SlideShare a Scribd company logo

Digital Trust Framework

Download as PPTX, PDF
Maganathin Veeraragaloo
Maganathin Veeraragaloo

The document provides an overview of the Digital Trust Framework (DTF) and how it will integrate several frameworks including ODA, COBIT 2019, ITIL 4, and ISO 27005 to provide an overall approach for digital trust. The DTF will be a modular, cloud-based, open digital platform that can be orchestrated using AI. It will use the TMForum's Open Digital Architecture as a cornerstone and was developed for a 4IR environment.

Technology
1 of 44
DIGITAL TRUST FRAMEWORK (DTF) Maganathin Veeraragaloo 7th December 2021
The TMForum's Open Digital Architecture (ODA)will be used as the cornerstone for this Framework https://www.tmforum.org/oda/ ODA was initially designed for the Telecommunications Industry inclusive of 5G Services. The Digital Trust Framework is developed for the 4IR Environment The Digital Trust Framework (DTF) will be a blueprint for modular, cloud-based, open digital platforms that can be orchestrated using AI ODA will be integrated with COBIT 2019, ITIL 4 and ISO 27005 RISK MANAGER – this is to ensure an overall Digital Trust approach for a continuous evolving SYSTEMS Environment
Transformation Tools As-Is Applications Transformation Toolkits Maturity Tools Metrics Maturity Models Data Benchmark Data AI Training Data DIGITAL TRUST FRAMEWORK DIGITAL TRUST ARCHITECTURE Governance Concepts & Principles Design Guides Microservices Architecture Governance AI Governance Data Governance Security Governance Agile Lifecycle Management Business Deployment & Run Information Systems Implementation Business Capability Repository Process Framework Information Framework Integration Framework Functional Framework & Architecture Canvas Operation Frameworks Reference Implementation Technical Architecture Components Open API’s Data Model
ITIL 4 Capability Framework DIGITAL TRUST FRAMEWORK Governance & Processes Cybersecurity Mesh Architecture
COBIT 2019 OVERVIEW
SOURCE: https://blogs.bmc.com/cobit/?print=pdf COBIT is a best practice framework, but its scope is unique from most frameworks in that it focuses narrowly on security, risk management, and governance. If you’re looking to streamline business processes, sync IT with business needs, alter your IT infrastructure, or manage the multi- cloud, COBIT isn’t the answer.
SOURCE: https://blogs.bmc.com/cobit/?print=pdf Short for Control Objectives for Information and Related Technologies, COBIT was first developed to guide IT governance and management. Its latest iteration, COBIT 2019, has revamped parts of its framework while offering much-needed updates that accounts for ever-present cybersecurity threats and the incorporation of Agile and DevOps practices. COBIT 2019 continues to fit in nicely with ITIL, TOGAF, and CMMI, and it serves as a good umbrella framework for unifying processes across an organization. COBIT 2019 has several new goals, too, including but not limited to the following:  Improved alignment with global standards and best practices to encourage COBIT’s relevance New open-source model allows for global feedback, hopefully resulting in faster, more agile updates and improvements  More guidance and prescriptions to make COBIT a best-fit governance system, not one that works against the enterprise Better measurement tools to align with CMMI
Key Differences Between COBIT 5 and COBIT 2019 COBIT 5 COBIT 2019 Five governance principles Six governance principles 7 processes 40 processes “Manage” terminology is used for management processes “Ensure” terminology is used for governance processes “Managed” terminology is used for management processes “Ensured” terminology is used for governance processes Governance framework principles are absent Governance framework principles area added Measuring performance uses 0-5 scale based on ISO/IEC 33000 CMMI performance management scheme used Enablers are included Enablers are renamed as components Design factors are not available Design factors are included
COBIT business orientation and form of operation comprises of linking business goals to IT goals, providing info metrics and maturity models for ascertaining the level of accomplishments and noting the interrelated responsibilities of business and IT process owners. To completely understand the scope of the mode of operation of the COBIT framework, two main parameters are provided: Control is the form of procedures, practices, policies, and organizational structures designed to provide an acceptable level of assurance that business objectives and strategies will be attained and undesired incidents will be detected and corrected in a quick, concise manner. IT Control Objective is a statement of the level of acceptable results to be attained by implementing control procedures concerning a particular IT operation.
Framework. Organize and categorize IT governance objectives and good practices by IT domains and processes before associating them with their respective business requirements. Process descriptions. A reference process model and common language for everyone in an enterprise. Control objectives. Use this complete set of high-level requirements for effective control of each IT process. Management guidelines. Assign responsibility, agree on objectives, measure performance, and illustrate interrelationship with other processes. Maturity models. Assess maturity and capability per process and helps to address gaps.
SOURCE: https://www.businessbeam.com/blog/cobit-2019/
INTERNAL STAKEHOLDERS BOARDS EXECUTIVE MANAGEMENT BUSINESS MANAGERS IT MANAGERS ASSURANCE PROVIDERS RISK MANAGEMENT Provides insights on how to get value from the use of I&T and explains relevant board responsibilities Provides guidance on how to organize and monitor performance of I&T across the enterprise Helps to understand how to obtain the I&T solutions enterprises require and how best to exploit new technology for strategic opportunities Helps manage dependencies on external service providers, provides assurance over IT, and ensures the existence of an effective and efficient system of internal controls Helps to ensure the identification and management of all IT-related risk Provides guidance on how best to build and structure the IT department, manage performance of IT, run an efficient and effective IT operation, control IT costs, align IT strategy to business priorities, etc.
EXTERNAL STAKEHOLDERS REGULATORS BUSINESS PARTNERS IT VENDORS Determines whether the enterprise is compliant with applicable rules and regulations and advises that the enterprise has the right governance system in place to manage and sustain compliance Confirm that a business partner’s operations are secure, reliable and compliant with applicable rules and regulations IT vendor’s operations must establish that they are secure, reliable and compliant with applicable rules and regulations.
The six (6) principles are the core requirements for a governance system for enterprise information and technology. 1. Each enterprise needs a governance system to satisfy stakeholder needs and to generate value from the use of I&T. 2. A governance system for enterprise I&T is built from a number of components that can be of different types and that work together in a holistic way. 3. A governance system should be dynamic. This means that each time one or more of the design factors are changed the impact of these changes on the EGIT system must be considered. 4. A governance system should clearly distinguish between governance and management activities and structures. 5. A governance system should be tailored to the enterprise’s needs, using a set of design factors as parameters to customize and prioritize the governance system components. 6. A governance system should cover the enterprise end to end, focusing not only on the IT function but on all technology and information processing the enterprise puts in place to achieve its goals.
The three (3) principles identify the underlying principles for a governance framework that can be used to build a governance system for the enterprise. 1. A governance framework should be based on a conceptual model, identifying the key components and relationships among components, to maximize consistency and allow automation. 2. A governance framework should be open and flexible. It should allow the addition of new content and the ability to address new issues in the most flexible way, while maintaining integrity and consistency. 3. A governance framework should align to relevant major related standards, frameworks and regulations
For information and technology to contribute to enterprise goals, a number of governance and management objectives should be achieved. A governance or management objective always relates to one process and a series of related components of other types to help achieve the objective A governance objective relates to a governance process, while a management objective relates to a management process.
The governance and management objectives in COBIT® 2019 are grouped into five domains. The domains have names that express the key purpose and areas of activity of the objectives contained in them.
SOURCE: ISACA® (isaca.org)
Enterprise goals have been consolidated, reduced, updated and clarified. Alignment goals emphasize the alignment of all IT efforts with business objectives These were IT-related goals in COBIT 5 The update seeks to avoid the frequent misunderstanding that these goals indicate purely internal objectives of the IT department within an enterprise Alignment goals have also been consolidated, reduced, updated and clarified where necessary SOURCE: ISACA® (isaca.org)
Each enterprise’s governance system is built from a number of components Components can be of different types Components interact with each other, resulting in a holistic governance system for I&T These were known as enablers in COBIT 5 SOURCE: ISACA® (isaca.org)
Components can be generic or variants of generic components: Generic components are described in the COBIT core model  Apply in principle to any situation  However, they are generic in nature and  generally need customization before being practically implemented Variants are based on generic components but  Tailored for a specific purpose or context within a focus area (e.g., for information security, DevOps, a particular regulation) SOURCE: ISACA® (isaca.org)
A Focus Area describes a certain governance topic, domain or issue that can be addressed by a collection of governance and management objectives and their components. Focus Areas can contain a combination of generic governance components and variants The number of focus areas is virtually unlimited. That is what makes COBIT open-ended. New focus areas can be added as required or as subject matter experts and practitioners contribute. SOURCE: ISACA® (isaca.org)
Design factors are factors that: Influence the design of an enterprise’s governance system Position it for success in the use of I&T More information and detailed guidance on how to use the design factors for designing a governance system can be found in the COBIT Design Guide publication SOURCE: ISACA® (isaca.org)
SOURCE: ISACA® (isaca.org)
Design factors influence in different ways the tailoring of the governance system of an enterprise. Specific Focus Area Design Factor Impact Management Objective Priority & Target Capability Levels Component Variations SOURCE: ISACA® (isaca.org)
Management Objective Priority and Target Capability Levels Design factor influence can make some governance and management objectives more important than others, sometimes to the extent that they become negligible • In practice, this higher importance translates into setting higher target capability levels Specific Focus Area Design Factor Impact Management Objective Priority & Target Capability Levels Component Variations SOURCE: ISACA® (isaca.org)
Component Variations Components are required to achieve governance and management objectives. Some design factors can influence the importance of one or more components or can require specific variations Specific Focus Area Design Factor Impact Management Objective Priority & Target Capability Levels Component Variations
Specific Focus Areas Some design factors, such as threat landscape, specific risk, target development methods and infrastructure set-up, will drive the need for variation of the core COBIT model content to a specific context Specific Focus Area Design Factor Impact Management Objective Priority & Target Capability Levels Component Variations SOURCE: ISACA® (isaca.org)
The different stages and steps in the design process will result in recommendations for prioritizing governance and management objectives or related governance system components, for target capability levels, or for adopting specific variants of a governance system component. SOURCE: ISACA® (isaca.org)
The implementation approach is based on empowering business and IT stakeholders and role players to take ownership of IT-related governance and management decisions and activities by facilitating and enabling change. Implementation guide is a phased approach with three perspectives Continual Improvement Program Management Change Enablement
1. Program Management • Outer Ring 2. Change Enablement • Middle Ring 3. Continual Improvement Lifecycle • Inner Ring It recognizes that I&T are pervasive in enterprises and that it is neither possible nor good practice to separate business and IT-related activities. SOURCE: ISACA® (isaca.org)
USING COBIT 2019
COBIT Performance Management (CPM) refers to how well the governance and management system and all the components of an enterprise work, and how they can be improved up to the required level. It includes concepts and methods such as capability levels and maturity levels. COBIT 2019 is based on the following principles: Simple to understand and use Consistent with, and support the COBIT conceptual model Provide reliable, repeatable and relevant results Must be flexible Should support different types of assessments SOURCE: ISACA® (isaca.org)
 COBIT 2019 supports a CMMI-based process capability scheme  The process within each governance and management objective can operate at capability levels, between 0 to 5  The capability level is a measure for how well a process is implemented and performing  Each process activity is associated with a capability level SOURCE: ISACA® (isaca.org)
Each process activity is associated with a capability level Helps users implement processes at a foundational Level  Identifies future activities to achieve a higher capability level
 Sometimes a more high-level for expressing performance is required, less granular than individual process capability ratings: Maturity Levels  We define maturity levels in COBIT 2019 update as a performance measure at the Focus Area level
Digital Trust Framework

Recommended

ITIL,COBIT and IT4IT Mapping
ITIL,COBIT and IT4IT MappingITIL,COBIT and IT4IT Mapping
ITIL,COBIT and IT4IT MappingRob Akershoek
 
cobit 2019 presentation.pdf
cobit 2019 presentation.pdfcobit 2019 presentation.pdf
cobit 2019 presentation.pdfmohammed539963
 
Solution Architecture
Solution ArchitectureSolution Architecture
Solution ArchitectureFirmansyahIrma1
 
Introduction to Enterprise Architecture
Introduction to Enterprise Architecture Introduction to Enterprise Architecture
Introduction to Enterprise Architecture Leo Shuster
 
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise ITCOBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise ITMark Constable
 
IT Governance
IT GovernanceIT Governance
IT GovernanceCarlos Chalico
 
Cobit 2019 foundation study material
Cobit 2019 foundation study materialCobit 2019 foundation study material
Cobit 2019 foundation study materialAnees Shaikh
 
An Introduction to IT Management with COBIT 2019
An Introduction to IT Management with COBIT 2019An Introduction to IT Management with COBIT 2019
An Introduction to IT Management with COBIT 2019Gregor Polančič
 

Recommended

ITIL,COBIT and IT4IT Mapping
ITIL,COBIT and IT4IT MappingITIL,COBIT and IT4IT Mapping
ITIL,COBIT and IT4IT MappingRob Akershoek
 
cobit 2019 presentation.pdf
cobit 2019 presentation.pdfcobit 2019 presentation.pdf
cobit 2019 presentation.pdfmohammed539963
 
Solution Architecture
Solution ArchitectureSolution Architecture
Solution ArchitectureFirmansyahIrma1
 
Introduction to Enterprise Architecture
Introduction to Enterprise Architecture Introduction to Enterprise Architecture
Introduction to Enterprise Architecture Leo Shuster
 
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise ITCOBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise ITMark Constable
 
IT Governance
IT GovernanceIT Governance
IT GovernanceCarlos Chalico
 
Cobit 2019 foundation study material
Cobit 2019 foundation study materialCobit 2019 foundation study material
Cobit 2019 foundation study materialAnees Shaikh
 
An Introduction to IT Management with COBIT 2019
An Introduction to IT Management with COBIT 2019An Introduction to IT Management with COBIT 2019
An Introduction to IT Management with COBIT 2019Gregor Polančič
 
SABSA Implementation(Part IV)_ver1-0
SABSA Implementation(Part IV)_ver1-0SABSA Implementation(Part IV)_ver1-0
SABSA Implementation(Part IV)_ver1-0Maganathin Veeraragaloo
 
ISO 27001 How to accelerate the implementation.pdf
ISO 27001 How to accelerate the implementation.pdfISO 27001 How to accelerate the implementation.pdf
ISO 27001 How to accelerate the implementation.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
GDPR RACI.pdf
GDPR RACI.pdfGDPR RACI.pdf
GDPR RACI.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Solution Architecture and Solution Acquisition
Solution Architecture and Solution AcquisitionSolution Architecture and Solution Acquisition
Solution Architecture and Solution AcquisitionAlan McSweeney
 
Introduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT managementIntroduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT managementChristian F. Nissen
 
Intro to Enterprise Architecture (EA)
Intro to Enterprise Architecture (EA)Intro to Enterprise Architecture (EA)
Intro to Enterprise Architecture (EA)Fahmi Abdul Latip
 
Togaf 9 overview
Togaf 9 overviewTogaf 9 overview
Togaf 9 overviewEnterpriseArchitects
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security ArchitecturePriyanka Aash
 
Isms
IsmsIsms
Ismspenetration Tester
 
IT Enterprise architecture ppt
IT Enterprise architecture pptIT Enterprise architecture ppt
IT Enterprise architecture pptMonsif sakienah
 
Structured Approach to Solution Architecture
Structured Approach to Solution ArchitectureStructured Approach to Solution Architecture
Structured Approach to Solution ArchitectureAlan McSweeney
 
How to Articulate the Value of Enterprise Architecture
How to Articulate the Value of Enterprise ArchitectureHow to Articulate the Value of Enterprise Architecture
How to Articulate the Value of Enterprise Architecturecccamericas
 
COBIT 2019 Overview_v1.1.pdf
COBIT 2019 Overview_v1.1.pdfCOBIT 2019 Overview_v1.1.pdf
COBIT 2019 Overview_v1.1.pdfMartinPatrici
 
Implement cobit in your organization
Implement cobit in your organizationImplement cobit in your organization
Implement cobit in your organizationCheikh Hamallah DJIBA
 
Implementing a Security Framework based on ISO/IEC 27002
Implementing a Security Framework based on ISO/IEC 27002Implementing a Security Framework based on ISO/IEC 27002
Implementing a Security Framework based on ISO/IEC 27002pgpmikey
 
Integrating It Frameworks, Methodologies And Best Practices Into It Delivery ...
Integrating It Frameworks, Methodologies And Best Practices Into It Delivery ...Integrating It Frameworks, Methodologies And Best Practices Into It Delivery ...
Integrating It Frameworks, Methodologies And Best Practices Into It Delivery ...Alan McSweeney
 
Critical Review of Open Group IT4IT Reference Architecture
Critical Review of Open Group IT4IT Reference ArchitectureCritical Review of Open Group IT4IT Reference Architecture
Critical Review of Open Group IT4IT Reference ArchitectureAlan McSweeney
 
A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy Allen Baranov
 
Enterprise Architecture - TOGAF Overview
Enterprise Architecture - TOGAF OverviewEnterprise Architecture - TOGAF Overview
Enterprise Architecture - TOGAF OverviewMohamed Sami El-Tahawy
 
Introduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementIntroduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementChristian F. Nissen
 
01 intro-cobit
01 intro-cobit01 intro-cobit
01 intro-cobityusrizalmukhtar
 
Implementation of a Decision System for a Suitable IT Governance Framework
Implementation of a Decision System for a Suitable IT Governance FrameworkImplementation of a Decision System for a Suitable IT Governance Framework
Implementation of a Decision System for a Suitable IT Governance FrameworkIJCSIS Research Publications
 

More Related Content

What's hot

Solution Architecture and Solution Acquisition
Solution Architecture and Solution AcquisitionSolution Architecture and Solution Acquisition
Solution Architecture and Solution AcquisitionAlan McSweeney
 
Introduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT managementIntroduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT managementChristian F. Nissen
 
Intro to Enterprise Architecture (EA)
Intro to Enterprise Architecture (EA)Intro to Enterprise Architecture (EA)
Intro to Enterprise Architecture (EA)Fahmi Abdul Latip
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security ArchitecturePriyanka Aash
 
IT Enterprise architecture ppt
IT Enterprise architecture pptIT Enterprise architecture ppt
IT Enterprise architecture pptMonsif sakienah
 
Structured Approach to Solution Architecture
Structured Approach to Solution ArchitectureStructured Approach to Solution Architecture
Structured Approach to Solution ArchitectureAlan McSweeney
 
How to Articulate the Value of Enterprise Architecture
How to Articulate the Value of Enterprise ArchitectureHow to Articulate the Value of Enterprise Architecture
How to Articulate the Value of Enterprise Architecturecccamericas
 
COBIT 2019 Overview_v1.1.pdf
COBIT 2019 Overview_v1.1.pdfCOBIT 2019 Overview_v1.1.pdf
COBIT 2019 Overview_v1.1.pdfMartinPatrici
 
Implement cobit in your organization
Implement cobit in your organizationImplement cobit in your organization
Implement cobit in your organizationCheikh Hamallah DJIBA
 
Implementing a Security Framework based on ISO/IEC 27002
Implementing a Security Framework based on ISO/IEC 27002Implementing a Security Framework based on ISO/IEC 27002
Implementing a Security Framework based on ISO/IEC 27002pgpmikey
 
Integrating It Frameworks, Methodologies And Best Practices Into It Delivery ...
Integrating It Frameworks, Methodologies And Best Practices Into It Delivery ...Integrating It Frameworks, Methodologies And Best Practices Into It Delivery ...
Integrating It Frameworks, Methodologies And Best Practices Into It Delivery ...Alan McSweeney
 
Critical Review of Open Group IT4IT Reference Architecture
Critical Review of Open Group IT4IT Reference ArchitectureCritical Review of Open Group IT4IT Reference Architecture
Critical Review of Open Group IT4IT Reference ArchitectureAlan McSweeney
 
A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy Allen Baranov
 
Enterprise Architecture - TOGAF Overview
Enterprise Architecture - TOGAF OverviewEnterprise Architecture - TOGAF Overview
Enterprise Architecture - TOGAF OverviewMohamed Sami El-Tahawy
 
Introduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementIntroduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementChristian F. Nissen
 

What's hot (20)

SABSA Implementation(Part IV)_ver1-0
SABSA Implementation(Part IV)_ver1-0SABSA Implementation(Part IV)_ver1-0
SABSA Implementation(Part IV)_ver1-0
 
ISO 27001 How to accelerate the implementation.pdf
ISO 27001 How to accelerate the implementation.pdfISO 27001 How to accelerate the implementation.pdf
ISO 27001 How to accelerate the implementation.pdf
 
GDPR RACI.pdf
GDPR RACI.pdfGDPR RACI.pdf
GDPR RACI.pdf
 
Solution Architecture and Solution Acquisition
Solution Architecture and Solution AcquisitionSolution Architecture and Solution Acquisition
Solution Architecture and Solution Acquisition
 
Introduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT managementIntroduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT management
 
Intro to Enterprise Architecture (EA)
Intro to Enterprise Architecture (EA)Intro to Enterprise Architecture (EA)
Intro to Enterprise Architecture (EA)
 
Togaf 9 overview
Togaf 9 overviewTogaf 9 overview
Togaf 9 overview
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security Architecture
 
Isms
IsmsIsms
Isms
 
IT Enterprise architecture ppt
IT Enterprise architecture pptIT Enterprise architecture ppt
IT Enterprise architecture ppt
 
Structured Approach to Solution Architecture
Structured Approach to Solution ArchitectureStructured Approach to Solution Architecture
Structured Approach to Solution Architecture
 
How to Articulate the Value of Enterprise Architecture
How to Articulate the Value of Enterprise ArchitectureHow to Articulate the Value of Enterprise Architecture
How to Articulate the Value of Enterprise Architecture
 
COBIT 2019 Overview_v1.1.pdf
COBIT 2019 Overview_v1.1.pdfCOBIT 2019 Overview_v1.1.pdf
COBIT 2019 Overview_v1.1.pdf
 
Implement cobit in your organization
Implement cobit in your organizationImplement cobit in your organization
Implement cobit in your organization
 
Implementing a Security Framework based on ISO/IEC 27002
Implementing a Security Framework based on ISO/IEC 27002Implementing a Security Framework based on ISO/IEC 27002
Implementing a Security Framework based on ISO/IEC 27002
 
Integrating It Frameworks, Methodologies And Best Practices Into It Delivery ...
Integrating It Frameworks, Methodologies And Best Practices Into It Delivery ...Integrating It Frameworks, Methodologies And Best Practices Into It Delivery ...
Integrating It Frameworks, Methodologies And Best Practices Into It Delivery ...
 
Critical Review of Open Group IT4IT Reference Architecture
Critical Review of Open Group IT4IT Reference ArchitectureCritical Review of Open Group IT4IT Reference Architecture
Critical Review of Open Group IT4IT Reference Architecture
 
A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy
 
Enterprise Architecture - TOGAF Overview
Enterprise Architecture - TOGAF OverviewEnterprise Architecture - TOGAF Overview
Enterprise Architecture - TOGAF Overview
 
Introduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementIntroduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT management
 

Similar to Digital Trust Framework

Implementation of a Decision System for a Suitable IT Governance Framework
Implementation of a Decision System for a Suitable IT Governance FrameworkImplementation of a Decision System for a Suitable IT Governance Framework
Implementation of a Decision System for a Suitable IT Governance FrameworkIJCSIS Research Publications
 
CoBIT 5 (A brief Description)
CoBIT 5 (A brief Description)CoBIT 5 (A brief Description)
CoBIT 5 (A brief Description)Sam Mandebvu
 
Cobit 2019 framework by ISACA
Cobit 2019 framework by ISACACobit 2019 framework by ISACA
Cobit 2019 framework by ISACAMDFazlaRabbiAbir
 
Proposal of a Framework of Lean Governance and Management of Enterprise IT
Proposal of a Framework of Lean Governance and Management of Enterprise ITProposal of a Framework of Lean Governance and Management of Enterprise IT
Proposal of a Framework of Lean Governance and Management of Enterprise ITMehran Misaghi
 
Cobit 4.1 ivooktavianti
Cobit 4.1 ivooktaviantiCobit 4.1 ivooktavianti
Cobit 4.1 ivooktaviantiIvo Oktavianti
 
rethinking marketing
rethinking marketingrethinking marketing
rethinking marketingNavneet Singh
 
Principal 4 Enabling A Holistic Approach
Principal 4 Enabling A Holistic ApproachPrincipal 4 Enabling A Holistic Approach
Principal 4 Enabling A Holistic ApproachMohammad Reda Katby
 
Qap cobit2019-20181111
Qap cobit2019-20181111Qap cobit2019-20181111
Qap cobit2019-20181111Patrick Soenen
 
Governance V3 (2)
Governance V3 (2)Governance V3 (2)
Governance V3 (2)guestf73e68
 
Presenting VALIT Frameworks and Comparing between Them and Other Enterprise A...
Presenting VALIT Frameworks and Comparing between Them and Other Enterprise A...Presenting VALIT Frameworks and Comparing between Them and Other Enterprise A...
Presenting VALIT Frameworks and Comparing between Them and Other Enterprise A...Eswar Publications
 
CHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docx
CHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docxCHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docx
CHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docxbartholomeocoombs
 

Similar to Digital Trust Framework (20)

01 intro-cobit
01 intro-cobit01 intro-cobit
01 intro-cobit
 
Implementation of a Decision System for a Suitable IT Governance Framework
Implementation of a Decision System for a Suitable IT Governance FrameworkImplementation of a Decision System for a Suitable IT Governance Framework
Implementation of a Decision System for a Suitable IT Governance Framework
 
CoBIT 5 (A brief Description)
CoBIT 5 (A brief Description)CoBIT 5 (A brief Description)
CoBIT 5 (A brief Description)
 
Cobit 2019 framework by ISACA
Cobit 2019 framework by ISACACobit 2019 framework by ISACA
Cobit 2019 framework by ISACA
 
Cobit 41 framework
Cobit 41 frameworkCobit 41 framework
Cobit 41 framework
 
COBIT 5 FAQ
COBIT 5 FAQCOBIT 5 FAQ
COBIT 5 FAQ
 
Proposal of a Framework of Lean Governance and Management of Enterprise IT
Proposal of a Framework of Lean Governance and Management of Enterprise ITProposal of a Framework of Lean Governance and Management of Enterprise IT
Proposal of a Framework of Lean Governance and Management of Enterprise IT
 
Audit rizkie hafizzah
Audit rizkie hafizzahAudit rizkie hafizzah
Audit rizkie hafizzah
 
Accountability Corbit Overview 06262007
Accountability Corbit Overview 06262007Accountability Corbit Overview 06262007
Accountability Corbit Overview 06262007
 
CobiT And ITIL Breakfast Seminar
CobiT And ITIL Breakfast SeminarCobiT And ITIL Breakfast Seminar
CobiT And ITIL Breakfast Seminar
 
Cobit 4.1 ivo oktavianti
Cobit 4.1 ivo oktaviantiCobit 4.1 ivo oktavianti
Cobit 4.1 ivo oktavianti
 
Cobit 4.1 ivooktavianti
Cobit 4.1 ivooktaviantiCobit 4.1 ivooktavianti
Cobit 4.1 ivooktavianti
 
Cobit 4.1 ivo oktavianti
Cobit 4.1 ivo oktaviantiCobit 4.1 ivo oktavianti
Cobit 4.1 ivo oktavianti
 
rethinking marketing
rethinking marketingrethinking marketing
rethinking marketing
 
Principal 4 Enabling A Holistic Approach
Principal 4 Enabling A Holistic ApproachPrincipal 4 Enabling A Holistic Approach
Principal 4 Enabling A Holistic Approach
 
Qap cobit2019-20181111
Qap cobit2019-20181111Qap cobit2019-20181111
Qap cobit2019-20181111
 
Governance V3 (2)
Governance V3 (2)Governance V3 (2)
Governance V3 (2)
 
Cobit
CobitCobit
Cobit
 
Presenting VALIT Frameworks and Comparing between Them and Other Enterprise A...
Presenting VALIT Frameworks and Comparing between Them and Other Enterprise A...Presenting VALIT Frameworks and Comparing between Them and Other Enterprise A...
Presenting VALIT Frameworks and Comparing between Them and Other Enterprise A...
 
CHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docx
CHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docxCHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docx
CHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docx
 

More from Maganathin Veeraragaloo

Cybersecurity Capability Maturity Model (C2M2)
Cybersecurity Capability Maturity Model (C2M2)Cybersecurity Capability Maturity Model (C2M2)
Cybersecurity Capability Maturity Model (C2M2)Maganathin Veeraragaloo
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKMaganathin Veeraragaloo
 
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORKCYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORKMaganathin Veeraragaloo
 
Enterprise security architecture approach
Enterprise security architecture approachEnterprise security architecture approach
Enterprise security architecture approachMaganathin Veeraragaloo
 
Domain 5 - Identity and Access Management
Domain 5 - Identity and Access Management Domain 5 - Identity and Access Management
Domain 5 - Identity and Access Management Maganathin Veeraragaloo
 

More from Maganathin Veeraragaloo (20)

MULTI-CLOUD ARCHITECTURE
MULTI-CLOUD ARCHITECTUREMULTI-CLOUD ARCHITECTURE
MULTI-CLOUD ARCHITECTURE
 
Cloud security (domain11 14)
Cloud security (domain11 14)Cloud security (domain11 14)
Cloud security (domain11 14)
 
Cloud security (domain6 10)
Cloud security (domain6 10)Cloud security (domain6 10)
Cloud security (domain6 10)
 
Cloud Security (Domain1- 5)
Cloud Security (Domain1- 5)Cloud Security (Domain1- 5)
Cloud Security (Domain1- 5)
 
BTABOK / ITABOK
BTABOK / ITABOKBTABOK / ITABOK
BTABOK / ITABOK
 
Observability
ObservabilityObservability
Observability
 
Foresight 4 Cybersecurity
Foresight 4 CybersecurityForesight 4 Cybersecurity
Foresight 4 Cybersecurity
 
Cybersecurity Capability Maturity Model (C2M2)
Cybersecurity Capability Maturity Model (C2M2)Cybersecurity Capability Maturity Model (C2M2)
Cybersecurity Capability Maturity Model (C2M2)
 
CLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYCLOUD NATIVE SECURITY
CLOUD NATIVE SECURITY
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
 
ISO 27005 - Digital Trust Framework
ISO 27005 - Digital Trust FrameworkISO 27005 - Digital Trust Framework
ISO 27005 - Digital Trust Framework
 
ITIL4 - DIGITAL TRUST FRAMEWORK
ITIL4 - DIGITAL TRUST FRAMEWORKITIL4 - DIGITAL TRUST FRAMEWORK
ITIL4 - DIGITAL TRUST FRAMEWORK
 
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORKCYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
 
Open Digital Framework from TMFORUM
Open Digital Framework from TMFORUMOpen Digital Framework from TMFORUM
Open Digital Framework from TMFORUM
 
Enterprise security architecture approach
Enterprise security architecture approachEnterprise security architecture approach
Enterprise security architecture approach
 
Cloud and Data Privacy
Cloud and Data PrivacyCloud and Data Privacy
Cloud and Data Privacy
 
XaaS Overview
XaaS OverviewXaaS Overview
XaaS Overview
 
Multi cloud security architecture
Multi cloud security architecture Multi cloud security architecture
Multi cloud security architecture
 
Multi Cloud Architecture Approach
Multi Cloud Architecture ApproachMulti Cloud Architecture Approach
Multi Cloud Architecture Approach
 
Domain 5 - Identity and Access Management
Domain 5 - Identity and Access Management Domain 5 - Identity and Access Management
Domain 5 - Identity and Access Management
 

Recently uploaded

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 

Recently uploaded (20)

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 

Digital Trust Framework

  • 1. DIGITAL TRUST FRAMEWORK (DTF) Maganathin Veeraragaloo 7th December 2021
  • 2. The TMForum's Open Digital Architecture (ODA)will be used as the cornerstone for this Framework https://www.tmforum.org/oda/ ODA was initially designed for the Telecommunications Industry inclusive of 5G Services. The Digital Trust Framework is developed for the 4IR Environment The Digital Trust Framework (DTF) will be a blueprint for modular, cloud-based, open digital platforms that can be orchestrated using AI ODA will be integrated with COBIT 2019, ITIL 4 and ISO 27005 RISK MANAGER – this is to ensure an overall Digital Trust approach for a continuous evolving SYSTEMS Environment
  • 3. Transformation Tools As-Is Applications Transformation Toolkits Maturity Tools Metrics Maturity Models Data Benchmark Data AI Training Data DIGITAL TRUST FRAMEWORK DIGITAL TRUST ARCHITECTURE Governance Concepts & Principles Design Guides Microservices Architecture Governance AI Governance Data Governance Security Governance Agile Lifecycle Management Business Deployment & Run Information Systems Implementation Business Capability Repository Process Framework Information Framework Integration Framework Functional Framework & Architecture Canvas Operation Frameworks Reference Implementation Technical Architecture Components Open API’s Data Model
  • 4. ITIL 4 Capability Framework DIGITAL TRUST FRAMEWORK Governance & Processes Cybersecurity Mesh Architecture
  • 6. SOURCE: https://blogs.bmc.com/cobit/?print=pdf COBIT is a best practice framework, but its scope is unique from most frameworks in that it focuses narrowly on security, risk management, and governance. If you’re looking to streamline business processes, sync IT with business needs, alter your IT infrastructure, or manage the multi- cloud, COBIT isn’t the answer.
  • 7. SOURCE: https://blogs.bmc.com/cobit/?print=pdf Short for Control Objectives for Information and Related Technologies, COBIT was first developed to guide IT governance and management. Its latest iteration, COBIT 2019, has revamped parts of its framework while offering much-needed updates that accounts for ever-present cybersecurity threats and the incorporation of Agile and DevOps practices. COBIT 2019 continues to fit in nicely with ITIL, TOGAF, and CMMI, and it serves as a good umbrella framework for unifying processes across an organization. COBIT 2019 has several new goals, too, including but not limited to the following:  Improved alignment with global standards and best practices to encourage COBIT’s relevance New open-source model allows for global feedback, hopefully resulting in faster, more agile updates and improvements  More guidance and prescriptions to make COBIT a best-fit governance system, not one that works against the enterprise Better measurement tools to align with CMMI
  • 8.
  • 9.
  • 10. Key Differences Between COBIT 5 and COBIT 2019 COBIT 5 COBIT 2019 Five governance principles Six governance principles 7 processes 40 processes “Manage” terminology is used for management processes “Ensure” terminology is used for governance processes “Managed” terminology is used for management processes “Ensured” terminology is used for governance processes Governance framework principles are absent Governance framework principles area added Measuring performance uses 0-5 scale based on ISO/IEC 33000 CMMI performance management scheme used Enablers are included Enablers are renamed as components Design factors are not available Design factors are included
  • 11.
  • 12. COBIT business orientation and form of operation comprises of linking business goals to IT goals, providing info metrics and maturity models for ascertaining the level of accomplishments and noting the interrelated responsibilities of business and IT process owners. To completely understand the scope of the mode of operation of the COBIT framework, two main parameters are provided: Control is the form of procedures, practices, policies, and organizational structures designed to provide an acceptable level of assurance that business objectives and strategies will be attained and undesired incidents will be detected and corrected in a quick, concise manner. IT Control Objective is a statement of the level of acceptable results to be attained by implementing control procedures concerning a particular IT operation.
  • 13. Framework. Organize and categorize IT governance objectives and good practices by IT domains and processes before associating them with their respective business requirements. Process descriptions. A reference process model and common language for everyone in an enterprise. Control objectives. Use this complete set of high-level requirements for effective control of each IT process. Management guidelines. Assign responsibility, agree on objectives, measure performance, and illustrate interrelationship with other processes. Maturity models. Assess maturity and capability per process and helps to address gaps.
  • 15.
  • 16. INTERNAL STAKEHOLDERS BOARDS EXECUTIVE MANAGEMENT BUSINESS MANAGERS IT MANAGERS ASSURANCE PROVIDERS RISK MANAGEMENT Provides insights on how to get value from the use of I&T and explains relevant board responsibilities Provides guidance on how to organize and monitor performance of I&T across the enterprise Helps to understand how to obtain the I&T solutions enterprises require and how best to exploit new technology for strategic opportunities Helps manage dependencies on external service providers, provides assurance over IT, and ensures the existence of an effective and efficient system of internal controls Helps to ensure the identification and management of all IT-related risk Provides guidance on how best to build and structure the IT department, manage performance of IT, run an efficient and effective IT operation, control IT costs, align IT strategy to business priorities, etc.
  • 17. EXTERNAL STAKEHOLDERS REGULATORS BUSINESS PARTNERS IT VENDORS Determines whether the enterprise is compliant with applicable rules and regulations and advises that the enterprise has the right governance system in place to manage and sustain compliance Confirm that a business partner’s operations are secure, reliable and compliant with applicable rules and regulations IT vendor’s operations must establish that they are secure, reliable and compliant with applicable rules and regulations.
  • 18.
  • 19.
  • 20. The six (6) principles are the core requirements for a governance system for enterprise information and technology. 1. Each enterprise needs a governance system to satisfy stakeholder needs and to generate value from the use of I&T. 2. A governance system for enterprise I&T is built from a number of components that can be of different types and that work together in a holistic way. 3. A governance system should be dynamic. This means that each time one or more of the design factors are changed the impact of these changes on the EGIT system must be considered. 4. A governance system should clearly distinguish between governance and management activities and structures. 5. A governance system should be tailored to the enterprise’s needs, using a set of design factors as parameters to customize and prioritize the governance system components. 6. A governance system should cover the enterprise end to end, focusing not only on the IT function but on all technology and information processing the enterprise puts in place to achieve its goals.
  • 21. The three (3) principles identify the underlying principles for a governance framework that can be used to build a governance system for the enterprise. 1. A governance framework should be based on a conceptual model, identifying the key components and relationships among components, to maximize consistency and allow automation. 2. A governance framework should be open and flexible. It should allow the addition of new content and the ability to address new issues in the most flexible way, while maintaining integrity and consistency. 3. A governance framework should align to relevant major related standards, frameworks and regulations
  • 22. For information and technology to contribute to enterprise goals, a number of governance and management objectives should be achieved. A governance or management objective always relates to one process and a series of related components of other types to help achieve the objective A governance objective relates to a governance process, while a management objective relates to a management process.
  • 23. The governance and management objectives in COBIT® 2019 are grouped into five domains. The domains have names that express the key purpose and areas of activity of the objectives contained in them.
  • 24.
  • 26. Enterprise goals have been consolidated, reduced, updated and clarified. Alignment goals emphasize the alignment of all IT efforts with business objectives These were IT-related goals in COBIT 5 The update seeks to avoid the frequent misunderstanding that these goals indicate purely internal objectives of the IT department within an enterprise Alignment goals have also been consolidated, reduced, updated and clarified where necessary SOURCE: ISACA® (isaca.org)
  • 27. Each enterprise’s governance system is built from a number of components Components can be of different types Components interact with each other, resulting in a holistic governance system for I&T These were known as enablers in COBIT 5 SOURCE: ISACA® (isaca.org)
  • 28. Components can be generic or variants of generic components: Generic components are described in the COBIT core model  Apply in principle to any situation  However, they are generic in nature and  generally need customization before being practically implemented Variants are based on generic components but  Tailored for a specific purpose or context within a focus area (e.g., for information security, DevOps, a particular regulation) SOURCE: ISACA® (isaca.org)
  • 29. A Focus Area describes a certain governance topic, domain or issue that can be addressed by a collection of governance and management objectives and their components. Focus Areas can contain a combination of generic governance components and variants The number of focus areas is virtually unlimited. That is what makes COBIT open-ended. New focus areas can be added as required or as subject matter experts and practitioners contribute. SOURCE: ISACA® (isaca.org)
  • 30. Design factors are factors that: Influence the design of an enterprise’s governance system Position it for success in the use of I&T More information and detailed guidance on how to use the design factors for designing a governance system can be found in the COBIT Design Guide publication SOURCE: ISACA® (isaca.org)
  • 32. Design factors influence in different ways the tailoring of the governance system of an enterprise. Specific Focus Area Design Factor Impact Management Objective Priority & Target Capability Levels Component Variations SOURCE: ISACA® (isaca.org)
  • 33. Management Objective Priority and Target Capability Levels Design factor influence can make some governance and management objectives more important than others, sometimes to the extent that they become negligible • In practice, this higher importance translates into setting higher target capability levels Specific Focus Area Design Factor Impact Management Objective Priority & Target Capability Levels Component Variations SOURCE: ISACA® (isaca.org)
  • 34. Component Variations Components are required to achieve governance and management objectives. Some design factors can influence the importance of one or more components or can require specific variations Specific Focus Area Design Factor Impact Management Objective Priority & Target Capability Levels Component Variations
  • 35. Specific Focus Areas Some design factors, such as threat landscape, specific risk, target development methods and infrastructure set-up, will drive the need for variation of the core COBIT model content to a specific context Specific Focus Area Design Factor Impact Management Objective Priority & Target Capability Levels Component Variations SOURCE: ISACA® (isaca.org)
  • 36. The different stages and steps in the design process will result in recommendations for prioritizing governance and management objectives or related governance system components, for target capability levels, or for adopting specific variants of a governance system component. SOURCE: ISACA® (isaca.org)
  • 37. The implementation approach is based on empowering business and IT stakeholders and role players to take ownership of IT-related governance and management decisions and activities by facilitating and enabling change. Implementation guide is a phased approach with three perspectives Continual Improvement Program Management Change Enablement
  • 38. 1. Program Management • Outer Ring 2. Change Enablement • Middle Ring 3. Continual Improvement Lifecycle • Inner Ring It recognizes that I&T are pervasive in enterprises and that it is neither possible nor good practice to separate business and IT-related activities. SOURCE: ISACA® (isaca.org)
  • 40. COBIT Performance Management (CPM) refers to how well the governance and management system and all the components of an enterprise work, and how they can be improved up to the required level. It includes concepts and methods such as capability levels and maturity levels. COBIT 2019 is based on the following principles: Simple to understand and use Consistent with, and support the COBIT conceptual model Provide reliable, repeatable and relevant results Must be flexible Should support different types of assessments SOURCE: ISACA® (isaca.org)
  • 41.  COBIT 2019 supports a CMMI-based process capability scheme  The process within each governance and management objective can operate at capability levels, between 0 to 5  The capability level is a measure for how well a process is implemented and performing  Each process activity is associated with a capability level SOURCE: ISACA® (isaca.org)
  • 42. Each process activity is associated with a capability level Helps users implement processes at a foundational Level  Identifies future activities to achieve a higher capability level
  • 43.  Sometimes a more high-level for expressing performance is required, less granular than individual process capability ratings: Maturity Levels  We define maturity levels in COBIT 2019 update as a performance measure at the Focus Area level