framework
10
11 ➢ To p r o v i d e l e a d i n g p r a c t i c e r e c o m m e n d a t i o n s t o s e n i o r m a n a g e m e n t t o h e l p i m p r o v e t h e q u a l i t y a n d e f f e c t i v e n e s s o f t h e I T g o v e r n a n c e i n i t i a t i v e s i m p l e m e n t e d . ➢ H e l p s e n s u r e c o m p l i a n c e w i t h G E I T i n i t i a t i v e s i m p l e m e n t e d w i t h i n a n o r g a n i z a t i o n ➢ c o n t i n u o u s m o n i t o r i n g , a n a l y s i s a n d e v a l u a t i o n o f m e t r i c s a s s o c i a t e d w i t h G E I T i n i t i a t i v e s r e q u i r e a n i n d e p e n d e n t a n d b a l a n c e d v i e w t o e n s u r e a q u a l i t a t i v e a s s e s s m e n t t h a t s u b s e q u e n t l y f a c i l i t a t e s t h e q u a l i t a t i v e i m p r o v e m e n t o f I T p r o c e s s e s a n d a s s o c i a t e d G E I T i n i t i a t i v e s ➢ To c h e c k o n a l i g n m e n t o f t h e I T f u n c t i o n w i t h t h e o r g a n i z a t i o n ’s m i s s i o n , v i s i o n , v a l u e s , o b j e c t i v e s a n d s t r a t e g i e s ➢ To e n s u r e c o m p l i a n c e w i t h l e g a l , e n v i r o n m e n t a l , i n f o r m a t i o n q u a l i t y, f i d u c i a r y, s e c u r i t y a n d p r i v a c y r e q u i r e m e n t s
12
OUR CONTACT A B O U T O U R C O M PA N Y InfosecTrain welcomes overseas customers to come and attend training sessions in destination cities across the globe and enjoy their learning experience at the same time. 1800-843-7890 sales@infosectrain.co m www.infosectrain.com https://www.facebook.com/Infosectrain/ https://www.linkedin.com/company/infosec-train/ https://www.youtube.com/c/InfosecTrain

More Related Content

PPTX
IT Governance Framework
bySherri Booher
 
PDF
Cisa domain 3
byShivamSharma909
 
PDF
Cisa domain 4
byShivamSharma909
 
PDF
CISA DOMAIN 2 Governance & Management of IT
byShivamSharma909
 
PPTX
IT Audit For Non-IT Auditors
byEd Tobias
 
PDF
Governance, Risk, and Compliance Services
byCapgemini
 
PPTX
What is iso 27001 isms
byCraig Willetts ISO Expert
 
PDF
CISA Domain 1 - IS Auditing (day 1)
byCyril Soeri
 
IT Governance Framework
bySherri Booher
 
Cisa domain 3
byShivamSharma909
 
Cisa domain 4
byShivamSharma909
 
CISA DOMAIN 2 Governance & Management of IT
byShivamSharma909
 
IT Audit For Non-IT Auditors
byEd Tobias
 
Governance, Risk, and Compliance Services
byCapgemini
 
What is iso 27001 isms
byCraig Willetts ISO Expert
 
CISA Domain 1 - IS Auditing (day 1)
byCyril Soeri
 

What's hot

PPTX
CISA Training - Chapter 2 - 2016
byHafiz Sheikh Adnan Ahmed
 
PDF
Basics in IT Audit and Application Control Testing
byDinesh O Bareja
 
PPTX
GRC Fundamentals
by3Sixty Insights
 
PDF
IT Governance
byCarlos Chalico
 
PDF
Governance Risk Management and Compliance (GRC)
bySeta Wicaksana
 
PPTX
BUSINESS-CONTINUITY-AND-DISASTER-RECOVERY.pptx
byJayLloyd8
 
PPTX
Auditing SOX ITGC Compliance
byseanpizzy
 
PPT
Introduction to it auditing
byDamilola Mosaku
 
PPTX
Information Security Governance and Strategy
byDam Frank
 
PPTX
Cybersecurity Priorities and Roadmap: Recommendations to DHS
byJohn Gilligan
 
PPTX
GRC
byMaryam Hidayatallah CPFA,MIPA,MA,CICA
 
PDF
CISA Domain- 1 - InfosecTrain
byInfosecTrain
 
PDF
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
byShivamSharma909
 
PDF
NIST Cybersecurity Framework 101
byErick Kish, U.S. Commercial Service
 
PPT
Information security management
byUMaine
 
PPTX
Information Security Governance and Strategy - 3
byDam Frank
 
PDF
Enterprise Risk Management (ERM) Framework 2020
byRichard Swartzbaugh
 
PPTX
CISSP Chapter 1 BCP
byKarthikeyan Dhayalan
 
PPTX
Information security management system
byArani Srinivasan
 
PPT
CISA Review Course Slides - Part1
byIyad Mourtada, CMA, CIA, CFE, CCSA, CRMA, CPLP
 
CISA Training - Chapter 2 - 2016
byHafiz Sheikh Adnan Ahmed
 
Basics in IT Audit and Application Control Testing
byDinesh O Bareja
 
GRC Fundamentals
by3Sixty Insights
 
IT Governance
byCarlos Chalico
 
Governance Risk Management and Compliance (GRC)
bySeta Wicaksana
 
BUSINESS-CONTINUITY-AND-DISASTER-RECOVERY.pptx
byJayLloyd8
 
Auditing SOX ITGC Compliance
byseanpizzy
 
Introduction to it auditing
byDamilola Mosaku
 
Information Security Governance and Strategy
byDam Frank
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
byJohn Gilligan
 
GRC
byMaryam Hidayatallah CPFA,MIPA,MA,CICA
 
CISA Domain- 1 - InfosecTrain
byInfosecTrain
 
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
byShivamSharma909
 
NIST Cybersecurity Framework 101
byErick Kish, U.S. Commercial Service
 
Information security management
byUMaine
 
Information Security Governance and Strategy - 3
byDam Frank
 
Enterprise Risk Management (ERM) Framework 2020
byRichard Swartzbaugh
 
CISSP Chapter 1 BCP
byKarthikeyan Dhayalan
 
Information security management system
byArani Srinivasan
 
CISA Review Course Slides - Part1
byIyad Mourtada, CMA, CIA, CFE, CCSA, CRMA, CPLP
 

Similar to Cisa domain 2 part 1 governance and management of it

PPTX
Cisa domain 2 part 3 governance and management of it
byShivamSharma909
 
PDF
A Value Centric Approach to Governance Risk & Compliance
byInnoTech
 
PDF
Qualified Audit Partners Governance, Audit It, Audit Training
byPatrick Soenen
 
DOCX
Business ProjectProject Progress Evaluation Feedback Form .docx
byfelicidaddinwoodie
 
DOCX
Business ProjectProject Progress Evaluation Feedback Form .docx
byjasoninnes20
 
PDF
Facility Management System - Colliers
byScott Urich
 
PPTX
IT Governance - OpenThinking Day
byIyad Mourtada, CMA, CIA, CFE, CCSA, CRMA, CPLP
 
PPT
Cobi t riskmanagementframework_iac
byuniversity of sargodha
 
PDF
CGEIT Course Content InfosecTrain
byShivamSharma909
 
PDF
CGEIT Course Content InfosecTrain.pdf
byinfosec train
 
PDF
AGILENSITE CAPABILITES
byMJFailor
 
PPTX
Journey to world class FP&A processes
byGenpact Ltd
 
PDF
AdvisoryOverview-Summary
byJohn A. Bova
 
PDF
Advisory overview summary
byJohn A. Bova
 
PDF
It governance & cobit 5
byLaddawan Rattanaruang
 
PDF
High Level Intro
byfaisalsadaf
 
PDF
Corporate Culture Index Market Overview 2.0
byBusiness Integrity Alliance
 
PDF
IT governance by Erik Guldentops
byCONFENIS 2012
 
PDF
Understanding co bit 4.1
byn|u - The Open Security Community
 
PDF
What is Cobit
byBen Kalland
 
Cisa domain 2 part 3 governance and management of it
byShivamSharma909
 
A Value Centric Approach to Governance Risk & Compliance
byInnoTech
 
Qualified Audit Partners Governance, Audit It, Audit Training
byPatrick Soenen
 
Business ProjectProject Progress Evaluation Feedback Form .docx
byfelicidaddinwoodie
 
Business ProjectProject Progress Evaluation Feedback Form .docx
byjasoninnes20
 
Facility Management System - Colliers
byScott Urich
 
IT Governance - OpenThinking Day
byIyad Mourtada, CMA, CIA, CFE, CCSA, CRMA, CPLP
 
Cobi t riskmanagementframework_iac
byuniversity of sargodha
 
CGEIT Course Content InfosecTrain
byShivamSharma909
 
CGEIT Course Content InfosecTrain.pdf
byinfosec train
 
AGILENSITE CAPABILITES
byMJFailor
 
Journey to world class FP&A processes
byGenpact Ltd
 
AdvisoryOverview-Summary
byJohn A. Bova
 
Advisory overview summary
byJohn A. Bova
 
It governance & cobit 5
byLaddawan Rattanaruang
 
High Level Intro
byfaisalsadaf
 
Corporate Culture Index Market Overview 2.0
byBusiness Integrity Alliance
 
IT governance by Erik Guldentops
byCONFENIS 2012
 
Understanding co bit 4.1
byn|u - The Open Security Community
 
What is Cobit
byBen Kalland
 

More from ShivamSharma909

PDF
Ethical Hacking Interview Questions and Answers.pdf
byShivamSharma909
 
PDF
CYBERSECURITY Interview Questions for Freshers.pdf
byShivamSharma909
 
PDF
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
byShivamSharma909
 
PDF
Top 20 Incident Responder Interview Questions and Answers (1).pdf
byShivamSharma909
 
PDF
Top 25 Azure Architect Interview Questions and Answers.pdf
byShivamSharma909
 
PDF
Top 20 Azure Administrator Interview Questions.pdf
byShivamSharma909
 
PDF
Threat Hunting Professional Online Training Course
byShivamSharma909
 
PDF
Why cloud security engineers find CCSE as a perfect fit
byShivamSharma909
 
PDF
Top 20 certified ethical hacker interview questions and answer
byShivamSharma909
 
PDF
Top 20 azure interview questions
byShivamSharma909
 
PDF
Top 15 aws security interview questions
byShivamSharma909
 
PDF
EC-Council Certified SOC Analyst
byShivamSharma909
 
PDF
Ctia course outline
byShivamSharma909
 
PDF
Domain 6 of CEH: Wireless Network Hacking
byShivamSharma909
 
PDF
Domain 5 of the CEH: Web Application Hacking
byShivamSharma909
 
PDF
Domain 4 of CEH V11: Network and Perimeter Hacking
byShivamSharma909
 
PDF
Domain 3 of CEH v11: System Hacking Phases and Attack Techniques
byShivamSharma909
 
PDF
Domain 2 of CEH v11: Reconnaissance Techniques
byShivamSharma909
 
PDF
Domain 1 of CEH v11: Information Security and Ethical Hacking
byShivamSharma909
 
PDF
How is az 303 different from az-304
byShivamSharma909
 
Ethical Hacking Interview Questions and Answers.pdf
byShivamSharma909
 
CYBERSECURITY Interview Questions for Freshers.pdf
byShivamSharma909
 
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
byShivamSharma909
 
Top 20 Incident Responder Interview Questions and Answers (1).pdf
byShivamSharma909
 
Top 25 Azure Architect Interview Questions and Answers.pdf
byShivamSharma909
 
Top 20 Azure Administrator Interview Questions.pdf
byShivamSharma909
 
Threat Hunting Professional Online Training Course
byShivamSharma909
 
Why cloud security engineers find CCSE as a perfect fit
byShivamSharma909
 
Top 20 certified ethical hacker interview questions and answer
byShivamSharma909
 
Top 20 azure interview questions
byShivamSharma909
 
Top 15 aws security interview questions
byShivamSharma909
 
EC-Council Certified SOC Analyst
byShivamSharma909
 
Ctia course outline
byShivamSharma909
 
Domain 6 of CEH: Wireless Network Hacking
byShivamSharma909
 
Domain 5 of the CEH: Web Application Hacking
byShivamSharma909
 
Domain 4 of CEH V11: Network and Perimeter Hacking
byShivamSharma909
 
Domain 3 of CEH v11: System Hacking Phases and Attack Techniques
byShivamSharma909
 
Domain 2 of CEH v11: Reconnaissance Techniques
byShivamSharma909
 
Domain 1 of CEH v11: Information Security and Ethical Hacking
byShivamSharma909
 
How is az 303 different from az-304
byShivamSharma909
 

Recently uploaded

PPTX
ELEMENTS OF COMMUNICATION (UNIT 2) .pptx
byPOOJA KARVANDE
 
PDF
BỘ TEST KIỂM TRA CUỐI HỌC KÌ 1 - TIẾNG ANH 6-7-8-9 GLOBAL SUCCESS - PHIÊN BẢN...
byNguyen Thanh Tu Collection
 
PDF
Projecte de la porta de primer B: L'antic Egipte
byeduardrubio1
 
PPTX
AI_in_Daily_Life_Presentation and more.pptx
bybantydansena
 
PPTX
Basics in Phytochemistry, Extraction, Isolation methods, Characterisation etc.
byD. Y. Patil College of Pharmacy, Kolhapur.
 
PDF
NAVIGATE PHARMACY CAREER OPPORTUNITIES.pdf
byMd. Zakaria Faruki
 
PPTX
TAMIS & TEMS - HOW, WHY and THE STEPS IN PROCTOLOGY
byJohn Thanakumar
 
PDF
All Students Workshop 25 Yoga Wellness by LDMMIA
by©LDMMIA, ©Reiki Yoga
 
PPTX
How to Configure Push & Pull Rule in Odoo 18 Inventory
byCeline George
 
PPTX
Details of Muscular-and-Nervous-Tissues.pptx
byAshish Umale
 
PDF
Models of Teaching - TNTEU - B.Ed I Semester - Teaching and Learning - BD1TL ...
byDr Raja Mohammed T
 
PPTX
How to Manage Line Discounts in Odoo 18 POS
byCeline George
 
PPTX
10-12-2025 Francois Staring How can Researchers and Initial Teacher Educators...
byEduSkills OECD
 
PPTX
Limpitlaw "Licensing: From Mindset to Milestones"
byNational Information Standards Organization (NISO)
 
PDF
Current Electricity for first year physiotherapy
byGanesh Jadhav
 
PDF
FAMILY ASSESSMENT FORMAT - CHN practical
byDr. Sudhadevi Sadanandan
 
PPTX
PURPOSIVE SAMPLING IN EDUCATIONAL RESEARCH RACHITHRA RK.pptx
byssuser047b711
 
PPTX
extracting significant information to formulate sound judgement
byMarichelle2
 
PPTX
Introduction-to-Anatomy-and-Physiology.pptx
byAshish Umale
 
PPTX
Semester 6 UNIT 2 Dislocation of hip.pptx
bysachin7989
 
ELEMENTS OF COMMUNICATION (UNIT 2) .pptx
byPOOJA KARVANDE
 
BỘ TEST KIỂM TRA CUỐI HỌC KÌ 1 - TIẾNG ANH 6-7-8-9 GLOBAL SUCCESS - PHIÊN BẢN...
byNguyen Thanh Tu Collection
 
Projecte de la porta de primer B: L'antic Egipte
byeduardrubio1
 
AI_in_Daily_Life_Presentation and more.pptx
bybantydansena
 
Basics in Phytochemistry, Extraction, Isolation methods, Characterisation etc.
byD. Y. Patil College of Pharmacy, Kolhapur.
 
NAVIGATE PHARMACY CAREER OPPORTUNITIES.pdf
byMd. Zakaria Faruki
 
TAMIS & TEMS - HOW, WHY and THE STEPS IN PROCTOLOGY
byJohn Thanakumar
 
All Students Workshop 25 Yoga Wellness by LDMMIA
by©LDMMIA, ©Reiki Yoga
 
How to Configure Push & Pull Rule in Odoo 18 Inventory
byCeline George
 
Details of Muscular-and-Nervous-Tissues.pptx
byAshish Umale
 
Models of Teaching - TNTEU - B.Ed I Semester - Teaching and Learning - BD1TL ...
byDr Raja Mohammed T
 
How to Manage Line Discounts in Odoo 18 POS
byCeline George
 
10-12-2025 Francois Staring How can Researchers and Initial Teacher Educators...
byEduSkills OECD
 
Limpitlaw "Licensing: From Mindset to Milestones"
byNational Information Standards Organization (NISO)
 
Current Electricity for first year physiotherapy
byGanesh Jadhav
 
FAMILY ASSESSMENT FORMAT - CHN practical
byDr. Sudhadevi Sadanandan
 
PURPOSIVE SAMPLING IN EDUCATIONAL RESEARCH RACHITHRA RK.pptx
byssuser047b711
 
extracting significant information to formulate sound judgement
byMarichelle2
 
Introduction-to-Anatomy-and-Physiology.pptx
byAshish Umale
 
Semester 6 UNIT 2 Dislocation of hip.pptx
bysachin7989
 

Cisa domain 2 part 1 governance and management of it

  • 1.
    www.infosectrain.com PART 1 –CISA Domain 2 – Governance and Management of IT
  • 2.
    InfosecTrain About Us InfosecTrain isone of the finest Security and Technology Training and Consulting organization, focusing on a range of IT Security Trainings and Information Security Services. InfosecTrain was established in the year 2016 by a team of experienced and enthusiastic professionals, who have more than 15 years of industry experience. We provide professional training, certification & consulting services related to all areas of Information Technology and Cyber Security.
  • 4.
    4 PA RT 1– C I SA D o m a i n 2 – G o ve r n a n c e a n d M a n a ge m e nt o f I T T h i s a r t i c l e c o v e r s – ➢ O v e r a l l u n d e r s t a n d i n g o f t h e d o m a i n ➢ I m p o r t a n t c o n c e p t s t o f o c u s o n f r o m e x a m p o i n t o f v i e w T h e a r t i c l e i s s p l i t i n t o 5 p a r t s a s b e l o w : • Part 1 – Corporate Governance, Governance of Enterprise IT (GEIT), Auditor’s role in GEIT • Part 2 – IT Balanced Score Card (BSC), IT Governing Committee (IT Strategy and Steering committee), Maturity and process improvement models • Part 3 – Risk Management, Human Resource Management, Sourcing Practices • Part 4 – Information Security – Roles and Responsibilities, Business Continuity Planning (BCP), Business Impact Analysis (BIA) • Part 5 – Classification of Systems and criticality analysis, Components of Business Continuity Planning (BCP), Plan Testing. C C I S O C e r t i f i c a t i o n
  • 5.
    5 ➢ Overall understandingof the domain What is Corporate Governance? What is Governance of Enterprise IT (GEIT)? What is the role of auditor in GEIT? ➢ K n o w l e d g e o f t h e o r g a n i z a t i o n ’s t e c h n o l o g y d i r e c t i o n a n d I T a r c h i t e c t u r e a n d t h e i r i m p l i c a t i o n s f o r s e t t i n g l o n g - t e r m s t r a t e g i c d i r e c t i o n s ➢ K n o w l e d g e o f t h e p r o c e s s e s f o r t h e d e v e l o p m e n t , i m p l e m e n t a t i o n a n d m a i n t e n a n c e o f I T s t r a t e g y, p o l i c i e s , s t a n d a r d s a n d p r o c e d u r e s ➢ K n o w l e d g e o f t h e u s e o f c a p a b i l i t y a n d m a t u r i t y m o d e l s ➢ K n o w l e d g e o f p r o c e s s o p t i m i z a t i o n t e c h n i q u e s ➢ K n o w l e d g e o f I T r e s o u r c e i n v e s t m e n t a n d a l l o c a t i o n p r a c t i c e s , i n c l u d i n g p r i o r i t i z a t i o n c r i t e r i a ( e . g . , p o r t f o l i o m a n a g e m e n t , v a l u e m a n a g e m e n t , p e r s o n n e l m a n a g e m e n t ➢ K n o w l e d g e o f I T s u p p l i e r s e l e c t i o n , c o n t r a c t m a n a g e m e n t , r e l a t i o n s h i p m a n a g e m e n t a n d p e r f o r m a n c e m o n i t o r i n g p r o c e s s e s i n c l u d i n g t h i r d p a r t y o u t s o u r c i n g r e l a t i o n s h i p s PA RT 1 – C I S A D o m a i n 2 – G o v e r n a n ce a n d M a n a g e m e nt o f I T
  • 6.
    6 ➢ K no w l e d g e o f e n t e r p r i s e r i s k m a n a g e m e n t ( E R M ) ➢ K n o w l e d g e o f p r a c t i c e s f o r m o n i t o r i n g a n d r e p o r t i n g o f c o n t r o l s p e r f o r m a n c e ( e . g . , c o n t i n u o u s m o n i t o r i n g , q u a l i t y a s s u r a n c e [ Q A ] ) ➢ K n o w l e d g e o f q u a l i t y m a n a g e m e n t a n d q u a l i t y a s s u r a n c e ( Q A ) s y s t e m s ➢ K n o w l e d g e o f p r a c t i c e s f o r m o n i t o r i n g a n d r e p o r t i n g o f I T p e r f o r m a n c e ( e . g . , b a l a n c e d s c o r e c a r d s [ B S C s ] , k e y p e r f o r m a n c e i n d i c a t o r s [ K P I s ] ) ➢ K n o w l e d g e o f b u s i n e s s i m p a c t a n a l y s i s ( B I A ) ➢ K n o w l e d g e o f t h e s t a n d a r d s a n d p r o c e d u r e s f o r t h e d e v e l o p m e n t , m a i n t e n a n c e a n d t e s t i n g o f t h e b u s i n e s s c o n t i n u i t y p l a n ( B C P ) ➢ K n o w l e d g e o f p r o c e d u r e s u s e d t o i n v o k e a n d e x e c u t e t h e b u s i n e s s c o n t i n u i t y p l a n a n d r e t u r n t o n o r m a l o p e r a t i o n s
  • 7.
    7 I m po r ta nt c o n c e pt s f ro m exa m p o i nt o f v i e w : ➢ I t i s a s y s t e m b y w h i c h e n t i t y i s c o n t r o l l e d a n d d i r e c t e d ➢ S e t o f r e s p o n s i b i l i t i e s a n d p r a c t i c e s w h o p r o v i d e s t r a t e g i c d i r e c t i o n s , t h e r e b y e n s u r i n g t h a t • Goals are achievable, • Risk are properly addressed and • Organizational resources are properly utilized ➢ I n v o l v e s a s e t o f r e l a t i o n s h i p s b e t w e e n a c o m p a n y ’s m a n a g e m e n t , i t s b o a r d , i t s s h a r e h o l d e r s a n d o t h e r s t a k e h o l d e r s
  • 8.
    8 ➢ G EI T i s o n e o f t h e d o m a i n s o f C o r p o r a t e g o v e r n a n c e ➢ G E I T i s a s y s t e m i n w h i c h a l l s t a k e h o l d e r s , i n c l u d i n g t h e b o a r d , s e n i o r m a n a g e m e n t , i n t e r n a l c u s t o m e r s a n d d e p a r t m e n t s s u c h a s f i n a n c e , p r o v i d e i n p u t i n t o t h e d e c i s i o n - m a k i n g p r o c e s s . ➢ G E I T i s t h e r e s p o n s i b i l i t y o f t h e b o a r d o f d i r e c t o r s a n d e x e c u t i v e m a n a g e m e n t .
  • 9.
    9 ➢ P ur p o s e s o f G E I T a r e : • to direct IT endeavors to ensure that IT performance meets the objectives of aligning IT with the enterprise’s objectives and the realization of promised benefits • enable the enterprise by exploiting opportunities and maximizing benefits • IT resources should be used responsibly, and IT-related risk should be managed Appropriately ➢ K e y e l e m e n t o f G E I T i s t h e a l i g n m e n t o f b u s i n e s s a n d I T, l e a d i n g t o t h e a c h i e v e m e n t o f b u s i n e s s v a l u e . ➢ E xa m p l e s o f G E I T i n c l u d e s t h e fo l l o w i n g : • COBIT 5 is developed by ISACA, which includes five principles, five domains, 37 processes and 210 practices • The International Organization for Standardization (ISO)/International Electro-technical Commission (IEC) 27001 (ISO 27001) – provides guidance to organizations implementing and maintaining information security programs. • The Information Technology Infrastructure Library (ITIL) was developed by the UK Office of Government Commerce (OGC) • ISO/IEC 38500:2008 Corporate governance of information technology • ISO/IEC 20000 is a specification for service management that is aligned with ITIL’s service management framework
  • 10.
  • 11.
    11 ➢ To pr o v i d e l e a d i n g p r a c t i c e r e c o m m e n d a t i o n s t o s e n i o r m a n a g e m e n t t o h e l p i m p r o v e t h e q u a l i t y a n d e f f e c t i v e n e s s o f t h e I T g o v e r n a n c e i n i t i a t i v e s i m p l e m e n t e d . ➢ H e l p s e n s u r e c o m p l i a n c e w i t h G E I T i n i t i a t i v e s i m p l e m e n t e d w i t h i n a n o r g a n i z a t i o n ➢ c o n t i n u o u s m o n i t o r i n g , a n a l y s i s a n d e v a l u a t i o n o f m e t r i c s a s s o c i a t e d w i t h G E I T i n i t i a t i v e s r e q u i r e a n i n d e p e n d e n t a n d b a l a n c e d v i e w t o e n s u r e a q u a l i t a t i v e a s s e s s m e n t t h a t s u b s e q u e n t l y f a c i l i t a t e s t h e q u a l i t a t i v e i m p r o v e m e n t o f I T p r o c e s s e s a n d a s s o c i a t e d G E I T i n i t i a t i v e s ➢ To c h e c k o n a l i g n m e n t o f t h e I T f u n c t i o n w i t h t h e o r g a n i z a t i o n ’s m i s s i o n , v i s i o n , v a l u e s , o b j e c t i v e s a n d s t r a t e g i e s ➢ To e n s u r e c o m p l i a n c e w i t h l e g a l , e n v i r o n m e n t a l , i n f o r m a t i o n q u a l i t y, f i d u c i a r y, s e c u r i t y a n d p r i v a c y r e q u i r e m e n t s
  • 12.
  • 13.
    OUR CONTACT A BO U T O U R C O M PA N Y InfosecTrain welcomes overseas customers to come and attend training sessions in destination cities across the globe and enjoy their learning experience at the same time. 1800-843-7890 sales@infosectrain.co m www.infosectrain.com https://www.facebook.com/Infosectrain/ https://www.linkedin.com/company/infosec-train/ https://www.youtube.com/c/InfosecTrain