Pré Lançamento: COBIT 5
Uma prévia do Manual COBIT® 5 framework está disponível!
“COBIT 5 fornece um quadro global que auxilia as empresas a atingir os seus objetivos para a governança corporativa e gestão de TI. Simplificando, isso ajuda as empresas a criar valor para a TI, mantendo um equilíbrio entre a realização dos benefícios e otimizando os níveis de risco e utilização de recursos.
Confira as novidades dessa versão em relação à versão anterior:
Veja mais informações em: brunise.com.br
COBIT 4.1 explained. What is COBIT? What is Val IT? How does COBIT assist IT governance and IT auditing? What are the COBIT processes? How does COBIT use Business goals to drive IT goals and in turn IT processes? What COBIT training courses and certificates exist? Dr Geoff Harmer, an accredited COBIT trainer explains in 20 slides
COBIT 4.1 explained. What is COBIT? What is Val IT? How does COBIT assist IT governance and IT auditing? What are the COBIT processes? How does COBIT use Business goals to drive IT goals and in turn IT processes? What COBIT training courses and certificates exist? Dr Geoff Harmer, an accredited COBIT trainer explains in 20 slides
Governance of IT
COBIT Background
COBIT and Other frameworks
COBIT Principles
COBIT Goals
COBIT Objectives
COBIT Components
COBIT Design factors
COBIT Focus areas
COBIT Performance management
Designing and implementing a governance system
COBIT 5 - Principal 3 Applying A Single Integrated FrameworkMohammad Reda Katby
COBIT 5 is a single and integrated framework because: It aligns with other latest relevant standards and frameworks, and thus allows the enterprise to use COBIT 5 as the
overarching governance and management framework integrator
COBIT 5 - Principal 5 Separating Governance From ManagementMohammad Reda Katby
Governance and Management
These two disciplines encompasses different types of
Activities
Requires difference Organizational Structure
Serve different purposes
So, COBIT 5 framework makes a clear distinction between them
COBIT is a good-practice framework created by international professional association ISACA for information technology management and IT governance. COBIT provides an implementable "set of controls over information technology and organizes them around a logical framework of IT-related processes and enablers.”
You can find the full presentation at http://theProjectLeaders.org
Governance of IT
COBIT Background
COBIT and Other frameworks
COBIT Principles
COBIT Goals
COBIT Objectives
COBIT Components
COBIT Design factors
COBIT Focus areas
COBIT Performance management
Designing and implementing a governance system
COBIT 5 - Principal 3 Applying A Single Integrated FrameworkMohammad Reda Katby
COBIT 5 is a single and integrated framework because: It aligns with other latest relevant standards and frameworks, and thus allows the enterprise to use COBIT 5 as the
overarching governance and management framework integrator
COBIT 5 - Principal 5 Separating Governance From ManagementMohammad Reda Katby
Governance and Management
These two disciplines encompasses different types of
Activities
Requires difference Organizational Structure
Serve different purposes
So, COBIT 5 framework makes a clear distinction between them
COBIT is a good-practice framework created by international professional association ISACA for information technology management and IT governance. COBIT provides an implementable "set of controls over information technology and organizes them around a logical framework of IT-related processes and enablers.”
You can find the full presentation at http://theProjectLeaders.org
My Dutch Uncle's social media czar, Spencer Doyle and social media coach Janet Fouts discuss tools and strategies to help you get more done in less time with social media.
Customer Bulletin 0515 A Comparison of ISO ISO-C1 and HT-300Dyplast Products
PURPOSE
This Customer Bulletin is part of a series of white papers aimed at providing our clients, engineers, contractors, fabricators, and friends with objective information on competitive products. Marketing literature on the internet and in printed media address the physical and performance characteristics of competing polyisocyanurate rigid foam insulations fabricated from bunstock. As is often the case, some literature can be misleading and/or in some cases there may not be sufficient information to credibly compare products. This Customer Bulletin provides factual, clarifying information which should allow for an objective comparison of Dyplast’s ISO-C1® with HiTherm’s HT-300 (each 2 lb/ft3 density).
COBIT 5 IT Governance Model: an Introductionaqel aqel
This lecture provides quick and direct insight about Information technologies governance using COBIT 5 framework. COBIT 5 in its fifth edition released by information systems audit and control association (www.isaca.org) in 2012 to supersede the version 4.1 / 2007. It also included ISACA’s VAL-IT model that aimed to manage the financial perspective of IT as well as RISK-IT framework.
The lecture was part of ISACA- Riyadh chapter activities in April 2015 under the sponsorship of Al-Fisal University.
This is a summary of Control Objectives for Information and related Technology audit framework. Anyone can understand COBIT-19 framework within few slides. COBIT was published by ITGI, a nonprofit research entity created by ISACA
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
2. Transition Message
COBIT 4.1, Val IT and Risk IT users who are already
engaged in governance of enterprise IT (GEIT)
implementation activities can transition to COBIT 5
and benefit from the latest and improved guidance
that it provides during the next iterations of their
enterprise’s improvement life cycle.
COBIT 5 builds on previous versions of COBIT (and
Val IT and Risk IT) and so enterprises can also build
on what they have developed using earlier versions.
2
5. Stakeholder Value and Business Objectives (cont.)
Stakeholder needs can be related to a set of generic
enterprise goals.
These enterprise goals have been developed using the
Balanced Scorecard (BSC) dimensions. (Kaplan, Robert S.;
Norton, David P.; The Balanced Scorecard: Translating
Strategy into Action, Harvard University Press, USA, 1996)
The enterprise goals are a list of commonly used goals that
an enterprise has defined for itself.
Although this list is not exhaustive, most enterprise-
specific goals can be easily mapped onto one or more of the
generic enterprise goals.
5
7. Stakeholder Value and Business Objectives (cont.)
The goals cascade is not ‘new’ to COBIT.
It was introduced in COBIT 4.0 in 2005.
Those COBIT users who have applied the thinking to
their enterprises have found value.
BUT not everyone has recognized this value.
The goals cascade supports the COBIT 5 stakeholder
needs principle that is fundamental to COBIT and has
therefore been made prominent early in the COBIT 5
guidance.
The goals cascade has been revisited and updated for the
COBIT 5 release.
7
8. Governance and Management Defined
What sort of framework is COBIT?
An IT audit and control framework?
COBIT (1996) and COBIT 2nd Edition (1998)
Focus on Control Objectives
An IT management framework?
COBIT 3rd Edition (2000)
Management Guidelines added
An IT governance framework?
COBIT 4.0 (2005) and COBIT 4.1 (2007)
Governance and compliance processes added
Assurance processes removed
BUT what is the difference between governance and
management?
8
9. Governance and Management Defined (cont.)
Governance ensures that stakeholder needs, conditions
and options are evaluated to determine balanced, agreed-
on enterprise objectives to be achieved; setting direction
through prioritisation and decision making; and
monitoring performance and compliance against agreed-
on direction and objectives (EDM).
Management plans, builds, runs and monitors
activities in alignment with the direction set by the
governance body to achieve the enterprise objectives
(PBRM).
9
11. Areas of Change
The following slides summarise the major changes in
COBIT 5 content and how they may impact GEIT
implementation/improvement:
1. New GEIT Principles
2. Increased Focus on Enablers
3. New Process Reference Model
4. New and Modified Processes
5. Practices and Activities
6. Goals and Metrics
7. Inputs and Outputs
8. RACI Charts
9. Process Capability Maturity Models and Assessments
11
13. 1. New GEIT Principles (cont.)
Val IT and Risk IT frameworks are principles-based.
Feedback indicated that principles are easy to understand
and put into an enterprise context, allowing value to be
derived from the supporting guidance more effectively.
ISO/IEC 38500 also incorporates principles to underpin
its messages to achieve the same market benefit delivery,
although the principles in this standard and COBIT 5 are
not the same.
13
15. 2. Increased Focus on Enablers (cont.)
Information, infrastructure, applications (services) and
people (people, skills and competencies) were COBIT 4.1
resources.
Principles, policies and frameworks were mentioned in a
few COBIT 4.1 processes.
Processes were central to COBIT 4.1 use.
Organisational structure was implied through the
responsible, accountable, consulted or informed (RACI)
roles and their definitions.
Culture, ethics and behaviour were mentioned in a few
COBIT 4.1 processes.
15
16. 3. New Process Reference Model
COBIT 5 is based on a revised process reference model
with a new governance domain and several new and
modified processes that now cover enterprise activities
end-to-end, i.e., business and IT function areas.
COBIT 5 consolidates COBIT 4.1, Val IT and Risk IT
into one framework, and has been updated to align with
current best practices, e.g., ITIL V3 2011, TOGAF.
The new model can be used as a guide for adjusting as
necessary the enterprise’s own process model (just like
COBIT 4.1).
16
18. 4. New and Modified Processes
COBIT 5 introduces five new governance processes that
have leveraged and improved COBIT 4.1, Val IT and Risk
IT governance approaches.
This guidance:
Helps enterprises to further refine and strengthen
executive management-level GEIT practices and
activities
Supports GEIT integration with existing enterprise
governance practices and is aligned with
ISO/IEC 38500
18
19. 4. New and Modified Processes (cont.)
COBIT 5 has clarified management level processes and
integrated COBIT 4.1, Val IT and Risk IT content into one
process reference model
19
20. 4. New and Modified Processes (cont.)
There are several new and modified processes that reflect
current thinking, in particular:
APO03 Manage enterprise architecture.
APO04 Manage innovation.
APO05 Manage portfolio.
APO06 Manage budget and costs.
APO08 Manage relationships.
APO13 Manage security.
BAI05 Manage organisational change enablement.
BAI08 Manage knowledge.
BAI09 Manage assets.
DSS05 Manage security service.
DSS06 Manage business process controls.
20
21. 4. New and Modified Processes (cont.)
COBIT 5 processes now cover end-to-end business and
IT activities, i.e., a full enterprise-level view.
This provides for a more holistic and complete coverage
of practices reflecting the pervasive enterprisewide
nature of IT use.
It makes the involvement, responsibilities and
accountabilities of business stakeholders in the use of IT
more explicit and transparent.
21
22. 5. Practices and Activities
The COBIT 5 governance or management practices are
equivalent to the COBIT 4.1 control objectives and Val IT
and Risk IT processes.
www.isaca.org/Journal/Past-
Issues/2011/Volume-4/Pages/Where-Have-All-the-Control-
Objectives-Gone.aspx
The COBIT 5 activities are equivalent to the COBIT 4.1
control practices and Val IT and Risk IT management
practices.
COBIT 5 integrates and updates all of the previous
content into the one new model, making it easier for users
to understand and use this material when implementing
improvements.
22
23. 6. Goals and Metrics
COBIT 5 follows the same goal and metric concepts as
COBIT 4.1, Val IT and Risk IT, but these are renamed
enterprise goals, IT-related goals and process goals
reflecting an enterprise level view.
COBIT 5 provides a revised goals cascade based on
enterprise goals driving IT-related goals and then
supported by critical processes.
COBIT 5 provides examples of goals and metrics at the
enterprise, process and management practice levels. This
is a change to COBIT 4.1, Val IT and Risk IT, which went
down one level lower.
23
24. 7. Inputs and Outputs
COBIT 5 provides inputs and outputs for every
management practice, whereas COBIT 4.1 only
provided these at the process level.
This provides additional detailed guidance for designing
processes to include essential work products and to
assist with interprocess integration.
24
25. 8. RACI Charts
COBIT 5 provides RACI charts describing roles and
responsibilities in a similar way to COBIT 4.1, Val IT
and Risk IT.
COBIT 5 provides a more complete, detailed and clearer
range of generic business and IT role players and charts
than COBIT 4.1 for each management practice, enabling
better definition of role player responsibilities or level of
involvement when designing and implementing
processes.
25
27. 9. Process Capability Models and
Assessments
COBIT 5 discontinues the COBIT 4.1, Val IT and Risk IT
CMM-based capability maturity modelling approach.
COBIT 5 will be supported by a new process capability
assessment approach based on ISO/IEC 15504, and the
COBIT Assessment Programme has already been
established for COBIT 4.1 as an alternative to the CMM
approach.
www.isaca.org/Knowledge-Center/cobit/Pages/COBIT-
Assessment-Programme.aspx
The COBIT 4.1, Val IT and Risk IT CMM-based
approaches are not considered compatible with the
ISO/IEC 15504 approach because the methods use
different attributes and measurement scales.
27
29. 9. Process Capability Models and
Assessments (cont.)
The COBIT Assessment Programme approach is
considered by ISACA to be more robust, reliable and
repeatable as a process capability assessment method.
The COBIT Assessment Programme supports:
Formal assessments by accredited assessors (assessor
training is being developed)
Less rigorous self-assessments for internal gap analysis
and process improvement planning
The COBIT Assessment Programme, in the future, will
also potentially enable an enterprise to obtain an
independent and certified assessments aligned to the
ISO/IEC standard.
29
30. 9. Process Capability Models and
Assessments (cont.)
What materials support the COBIT Assessment Programme
approach?
COBIT Process Assessment Model (PAM): Using COBIT 4.1
—Serves as a base reference document for the performance of a
capability assessment of an organisation’s current IT processes
against COBIT 4.1
COBIT Assessor Guide: Using COBIT 4.1—Provides details
on how to undertake a full ISO-compliant assessment
COBIT Self-assessment Guide: Using COBIT 4.1—Provides
guidance on how to perform a basic self-assessment of an
organisation’s current IT process capability levels against
COBIT 4.1 processes
The above materials exist to support COBIT 4.1-based
assessments now; versions will be produced to support COBIT 5-
based assessments.
30
31. 9. Process Capability Models and
Assessments (cont.)
COBIT 4.1, Val IT and Risk IT users wishing to move to
the new COBIT Assessment Programme approach will
need to realign their previous ratings, adopt and learn the
new method, and initiate a new set of assessments in
order to gain the benefits of the new approach.
Although some of the information gathered from
previous assessments may be reusable, care will be
needed in migrating this information forward because
there are significant differences in requirements.
31
32. 9. Process Capability Models and
Assessments (cont.)
COBIT 4.1, Val IT and Risk IT users wishing to
continue with the CMM-based approach, either as an
interim or ongoing approach, can use the COBIT 5
guidance, but must use the COBIT 4.1 generic attribute
table without the high-level maturity models.
32