Maganathin Veeraragaloo, profile picture
Uploaded byMaganathin Veeraragaloo
PPTX, PDF572 views

COBIT 2019 - DIGITAL TRUST FRAMEWORK

The document provides an overview of the Digital Trust Framework (DTF) and how it will integrate several frameworks including ODA, COBIT 2019, ITIL 4, and ISO 27005 to provide an overall approach for digital trust. The DTF will be a modular, cloud-based, open digital platform that can be orchestrated using AI. It will use the TMForum's Open Digital Architecture as a cornerstone and was developed for a 4IR environment.

Embed presentation

Downloaded 16 times
DIGITAL TRUST FRAMEWORK (DTF) Maganathin Veeraragaloo 7th December 2021
The TMForum's Open Digital Architecture (ODA)will be used as the cornerstone for this Framework https://www.tmforum.org/oda/ ODA was initially designed for the Telecommunications Industry inclusive of 5G Services. The Digital Trust Framework is developed for the 4IR Environment The Digital Trust Framework (DTF) will be a blueprint for modular, cloud-based, open digital platforms that can be orchestrated using AI ODA will be integrated with COBIT 2019, ITIL 4 and ISO 27005 RISK MANAGER – this is to ensure an overall Digital Trust approach for a continuous evolving SYSTEMS Environment
Transformation Tools As-Is Applications Transformation Toolkits Maturity Tools Metrics Maturity Models Data Benchmark Data AI Training Data DIGITAL TRUST FRAMEWORK DIGITAL TRUST ARCHITECTURE Governance Concepts & Principles Design Guides Microservices Architecture Governance AI Governance Data Governance Security Governance Agile Lifecycle Management Business Deployment & Run Information Systems Implementation Business Capability Repository Process Framework Information Framework Integration Framework Functional Framework & Architecture Canvas Operation Frameworks Reference Implementation Technical Architecture Components Open API’s Data Model
ITIL 4 Capability Framework DIGITAL TRUST FRAMEWORK Governance & Processes Cybersecurity Mesh Architecture
COBIT 2019 OVERVIEW
SOURCE: https://blogs.bmc.com/cobit/?print=pdf COBIT is a best practice framework, but its scope is unique from most frameworks in that it focuses narrowly on security, risk management, and governance. If you’re looking to streamline business processes, sync IT with business needs, alter your IT infrastructure, or manage the multi- cloud, COBIT isn’t the answer.
SOURCE: https://blogs.bmc.com/cobit/?print=pdf Short for Control Objectives for Information and Related Technologies, COBIT was first developed to guide IT governance and management. Its latest iteration, COBIT 2019, has revamped parts of its framework while offering much-needed updates that accounts for ever-present cybersecurity threats and the incorporation of Agile and DevOps practices. COBIT 2019 continues to fit in nicely with ITIL, TOGAF, and CMMI, and it serves as a good umbrella framework for unifying processes across an organization. COBIT 2019 has several new goals, too, including but not limited to the following:  Improved alignment with global standards and best practices to encourage COBIT’s relevance New open-source model allows for global feedback, hopefully resulting in faster, more agile updates and improvements  More guidance and prescriptions to make COBIT a best-fit governance system, not one that works against the enterprise Better measurement tools to align with CMMI
Key Differences Between COBIT 5 and COBIT 2019 COBIT 5 COBIT 2019 Five governance principles Six governance principles 7 processes 40 processes “Manage” terminology is used for management processes “Ensure” terminology is used for governance processes “Managed” terminology is used for management processes “Ensured” terminology is used for governance processes Governance framework principles are absent Governance framework principles area added Measuring performance uses 0-5 scale based on ISO/IEC 33000 CMMI performance management scheme used Enablers are included Enablers are renamed as components Design factors are not available Design factors are included
COBIT business orientation and form of operation comprises of linking business goals to IT goals, providing info metrics and maturity models for ascertaining the level of accomplishments and noting the interrelated responsibilities of business and IT process owners. To completely understand the scope of the mode of operation of the COBIT framework, two main parameters are provided: Control is the form of procedures, practices, policies, and organizational structures designed to provide an acceptable level of assurance that business objectives and strategies will be attained and undesired incidents will be detected and corrected in a quick, concise manner. IT Control Objective is a statement of the level of acceptable results to be attained by implementing control procedures concerning a particular IT operation.
Framework. Organize and categorize IT governance objectives and good practices by IT domains and processes before associating them with their respective business requirements. Process descriptions. A reference process model and common language for everyone in an enterprise. Control objectives. Use this complete set of high-level requirements for effective control of each IT process. Management guidelines. Assign responsibility, agree on objectives, measure performance, and illustrate interrelationship with other processes. Maturity models. Assess maturity and capability per process and helps to address gaps.
SOURCE: https://www.businessbeam.com/blog/cobit-2019/
INTERNAL STAKEHOLDERS BOARDS EXECUTIVE MANAGEMENT BUSINESS MANAGERS IT MANAGERS ASSURANCE PROVIDERS RISK MANAGEMENT Provides insights on how to get value from the use of I&T and explains relevant board responsibilities Provides guidance on how to organize and monitor performance of I&T across the enterprise Helps to understand how to obtain the I&T solutions enterprises require and how best to exploit new technology for strategic opportunities Helps manage dependencies on external service providers, provides assurance over IT, and ensures the existence of an effective and efficient system of internal controls Helps to ensure the identification and management of all IT-related risk Provides guidance on how best to build and structure the IT department, manage performance of IT, run an efficient and effective IT operation, control IT costs, align IT strategy to business priorities, etc.
EXTERNAL STAKEHOLDERS REGULATORS BUSINESS PARTNERS IT VENDORS Determines whether the enterprise is compliant with applicable rules and regulations and advises that the enterprise has the right governance system in place to manage and sustain compliance Confirm that a business partner’s operations are secure, reliable and compliant with applicable rules and regulations IT vendor’s operations must establish that they are secure, reliable and compliant with applicable rules and regulations.
The six (6) principles are the core requirements for a governance system for enterprise information and technology. 1. Each enterprise needs a governance system to satisfy stakeholder needs and to generate value from the use of I&T. 2. A governance system for enterprise I&T is built from a number of components that can be of different types and that work together in a holistic way. 3. A governance system should be dynamic. This means that each time one or more of the design factors are changed the impact of these changes on the EGIT system must be considered. 4. A governance system should clearly distinguish between governance and management activities and structures. 5. A governance system should be tailored to the enterprise’s needs, using a set of design factors as parameters to customize and prioritize the governance system components. 6. A governance system should cover the enterprise end to end, focusing not only on the IT function but on all technology and information processing the enterprise puts in place to achieve its goals.
The three (3) principles identify the underlying principles for a governance framework that can be used to build a governance system for the enterprise. 1. A governance framework should be based on a conceptual model, identifying the key components and relationships among components, to maximize consistency and allow automation. 2. A governance framework should be open and flexible. It should allow the addition of new content and the ability to address new issues in the most flexible way, while maintaining integrity and consistency. 3. A governance framework should align to relevant major related standards, frameworks and regulations
For information and technology to contribute to enterprise goals, a number of governance and management objectives should be achieved. A governance or management objective always relates to one process and a series of related components of other types to help achieve the objective A governance objective relates to a governance process, while a management objective relates to a management process.
The governance and management objectives in COBIT® 2019 are grouped into five domains. The domains have names that express the key purpose and areas of activity of the objectives contained in them.
SOURCE: ISACA® (isaca.org)
Enterprise goals have been consolidated, reduced, updated and clarified. Alignment goals emphasize the alignment of all IT efforts with business objectives These were IT-related goals in COBIT 5 The update seeks to avoid the frequent misunderstanding that these goals indicate purely internal objectives of the IT department within an enterprise Alignment goals have also been consolidated, reduced, updated and clarified where necessary SOURCE: ISACA® (isaca.org)
Each enterprise’s governance system is built from a number of components Components can be of different types Components interact with each other, resulting in a holistic governance system for I&T These were known as enablers in COBIT 5 SOURCE: ISACA® (isaca.org)
Components can be generic or variants of generic components: Generic components are described in the COBIT core model  Apply in principle to any situation  However, they are generic in nature and  generally need customization before being practically implemented Variants are based on generic components but  Tailored for a specific purpose or context within a focus area (e.g., for information security, DevOps, a particular regulation) SOURCE: ISACA® (isaca.org)
A Focus Area describes a certain governance topic, domain or issue that can be addressed by a collection of governance and management objectives and their components. Focus Areas can contain a combination of generic governance components and variants The number of focus areas is virtually unlimited. That is what makes COBIT open-ended. New focus areas can be added as required or as subject matter experts and practitioners contribute. SOURCE: ISACA® (isaca.org)
Design factors are factors that: Influence the design of an enterprise’s governance system Position it for success in the use of I&T More information and detailed guidance on how to use the design factors for designing a governance system can be found in the COBIT Design Guide publication SOURCE: ISACA® (isaca.org)
SOURCE: ISACA® (isaca.org)
Design factors influence in different ways the tailoring of the governance system of an enterprise. Specific Focus Area Design Factor Impact Management Objective Priority & Target Capability Levels Component Variations SOURCE: ISACA® (isaca.org)
Management Objective Priority and Target Capability Levels Design factor influence can make some governance and management objectives more important than others, sometimes to the extent that they become negligible • In practice, this higher importance translates into setting higher target capability levels Specific Focus Area Design Factor Impact Management Objective Priority & Target Capability Levels Component Variations SOURCE: ISACA® (isaca.org)
Component Variations Components are required to achieve governance and management objectives. Some design factors can influence the importance of one or more components or can require specific variations Specific Focus Area Design Factor Impact Management Objective Priority & Target Capability Levels Component Variations
Specific Focus Areas Some design factors, such as threat landscape, specific risk, target development methods and infrastructure set-up, will drive the need for variation of the core COBIT model content to a specific context Specific Focus Area Design Factor Impact Management Objective Priority & Target Capability Levels Component Variations SOURCE: ISACA® (isaca.org)
The different stages and steps in the design process will result in recommendations for prioritizing governance and management objectives or related governance system components, for target capability levels, or for adopting specific variants of a governance system component. SOURCE: ISACA® (isaca.org)
The implementation approach is based on empowering business and IT stakeholders and role players to take ownership of IT-related governance and management decisions and activities by facilitating and enabling change. Implementation guide is a phased approach with three perspectives Continual Improvement Program Management Change Enablement
1. Program Management • Outer Ring 2. Change Enablement • Middle Ring 3. Continual Improvement Lifecycle • Inner Ring It recognizes that I&T are pervasive in enterprises and that it is neither possible nor good practice to separate business and IT-related activities. SOURCE: ISACA® (isaca.org)
USING COBIT 2019
COBIT Performance Management (CPM) refers to how well the governance and management system and all the components of an enterprise work, and how they can be improved up to the required level. It includes concepts and methods such as capability levels and maturity levels. COBIT 2019 is based on the following principles: Simple to understand and use Consistent with, and support the COBIT conceptual model Provide reliable, repeatable and relevant results Must be flexible Should support different types of assessments SOURCE: ISACA® (isaca.org)
 COBIT 2019 supports a CMMI-based process capability scheme  The process within each governance and management objective can operate at capability levels, between 0 to 5  The capability level is a measure for how well a process is implemented and performing  Each process activity is associated with a capability level SOURCE: ISACA® (isaca.org)
Each process activity is associated with a capability level Helps users implement processes at a foundational Level  Identifies future activities to achieve a higher capability level
 Sometimes a more high-level for expressing performance is required, less granular than individual process capability ratings: Maturity Levels  We define maturity levels in COBIT 2019 update as a performance measure at the Focus Area level
COBIT 2019 - DIGITAL TRUST FRAMEWORK

More Related Content

PDF
COBIT 2019 Overview_v1.1.pdf
byMartinPatrici
 
PDF
IT Governance - COBIT 5 Capability Assessment
byEryk Budi Pratama
 
PPTX
Introduction to Data Management Maturity Models
byKingland
 
PDF
State of Data Governance in 2021
byDATAVERSITY
 
PPTX
Define an IT Strategy and Roadmap
byAndrew Byers
 
PDF
cobit 2019 presentation.pdf
bymohammed539963
 
PPTX
Enterprise Architecture & Project Portfolio Management 2/2
byJean Gehring
 
PPT
ITIL V3 Overview
byAllwyn George
 
COBIT 2019 Overview_v1.1.pdf
byMartinPatrici
 
IT Governance - COBIT 5 Capability Assessment
byEryk Budi Pratama
 
Introduction to Data Management Maturity Models
byKingland
 
State of Data Governance in 2021
byDATAVERSITY
 
Define an IT Strategy and Roadmap
byAndrew Byers
 
cobit 2019 presentation.pdf
bymohammed539963
 
Enterprise Architecture & Project Portfolio Management 2/2
byJean Gehring
 
ITIL V3 Overview
byAllwyn George
 

What's hot

PPT
Stepping-stones of enterprise-architecture: Process and practice in the real...
byTetradian Consulting
 
PPTX
Cobit 2019 framework by ISACA
byMDFazlaRabbiAbir
 
PDF
Future Proofing Your IT Operating Model for Digital
byDavid Favelle
 
PPTX
IT Enterprise architecture ppt
byMonsif sakienah
 
PDF
Shadow IT And The Failure Of IT Architecture
byAlan McSweeney
 
PPTX
Implementing Effective Enterprise Architecture
byLeo Shuster
 
PPTX
Introduction to DCAM, the Data Management Capability Assessment Model - Editi...
byElement22
 
PDF
An Introduction to IT Management with COBIT 2019
byGregor Polančič
 
PPTX
Operational Data Vault
byEmpowered Holdings, LLC
 
PPTX
Togaf 9.2 Introduction
byMohamed Zakarya Abdelgawad
 
PPTX
Data Governance_Notes.pptx
byVivekDubley
 
PDF
DMBOK 2.0 and other frameworks including TOGAF & COBIT - keynote from DAMA Au...
byChristopher Bradley
 
PDF
EA Intensive Course "Building Enterprise Architecture" by mr.danairat
bySoftware Park Thailand
 
PPTX
IT Governance Made Easy
byJerry Bishop
 
PPSX
IT Governance - COBIT Perspective
bySayyed Zakir Ali Rizwe
 
PPTX
TOGAF
byAhmed Gamil
 
PPTX
Solution Architecture Framework
byFirmansyahIrma1
 
PDF
Solution Security Architecture
byAlan McSweeney
 
PDF
Review of Data Management Maturity Models
byAlan McSweeney
 
PDF
TOGAF ADM Steps reference
byRAJANIESH KAUSHIKK
 
Stepping-stones of enterprise-architecture: Process and practice in the real...
byTetradian Consulting
 
Cobit 2019 framework by ISACA
byMDFazlaRabbiAbir
 
Future Proofing Your IT Operating Model for Digital
byDavid Favelle
 
IT Enterprise architecture ppt
byMonsif sakienah
 
Shadow IT And The Failure Of IT Architecture
byAlan McSweeney
 
Implementing Effective Enterprise Architecture
byLeo Shuster
 
Introduction to DCAM, the Data Management Capability Assessment Model - Editi...
byElement22
 
An Introduction to IT Management with COBIT 2019
byGregor Polančič
 
Operational Data Vault
byEmpowered Holdings, LLC
 
Togaf 9.2 Introduction
byMohamed Zakarya Abdelgawad
 
Data Governance_Notes.pptx
byVivekDubley
 
DMBOK 2.0 and other frameworks including TOGAF & COBIT - keynote from DAMA Au...
byChristopher Bradley
 
EA Intensive Course "Building Enterprise Architecture" by mr.danairat
bySoftware Park Thailand
 
IT Governance Made Easy
byJerry Bishop
 
IT Governance - COBIT Perspective
bySayyed Zakir Ali Rizwe
 
TOGAF
byAhmed Gamil
 
Solution Architecture Framework
byFirmansyahIrma1
 
Solution Security Architecture
byAlan McSweeney
 
Review of Data Management Maturity Models
byAlan McSweeney
 
TOGAF ADM Steps reference
byRAJANIESH KAUSHIKK
 

Similar to COBIT 2019 - DIGITAL TRUST FRAMEWORK

PDF
cobit-2019 introduction overview for student
byssusercf2d3e
 
PPTX
COBIT stands for (Control Objectives for Information and Related Technology
byMahmoudElmahdy23
 
PPTX
Introduction to COBIT 2019 and IT management
byChristian F. Nissen
 
PPTX
Introduction to COBIT 5 and IT management
byChristian F. Nissen
 
PDF
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
byMark Constable
 
PDF
COBITlaminate_online_RD3 introduction overview
byssusercf2d3e
 
PDF
Qap cobit2019-20181111
byPatrick Soenen
 
PDF
COBIT 2019 Executive Summary -COBIT 2019
byssusercf2d3e
 
PDF
COBIT 2019 Executive Summary_v1.1 .pdf
byDiegoIvanAlvaradoVel
 
PPTX
COBIT Intor.pptx
bycassimjuma08
 
PPT
This one cobit_introduction cobit notes.ppt
bykong100
 
PDF
Mark thomas cobit-and-frameworks
byAbou Tesnime
 
PPTX
Cobit 5 - An Overview
byAnurag Purohit
 
PPTX
20180530123152_PPT8-TOPIK8-R0-IT Governance Instruments.pptx
byBambangEkoSantoso
 
PPTX
Cobit5
byISACA-Istanbul
 
PDF
cobit 2019 -current-user - ISACA Publication
byThilak Pathirage -Senior IT Gov and Risk Consultant
 
PDF
Implementation of a Decision System for a Suitable IT Governance Framework
byIJCSIS Research Publications
 
PPT
Cobit5 compare-with-4.1
byAVASP - Ambiente Virtual de Aprendizado de São Paulo
 
PPT
Cobit® 5 Comparação com Cobit® 4
bybrunise
 
PDF
What is Cobit
byBen Kalland
 
cobit-2019 introduction overview for student
byssusercf2d3e
 
COBIT stands for (Control Objectives for Information and Related Technology
byMahmoudElmahdy23
 
Introduction to COBIT 2019 and IT management
byChristian F. Nissen
 
Introduction to COBIT 5 and IT management
byChristian F. Nissen
 
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
byMark Constable
 
COBITlaminate_online_RD3 introduction overview
byssusercf2d3e
 
Qap cobit2019-20181111
byPatrick Soenen
 
COBIT 2019 Executive Summary -COBIT 2019
byssusercf2d3e
 
COBIT 2019 Executive Summary_v1.1 .pdf
byDiegoIvanAlvaradoVel
 
COBIT Intor.pptx
bycassimjuma08
 
This one cobit_introduction cobit notes.ppt
bykong100
 
Mark thomas cobit-and-frameworks
byAbou Tesnime
 
Cobit 5 - An Overview
byAnurag Purohit
 
20180530123152_PPT8-TOPIK8-R0-IT Governance Instruments.pptx
byBambangEkoSantoso
 
Cobit5
byISACA-Istanbul
 
cobit 2019 -current-user - ISACA Publication
byThilak Pathirage -Senior IT Gov and Risk Consultant
 
Implementation of a Decision System for a Suitable IT Governance Framework
byIJCSIS Research Publications
 
Cobit5 compare-with-4.1
byAVASP - Ambiente Virtual de Aprendizado de São Paulo
 
Cobit® 5 Comparação com Cobit® 4
bybrunise
 
What is Cobit
byBen Kalland
 

More from Maganathin Veeraragaloo

PDF
Zero Trust Implementation Guideline Discovery Phase
byMaganathin Veeraragaloo
 
PPTX
MULTI-CLOUD ARCHITECTURE
byMaganathin Veeraragaloo
 
PPTX
Cloud security (domain11 14)
byMaganathin Veeraragaloo
 
PPTX
Cloud security (domain6 10)
byMaganathin Veeraragaloo
 
PPTX
Cloud Security (Domain1- 5)
byMaganathin Veeraragaloo
 
PPTX
BTABOK / ITABOK
byMaganathin Veeraragaloo
 
PPTX
Observability
byMaganathin Veeraragaloo
 
PPTX
Foresight 4 Cybersecurity
byMaganathin Veeraragaloo
 
PPTX
Cybersecurity Capability Maturity Model (C2M2)
byMaganathin Veeraragaloo
 
PPTX
CLOUD NATIVE SECURITY
byMaganathin Veeraragaloo
 
PPTX
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
byMaganathin Veeraragaloo
 
PPTX
ISO 27005 - Digital Trust Framework
byMaganathin Veeraragaloo
 
PPTX
ITIL4 - DIGITAL TRUST FRAMEWORK
byMaganathin Veeraragaloo
 
PPTX
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
byMaganathin Veeraragaloo
 
PPTX
Open Digital Framework from TMFORUM
byMaganathin Veeraragaloo
 
PPTX
Enterprise security architecture approach
byMaganathin Veeraragaloo
 
PPTX
Cloud and Data Privacy
byMaganathin Veeraragaloo
 
PPTX
XaaS Overview
byMaganathin Veeraragaloo
 
PPTX
Multi cloud security architecture
byMaganathin Veeraragaloo
 
PPTX
Multi Cloud Architecture Approach
byMaganathin Veeraragaloo
 
Zero Trust Implementation Guideline Discovery Phase
byMaganathin Veeraragaloo
 
MULTI-CLOUD ARCHITECTURE
byMaganathin Veeraragaloo
 
Cloud security (domain11 14)
byMaganathin Veeraragaloo
 
Cloud security (domain6 10)
byMaganathin Veeraragaloo
 
Cloud Security (Domain1- 5)
byMaganathin Veeraragaloo
 
BTABOK / ITABOK
byMaganathin Veeraragaloo
 
Observability
byMaganathin Veeraragaloo
 
Foresight 4 Cybersecurity
byMaganathin Veeraragaloo
 
Cybersecurity Capability Maturity Model (C2M2)
byMaganathin Veeraragaloo
 
CLOUD NATIVE SECURITY
byMaganathin Veeraragaloo
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
byMaganathin Veeraragaloo
 
ISO 27005 - Digital Trust Framework
byMaganathin Veeraragaloo
 
ITIL4 - DIGITAL TRUST FRAMEWORK
byMaganathin Veeraragaloo
 
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
byMaganathin Veeraragaloo
 
Open Digital Framework from TMFORUM
byMaganathin Veeraragaloo
 
Enterprise security architecture approach
byMaganathin Veeraragaloo
 
Cloud and Data Privacy
byMaganathin Veeraragaloo
 
XaaS Overview
byMaganathin Veeraragaloo
 
Multi cloud security architecture
byMaganathin Veeraragaloo
 
Multi Cloud Architecture Approach
byMaganathin Veeraragaloo
 

Recently uploaded

PDF
Chapter 4 Network Security in computer security
byGetnet Tigabie Askale -(GM)
 
PDF
TrustArc Webinar - From Zero to Privacy Hero: Launching Your Program Right an...
byTrustArc
 
PDF
Computer-Based Training (CBT) The Backbone of Modern Technical & Defence Trai...
bycomputerbasedtrainin1
 
PDF
Supercharge Your Copilot-Driven Collaboration with Microsoft 365 Agents SDK
byAntti Koskela
 
PDF
Dev Dives: Build and deploy agentic automations - the unified way
byUiPathCommunity
 
PDF
What Thema can do: Leveraging metadata to support the discoverability of Firs...
byBookNet Canada
 
PDF
Build Next-Gen Spatial & Sensor Workflows: Secure, Scalable Processing in Sno...
bySafe Software
 
PDF
OpenCharacter AI Reviews: Features, Plans, and Best Alternative
byOpenCharacter AI
 
PDF
AI and Zero Trust: What it takes to do it right
byMark Simos
 
PDF
Real-Time AI Masterclass: Vector Search at Scale
byScyllaDB
 
PDF
UiPath Automation Developer Associate Training Series 2026 - Session 1
byDianaGray10
 
PDF
ICT500 - CRITICAL AND CREATIVE THINKING FOR INFORMATION TECHNOLOGY SOLUTIONS:...
by2024432452
 
PDF
Title Installing Windows, Linux, MacOS.pdf
byGeraldAbadajos
 
PPTX
TechSprint Inauguration at SJB Institute of Technology held on 18 December 2025
bysuhasspgdg
 
PPTX
NTG - Data Center Management System Software
byMustafa Kuğu
 
PDF
"When every team does things "right", but together it turns into chaos", Yozh...
byFwdays
 
PPTX
Introduction to Industrial-Arts Grade 8 ppt Lesson 1
byFSBTLEDNathanVince
 
PPTX
TechSprint (SJBIT) 2025-26 Hackathon Winners & Awards Ceremony
bysuhasspgdg
 
PPTX
2026 SCORM Troubleshooting Rustici + dominKnow.pptx
byRustici Software
 
PDF
Pneumatic Pressure Pump PPP01 for Calibration & Testing
bySERRAX TECHNOLOGIES LLP
 
Chapter 4 Network Security in computer security
byGetnet Tigabie Askale -(GM)
 
TrustArc Webinar - From Zero to Privacy Hero: Launching Your Program Right an...
byTrustArc
 
Computer-Based Training (CBT) The Backbone of Modern Technical & Defence Trai...
bycomputerbasedtrainin1
 
Supercharge Your Copilot-Driven Collaboration with Microsoft 365 Agents SDK
byAntti Koskela
 
Dev Dives: Build and deploy agentic automations - the unified way
byUiPathCommunity
 
What Thema can do: Leveraging metadata to support the discoverability of Firs...
byBookNet Canada
 
Build Next-Gen Spatial & Sensor Workflows: Secure, Scalable Processing in Sno...
bySafe Software
 
OpenCharacter AI Reviews: Features, Plans, and Best Alternative
byOpenCharacter AI
 
AI and Zero Trust: What it takes to do it right
byMark Simos
 
Real-Time AI Masterclass: Vector Search at Scale
byScyllaDB
 
UiPath Automation Developer Associate Training Series 2026 - Session 1
byDianaGray10
 
ICT500 - CRITICAL AND CREATIVE THINKING FOR INFORMATION TECHNOLOGY SOLUTIONS:...
by2024432452
 
Title Installing Windows, Linux, MacOS.pdf
byGeraldAbadajos
 
TechSprint Inauguration at SJB Institute of Technology held on 18 December 2025
bysuhasspgdg
 
NTG - Data Center Management System Software
byMustafa Kuğu
 
"When every team does things "right", but together it turns into chaos", Yozh...
byFwdays
 
Introduction to Industrial-Arts Grade 8 ppt Lesson 1
byFSBTLEDNathanVince
 
TechSprint (SJBIT) 2025-26 Hackathon Winners & Awards Ceremony
bysuhasspgdg
 
2026 SCORM Troubleshooting Rustici + dominKnow.pptx
byRustici Software
 
Pneumatic Pressure Pump PPP01 for Calibration & Testing
bySERRAX TECHNOLOGIES LLP
 

COBIT 2019 - DIGITAL TRUST FRAMEWORK

  • 1.
    DIGITAL TRUST FRAMEWORK (DTF) MaganathinVeeraragaloo 7th December 2021
  • 2.
    The TMForum's OpenDigital Architecture (ODA)will be used as the cornerstone for this Framework https://www.tmforum.org/oda/ ODA was initially designed for the Telecommunications Industry inclusive of 5G Services. The Digital Trust Framework is developed for the 4IR Environment The Digital Trust Framework (DTF) will be a blueprint for modular, cloud-based, open digital platforms that can be orchestrated using AI ODA will be integrated with COBIT 2019, ITIL 4 and ISO 27005 RISK MANAGER – this is to ensure an overall Digital Trust approach for a continuous evolving SYSTEMS Environment
  • 3.
    Transformation Tools As-Is Applications Transformation Toolkits Maturity Tools Metrics Maturity Models Data Benchmark Data AITraining Data DIGITAL TRUST FRAMEWORK DIGITAL TRUST ARCHITECTURE Governance Concepts & Principles Design Guides Microservices Architecture Governance AI Governance Data Governance Security Governance Agile Lifecycle Management Business Deployment & Run Information Systems Implementation Business Capability Repository Process Framework Information Framework Integration Framework Functional Framework & Architecture Canvas Operation Frameworks Reference Implementation Technical Architecture Components Open API’s Data Model
  • 4.
    ITIL 4 Capability Framework DIGITALTRUST FRAMEWORK Governance & Processes Cybersecurity Mesh Architecture
  • 5.
  • 6.
    SOURCE: https://blogs.bmc.com/cobit/?print=pdf COBIT isa best practice framework, but its scope is unique from most frameworks in that it focuses narrowly on security, risk management, and governance. If you’re looking to streamline business processes, sync IT with business needs, alter your IT infrastructure, or manage the multi- cloud, COBIT isn’t the answer.
  • 7.
    SOURCE: https://blogs.bmc.com/cobit/?print=pdf Short forControl Objectives for Information and Related Technologies, COBIT was first developed to guide IT governance and management. Its latest iteration, COBIT 2019, has revamped parts of its framework while offering much-needed updates that accounts for ever-present cybersecurity threats and the incorporation of Agile and DevOps practices. COBIT 2019 continues to fit in nicely with ITIL, TOGAF, and CMMI, and it serves as a good umbrella framework for unifying processes across an organization. COBIT 2019 has several new goals, too, including but not limited to the following:  Improved alignment with global standards and best practices to encourage COBIT’s relevance New open-source model allows for global feedback, hopefully resulting in faster, more agile updates and improvements  More guidance and prescriptions to make COBIT a best-fit governance system, not one that works against the enterprise Better measurement tools to align with CMMI
  • 10.
    Key Differences BetweenCOBIT 5 and COBIT 2019 COBIT 5 COBIT 2019 Five governance principles Six governance principles 7 processes 40 processes “Manage” terminology is used for management processes “Ensure” terminology is used for governance processes “Managed” terminology is used for management processes “Ensured” terminology is used for governance processes Governance framework principles are absent Governance framework principles area added Measuring performance uses 0-5 scale based on ISO/IEC 33000 CMMI performance management scheme used Enablers are included Enablers are renamed as components Design factors are not available Design factors are included
  • 12.
    COBIT business orientationand form of operation comprises of linking business goals to IT goals, providing info metrics and maturity models for ascertaining the level of accomplishments and noting the interrelated responsibilities of business and IT process owners. To completely understand the scope of the mode of operation of the COBIT framework, two main parameters are provided: Control is the form of procedures, practices, policies, and organizational structures designed to provide an acceptable level of assurance that business objectives and strategies will be attained and undesired incidents will be detected and corrected in a quick, concise manner. IT Control Objective is a statement of the level of acceptable results to be attained by implementing control procedures concerning a particular IT operation.
  • 13.
    Framework. Organize and categorizeIT governance objectives and good practices by IT domains and processes before associating them with their respective business requirements. Process descriptions. A reference process model and common language for everyone in an enterprise. Control objectives. Use this complete set of high-level requirements for effective control of each IT process. Management guidelines. Assign responsibility, agree on objectives, measure performance, and illustrate interrelationship with other processes. Maturity models. Assess maturity and capability per process and helps to address gaps.
  • 14.
  • 16.
    INTERNAL STAKEHOLDERS BOARDS EXECUTIVE MANAGEMENT BUSINESS MANAGERS IT MANAGERS ASSURANCE PROVIDERS RISK MANAGEMENT Provides insights onhow to get value from the use of I&T and explains relevant board responsibilities Provides guidance on how to organize and monitor performance of I&T across the enterprise Helps to understand how to obtain the I&T solutions enterprises require and how best to exploit new technology for strategic opportunities Helps manage dependencies on external service providers, provides assurance over IT, and ensures the existence of an effective and efficient system of internal controls Helps to ensure the identification and management of all IT-related risk Provides guidance on how best to build and structure the IT department, manage performance of IT, run an efficient and effective IT operation, control IT costs, align IT strategy to business priorities, etc.
  • 17.
    EXTERNAL STAKEHOLDERS REGULATORS BUSINESS PARTNERS IT VENDORS Determines whetherthe enterprise is compliant with applicable rules and regulations and advises that the enterprise has the right governance system in place to manage and sustain compliance Confirm that a business partner’s operations are secure, reliable and compliant with applicable rules and regulations IT vendor’s operations must establish that they are secure, reliable and compliant with applicable rules and regulations.
  • 20.
    The six (6)principles are the core requirements for a governance system for enterprise information and technology. 1. Each enterprise needs a governance system to satisfy stakeholder needs and to generate value from the use of I&T. 2. A governance system for enterprise I&T is built from a number of components that can be of different types and that work together in a holistic way. 3. A governance system should be dynamic. This means that each time one or more of the design factors are changed the impact of these changes on the EGIT system must be considered. 4. A governance system should clearly distinguish between governance and management activities and structures. 5. A governance system should be tailored to the enterprise’s needs, using a set of design factors as parameters to customize and prioritize the governance system components. 6. A governance system should cover the enterprise end to end, focusing not only on the IT function but on all technology and information processing the enterprise puts in place to achieve its goals.
  • 21.
    The three (3)principles identify the underlying principles for a governance framework that can be used to build a governance system for the enterprise. 1. A governance framework should be based on a conceptual model, identifying the key components and relationships among components, to maximize consistency and allow automation. 2. A governance framework should be open and flexible. It should allow the addition of new content and the ability to address new issues in the most flexible way, while maintaining integrity and consistency. 3. A governance framework should align to relevant major related standards, frameworks and regulations
  • 22.
    For information andtechnology to contribute to enterprise goals, a number of governance and management objectives should be achieved. A governance or management objective always relates to one process and a series of related components of other types to help achieve the objective A governance objective relates to a governance process, while a management objective relates to a management process.
  • 23.
    The governance andmanagement objectives in COBIT® 2019 are grouped into five domains. The domains have names that express the key purpose and areas of activity of the objectives contained in them.
  • 25.
  • 26.
    Enterprise goals havebeen consolidated, reduced, updated and clarified. Alignment goals emphasize the alignment of all IT efforts with business objectives These were IT-related goals in COBIT 5 The update seeks to avoid the frequent misunderstanding that these goals indicate purely internal objectives of the IT department within an enterprise Alignment goals have also been consolidated, reduced, updated and clarified where necessary SOURCE: ISACA® (isaca.org)
  • 27.
    Each enterprise’s governance systemis built from a number of components Components can be of different types Components interact with each other, resulting in a holistic governance system for I&T These were known as enablers in COBIT 5 SOURCE: ISACA® (isaca.org)
  • 28.
    Components can begeneric or variants of generic components: Generic components are described in the COBIT core model  Apply in principle to any situation  However, they are generic in nature and  generally need customization before being practically implemented Variants are based on generic components but  Tailored for a specific purpose or context within a focus area (e.g., for information security, DevOps, a particular regulation) SOURCE: ISACA® (isaca.org)
  • 29.
    A Focus Areadescribes a certain governance topic, domain or issue that can be addressed by a collection of governance and management objectives and their components. Focus Areas can contain a combination of generic governance components and variants The number of focus areas is virtually unlimited. That is what makes COBIT open-ended. New focus areas can be added as required or as subject matter experts and practitioners contribute. SOURCE: ISACA® (isaca.org)
  • 30.
    Design factors arefactors that: Influence the design of an enterprise’s governance system Position it for success in the use of I&T More information and detailed guidance on how to use the design factors for designing a governance system can be found in the COBIT Design Guide publication SOURCE: ISACA® (isaca.org)
  • 31.
  • 32.
    Design factors influencein different ways the tailoring of the governance system of an enterprise. Specific Focus Area Design Factor Impact Management Objective Priority & Target Capability Levels Component Variations SOURCE: ISACA® (isaca.org)
  • 33.
    Management Objective Priorityand Target Capability Levels Design factor influence can make some governance and management objectives more important than others, sometimes to the extent that they become negligible • In practice, this higher importance translates into setting higher target capability levels Specific Focus Area Design Factor Impact Management Objective Priority & Target Capability Levels Component Variations SOURCE: ISACA® (isaca.org)
  • 34.
    Component Variations Components arerequired to achieve governance and management objectives. Some design factors can influence the importance of one or more components or can require specific variations Specific Focus Area Design Factor Impact Management Objective Priority & Target Capability Levels Component Variations
  • 35.
    Specific Focus Areas Somedesign factors, such as threat landscape, specific risk, target development methods and infrastructure set-up, will drive the need for variation of the core COBIT model content to a specific context Specific Focus Area Design Factor Impact Management Objective Priority & Target Capability Levels Component Variations SOURCE: ISACA® (isaca.org)
  • 36.
    The different stagesand steps in the design process will result in recommendations for prioritizing governance and management objectives or related governance system components, for target capability levels, or for adopting specific variants of a governance system component. SOURCE: ISACA® (isaca.org)
  • 37.
    The implementation approachis based on empowering business and IT stakeholders and role players to take ownership of IT-related governance and management decisions and activities by facilitating and enabling change. Implementation guide is a phased approach with three perspectives Continual Improvement Program Management Change Enablement
  • 38.
    1. Program Management •Outer Ring 2. Change Enablement • Middle Ring 3. Continual Improvement Lifecycle • Inner Ring It recognizes that I&T are pervasive in enterprises and that it is neither possible nor good practice to separate business and IT-related activities. SOURCE: ISACA® (isaca.org)
  • 39.
  • 40.
    COBIT Performance Management(CPM) refers to how well the governance and management system and all the components of an enterprise work, and how they can be improved up to the required level. It includes concepts and methods such as capability levels and maturity levels. COBIT 2019 is based on the following principles: Simple to understand and use Consistent with, and support the COBIT conceptual model Provide reliable, repeatable and relevant results Must be flexible Should support different types of assessments SOURCE: ISACA® (isaca.org)
  • 41.
     COBIT 2019supports a CMMI-based process capability scheme  The process within each governance and management objective can operate at capability levels, between 0 to 5  The capability level is a measure for how well a process is implemented and performing  Each process activity is associated with a capability level SOURCE: ISACA® (isaca.org)
  • 42.
    Each process activityis associated with a capability level Helps users implement processes at a foundational Level  Identifies future activities to achieve a higher capability level
  • 43.
     Sometimes amore high-level for expressing performance is required, less granular than individual process capability ratings: Maturity Levels  We define maturity levels in COBIT 2019 update as a performance measure at the Focus Area level