SlideShare a Scribd company logo

Cobit 5 ( Kontrol dan Auditing Sistem Informasi )

Download as PPTX, PDF
Pajar Bahari
Pajar Bahari

Kontrol dan Auditing Sistem Informasi

Education
1 of 15
pjb Pajar Bahari 11353100102 Kontrol dan Audit Sistem Informasi
COBIT 5 pjb
pjb For information security
pjb ISACA defines information security as something that: Ensures that within the enterprise, information is protected against disclosure to unauthorised users (confidentiality), improper modification (integrity) and non-access when required (availability). • Confidentiality means preserving authorised restrictions on access and disclosure, including means for protecting privacy and proprietary information. • Integrity means guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity. • Availability means ensuring timely and reliable access to and use of information
pjb Although several other definitions of the term exist, this definition provides the very basics of information security as it covers the confidentiality, integrity and availability (CIA) concept. It is important to note that while the CIA concept is globally accepted, there are broader uses of the term ‘integrity’ in the wider business context. COBIT 5 covers this term in the information enabler as information goals of completeness and accuracy. COBIT 5 for Information Security is limited to the security view of this term and builds on this definition to describe how information security can be applied in real life, taking into account the COBIT 5 principles.
pjb Information security is a business enabler that is strictly bound to stakeholder trust, either by addressing business risk or by creating value for an enterprise, such as competitive advantage. At a time when the significance of information and related technologies is increasing in every aspect of business and public life, the need to mitigate information risk, which includes protecting information and related IT assets from ever-changing threats, is constantly intensifying. Increasing regulation within the business landscape adds to the awareness of the board of directors of the criticality of information security for information and IT-related assets.
pjb For Risk
pjb Enterprises exist to create value for their stakeholders. Consequently, any enterprise, commercial or not, has value creation as a governance objective. Value creation means realising benefits at an optimal resource cost while optimising risk (figure 4). Benefits can take many forms, e.g., financial for commercial enterprises or public service for government entities.
pjb Enterprises have many stakeholders, and ‘creating value’ means different, and sometimes conflicting, things to each stakeholder. Governance is about negotiating and deciding amongst different stakeholder value interests. The risk optimisation component of value creation shows that: • Risk optimisation is an essential part of any governance system. • Risk optimisation cannot be seen in isolation, i.e., actions taken as part of risk management will influence benefits realisation and resource optimisation.
pjb Risk is generally defined as the combination of the probability of an event and its consequence (ISO Guide 73). Consequences are that enterprise objectives are not met. COBIT 5 for Risk defines IT risk as business risk, specifically, the business risk associated with the use, ownership, operation, involvement, influence and adoption of IT within an enterprise. IT risk consists of IT-related events that could potentially impact the business. IT risk can occur with both uncertain frequency and impact and creates challenges in meeting strategic goals and objectives.
pjb IT risk always exists, whether or not it is detected or recognised by an enterprise
pjb ● IT benefit/value enablement risk—Associated with missed opportunities to use technology to improve efficiency or effectiveness of business processes or as an enabler for new business initiatives. ● IT programme and project delivery risk—Associated with the contribution of IT to new or improved business solutions, usually in the form of projects and programmes as part of investment portfolios ● IT operations and service delivery risk—Associated with all aspects of the business as usual performance of IT systems and services, which can bring destruction or reduction of value to the enterprise IT risk can be categorised as follows:
pjb Figure 5 shows that for all categories of downside IT risk (‘Fail to Gain’ and ‘Lose’ business value) there is an equivalent upside (‘Gain’ and ‘Preserve’ business). For example: • Service delivery—If service delivery practices are strengthened, the enterprise can benefit, e.g., by being ready to absorb additional transaction volumes or market share. • Project delivery—Successful project delivery brings new business functionality.
pjb It is important to keep this upside/downside duality of risk in mind (see figure 6) during all risk-related decisions. For example, decisions should consider: • The exposure that may result if a risk is not mitigated versus the benefit if the associated loss exposure is reduced to an acceptable level. • The potential benefit that may accrue if opportunities are taken versus missed benefits if opportunities are foregone.
pjb Risk is not always to be avoided. Doing business is about taking risk that is consistent with the risk appetite, i.e., many business propositions require IT risk to be taken to achieve the value proposition and realise enterprise goals and objectives, and this risk should be managed but not necessarily avoided.

Recommended

Cobit 5 (Control and Audit Information System)
Cobit 5 (Control and Audit Information System)Cobit 5 (Control and Audit Information System)
Cobit 5 (Control and Audit Information System)Rudi Kurniawan
 
Cobit 5 - Kontrol dan Audit Sistem informasi
Cobit 5 - Kontrol dan Audit Sistem informasiCobit 5 - Kontrol dan Audit Sistem informasi
Cobit 5 - Kontrol dan Audit Sistem informasisayuti01
 
Arie rahman satria ( 11353100515 )
Arie rahman satria ( 11353100515 )Arie rahman satria ( 11353100515 )
Arie rahman satria ( 11353100515 )Arie Rahman Satria
 
Tomi ismeidianto ( 11353104557 ) Control and Auditing information Systam
Tomi ismeidianto ( 11353104557 ) Control and Auditing information SystamTomi ismeidianto ( 11353104557 ) Control and Auditing information Systam
Tomi ismeidianto ( 11353104557 ) Control and Auditing information SystamTomi Ismeidianto
 
Cobit 5 for Information Security
Cobit 5 for Information SecurityCobit 5 for Information Security
Cobit 5 for Information SecuritySeto Joseles
 
Audit rizkie hafizzah
Audit rizkie hafizzahAudit rizkie hafizzah
Audit rizkie hafizzahRizkie Hafizzah
 
Donna Febriani
Donna FebrianiDonna Febriani
Donna FebrianiDonna Febriani
 
Cobit 5 for information security
Cobit 5 for information securityCobit 5 for information security
Cobit 5 for information securityElkanouni Mohamed
 

Recommended

Cobit 5 (Control and Audit Information System)
Cobit 5 (Control and Audit Information System)Cobit 5 (Control and Audit Information System)
Cobit 5 (Control and Audit Information System)Rudi Kurniawan
 
Cobit 5 - Kontrol dan Audit Sistem informasi
Cobit 5 - Kontrol dan Audit Sistem informasiCobit 5 - Kontrol dan Audit Sistem informasi
Cobit 5 - Kontrol dan Audit Sistem informasisayuti01
 
Arie rahman satria ( 11353100515 )
Arie rahman satria ( 11353100515 )Arie rahman satria ( 11353100515 )
Arie rahman satria ( 11353100515 )Arie Rahman Satria
 
Tomi ismeidianto ( 11353104557 ) Control and Auditing information Systam
Tomi ismeidianto ( 11353104557 ) Control and Auditing information SystamTomi ismeidianto ( 11353104557 ) Control and Auditing information Systam
Tomi ismeidianto ( 11353104557 ) Control and Auditing information SystamTomi Ismeidianto
 
Cobit 5 for Information Security
Cobit 5 for Information SecurityCobit 5 for Information Security
Cobit 5 for Information SecuritySeto Joseles
 
Audit rizkie hafizzah
Audit rizkie hafizzahAudit rizkie hafizzah
Audit rizkie hafizzahRizkie Hafizzah
 
Donna Febriani
Donna FebrianiDonna Febriani
Donna FebrianiDonna Febriani
 
Cobit 5 for information security
Cobit 5 for information securityCobit 5 for information security
Cobit 5 for information securityElkanouni Mohamed
 
Grc coso cobit_mapped_shared
Grc coso cobit_mapped_sharedGrc coso cobit_mapped_shared
Grc coso cobit_mapped_sharedSeek Hai, Frank Chin
 
CObIT
CObITCObIT
CObITSophia Abigayle
 
Cobit5 and-grc
Cobit5 and-grcCobit5 and-grc
Cobit5 and-grcTatto Sugiopranoto
 
Lailatul izzati
Lailatul izzatiLailatul izzati
Lailatul izzatiLailatul Izzati
 
01 intro-cobit
01 intro-cobit01 intro-cobit
01 intro-cobityusrizalmukhtar
 
It governance
It governanceIt governance
It governanceLusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
Ais Romney 2006 Slides 06 Control And Ais
Ais Romney 2006 Slides 06 Control And AisAis Romney 2006 Slides 06 Control And Ais
Ais Romney 2006 Slides 06 Control And AisSharing Slides Training
 
IT Governance - OpenThinking Day
IT Governance - OpenThinking DayIT Governance - OpenThinking Day
IT Governance - OpenThinking DayIyad Mourtada, CMA, CIA, CFE, CCSA, CRMA, CPLP
 
Cobit 41 framework
Cobit 41 frameworkCobit 41 framework
Cobit 41 frameworkYulias Sihombing, Ak, MAk, CIA
 
Corporate governance of INFORMATION TECHNOLOGY (IT)
Corporate governance of INFORMATION TECHNOLOGY (IT)Corporate governance of INFORMATION TECHNOLOGY (IT)
Corporate governance of INFORMATION TECHNOLOGY (IT)Osman Hasan
 
What Every Executive Needs To Know About IT Governance
What Every Executive Needs To Know About IT GovernanceWhat Every Executive Needs To Know About IT Governance
What Every Executive Needs To Know About IT GovernanceBill Lisse
 
EIS Amendments CA INTER
EIS Amendments CA INTEREIS Amendments CA INTER
EIS Amendments CA INTERRaj Kumar
 
Global Artificial Intelligence (AI) Index
Global Artificial Intelligence (AI) IndexGlobal Artificial Intelligence (AI) Index
Global Artificial Intelligence (AI) IndexMohammad Reda Katby
 
Governance Of Enterprise Information Technology V3
Governance Of Enterprise Information Technology V3Governance Of Enterprise Information Technology V3
Governance Of Enterprise Information Technology V3pjmartinez
 
Rob kloots auditingforscyandbcm
Rob kloots auditingforscyandbcmRob kloots auditingforscyandbcm
Rob kloots auditingforscyandbcmRobert Kloots
 
Ais Romney 2006 Slides 07 Is Control1
Ais Romney 2006 Slides 07 Is Control1Ais Romney 2006 Slides 07 Is Control1
Ais Romney 2006 Slides 07 Is Control1Sharing Slides Training
 
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)Muhammad Azmy
 
Using COBIT PO9 to perform Project Risk Analysis
Using COBIT PO9 to perform Project Risk AnalysisUsing COBIT PO9 to perform Project Risk Analysis
Using COBIT PO9 to perform Project Risk Analysiswebmentorman
 
ITIL With Information Security
ITIL With Information SecurityITIL With Information Security
ITIL With Information Securityvikasraina
 
It governance
It governanceIt governance
It governanceMahetab Khan
 
Kontrol audit sistem informasi
Kontrol audit sistem informasiKontrol audit sistem informasi
Kontrol audit sistem informasiDinda Afani
 
153084837 makalah-cobit
153084837 makalah-cobit153084837 makalah-cobit
153084837 makalah-cobitarimayawulantara
 

More Related Content

What's hot

Ais Romney 2006 Slides 06 Control And Ais
Ais Romney 2006 Slides 06 Control And AisAis Romney 2006 Slides 06 Control And Ais
Ais Romney 2006 Slides 06 Control And AisSharing Slides Training
 
Corporate governance of INFORMATION TECHNOLOGY (IT)
Corporate governance of INFORMATION TECHNOLOGY (IT)Corporate governance of INFORMATION TECHNOLOGY (IT)
Corporate governance of INFORMATION TECHNOLOGY (IT)Osman Hasan
 
What Every Executive Needs To Know About IT Governance
What Every Executive Needs To Know About IT GovernanceWhat Every Executive Needs To Know About IT Governance
What Every Executive Needs To Know About IT GovernanceBill Lisse
 
EIS Amendments CA INTER
EIS Amendments CA INTEREIS Amendments CA INTER
EIS Amendments CA INTERRaj Kumar
 
Global Artificial Intelligence (AI) Index
Global Artificial Intelligence (AI) IndexGlobal Artificial Intelligence (AI) Index
Global Artificial Intelligence (AI) IndexMohammad Reda Katby
 
Governance Of Enterprise Information Technology V3
Governance Of Enterprise Information Technology V3Governance Of Enterprise Information Technology V3
Governance Of Enterprise Information Technology V3pjmartinez
 
Rob kloots auditingforscyandbcm
Rob kloots auditingforscyandbcmRob kloots auditingforscyandbcm
Rob kloots auditingforscyandbcmRobert Kloots
 
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)Muhammad Azmy
 
Using COBIT PO9 to perform Project Risk Analysis
Using COBIT PO9 to perform Project Risk AnalysisUsing COBIT PO9 to perform Project Risk Analysis
Using COBIT PO9 to perform Project Risk Analysiswebmentorman
 
ITIL With Information Security
ITIL With Information SecurityITIL With Information Security
ITIL With Information Securityvikasraina
 

What's hot (20)

Grc coso cobit_mapped_shared
Grc coso cobit_mapped_sharedGrc coso cobit_mapped_shared
Grc coso cobit_mapped_shared
 
CObIT
CObITCObIT
CObIT
 
Cobit5 and-grc
Cobit5 and-grcCobit5 and-grc
Cobit5 and-grc
 
Lailatul izzati
Lailatul izzatiLailatul izzati
Lailatul izzati
 
01 intro-cobit
01 intro-cobit01 intro-cobit
01 intro-cobit
 
It governance
It governanceIt governance
It governance
 
Ais Romney 2006 Slides 06 Control And Ais
Ais Romney 2006 Slides 06 Control And AisAis Romney 2006 Slides 06 Control And Ais
Ais Romney 2006 Slides 06 Control And Ais
 
IT Governance - OpenThinking Day
IT Governance - OpenThinking DayIT Governance - OpenThinking Day
IT Governance - OpenThinking Day
 
Cobit 41 framework
Cobit 41 frameworkCobit 41 framework
Cobit 41 framework
 
Corporate governance of INFORMATION TECHNOLOGY (IT)
Corporate governance of INFORMATION TECHNOLOGY (IT)Corporate governance of INFORMATION TECHNOLOGY (IT)
Corporate governance of INFORMATION TECHNOLOGY (IT)
 
What Every Executive Needs To Know About IT Governance
What Every Executive Needs To Know About IT GovernanceWhat Every Executive Needs To Know About IT Governance
What Every Executive Needs To Know About IT Governance
 
EIS Amendments CA INTER
EIS Amendments CA INTEREIS Amendments CA INTER
EIS Amendments CA INTER
 
Global Artificial Intelligence (AI) Index
Global Artificial Intelligence (AI) IndexGlobal Artificial Intelligence (AI) Index
Global Artificial Intelligence (AI) Index
 
Governance Of Enterprise Information Technology V3
Governance Of Enterprise Information Technology V3Governance Of Enterprise Information Technology V3
Governance Of Enterprise Information Technology V3
 
Rob kloots auditingforscyandbcm
Rob kloots auditingforscyandbcmRob kloots auditingforscyandbcm
Rob kloots auditingforscyandbcm
 
Ais Romney 2006 Slides 07 Is Control1
Ais Romney 2006 Slides 07 Is Control1Ais Romney 2006 Slides 07 Is Control1
Ais Romney 2006 Slides 07 Is Control1
 
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
 
Using COBIT PO9 to perform Project Risk Analysis
Using COBIT PO9 to perform Project Risk AnalysisUsing COBIT PO9 to perform Project Risk Analysis
Using COBIT PO9 to perform Project Risk Analysis
 
ITIL With Information Security
ITIL With Information SecurityITIL With Information Security
ITIL With Information Security
 
It governance
It governanceIt governance
It governance
 

Viewers also liked

Kontrol audit sistem informasi
Kontrol audit sistem informasiKontrol audit sistem informasi
Kontrol audit sistem informasiDinda Afani
 
PENGENALAN AUDIT DAN KONTROL SISTEM INFORMASI
PENGENALAN AUDIT DAN KONTROL SISTEM INFORMASIPENGENALAN AUDIT DAN KONTROL SISTEM INFORMASI
PENGENALAN AUDIT DAN KONTROL SISTEM INFORMASIDhina Pohan
 
Kontrol dan audit sistem informasi
Kontrol dan audit sistem informasiKontrol dan audit sistem informasi
Kontrol dan audit sistem informasisyul amri
 
Comparación de CobiT 5 con CobiT 4.1
Comparación de CobiT 5 con CobiT 4.1Comparación de CobiT 5 con CobiT 4.1
Comparación de CobiT 5 con CobiT 4.1Slime Argentina
 
Kontrol dan Audit Sistem Informasi
Kontrol dan Audit Sistem InformasiKontrol dan Audit Sistem Informasi
Kontrol dan Audit Sistem InformasiHerman efendi
 
Auditor Sistem Informasi dalam Kurikulum Magister Sistem Informasi
Auditor Sistem Informasi dalam Kurikulum Magister Sistem InformasiAuditor Sistem Informasi dalam Kurikulum Magister Sistem Informasi
Auditor Sistem Informasi dalam Kurikulum Magister Sistem InformasiYeffry Handoko
 
Simulasi audit menggunakan it governance ( cobit )
Simulasi audit menggunakan it governance ( cobit )Simulasi audit menggunakan it governance ( cobit )
Simulasi audit menggunakan it governance ( cobit )Nugroho Setiawan
 
Tugas mandiri audit novita dewi 11353202277
Tugas mandiri audit novita dewi 11353202277Tugas mandiri audit novita dewi 11353202277
Tugas mandiri audit novita dewi 11353202277novita dewi
 
Audit Sistem Informasi Akuntansi Keuangan dg software e-solution financial
Audit Sistem Informasi Akuntansi Keuangan dg software e-solution financialAudit Sistem Informasi Akuntansi Keuangan dg software e-solution financial
Audit Sistem Informasi Akuntansi Keuangan dg software e-solution financialSoftware Developer
 
Kontrol & Audit Sistem Informasi
Kontrol & Audit Sistem InformasiKontrol & Audit Sistem Informasi
Kontrol & Audit Sistem Informasidwiki apsyarin
 
Information systems audit and control
Information systems audit and controlInformation systems audit and control
Information systems audit and controlKashif Rana ACCA
 
Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Hendri Eka Saputra
 
Perbedaan cobit 4.1 dan cobit 5
Perbedaan cobit 4.1 dan cobit 5Perbedaan cobit 4.1 dan cobit 5
Perbedaan cobit 4.1 dan cobit 5Furqan Buncit
 
Oracle DBA Meets ITIL and COBIT
Oracle DBA Meets ITIL and COBITOracle DBA Meets ITIL and COBIT
Oracle DBA Meets ITIL and COBITMahesh Vallampati
 

Viewers also liked (19)

Kontrol audit sistem informasi
Kontrol audit sistem informasiKontrol audit sistem informasi
Kontrol audit sistem informasi
 
153084837 makalah-cobit
153084837 makalah-cobit153084837 makalah-cobit
153084837 makalah-cobit
 
PENGENALAN AUDIT DAN KONTROL SISTEM INFORMASI
PENGENALAN AUDIT DAN KONTROL SISTEM INFORMASIPENGENALAN AUDIT DAN KONTROL SISTEM INFORMASI
PENGENALAN AUDIT DAN KONTROL SISTEM INFORMASI
 
Kontrol dan audit sistem informasi
Kontrol dan audit sistem informasiKontrol dan audit sistem informasi
Kontrol dan audit sistem informasi
 
Comparación de CobiT 5 con CobiT 4.1
Comparación de CobiT 5 con CobiT 4.1Comparación de CobiT 5 con CobiT 4.1
Comparación de CobiT 5 con CobiT 4.1
 
Kontrol dan Audit Sistem Informasi
Kontrol dan Audit Sistem InformasiKontrol dan Audit Sistem Informasi
Kontrol dan Audit Sistem Informasi
 
Auditor Sistem Informasi dalam Kurikulum Magister Sistem Informasi
Auditor Sistem Informasi dalam Kurikulum Magister Sistem InformasiAuditor Sistem Informasi dalam Kurikulum Magister Sistem Informasi
Auditor Sistem Informasi dalam Kurikulum Magister Sistem Informasi
 
Cover
CoverCover
Cover
 
Simulasi audit menggunakan it governance ( cobit )
Simulasi audit menggunakan it governance ( cobit )Simulasi audit menggunakan it governance ( cobit )
Simulasi audit menggunakan it governance ( cobit )
 
Botero 2
Botero 2Botero 2
Botero 2
 
Tugas mandiri audit novita dewi 11353202277
Tugas mandiri audit novita dewi 11353202277Tugas mandiri audit novita dewi 11353202277
Tugas mandiri audit novita dewi 11353202277
 
Audit Sistem Informasi Akuntansi Keuangan dg software e-solution financial
Audit Sistem Informasi Akuntansi Keuangan dg software e-solution financialAudit Sistem Informasi Akuntansi Keuangan dg software e-solution financial
Audit Sistem Informasi Akuntansi Keuangan dg software e-solution financial
 
COBIT 5
COBIT 5COBIT 5
COBIT 5
 
Kontrol & Audit Sistem Informasi
Kontrol & Audit Sistem InformasiKontrol & Audit Sistem Informasi
Kontrol & Audit Sistem Informasi
 
Information systems audit and control
Information systems audit and controlInformation systems audit and control
Information systems audit and control
 
Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...
Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...
Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...
 
Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)
 
Perbedaan cobit 4.1 dan cobit 5
Perbedaan cobit 4.1 dan cobit 5Perbedaan cobit 4.1 dan cobit 5
Perbedaan cobit 4.1 dan cobit 5
 
Oracle DBA Meets ITIL and COBIT
Oracle DBA Meets ITIL and COBITOracle DBA Meets ITIL and COBIT
Oracle DBA Meets ITIL and COBIT
 

Similar to Cobit 5 ( Kontrol dan Auditing Sistem Informasi )

Sim an innovative business oriented approach for a distributed access management
Sim an innovative business oriented approach for a distributed access managementSim an innovative business oriented approach for a distributed access management
Sim an innovative business oriented approach for a distributed access managementchristophefeltus
 
Protect Intellectual Property While Offshore Outsourcing
Protect Intellectual Property While Offshore OutsourcingProtect Intellectual Property While Offshore Outsourcing
Protect Intellectual Property While Offshore OutsourcingR Systems International
 
MANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTS
MANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTSMANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTS
MANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTScsandit
 
71 Information Governance Policy Development .docx
71 Information Governance Policy Development .docx71 Information Governance Policy Development .docx
71 Information Governance Policy Development .docxsleeperharwell
 
Discussion 1Recommend three countermeasures that could enhance.docx
Discussion 1Recommend three countermeasures that could enhance.docxDiscussion 1Recommend three countermeasures that could enhance.docx
Discussion 1Recommend three countermeasures that could enhance.docxelinoraudley582231
 
Management of Risk and its integration within ITIL
Management of Risk and its integration within ITILManagement of Risk and its integration within ITIL
Management of Risk and its integration within ITILhdoornbos
 
MAKING SENSE OF IT GOVERNANCE
MAKING SENSE OF IT GOVERNANCEMAKING SENSE OF IT GOVERNANCE
MAKING SENSE OF IT GOVERNANCERudy Shoushany
 
Business Intelligence Productionization
Business Intelligence ProductionizationBusiness Intelligence Productionization
Business Intelligence ProductionizationDavid Moore
 
Innovation connections quick guide managing ict risk for business pdf
Innovation connections quick guide managing ict risk for business pdfInnovation connections quick guide managing ict risk for business pdf
Innovation connections quick guide managing ict risk for business pdfAbdulbasit Almauly
 
Ensuring Security, Privacy, and Compliance in Healthcare IT - Redspin Informa...
Ensuring Security, Privacy, and Compliance in Healthcare IT - Redspin Informa...Ensuring Security, Privacy, and Compliance in Healthcare IT - Redspin Informa...
Ensuring Security, Privacy, and Compliance in Healthcare IT - Redspin Informa...Redspin, Inc.
 
Step by Step Guide to Healthcare IT Security Risk Management - Redspin Infor...
Step by Step Guide to Healthcare IT Security Risk Management - Redspin Infor...Step by Step Guide to Healthcare IT Security Risk Management - Redspin Infor...
Step by Step Guide to Healthcare IT Security Risk Management - Redspin Infor...Redspin, Inc.
 

Similar to Cobit 5 ( Kontrol dan Auditing Sistem Informasi ) (20)

MRTI_W11.pdf
MRTI_W11.pdfMRTI_W11.pdf
MRTI_W11.pdf
 
Sim an innovative business oriented approach for a distributed access management
Sim an innovative business oriented approach for a distributed access managementSim an innovative business oriented approach for a distributed access management
Sim an innovative business oriented approach for a distributed access management
 
Sim an innovative business oriented approach for a distributed access management
Sim an innovative business oriented approach for a distributed access managementSim an innovative business oriented approach for a distributed access management
Sim an innovative business oriented approach for a distributed access management
 
Physical security roi
Physical security roi Physical security roi
Physical security roi
 
Protect Intellectual Property While Offshore Outsourcing
Protect Intellectual Property While Offshore OutsourcingProtect Intellectual Property While Offshore Outsourcing
Protect Intellectual Property While Offshore Outsourcing
 
MANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTS
MANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTSMANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTS
MANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTS
 
71 Information Governance Policy Development .docx
71 Information Governance Policy Development .docx71 Information Governance Policy Development .docx
71 Information Governance Policy Development .docx
 
Discussion 1Recommend three countermeasures that could enhance.docx
Discussion 1Recommend three countermeasures that could enhance.docxDiscussion 1Recommend three countermeasures that could enhance.docx
Discussion 1Recommend three countermeasures that could enhance.docx
 
Management of Risk and its integration within ITIL
Management of Risk and its integration within ITILManagement of Risk and its integration within ITIL
Management of Risk and its integration within ITIL
 
Topic11
Topic11Topic11
Topic11
 
BCSITv3.1
BCSITv3.1BCSITv3.1
BCSITv3.1
 
Cobit 5 introduction plgr
Cobit 5 introduction plgrCobit 5 introduction plgr
Cobit 5 introduction plgr
 
MAKING SENSE OF IT GOVERNANCE
MAKING SENSE OF IT GOVERNANCEMAKING SENSE OF IT GOVERNANCE
MAKING SENSE OF IT GOVERNANCE
 
Return on Investment of Diversity and Inclusion Initiatives in Information Go...
Return on Investment of Diversity and Inclusion Initiatives in Information Go...Return on Investment of Diversity and Inclusion Initiatives in Information Go...
Return on Investment of Diversity and Inclusion Initiatives in Information Go...
 
Business Intelligence Productionization
Business Intelligence ProductionizationBusiness Intelligence Productionization
Business Intelligence Productionization
 
Innovation connections quick guide managing ict risk for business pdf
Innovation connections quick guide managing ict risk for business pdfInnovation connections quick guide managing ict risk for business pdf
Innovation connections quick guide managing ict risk for business pdf
 
Getting The Benefits
Getting The BenefitsGetting The Benefits
Getting The Benefits
 
Ensuring Security, Privacy, and Compliance in Healthcare IT - Redspin Informa...
Ensuring Security, Privacy, and Compliance in Healthcare IT - Redspin Informa...Ensuring Security, Privacy, and Compliance in Healthcare IT - Redspin Informa...
Ensuring Security, Privacy, and Compliance in Healthcare IT - Redspin Informa...
 
Step by Step Guide to Healthcare IT Security Risk Management - Redspin Infor...
Step by Step Guide to Healthcare IT Security Risk Management - Redspin Infor...Step by Step Guide to Healthcare IT Security Risk Management - Redspin Infor...
Step by Step Guide to Healthcare IT Security Risk Management - Redspin Infor...
 
)k
)k)k
)k
 

Recently uploaded

Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991RKavithamani
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting DataJhengPantaleon
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 

Recently uploaded (20)

Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 

Cobit 5 ( Kontrol dan Auditing Sistem Informasi )

  • 4. pjb ISACA defines information security as something that: Ensures that within the enterprise, information is protected against disclosure to unauthorised users (confidentiality), improper modification (integrity) and non-access when required (availability). • Confidentiality means preserving authorised restrictions on access and disclosure, including means for protecting privacy and proprietary information. • Integrity means guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity. • Availability means ensuring timely and reliable access to and use of information
  • 5. pjb Although several other definitions of the term exist, this definition provides the very basics of information security as it covers the confidentiality, integrity and availability (CIA) concept. It is important to note that while the CIA concept is globally accepted, there are broader uses of the term ‘integrity’ in the wider business context. COBIT 5 covers this term in the information enabler as information goals of completeness and accuracy. COBIT 5 for Information Security is limited to the security view of this term and builds on this definition to describe how information security can be applied in real life, taking into account the COBIT 5 principles.
  • 6. pjb Information security is a business enabler that is strictly bound to stakeholder trust, either by addressing business risk or by creating value for an enterprise, such as competitive advantage. At a time when the significance of information and related technologies is increasing in every aspect of business and public life, the need to mitigate information risk, which includes protecting information and related IT assets from ever-changing threats, is constantly intensifying. Increasing regulation within the business landscape adds to the awareness of the board of directors of the criticality of information security for information and IT-related assets.
  • 8. pjb Enterprises exist to create value for their stakeholders. Consequently, any enterprise, commercial or not, has value creation as a governance objective. Value creation means realising benefits at an optimal resource cost while optimising risk (figure 4). Benefits can take many forms, e.g., financial for commercial enterprises or public service for government entities.
  • 9. pjb Enterprises have many stakeholders, and ‘creating value’ means different, and sometimes conflicting, things to each stakeholder. Governance is about negotiating and deciding amongst different stakeholder value interests. The risk optimisation component of value creation shows that: • Risk optimisation is an essential part of any governance system. • Risk optimisation cannot be seen in isolation, i.e., actions taken as part of risk management will influence benefits realisation and resource optimisation.
  • 10. pjb Risk is generally defined as the combination of the probability of an event and its consequence (ISO Guide 73). Consequences are that enterprise objectives are not met. COBIT 5 for Risk defines IT risk as business risk, specifically, the business risk associated with the use, ownership, operation, involvement, influence and adoption of IT within an enterprise. IT risk consists of IT-related events that could potentially impact the business. IT risk can occur with both uncertain frequency and impact and creates challenges in meeting strategic goals and objectives.
  • 11. pjb IT risk always exists, whether or not it is detected or recognised by an enterprise
  • 12. pjb ● IT benefit/value enablement risk—Associated with missed opportunities to use technology to improve efficiency or effectiveness of business processes or as an enabler for new business initiatives. ● IT programme and project delivery risk—Associated with the contribution of IT to new or improved business solutions, usually in the form of projects and programmes as part of investment portfolios ● IT operations and service delivery risk—Associated with all aspects of the business as usual performance of IT systems and services, which can bring destruction or reduction of value to the enterprise IT risk can be categorised as follows:
  • 13. pjb Figure 5 shows that for all categories of downside IT risk (‘Fail to Gain’ and ‘Lose’ business value) there is an equivalent upside (‘Gain’ and ‘Preserve’ business). For example: • Service delivery—If service delivery practices are strengthened, the enterprise can benefit, e.g., by being ready to absorb additional transaction volumes or market share. • Project delivery—Successful project delivery brings new business functionality.
  • 14. pjb It is important to keep this upside/downside duality of risk in mind (see figure 6) during all risk-related decisions. For example, decisions should consider: • The exposure that may result if a risk is not mitigated versus the benefit if the associated loss exposure is reduced to an acceptable level. • The potential benefit that may accrue if opportunities are taken versus missed benefits if opportunities are foregone.
  • 15. pjb Risk is not always to be avoided. Doing business is about taking risk that is consistent with the risk appetite, i.e., many business propositions require IT risk to be taken to achieve the value proposition and realise enterprise goals and objectives, and this risk should be managed but not necessarily avoided.