SlideShare a Scribd company logo

CobIT presentation

Marc Vael
Marc Vael

The document discusses auditing IT compliance and governance. It introduces CobIT, an IT governance framework that can be used to manage IT risks and compliance. CobIT provides over 300 control objectives that help ensure business objectives are met and undesired events are prevented or detected. The document outlines how CobIT can be used to design, implement, assess, and monitor an organization's IT compliance program.

TechnologyBusiness
1 of 12
Download to read offline
Auditing IT Compliance Auditing IT compliance : a practical approach (EEMA) November 2005 Mr. Marc Vael Managing Director Valuendo © 2005 Valuendo. All rights reserved. 1 INFORMATION CLASSIFICATION = PUBLIC Agenda In this session an answer will be given on: – How to manage IT risks & compliance within an organisation using CobIT, the IT governance standard; – How to present the results of IT risk & compliance audits? © 2005 Valuendo. All rights reserved. 2 INFORMATION CLASSIFICATION = PUBLIC Marc Vael EEMA Valuendo November 2005 1
Auditing IT Compliance Introduction • Marc Vael • Managing Director Valuendo (“value & do”) since July 2001 • Education – Master Applied Economics (UAntwerp) – Master Information Management (UHasselt) – Master+ Applied Economics & ICT (KUL) • Core Services – ERM – IT Governance – Information Security Management – Business Continuity / Disaster Recovery – Crisis Management – Data Privacy & Protection – IT Audit & Compliance • Certifications – CISA / CISM / CISSP / ITIL Service Manager © 2005 Valuendo. All rights reserved. 3 INFORMATION CLASSIFICATION = PUBLIC Introduction (Compliance) audits are executed by independent (internal/external) skilled parties & result in a report for board of directors, executive management and/or external parties in order to provide comfort/assurance. • Scope (what & what not) • Execution (D – O – T) • Facts based (documentation / reports / tests) • Reporting (Obs – Risk – Rec) © 2005 Valuendo. All rights reserved. 4 INFORMATION CLASSIFICATION = PUBLIC Marc Vael EEMA Valuendo November 2005 2
Auditing IT Compliance Introduction MONITOR IMPLEMENT COMPLIANCE ASSESS DESIGN © 2005 Valuendo. All rights reserved. 5 INFORMATION CLASSIFICATION = PUBLIC Need for Audit & Compliance New legislation & regulation • “assurance” on internal control • Stress governance & responsibility of directors • Pervasiveness & importance of IT • Beyond financial risk: towards risks that adversely affect the organization’s ability to achieve its objectives and execute its strategies • SME’s Examples: Sarbanes-Oxley (SOx), Basel II, GBLA, HIPAA, Code Lippens, Code Buysse © 2005 Valuendo. All rights reserved. 6 INFORMATION CLASSIFICATION = PUBLIC Marc Vael EEMA Valuendo November 2005 3
Auditing IT Compliance Need for Audit & Compliance New management practices • IT Governance A structure of IT relationships & processes to direct and control the enterprise to achieve the enterprise’s goals by adding value while balancing risk vs. return over IT and its processes • IT Manageability - New tools for management to self-assess and make choices for control implementation and improvements - Ability to align the IT organisation with the goals of the enterprise - Performance measurements that ensure that these goals are achieved © 2005 Valuendo. All rights reserved. 7 INFORMATION CLASSIFICATION = PUBLIC IT Governance Compliance © 2005 Valuendo. All rights reserved. 8 INFORMATION CLASSIFICATION = PUBLIC Marc Vael EEMA Valuendo November 2005 4
Auditing IT Compliance IT Governance Compliance Implementing Control & Governance Drivers Inhibitors Compliance with law, standards Budget limitations and regulations Availability of skilled staff Cost reduction Management awareness Mission & goals Management commitment Performance improvement Lack of ownership Risk reduction Existing architecture Reputation and trust No easy solution Competitive environment Resource conflicts/priorities Corporate values Lack of tools Political/economic environment Political/economic environment © 2005 Valuendo. All rights reserved. 9 INFORMATION CLASSIFICATION = PUBLIC © 2005 Valuendo. All rights reserved. 10 INFORMATION CLASSIFICATION = PUBLIC Marc Vael EEMA Valuendo November 2005 5
Auditing IT Compliance CobIT & IT Governance Compliance Link between COBIT and IT Governance COBI Direction Requirements (IT strategy & policy) Control Goals Responsibilities Objectives Governance Business IT Information Information the executive and board business needs to need to exercise achieve its their responsibilities objectives © 2005 Valuendo. All rights reserved. 11 INFORMATION CLASSIFICATION = PUBLIC CobIT & IT Governance Compliance Link between COBIT and IT Governance COBI Direction Requirements (IT strategy & policy) Control Goals Responsibilities Objectives Governance Business IT Information (IT Information the control, risk & business needs to assurance) achieve its objectives IT Governance © 2005 Valuendo. All rights reserved. 12 INFORMATION CLASSIFICATION = PUBLIC Marc Vael EEMA Valuendo November 2005 6
Auditing IT Compliance CobIT CobIT: IT Control Framework COBIT’s Vision OBIT To be the (de facto) model for IT governance To research, develop, publicise and promote an authoritative, COBIT’s Mission OBIT up-to-date, international set of generally accepted IT control objectives for day-to-day use by business managers & auditors The policies, procedures, practices and organisational structures Definition of designed to provide reasonable assurance that business Control objectives will be achieved & that undesired events will be prevented or detected and corrected Definition of IT A statement of the desired result or purpose to be achieved by implementing control practices in a particular IT activity Control Objective © 2005 Valuendo. All rights reserved. 13 INFORMATION CLASSIFICATION = PUBLIC CobIT CobIT: IT Control Framework CobIT basic principles • Generally applicable & internationally accepted open standard • Regardless of technology • Starting from business requirements for information • Management- and business process owner-oriented • Includes existing standards and techniques Risk assessment concepts Business risk / value assessment Assurance planning and scoping Control evaluation and testing Control and process maturity (self-assessment) Substantiating risk and effective reporting • First published in 1992 • 4th edition is planned for end 2005 © 2005 Valuendo. All rights reserved. 14 INFORMATION CLASSIFICATION = PUBLIC Marc Vael EEMA Valuendo November 2005 7
Auditing IT Compliance CobIT CobIT: IT Control Framework Executive Summary Implementation Guide •Road map for implementation •Planning tools and templates Framework •Presentations •Awareness and diagnostic tools with high-level control objectives Management Audit Detailed Control Guidelines Guidelines Objectives Key Performance Critical Key Goal Maturity Control Practices Indicators Success Factors Indicators Models © 2005 Valuendo. All rights reserved. 15 INFORMATION CLASSIFICATION = PUBLIC CobIT CobIT: IT Control Framework Relationship between IT resources & business requirements Business IT IT Requirements Resources Processes People Plan and Organise Effectiveness Efficiency Information Acquire and Implement Confidentiality Applications Deliver and Support Integrity Infrastructure Monitor and Evaluate Availability Compliance Information Reliability © 2005 Valuendo. All rights reserved. 16 INFORMATION CLASSIFICATION = PUBLIC Marc Vael EEMA Valuendo November 2005 8
Auditing IT Compliance BUSINESS PO1 Define a strategic IT Plan OBJECTIVES PO2 Define the information architecture PO3 Determine the technological direction Criteria PO4 Define the IT organization and relationships • effectiveness PO5 Manage the IT investment • efficiency PO6 Communicate management aims and direction • confidentiality PO7 Manage human resources • integrity PO8 Ensure compliance with external requirements • availability • compliance PO9 Assess risks • reliability PO10 Manage Projects PO11 Manage Quality ME1 Manage IT Performance ME2 Monitor Internal Controls IT ME3 Oversee IT Governance RESOURCES ME4 Ensure regulatory compliance • information • applications • infrastructure • people PLAN AND 4 Domains ORGANISE 34 Processes MONITOR & EVALUATE Control Objectives 318 AQUIRE & AQUIRE & IMPLEMENT DS1 Define and manage service levels DS2 Manage third-party services DS3 Manage performance and capacity DS4 Ensure continuous service DS5 Ensure systems security DELIVER & DS6 Identify and allocate costs SUPPORT DS7 Educate and train users AI1 Identify automated solutions DS8 Assist and advise customers AI2 Acquire and maintain application software DS9 Manage the configuration AI3 Acquire and maintain technology infrastructure DS10 Manage problems and incidents AI4 Develop and maintain procedures DS11 Manage data AI5 Install and accredit systems DS12 Manage facilities AI6 Manage changes DS13 Manage operations © 2005 Valuendo. All rights reserved. 17 INFORMATION CLASSIFICATION = PUBLIC © 2005 Valuendo. All rights reserved. 18 INFORMATION CLASSIFICATION = PUBLIC Marc Vael EEMA Valuendo November 2005 9
Auditing IT Compliance CobIT results CobIT: IT Control Framework Maturity Measurement & Reporting Inexistent Initial Repeatable Defined Managed Optimized 0 1 2 3 4 5 Symbols Ranking 0 – Processes are not applied at all Current status of the organisation 1 – Processes are ad hoc & not organised 2 – Processes follow a regular pattern Goal of the organisation 3 – Processes are documented & communicated 4 – Processes are monitored & measured International standard 5 – Processes are optimized & automated Industry “best practice” © 2005 Valuendo. All rights reserved. 19 INFORMATION CLASSIFICATION = PUBLIC CobIT What is COBIT used for in practise? (Result from surveys) COBI To improve audit approach/programs To support audit work with detailed audit guidelines To provide guidance for IT governance As a valuable benchmark for IT control To manage IT risks To improve IT controls To standardise audit approach/programs To communicate with management, auditors and IT © 2005 Valuendo. All rights reserved. 20 INFORMATION CLASSIFICATION = PUBLIC Marc Vael EEMA Valuendo November 2005 10
Auditing IT Compliance Conclusion MONITOR IMPLEMENT COMPLIANCE ASSESS DESIGN © 2005 Valuendo. All rights reserved. 21 INFORMATION CLASSIFICATION = PUBLIC Relevant organisations in Belgium • ISACA – http://www.isaca.be – http://www.isaca.org • ISSA – http://www.issa-be.org – http://www.issa.org • IIA – http://www.iia.be – http://www.iia.org © 2005 Valuendo. All rights reserved. 22 INFORMATION CLASSIFICATION = PUBLIC Marc Vael EEMA Valuendo November 2005 11
Auditing IT Compliance Contact information Mr. Marc Vael Managing Director Valuendo Kriebrugstraat 33 1760 Roosdaal Belgium T: +32 5 433 61 93 M: +32 473 99 30 31 M: mvael@valuendo.com mvael@ valuendo.com © 2005 Valuendo. All rights reserved. 23 INFORMATION CLASSIFICATION = PUBLIC Marc Vael EEMA Valuendo November 2005 12

Recommended

Cobit presentation
Cobit presentationCobit presentation
Cobit presentationFran Rodriguez
 
Cobit 5 for Information Security
Cobit 5 for Information SecurityCobit 5 for Information Security
Cobit 5 for Information SecuritySeto Joseles
 
What is Cobit
What is CobitWhat is Cobit
What is CobitBen Kalland
 
Cobit 4.1 Highlights
Cobit 4.1 HighlightsCobit 4.1 Highlights
Cobit 4.1 Highlightsgeoffharmer
 
CobiT Foundation Free Training
CobiT Foundation Free TrainingCobiT Foundation Free Training
CobiT Foundation Free TrainingEnterpriseGRC Solutions, Inc.
 
The Relationship Between ITG and ITSM Lifecycles
The Relationship Between ITG and ITSM Lifecycles The Relationship Between ITG and ITSM Lifecycles
The Relationship Between ITG and ITSM Lifecycles PradeepBhanot
 
COBIT 5 & 4.1 Comparison
COBIT 5 & 4.1 ComparisonCOBIT 5 & 4.1 Comparison
COBIT 5 & 4.1 ComparisonAnthony Dehnashi
 
IT frameworks
IT frameworksIT frameworks
IT frameworkscyouss
 

Recommended

Cobit presentation
Cobit presentationCobit presentation
Cobit presentationFran Rodriguez
 
Cobit 5 for Information Security
Cobit 5 for Information SecurityCobit 5 for Information Security
Cobit 5 for Information SecuritySeto Joseles
 
What is Cobit
What is CobitWhat is Cobit
What is CobitBen Kalland
 
Cobit 4.1 Highlights
Cobit 4.1 HighlightsCobit 4.1 Highlights
Cobit 4.1 Highlightsgeoffharmer
 
CobiT Foundation Free Training
CobiT Foundation Free TrainingCobiT Foundation Free Training
CobiT Foundation Free TrainingEnterpriseGRC Solutions, Inc.
 
The Relationship Between ITG and ITSM Lifecycles
The Relationship Between ITG and ITSM Lifecycles The Relationship Between ITG and ITSM Lifecycles
The Relationship Between ITG and ITSM Lifecycles PradeepBhanot
 
COBIT 5 & 4.1 Comparison
COBIT 5 & 4.1 ComparisonCOBIT 5 & 4.1 Comparison
COBIT 5 & 4.1 ComparisonAnthony Dehnashi
 
IT frameworks
IT frameworksIT frameworks
IT frameworkscyouss
 
Business IT Management - Intro to CobiT & ITIL
Business IT Management - Intro to CobiT & ITILBusiness IT Management - Intro to CobiT & ITIL
Business IT Management - Intro to CobiT & ITILAhmad Hafeezi
 
Introduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementIntroduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementChristian F. Nissen
 
Mountainview it governance framework navigator v3.11.3
Mountainview it governance framework navigator v3.11.3Mountainview it governance framework navigator v3.11.3
Mountainview it governance framework navigator v3.11.3Jerry Kopan
 
Cobi t riskmanagementframework_iac
Cobi t riskmanagementframework_iacCobi t riskmanagementframework_iac
Cobi t riskmanagementframework_iacuniversity of sargodha
 
What is EA In a Nutshell
What is EA In a NutshellWhat is EA In a Nutshell
What is EA In a NutshellAnthony Dehnashi
 
Using COBIT PO9 to perform Project Risk Analysis
Using COBIT PO9 to perform Project Risk AnalysisUsing COBIT PO9 to perform Project Risk Analysis
Using COBIT PO9 to perform Project Risk Analysiswebmentorman
 
Cobit5 introduction
Cobit5 introductionCobit5 introduction
Cobit5 introductionTatto Sugiopranoto
 
Cobit 5 introduction plgr
Cobit 5 introduction plgrCobit 5 introduction plgr
Cobit 5 introduction plgrPedro Garcia Repetto
 
Cobit 5 for information security
Cobit 5 for information securityCobit 5 for information security
Cobit 5 for information securityElkanouni Mohamed
 
Cobit5 introduction
Cobit5 introductionCobit5 introduction
Cobit5 introductionMarkus Yaldu
 
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGovernance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGoutama Bachtiar
 
Intro To COBIT IT Controls And Cost Benefit Analysis
Intro To COBIT IT Controls And Cost Benefit AnalysisIntro To COBIT IT Controls And Cost Benefit Analysis
Intro To COBIT IT Controls And Cost Benefit Analysiswebmentorman
 
2005 Presentation - Annual ITAM Conference
2005 Presentation - Annual ITAM Conference2005 Presentation - Annual ITAM Conference
2005 Presentation - Annual ITAM ConferenceSteve Gerick
 
Why IT Service Managemement implementations sometimes fail in real life
Why IT Service Managemement implementations sometimes fail in real lifeWhy IT Service Managemement implementations sometimes fail in real life
Why IT Service Managemement implementations sometimes fail in real lifeChristian F. Nissen
 
HP Software - The Bto Solution
HP Software - The Bto SolutionHP Software - The Bto Solution
HP Software - The Bto SolutionHPDutchWorld
 
Cobit 5 Business Framework -Governance and Management of Enterprise IT
Cobit 5 Business Framework -Governance and Management of Enterprise ITCobit 5 Business Framework -Governance and Management of Enterprise IT
Cobit 5 Business Framework -Governance and Management of Enterprise ITBalasubramanian.C PMP®,ITIL®,PRINCE2®,COBIT®5
 
Superior it governance with iso 38500.key
Superior it governance with iso 38500.keySuperior it governance with iso 38500.key
Superior it governance with iso 38500.keyBasta Group BV
 
CObIT
CObITCObIT
CObITSophia Abigayle
 
Enpower Process Consulting Profile
Enpower Process Consulting ProfileEnpower Process Consulting Profile
Enpower Process Consulting ProfileEnpower Process Consultants
 
COBIT 5 Basic Concepts
COBIT 5 Basic ConceptsCOBIT 5 Basic Concepts
COBIT 5 Basic ConceptsSpyros Ktenas
 
Le Management de la sécurité des SI
Le Management de la sécurité des SILe Management de la sécurité des SI
Le Management de la sécurité des SIDIALLO Boubacar
 
Gouvernance et gestion des Technologies de l’information
Gouvernance et gestion des Technologies de l’informationGouvernance et gestion des Technologies de l’information
Gouvernance et gestion des Technologies de l’informationMiguel Iriart
 

More Related Content

What's hot

Business IT Management - Intro to CobiT & ITIL
Business IT Management - Intro to CobiT & ITILBusiness IT Management - Intro to CobiT & ITIL
Business IT Management - Intro to CobiT & ITILAhmad Hafeezi
 
Introduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementIntroduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementChristian F. Nissen
 
Mountainview it governance framework navigator v3.11.3
Mountainview it governance framework navigator v3.11.3Mountainview it governance framework navigator v3.11.3
Mountainview it governance framework navigator v3.11.3Jerry Kopan
 
Using COBIT PO9 to perform Project Risk Analysis
Using COBIT PO9 to perform Project Risk AnalysisUsing COBIT PO9 to perform Project Risk Analysis
Using COBIT PO9 to perform Project Risk Analysiswebmentorman
 
Cobit 5 for information security
Cobit 5 for information securityCobit 5 for information security
Cobit 5 for information securityElkanouni Mohamed
 
Cobit5 introduction
Cobit5 introductionCobit5 introduction
Cobit5 introductionMarkus Yaldu
 
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGovernance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGoutama Bachtiar
 
Intro To COBIT IT Controls And Cost Benefit Analysis
Intro To COBIT IT Controls And Cost Benefit AnalysisIntro To COBIT IT Controls And Cost Benefit Analysis
Intro To COBIT IT Controls And Cost Benefit Analysiswebmentorman
 
2005 Presentation - Annual ITAM Conference
2005 Presentation - Annual ITAM Conference2005 Presentation - Annual ITAM Conference
2005 Presentation - Annual ITAM ConferenceSteve Gerick
 
Why IT Service Managemement implementations sometimes fail in real life
Why IT Service Managemement implementations sometimes fail in real lifeWhy IT Service Managemement implementations sometimes fail in real life
Why IT Service Managemement implementations sometimes fail in real lifeChristian F. Nissen
 
HP Software - The Bto Solution
HP Software - The Bto SolutionHP Software - The Bto Solution
HP Software - The Bto SolutionHPDutchWorld
 
Superior it governance with iso 38500.key
Superior it governance with iso 38500.keySuperior it governance with iso 38500.key
Superior it governance with iso 38500.keyBasta Group BV
 
COBIT 5 Basic Concepts
COBIT 5 Basic ConceptsCOBIT 5 Basic Concepts
COBIT 5 Basic ConceptsSpyros Ktenas
 

What's hot (20)

Business IT Management - Intro to CobiT & ITIL
Business IT Management - Intro to CobiT & ITILBusiness IT Management - Intro to CobiT & ITIL
Business IT Management - Intro to CobiT & ITIL
 
Introduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementIntroduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT management
 
Mountainview it governance framework navigator v3.11.3
Mountainview it governance framework navigator v3.11.3Mountainview it governance framework navigator v3.11.3
Mountainview it governance framework navigator v3.11.3
 
Cobi t riskmanagementframework_iac
Cobi t riskmanagementframework_iacCobi t riskmanagementframework_iac
Cobi t riskmanagementframework_iac
 
What is EA In a Nutshell
What is EA In a NutshellWhat is EA In a Nutshell
What is EA In a Nutshell
 
Using COBIT PO9 to perform Project Risk Analysis
Using COBIT PO9 to perform Project Risk AnalysisUsing COBIT PO9 to perform Project Risk Analysis
Using COBIT PO9 to perform Project Risk Analysis
 
Cobit5 introduction
Cobit5 introductionCobit5 introduction
Cobit5 introduction
 
Cobit 5 introduction plgr
Cobit 5 introduction plgrCobit 5 introduction plgr
Cobit 5 introduction plgr
 
Cobit 5 for information security
Cobit 5 for information securityCobit 5 for information security
Cobit 5 for information security
 
Cobit5 introduction
Cobit5 introductionCobit5 introduction
Cobit5 introduction
 
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGovernance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 Framework
 
Intro To COBIT IT Controls And Cost Benefit Analysis
Intro To COBIT IT Controls And Cost Benefit AnalysisIntro To COBIT IT Controls And Cost Benefit Analysis
Intro To COBIT IT Controls And Cost Benefit Analysis
 
2005 Presentation - Annual ITAM Conference
2005 Presentation - Annual ITAM Conference2005 Presentation - Annual ITAM Conference
2005 Presentation - Annual ITAM Conference
 
Why IT Service Managemement implementations sometimes fail in real life
Why IT Service Managemement implementations sometimes fail in real lifeWhy IT Service Managemement implementations sometimes fail in real life
Why IT Service Managemement implementations sometimes fail in real life
 
HP Software - The Bto Solution
HP Software - The Bto SolutionHP Software - The Bto Solution
HP Software - The Bto Solution
 
Cobit 5 Business Framework -Governance and Management of Enterprise IT
Cobit 5 Business Framework -Governance and Management of Enterprise ITCobit 5 Business Framework -Governance and Management of Enterprise IT
Cobit 5 Business Framework -Governance and Management of Enterprise IT
 
Superior it governance with iso 38500.key
Superior it governance with iso 38500.keySuperior it governance with iso 38500.key
Superior it governance with iso 38500.key
 
CObIT
CObITCObIT
CObIT
 
Enpower Process Consulting Profile
Enpower Process Consulting ProfileEnpower Process Consulting Profile
Enpower Process Consulting Profile
 
COBIT 5 Basic Concepts
COBIT 5 Basic ConceptsCOBIT 5 Basic Concepts
COBIT 5 Basic Concepts
 

Viewers also liked

Le Management de la sécurité des SI
Le Management de la sécurité des SILe Management de la sécurité des SI
Le Management de la sécurité des SIDIALLO Boubacar
 
Gouvernance et gestion des Technologies de l’information
Gouvernance et gestion des Technologies de l’informationGouvernance et gestion des Technologies de l’information
Gouvernance et gestion des Technologies de l’informationMiguel Iriart
 
La gouvernance au cœur de la transformation numérique - Le contexte et la sit...
La gouvernance au cœur de la transformation numérique - Le contexte et la sit...La gouvernance au cœur de la transformation numérique - Le contexte et la sit...
La gouvernance au cœur de la transformation numérique - Le contexte et la sit...Antoine Vigneron
 
MANAGEMENT DES SYSTMES DE MANAGEMENT: L'APPORT DE ISO 27001
MANAGEMENT DES SYSTMES DE MANAGEMENT: L'APPORT DE ISO 27001MANAGEMENT DES SYSTMES DE MANAGEMENT: L'APPORT DE ISO 27001
MANAGEMENT DES SYSTMES DE MANAGEMENT: L'APPORT DE ISO 27001lancedafric.org
 
Évolution des bonnes pratiques en sécurité de l’information
Évolution des bonnes pratiques en sécurité de l’information Évolution des bonnes pratiques en sécurité de l’information
Évolution des bonnes pratiques en sécurité de l’information ISACA Chapitre de Québec
 
Cobit5 - Outil de la performance
Cobit5 - Outil de la performanceCobit5 - Outil de la performance
Cobit5 - Outil de la performanceAntoine Vigneron
 
Certification ISO/CEI 27001
Certification ISO/CEI 27001Certification ISO/CEI 27001
Certification ISO/CEI 27001Valoricert Group
 
Organigramme de la mise en œuvre du SMSI et processus de certification ISO 27...
Organigramme de la mise en œuvre du SMSI et processus de certification ISO 27...Organigramme de la mise en œuvre du SMSI et processus de certification ISO 27...
Organigramme de la mise en œuvre du SMSI et processus de certification ISO 27...Bachir Benyammi
 

Viewers also liked (14)

Le Management de la sécurité des SI
Le Management de la sécurité des SILe Management de la sécurité des SI
Le Management de la sécurité des SI
 
Gouvernance et gestion des Technologies de l’information
Gouvernance et gestion des Technologies de l’informationGouvernance et gestion des Technologies de l’information
Gouvernance et gestion des Technologies de l’information
 
Gouvernance ITIL:2011 - ISO/CEI 20000
Gouvernance ITIL:2011 - ISO/CEI 20000Gouvernance ITIL:2011 - ISO/CEI 20000
Gouvernance ITIL:2011 - ISO/CEI 20000
 
La gouvernance au cœur de la transformation numérique - Le contexte et la sit...
La gouvernance au cœur de la transformation numérique - Le contexte et la sit...La gouvernance au cœur de la transformation numérique - Le contexte et la sit...
La gouvernance au cœur de la transformation numérique - Le contexte et la sit...
 
Le modèle cobit
Le modèle cobitLe modèle cobit
Le modèle cobit
 
MANAGEMENT DES SYSTMES DE MANAGEMENT: L'APPORT DE ISO 27001
MANAGEMENT DES SYSTMES DE MANAGEMENT: L'APPORT DE ISO 27001MANAGEMENT DES SYSTMES DE MANAGEMENT: L'APPORT DE ISO 27001
MANAGEMENT DES SYSTMES DE MANAGEMENT: L'APPORT DE ISO 27001
 
Évolution des bonnes pratiques en sécurité de l’information
Évolution des bonnes pratiques en sécurité de l’information Évolution des bonnes pratiques en sécurité de l’information
Évolution des bonnes pratiques en sécurité de l’information
 
Cobit5 - Outil de la performance
Cobit5 - Outil de la performanceCobit5 - Outil de la performance
Cobit5 - Outil de la performance
 
Certification ISO/CEI 27001
Certification ISO/CEI 27001Certification ISO/CEI 27001
Certification ISO/CEI 27001
 
Cobit
CobitCobit
Cobit
 
Les nouveautés de Cobit 5
Les nouveautés de Cobit 5Les nouveautés de Cobit 5
Les nouveautés de Cobit 5
 
Implémenter et gérer un projet iso 27001
Implémenter et gérer un projet iso 27001Implémenter et gérer un projet iso 27001
Implémenter et gérer un projet iso 27001
 
Cobit
Cobit Cobit
Cobit
 
Organigramme de la mise en œuvre du SMSI et processus de certification ISO 27...
Organigramme de la mise en œuvre du SMSI et processus de certification ISO 27...Organigramme de la mise en œuvre du SMSI et processus de certification ISO 27...
Organigramme de la mise en œuvre du SMSI et processus de certification ISO 27...
 

Similar to CobIT presentation

5 Ingredients Of The EVM Secret Sauce V Final
5 Ingredients Of The EVM Secret Sauce V Final5 Ingredients Of The EVM Secret Sauce V Final
5 Ingredients Of The EVM Secret Sauce V Finalphlckb
 
2012 05 corp fin 1c
2012 05 corp fin 1c2012 05 corp fin 1c
2012 05 corp fin 1cGene Kim
 
Creating A Necessary Dependence - IT Business Alignment
Creating A Necessary Dependence - IT Business AlignmentCreating A Necessary Dependence - IT Business Alignment
Creating A Necessary Dependence - IT Business Alignmentgmwhitfield
 
Valuendo 25 Things Not To Do (March 2009) Handout
Valuendo 25 Things Not To Do (March 2009) HandoutValuendo 25 Things Not To Do (March 2009) Handout
Valuendo 25 Things Not To Do (March 2009) HandoutMarc Vael
 
csx 2006_Merrill_Lynch_Presentation_FINAL-REF22975
csx 2006_Merrill_Lynch_Presentation_FINAL-REF22975csx 2006_Merrill_Lynch_Presentation_FINAL-REF22975
csx 2006_Merrill_Lynch_Presentation_FINAL-REF22975finance27
 
csx 2006_Merrill_Lynch_Presentation_FINAL-REF22975
csx 2006_Merrill_Lynch_Presentation_FINAL-REF22975csx 2006_Merrill_Lynch_Presentation_FINAL-REF22975
csx 2006_Merrill_Lynch_Presentation_FINAL-REF22975finance27
 
Valuendo Aiesec Importance Of Planning (2001) Handout
Valuendo Aiesec Importance Of Planning (2001) HandoutValuendo Aiesec Importance Of Planning (2001) Handout
Valuendo Aiesec Importance Of Planning (2001) HandoutMarc Vael
 
Novell Access Governance Suite
Novell Access Governance SuiteNovell Access Governance Suite
Novell Access Governance SuiteNovell
 
IT governance by Erik Guldentops
IT governance by Erik Guldentops IT governance by Erik Guldentops
IT governance by Erik Guldentops CONFENIS 2012
 
Finding Money & Detecting Fraud Super Strategies 2009 By Visual Risk Iq
Finding Money & Detecting Fraud Super Strategies 2009 By Visual Risk IqFinding Money & Detecting Fraud Super Strategies 2009 By Visual Risk Iq
Finding Money & Detecting Fraud Super Strategies 2009 By Visual Risk IqJoe Oringel
 
Solvency II -The Practicalities Around Programme Governance & Data
Solvency II -The Practicalities Around Programme Governance & Data Solvency II -The Practicalities Around Programme Governance & Data
Solvency II -The Practicalities Around Programme Governance & Data gainline
 
Saudi emc today presentation
Saudi emc today presentationSaudi emc today presentation
Saudi emc today presentationadityapuri
 
Plenaria lancio talleyrand roma maggio 2010
Plenaria lancio talleyrand roma maggio 2010Plenaria lancio talleyrand roma maggio 2010
Plenaria lancio talleyrand roma maggio 2010guesta7ae170
 
Making Executives Accountable for IT Security
Making Executives Accountable for IT SecurityMaking Executives Accountable for IT Security
Making Executives Accountable for IT SecuritySeccuris Inc.
 

Similar to CobIT presentation (20)

5 Ingredients Of The EVM Secret Sauce V Final
5 Ingredients Of The EVM Secret Sauce V Final5 Ingredients Of The EVM Secret Sauce V Final
5 Ingredients Of The EVM Secret Sauce V Final
 
2012 05 corp fin 1c
2012 05 corp fin 1c2012 05 corp fin 1c
2012 05 corp fin 1c
 
Creating A Necessary Dependence - IT Business Alignment
Creating A Necessary Dependence - IT Business AlignmentCreating A Necessary Dependence - IT Business Alignment
Creating A Necessary Dependence - IT Business Alignment
 
Valuendo 25 Things Not To Do (March 2009) Handout
Valuendo 25 Things Not To Do (March 2009) HandoutValuendo 25 Things Not To Do (March 2009) Handout
Valuendo 25 Things Not To Do (March 2009) Handout
 
csx 2006_Merrill_Lynch_Presentation_FINAL-REF22975
csx 2006_Merrill_Lynch_Presentation_FINAL-REF22975csx 2006_Merrill_Lynch_Presentation_FINAL-REF22975
csx 2006_Merrill_Lynch_Presentation_FINAL-REF22975
 
csx 2006_Merrill_Lynch_Presentation_FINAL-REF22975
csx 2006_Merrill_Lynch_Presentation_FINAL-REF22975csx 2006_Merrill_Lynch_Presentation_FINAL-REF22975
csx 2006_Merrill_Lynch_Presentation_FINAL-REF22975
 
Cobit5 and-grc
Cobit5 and-grcCobit5 and-grc
Cobit5 and-grc
 
Valuendo Aiesec Importance Of Planning (2001) Handout
Valuendo Aiesec Importance Of Planning (2001) HandoutValuendo Aiesec Importance Of Planning (2001) Handout
Valuendo Aiesec Importance Of Planning (2001) Handout
 
Simplifying IT GRC
Simplifying IT GRCSimplifying IT GRC
Simplifying IT GRC
 
101 cd 1315-1345
101 cd 1315-1345101 cd 1315-1345
101 cd 1315-1345
 
101 cd 1315-1345
101 cd 1315-1345101 cd 1315-1345
101 cd 1315-1345
 
Novell Access Governance Suite
Novell Access Governance SuiteNovell Access Governance Suite
Novell Access Governance Suite
 
IT governance by Erik Guldentops
IT governance by Erik Guldentops IT governance by Erik Guldentops
IT governance by Erik Guldentops
 
Oracle hyperion financial management
Oracle hyperion financial managementOracle hyperion financial management
Oracle hyperion financial management
 
Finding Money & Detecting Fraud Super Strategies 2009 By Visual Risk Iq
Finding Money & Detecting Fraud Super Strategies 2009 By Visual Risk IqFinding Money & Detecting Fraud Super Strategies 2009 By Visual Risk Iq
Finding Money & Detecting Fraud Super Strategies 2009 By Visual Risk Iq
 
Solvency II -The Practicalities Around Programme Governance & Data
Solvency II -The Practicalities Around Programme Governance & Data Solvency II -The Practicalities Around Programme Governance & Data
Solvency II -The Practicalities Around Programme Governance & Data
 
Saudi emc today presentation
Saudi emc today presentationSaudi emc today presentation
Saudi emc today presentation
 
Plenaria lancio talleyrand roma maggio 2010
Plenaria lancio talleyrand roma maggio 2010Plenaria lancio talleyrand roma maggio 2010
Plenaria lancio talleyrand roma maggio 2010
 
Presentacion Cognos Controller
Presentacion Cognos ControllerPresentacion Cognos Controller
Presentacion Cognos Controller
 
Making Executives Accountable for IT Security
Making Executives Accountable for IT SecurityMaking Executives Accountable for IT Security
Making Executives Accountable for IT Security
 

More from Marc Vael

How secure are chat and webconf tools
How secure are chat and webconf toolsHow secure are chat and webconf tools
How secure are chat and webconf toolsMarc Vael
 
my experience as ciso
my experience as cisomy experience as ciso
my experience as cisoMarc Vael
 
Advantages of privacy by design in IoE
Advantages of privacy by design in IoEAdvantages of privacy by design in IoE
Advantages of privacy by design in IoEMarc Vael
 
Cybersecurity governance existing frameworks (nov 2015)
Cybersecurity governance existing frameworks (nov 2015)Cybersecurity governance existing frameworks (nov 2015)
Cybersecurity governance existing frameworks (nov 2015)Marc Vael
 
Cybersecurity nexus vision
Cybersecurity nexus visionCybersecurity nexus vision
Cybersecurity nexus visionMarc Vael
 
ISACA Reporting relevant IT risks to stakeholders
ISACA Reporting relevant IT risks to stakeholdersISACA Reporting relevant IT risks to stakeholders
ISACA Reporting relevant IT risks to stakeholdersMarc Vael
 
Cloud security lessons learned and audit
Cloud security lessons learned and auditCloud security lessons learned and audit
Cloud security lessons learned and auditMarc Vael
 
Value-added it auditing
Value-added it auditingValue-added it auditing
Value-added it auditingMarc Vael
 
ISACA Internet of Things open forum presentation
ISACA Internet of Things open forum presentationISACA Internet of Things open forum presentation
ISACA Internet of Things open forum presentationMarc Vael
 
hoe kan u vandaag informatie veiligheid realiseren op een praktische manier?
hoe kan u vandaag informatie veiligheid realiseren op een praktische manier?hoe kan u vandaag informatie veiligheid realiseren op een praktische manier?
hoe kan u vandaag informatie veiligheid realiseren op een praktische manier?Marc Vael
 
The value of big data analytics
The value of big data analyticsThe value of big data analytics
The value of big data analyticsMarc Vael
 
Social media risks and controls
Social media risks and controlsSocial media risks and controls
Social media risks and controlsMarc Vael
 
The view of auditor on cybercrime
The view of auditor on cybercrimeThe view of auditor on cybercrime
The view of auditor on cybercrimeMarc Vael
 
ISACA Mobile Payments Forum presentation
ISACA Mobile Payments Forum presentationISACA Mobile Payments Forum presentation
ISACA Mobile Payments Forum presentationMarc Vael
 
Belgian Data Protection Commission's new audit programme
Belgian Data Protection Commission's new audit programmeBelgian Data Protection Commission's new audit programme
Belgian Data Protection Commission's new audit programmeMarc Vael
 
ISACA Cloud Computing Risks
ISACA Cloud Computing RisksISACA Cloud Computing Risks
ISACA Cloud Computing RisksMarc Vael
 
Information security awareness (sept 2012) bis handout
Information security awareness (sept 2012) bis handoutInformation security awareness (sept 2012) bis handout
Information security awareness (sept 2012) bis handoutMarc Vael
 
ISACA smart security for smart devices
ISACA smart security for smart devicesISACA smart security for smart devices
ISACA smart security for smart devicesMarc Vael
 
Securing big data (july 2012)
Securing big data (july 2012)Securing big data (july 2012)
Securing big data (july 2012)Marc Vael
 
Valuendo cyberwar and security (jan 2012) handout
Valuendo cyberwar and security (jan 2012) handoutValuendo cyberwar and security (jan 2012) handout
Valuendo cyberwar and security (jan 2012) handoutMarc Vael
 

More from Marc Vael (20)

How secure are chat and webconf tools
How secure are chat and webconf toolsHow secure are chat and webconf tools
How secure are chat and webconf tools
 
my experience as ciso
my experience as cisomy experience as ciso
my experience as ciso
 
Advantages of privacy by design in IoE
Advantages of privacy by design in IoEAdvantages of privacy by design in IoE
Advantages of privacy by design in IoE
 
Cybersecurity governance existing frameworks (nov 2015)
Cybersecurity governance existing frameworks (nov 2015)Cybersecurity governance existing frameworks (nov 2015)
Cybersecurity governance existing frameworks (nov 2015)
 
Cybersecurity nexus vision
Cybersecurity nexus visionCybersecurity nexus vision
Cybersecurity nexus vision
 
ISACA Reporting relevant IT risks to stakeholders
ISACA Reporting relevant IT risks to stakeholdersISACA Reporting relevant IT risks to stakeholders
ISACA Reporting relevant IT risks to stakeholders
 
Cloud security lessons learned and audit
Cloud security lessons learned and auditCloud security lessons learned and audit
Cloud security lessons learned and audit
 
Value-added it auditing
Value-added it auditingValue-added it auditing
Value-added it auditing
 
ISACA Internet of Things open forum presentation
ISACA Internet of Things open forum presentationISACA Internet of Things open forum presentation
ISACA Internet of Things open forum presentation
 
hoe kan u vandaag informatie veiligheid realiseren op een praktische manier?
hoe kan u vandaag informatie veiligheid realiseren op een praktische manier?hoe kan u vandaag informatie veiligheid realiseren op een praktische manier?
hoe kan u vandaag informatie veiligheid realiseren op een praktische manier?
 
The value of big data analytics
The value of big data analyticsThe value of big data analytics
The value of big data analytics
 
Social media risks and controls
Social media risks and controlsSocial media risks and controls
Social media risks and controls
 
The view of auditor on cybercrime
The view of auditor on cybercrimeThe view of auditor on cybercrime
The view of auditor on cybercrime
 
ISACA Mobile Payments Forum presentation
ISACA Mobile Payments Forum presentationISACA Mobile Payments Forum presentation
ISACA Mobile Payments Forum presentation
 
Belgian Data Protection Commission's new audit programme
Belgian Data Protection Commission's new audit programmeBelgian Data Protection Commission's new audit programme
Belgian Data Protection Commission's new audit programme
 
ISACA Cloud Computing Risks
ISACA Cloud Computing RisksISACA Cloud Computing Risks
ISACA Cloud Computing Risks
 
Information security awareness (sept 2012) bis handout
Information security awareness (sept 2012) bis handoutInformation security awareness (sept 2012) bis handout
Information security awareness (sept 2012) bis handout
 
ISACA smart security for smart devices
ISACA smart security for smart devicesISACA smart security for smart devices
ISACA smart security for smart devices
 
Securing big data (july 2012)
Securing big data (july 2012)Securing big data (july 2012)
Securing big data (july 2012)
 
Valuendo cyberwar and security (jan 2012) handout
Valuendo cyberwar and security (jan 2012) handoutValuendo cyberwar and security (jan 2012) handout
Valuendo cyberwar and security (jan 2012) handout
 

Recently uploaded

Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 

Recently uploaded (20)

Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 

CobIT presentation

  • 1. Auditing IT Compliance Auditing IT compliance : a practical approach (EEMA) November 2005 Mr. Marc Vael Managing Director Valuendo © 2005 Valuendo. All rights reserved. 1 INFORMATION CLASSIFICATION = PUBLIC Agenda In this session an answer will be given on: – How to manage IT risks & compliance within an organisation using CobIT, the IT governance standard; – How to present the results of IT risk & compliance audits? © 2005 Valuendo. All rights reserved. 2 INFORMATION CLASSIFICATION = PUBLIC Marc Vael EEMA Valuendo November 2005 1
  • 2. Auditing IT Compliance Introduction • Marc Vael • Managing Director Valuendo (“value & do”) since July 2001 • Education – Master Applied Economics (UAntwerp) – Master Information Management (UHasselt) – Master+ Applied Economics & ICT (KUL) • Core Services – ERM – IT Governance – Information Security Management – Business Continuity / Disaster Recovery – Crisis Management – Data Privacy & Protection – IT Audit & Compliance • Certifications – CISA / CISM / CISSP / ITIL Service Manager © 2005 Valuendo. All rights reserved. 3 INFORMATION CLASSIFICATION = PUBLIC Introduction (Compliance) audits are executed by independent (internal/external) skilled parties & result in a report for board of directors, executive management and/or external parties in order to provide comfort/assurance. • Scope (what & what not) • Execution (D – O – T) • Facts based (documentation / reports / tests) • Reporting (Obs – Risk – Rec) © 2005 Valuendo. All rights reserved. 4 INFORMATION CLASSIFICATION = PUBLIC Marc Vael EEMA Valuendo November 2005 2
  • 3. Auditing IT Compliance Introduction MONITOR IMPLEMENT COMPLIANCE ASSESS DESIGN © 2005 Valuendo. All rights reserved. 5 INFORMATION CLASSIFICATION = PUBLIC Need for Audit & Compliance New legislation & regulation • “assurance” on internal control • Stress governance & responsibility of directors • Pervasiveness & importance of IT • Beyond financial risk: towards risks that adversely affect the organization’s ability to achieve its objectives and execute its strategies • SME’s Examples: Sarbanes-Oxley (SOx), Basel II, GBLA, HIPAA, Code Lippens, Code Buysse © 2005 Valuendo. All rights reserved. 6 INFORMATION CLASSIFICATION = PUBLIC Marc Vael EEMA Valuendo November 2005 3
  • 4. Auditing IT Compliance Need for Audit & Compliance New management practices • IT Governance A structure of IT relationships & processes to direct and control the enterprise to achieve the enterprise’s goals by adding value while balancing risk vs. return over IT and its processes • IT Manageability - New tools for management to self-assess and make choices for control implementation and improvements - Ability to align the IT organisation with the goals of the enterprise - Performance measurements that ensure that these goals are achieved © 2005 Valuendo. All rights reserved. 7 INFORMATION CLASSIFICATION = PUBLIC IT Governance Compliance © 2005 Valuendo. All rights reserved. 8 INFORMATION CLASSIFICATION = PUBLIC Marc Vael EEMA Valuendo November 2005 4
  • 5. Auditing IT Compliance IT Governance Compliance Implementing Control & Governance Drivers Inhibitors Compliance with law, standards Budget limitations and regulations Availability of skilled staff Cost reduction Management awareness Mission & goals Management commitment Performance improvement Lack of ownership Risk reduction Existing architecture Reputation and trust No easy solution Competitive environment Resource conflicts/priorities Corporate values Lack of tools Political/economic environment Political/economic environment © 2005 Valuendo. All rights reserved. 9 INFORMATION CLASSIFICATION = PUBLIC © 2005 Valuendo. All rights reserved. 10 INFORMATION CLASSIFICATION = PUBLIC Marc Vael EEMA Valuendo November 2005 5
  • 6. Auditing IT Compliance CobIT & IT Governance Compliance Link between COBIT and IT Governance COBI Direction Requirements (IT strategy & policy) Control Goals Responsibilities Objectives Governance Business IT Information Information the executive and board business needs to need to exercise achieve its their responsibilities objectives © 2005 Valuendo. All rights reserved. 11 INFORMATION CLASSIFICATION = PUBLIC CobIT & IT Governance Compliance Link between COBIT and IT Governance COBI Direction Requirements (IT strategy & policy) Control Goals Responsibilities Objectives Governance Business IT Information (IT Information the control, risk & business needs to assurance) achieve its objectives IT Governance © 2005 Valuendo. All rights reserved. 12 INFORMATION CLASSIFICATION = PUBLIC Marc Vael EEMA Valuendo November 2005 6
  • 7. Auditing IT Compliance CobIT CobIT: IT Control Framework COBIT’s Vision OBIT To be the (de facto) model for IT governance To research, develop, publicise and promote an authoritative, COBIT’s Mission OBIT up-to-date, international set of generally accepted IT control objectives for day-to-day use by business managers & auditors The policies, procedures, practices and organisational structures Definition of designed to provide reasonable assurance that business Control objectives will be achieved & that undesired events will be prevented or detected and corrected Definition of IT A statement of the desired result or purpose to be achieved by implementing control practices in a particular IT activity Control Objective © 2005 Valuendo. All rights reserved. 13 INFORMATION CLASSIFICATION = PUBLIC CobIT CobIT: IT Control Framework CobIT basic principles • Generally applicable & internationally accepted open standard • Regardless of technology • Starting from business requirements for information • Management- and business process owner-oriented • Includes existing standards and techniques Risk assessment concepts Business risk / value assessment Assurance planning and scoping Control evaluation and testing Control and process maturity (self-assessment) Substantiating risk and effective reporting • First published in 1992 • 4th edition is planned for end 2005 © 2005 Valuendo. All rights reserved. 14 INFORMATION CLASSIFICATION = PUBLIC Marc Vael EEMA Valuendo November 2005 7
  • 8. Auditing IT Compliance CobIT CobIT: IT Control Framework Executive Summary Implementation Guide •Road map for implementation •Planning tools and templates Framework •Presentations •Awareness and diagnostic tools with high-level control objectives Management Audit Detailed Control Guidelines Guidelines Objectives Key Performance Critical Key Goal Maturity Control Practices Indicators Success Factors Indicators Models © 2005 Valuendo. All rights reserved. 15 INFORMATION CLASSIFICATION = PUBLIC CobIT CobIT: IT Control Framework Relationship between IT resources & business requirements Business IT IT Requirements Resources Processes People Plan and Organise Effectiveness Efficiency Information Acquire and Implement Confidentiality Applications Deliver and Support Integrity Infrastructure Monitor and Evaluate Availability Compliance Information Reliability © 2005 Valuendo. All rights reserved. 16 INFORMATION CLASSIFICATION = PUBLIC Marc Vael EEMA Valuendo November 2005 8
  • 9. Auditing IT Compliance BUSINESS PO1 Define a strategic IT Plan OBJECTIVES PO2 Define the information architecture PO3 Determine the technological direction Criteria PO4 Define the IT organization and relationships • effectiveness PO5 Manage the IT investment • efficiency PO6 Communicate management aims and direction • confidentiality PO7 Manage human resources • integrity PO8 Ensure compliance with external requirements • availability • compliance PO9 Assess risks • reliability PO10 Manage Projects PO11 Manage Quality ME1 Manage IT Performance ME2 Monitor Internal Controls IT ME3 Oversee IT Governance RESOURCES ME4 Ensure regulatory compliance • information • applications • infrastructure • people PLAN AND 4 Domains ORGANISE 34 Processes MONITOR & EVALUATE Control Objectives 318 AQUIRE & AQUIRE & IMPLEMENT DS1 Define and manage service levels DS2 Manage third-party services DS3 Manage performance and capacity DS4 Ensure continuous service DS5 Ensure systems security DELIVER & DS6 Identify and allocate costs SUPPORT DS7 Educate and train users AI1 Identify automated solutions DS8 Assist and advise customers AI2 Acquire and maintain application software DS9 Manage the configuration AI3 Acquire and maintain technology infrastructure DS10 Manage problems and incidents AI4 Develop and maintain procedures DS11 Manage data AI5 Install and accredit systems DS12 Manage facilities AI6 Manage changes DS13 Manage operations © 2005 Valuendo. All rights reserved. 17 INFORMATION CLASSIFICATION = PUBLIC © 2005 Valuendo. All rights reserved. 18 INFORMATION CLASSIFICATION = PUBLIC Marc Vael EEMA Valuendo November 2005 9
  • 10. Auditing IT Compliance CobIT results CobIT: IT Control Framework Maturity Measurement & Reporting Inexistent Initial Repeatable Defined Managed Optimized 0 1 2 3 4 5 Symbols Ranking 0 – Processes are not applied at all Current status of the organisation 1 – Processes are ad hoc & not organised 2 – Processes follow a regular pattern Goal of the organisation 3 – Processes are documented & communicated 4 – Processes are monitored & measured International standard 5 – Processes are optimized & automated Industry “best practice” © 2005 Valuendo. All rights reserved. 19 INFORMATION CLASSIFICATION = PUBLIC CobIT What is COBIT used for in practise? (Result from surveys) COBI To improve audit approach/programs To support audit work with detailed audit guidelines To provide guidance for IT governance As a valuable benchmark for IT control To manage IT risks To improve IT controls To standardise audit approach/programs To communicate with management, auditors and IT © 2005 Valuendo. All rights reserved. 20 INFORMATION CLASSIFICATION = PUBLIC Marc Vael EEMA Valuendo November 2005 10
  • 11. Auditing IT Compliance Conclusion MONITOR IMPLEMENT COMPLIANCE ASSESS DESIGN © 2005 Valuendo. All rights reserved. 21 INFORMATION CLASSIFICATION = PUBLIC Relevant organisations in Belgium • ISACA – http://www.isaca.be – http://www.isaca.org • ISSA – http://www.issa-be.org – http://www.issa.org • IIA – http://www.iia.be – http://www.iia.org © 2005 Valuendo. All rights reserved. 22 INFORMATION CLASSIFICATION = PUBLIC Marc Vael EEMA Valuendo November 2005 11
  • 12. Auditing IT Compliance Contact information Mr. Marc Vael Managing Director Valuendo Kriebrugstraat 33 1760 Roosdaal Belgium T: +32 5 433 61 93 M: +32 473 99 30 31 M: mvael@valuendo.com mvael@ valuendo.com © 2005 Valuendo. All rights reserved. 23 INFORMATION CLASSIFICATION = PUBLIC Marc Vael EEMA Valuendo November 2005 12