SlideShare a Scribd company logo

Secure Software Development – COBIT5 Perspective

SPIN Chennai
SPIN Chennai

This presentation elucidates Secure Software Development based on COBIT 5, an IT governance framework and supporting tool set which emphasizes regulatory compliance, helps organizations to increase the value attained from IT, enables alignment and simplifies implementation of the COBIT framework.

Business
1 of 25
Download to read offline
Secure Software Development – COBIT 5 Perspective Kewyn Walter George Management Consulting 29th June 2013
© [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 1 COBIT - A brief Introduction •COBIT is an IT governance framework and supporting tool set that allows managers to bridge the gap between control requirements, technical issues and business risk. •COBIT enables clear policy development and good practice for IT control throughout organizations. •COBIT emphasizes regulatory compliance, helps organizations to increase the value attained from IT, enables alignment and simplifies implementation of the COBIT framework.
© [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 2 COBIT Framework Evolution Governance of Enterprise IT COBIT 5 IT Governance COBIT4.0/4.1 Management COBIT3 Control COBIT2 Audit COBIT1 2005/720001998 Evolutionofscope 1996 2012 Val IT 2.0 (2008) Risk IT (2009) An business framework from ISACA, at www.isaca.org/cobit © 2012 ISACA® All rights reserved. From Audit (COBIT1)  Governance of Enterprise IT (COBIT5)
© [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 3 COBIT 5: The latest version •COBIT 5 is a major strategic improvement providing the next generation of ISACA guidance on the governance and management of enterprise information technology (IT) assets. •Building on more than 15 years of practical application, ISACA designed COBIT 5 to meet the needs of stakeholders, and to align with current thinking on enterprise governance and management techniques as they relate to IT. •It focuses on the dual aspects of Governance as well as Management of Enterprise IT Source : ISACA.org Copyright@ISACA
© [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 4 COBIT 5 : Principles & Enablers Based on 5 Principles and 7 Enablers Source : ISACA.org Copyright@ISACA
© [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 5 COBIT 5: Overall Architecture COBIT 5 Family of Products COBIT 5 Enterprise Enablers Source: COBIT® 5, figure 12. © 2012 ISACA® All rights reserved. Source: COBIT® 5, figure 11. © 2012 ISACA® All rights reserved. Source : ISACA.org Copyright@ISACA
© [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 6 COBIT 5: Importance on Life Cycle Management & Governance Source : ISACA.org Copyright@ISACA
© [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 7 COBIT 5: Enabling Processes: Source : ISACA.org Copyright@ISACA
© [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 8 Importance of Secured Software Development: • The use of internet & network systems has become all pervasive increasing the risk for data integrity during software development. • Secured software development reduces software maintenance cost and increases software reliability. • Secured software development reduces a significant number of security flaws. •Such security flaws if detected at later stages of software development may require the total overhaul of the entire software architecture.
© [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 9 Secured Software Development: Common Pitfalls: •Organizations focus on software application and information security only after their development. •Organizations conduct security audits only after development and before deployment. •There is lack of awareness on information security norms to be followed during the Software Development Lifecycle. •Organizations spend more time on reacting to security issues after software development than proactively eliminating issues before the software development is completed.
© [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 10 How COBIT 5 addresses these pitfalls: COBIT5 emphasizes on the following key areas to addresses the common issues related to information security and software development: • Awareness & Training • Assessment & Audit • Development & Quality Assurance • Compliance • Response Management • Metrics & Accountability • Operational Security The following sections detail how COBIT5 includes Information Security and Software Development into its processes
© [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 11 COBIT 5 –Information Security & Secure Software Development: •COBIT 5 has also taken the valuable holistic, interrelated component model approach from the Business Model for Information Security (BMIS) work and incorporated it into the framework components Source : ISACA.org Copyright@ISACA
© [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 12 Business Model for Information Security (BMIS) • A holistic and business-oriented approach to managing information security, and a common language for information security and business management to talk about information protection • BMIS challenges conventional thinking and enables you to creatively re-evaluate your information security investment • The Business Model for Information Security, provides an in-depth explanation to a holistic business model which examines security issues from a systems perspective. Source : ISACA.org Copyright@ISACA
© [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 13 COBIT 5 Integrates BMIS Components • Several of the BMIS components are now integrated within COBIT 5 as interacting enablers that support the enterprise in achieving its business goals and create stakeholder value: • Organization • Process • People • Human Factors • Technology • Culture Source : ISACA.org Copyright@ISACA
© [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 14 COBIT 5 Integrates BMIS Components • The remaining BMIS components are actually related the larger aspects of the COBIT 5 framework: • Governing—The dimensions of governance activities (evaluate, direct, monitor—ISO/IEC 38500) are addressed at the enterprise level in the COBIT 5 framework • Architecture (including a process model) —COBIT 5 includes the need to address enterprise architecture aspects to link organization and technology effectively • Emergence—The holistic and integrated nature of the COBIT 5 enablers supports enterprise in adapting to changes in both stakeholder needs and enabler capabilities as necessary Source : ISACA.org Copyright@ISACA
© [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 15 COBIT 5 Product Family—Includes Guides on Information Security Member Source : ISACA.org Copyright@ISACA
© [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 16 COBIT 5 for Information Security: •COBIT 5 for Information Security builds on the COBIT 5 framework in that it focuses on information security and provides more detailed and more practical guidance for information security professionals and other interested parties at all levels of the enterprise. Source : ISACA.org Copyright@ISACA
© [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 17 Implementing Information Security using COBIT 5 Enablers •COBIT 5 defines a set of enablers to support the implementation of a comprehensive governance and management system for enterprise IT and information. Enablers are factors that, individually and collectively, influence whether something will work—in this case, governance and management over enterprise IT and, related to that, information security governance. •Enablers are driven by the goals cascade, i.e., higher level IT- related goals define what the different enablers should achieve. Source : ISACA.org Copyright@ISACA
© [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 18 Implementing Information Security using COBIT 5 Enablers The Enablers contain detailed guidance on Information Security norms to be followed in daily processes. The following shows the example with the enabler – Culture, ethics & behaviour Source : ISACA.org Copyright@ISACA
© [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 19 COBIT 5 Processes: Tailored for Information Security & Software Development: Source : ISACA.org Copyright@ISACA
© [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 20 COBIT 5 Processes: Tailored for Information Security & Software Development: (An example) •COBIT 5 addresses information security specifically: •The focus on information security management system (ISMS) in the align, plan and organize (APO) management domain, APO13 Manage security, establishes the prominence of information security within the COBIT 5 process framework. •This process highlights the need for enterprise management to plan and establish an appropriate ISMS to support the information security governance principles and security- impacted business objectives resulting from the evaluate, direct and monitor (EDM) governance domain. Source : ISACA.org Copyright@ISACA
© [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 21 Secured Software Development: Benefits of Implementing COBIT 5 • Through its IT related processes, COBIT 5 emphasizes on ‘Monitor, Evaluate and Assess’ at every stage of software development. •This ensures a significant reduction in costs due to after development security related bug fixes. • Through enablers focused on culture, ethics and behaviour, COBIT 5 ensures that the principles related to information security are imbibed into the daily processes. • Application vulnerability to external information related threats is reduced at every developmental step. Source : ISACA.org Copyright@ISACA
© [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 22 Secured Software Development: Benefits of Implementing COBIT 5 • Through process optimization and early bug and security flaw detection COBIT 5 helps organizations reduce development time and achieve the fastest schedule for software development.
© [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 23 Accredited COBIT 5 Foundation Course by KPMG Course Overview: COBIT 5 is the only business framework for the governance and management of enterprise IT. This evolutionary version incorporates the latest thinking in enterprise governance and management techniques, and provides globally accepted principles, practices, analytical tools and models to help increase the trust in, and value from, information systems. COBIT 5 builds and expands on COBIT 4.1 by integrating other major frameworks, standards and resources, including ISACA’s Val IT and Risk IT, Information Technology Infrastructure Library (ITIL®) and related standards from the International Organization for Standardization (ISO). Course trainer: The trainers are accredited by APMG , who have in-depth experience in COBIT 5 consulting and conducted more than 25 COBIT workshops Duration : 2 Service days Course Fee : INR 22,900 ( Trainer charges ,Training Material , Exam and certification cost) + Service Tax ( 10% - 15% Discount for SPIN and ISACA Members) Course Contents: Enablers 1. Principles, policies and frameworks 2. Processes 3. Organizational structures. 4. Culture, ethics and behavior 5. Information 6. Services, infrastructure and applications 7. People, skills and competencies 5 Principles Principle 1: Meeting Stakeholder Needs Principle 2: Covering the Enterprise End-to- End Principle 3: Applying a Single, Integrated Framework Principle 4: Enabling a Holistic Approach Principle 5: Separating Governance From Management
© 2013 KPMG, an Indian Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name, logo and ‘cutting through complexity’ are registered trademarks or trademarks of KPMG International Cooperative (KPMG International). Thank you Kewyn Walter George KPMG Management Consulting Email: kewyn@kpmg.com Phone: 97890 11128

Recommended

COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise ITCOBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
Mark Constable
 
Introduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT managementIntroduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT management
Christian F. Nissen
 
Governança de TI
Governança de TIGovernança de TI
Governança de TI
Rildo (@rildosan) Santos
 
IT Governance Framework
IT Governance FrameworkIT Governance Framework
IT Governance Framework
Sherri Booher
 
Gestão por processos
Gestão por processosGestão por processos
Gestão por processostoni984
 
IT Governance
IT GovernanceIT Governance
IT Governance
Carlos Chalico
 
IT Governance - COBIT Perspective
IT Governance - COBIT PerspectiveIT Governance - COBIT Perspective
IT Governance - COBIT Perspective
Sayyed Zakir Ali Rizwe
 
Introduction to ITIL 4 and IT service management
Introduction to ITIL 4 and IT service managementIntroduction to ITIL 4 and IT service management
Introduction to ITIL 4 and IT service management
Christian F. Nissen
 

Recommended

COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise ITCOBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
Mark Constable
 
Introduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT managementIntroduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT management
Christian F. Nissen
 
Governança de TI
Governança de TIGovernança de TI
Governança de TI
Rildo (@rildosan) Santos
 
IT Governance Framework
IT Governance FrameworkIT Governance Framework
IT Governance Framework
Sherri Booher
 
Gestão por processos
Gestão por processosGestão por processos
Gestão por processostoni984
 
IT Governance
IT GovernanceIT Governance
IT Governance
Carlos Chalico
 
IT Governance - COBIT Perspective
IT Governance - COBIT PerspectiveIT Governance - COBIT Perspective
IT Governance - COBIT Perspective
Sayyed Zakir Ali Rizwe
 
Introduction to ITIL 4 and IT service management
Introduction to ITIL 4 and IT service managementIntroduction to ITIL 4 and IT service management
Introduction to ITIL 4 and IT service management
Christian F. Nissen
 
How to SRE when you have no SRE
How to SRE when you have no SREHow to SRE when you have no SRE
How to SRE when you have no SRE
Squadcast Inc
 
Introduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementIntroduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT management
Christian F. Nissen
 
COBIT 5 IT Governance Model: an Introduction
COBIT 5 IT Governance Model: an IntroductionCOBIT 5 IT Governance Model: an Introduction
COBIT 5 IT Governance Model: an Introduction
aqel aqel
 
cobit 2019 presentation.pdf
cobit 2019 presentation.pdfcobit 2019 presentation.pdf
cobit 2019 presentation.pdf
mohammed539963
 
SRE 101
SRE 101SRE 101
SRE 101
Diego Pacheco
 
ITIL,COBIT and IT4IT Mapping
ITIL,COBIT and IT4IT MappingITIL,COBIT and IT4IT Mapping
ITIL,COBIT and IT4IT Mapping
Rob Akershoek
 
Cobit 2019 framework by ISACA
Cobit 2019 framework by ISACACobit 2019 framework by ISACA
Cobit 2019 framework by ISACA
MDFazlaRabbiAbir
 
Cobit 2019 foundation study material
Cobit 2019 foundation study materialCobit 2019 foundation study material
Cobit 2019 foundation study material
Anees Shaikh
 
Qap cobit2019-20181111
Qap cobit2019-20181111Qap cobit2019-20181111
Qap cobit2019-20181111
Patrick Soenen
 
IT Risk Management
IT Risk ManagementIT Risk Management
IT Risk Management
Tudor Damian
 
COBIT 2019 - DIGITAL TRUST FRAMEWORK
COBIT 2019 - DIGITAL TRUST FRAMEWORKCOBIT 2019 - DIGITAL TRUST FRAMEWORK
COBIT 2019 - DIGITAL TRUST FRAMEWORK
Maganathin Veeraragaloo
 
ITIL 4 - Make sense of what BA, UI/UX Designer, Coder, QA, PM and DevOps do
ITIL 4 - Make sense of what BA, UI/UX Designer, Coder, QA, PM and DevOps doITIL 4 - Make sense of what BA, UI/UX Designer, Coder, QA, PM and DevOps do
ITIL 4 - Make sense of what BA, UI/UX Designer, Coder, QA, PM and DevOps do
CliffordEgbomeade
 
ITIL v3 vs v4
ITIL v3 vs v4ITIL v3 vs v4
ITIL v3 vs v4
BITIL.COM
 
COBIT® Presentation Package.ppt
COBIT® Presentation Package.pptCOBIT® Presentation Package.ppt
COBIT® Presentation Package.ppt
Emmacuet
 
ITIL 4
ITIL 4ITIL 4
ITIL 4
CompanyWeb
 
COBIT 5 as an IT Management Best Practices Framework - by Goh Boon Nam
COBIT 5 as an IT Management Best Practices Framework - by Goh Boon NamCOBIT 5 as an IT Management Best Practices Framework - by Goh Boon Nam
COBIT 5 as an IT Management Best Practices Framework - by Goh Boon NamNUS-ISS
 
Auditing application controls
Auditing application controlsAuditing application controls
Auditing application controls
CenapSerdarolu
 
What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance
BOC Group
 
Role with IT(IL) - V3 Roles and Responsibilities - ITSM Academy Webinar
Role with IT(IL) - V3 Roles and Responsibilities - ITSM Academy WebinarRole with IT(IL) - V3 Roles and Responsibilities - ITSM Academy Webinar
Role with IT(IL) - V3 Roles and Responsibilities - ITSM Academy Webinar
ITSM Academy, Inc.
 
Introduction to COBIT 2019 Certification and Training
Introduction to COBIT 2019 Certification and TrainingIntroduction to COBIT 2019 Certification and Training
Introduction to COBIT 2019 Certification and Training
Mark Edmead
 
Cobit5 introduction
Cobit5 introductionCobit5 introduction
Cobit5 introduction
suhaskokate
 
Cobit 5 introduction plgr
Cobit 5 introduction plgrCobit 5 introduction plgr
Cobit 5 introduction plgr
Pedro Garcia Repetto
 

More Related Content

What's hot

How to SRE when you have no SRE
How to SRE when you have no SREHow to SRE when you have no SRE
How to SRE when you have no SRE
Squadcast Inc
 
Introduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementIntroduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT management
Christian F. Nissen
 
COBIT 5 IT Governance Model: an Introduction
COBIT 5 IT Governance Model: an IntroductionCOBIT 5 IT Governance Model: an Introduction
COBIT 5 IT Governance Model: an Introduction
aqel aqel
 
cobit 2019 presentation.pdf
cobit 2019 presentation.pdfcobit 2019 presentation.pdf
cobit 2019 presentation.pdf
mohammed539963
 
SRE 101
SRE 101SRE 101
SRE 101
Diego Pacheco
 
ITIL,COBIT and IT4IT Mapping
ITIL,COBIT and IT4IT MappingITIL,COBIT and IT4IT Mapping
ITIL,COBIT and IT4IT Mapping
Rob Akershoek
 
Cobit 2019 framework by ISACA
Cobit 2019 framework by ISACACobit 2019 framework by ISACA
Cobit 2019 framework by ISACA
MDFazlaRabbiAbir
 
Cobit 2019 foundation study material
Cobit 2019 foundation study materialCobit 2019 foundation study material
Cobit 2019 foundation study material
Anees Shaikh
 
Qap cobit2019-20181111
Qap cobit2019-20181111Qap cobit2019-20181111
Qap cobit2019-20181111
Patrick Soenen
 
IT Risk Management
IT Risk ManagementIT Risk Management
IT Risk Management
Tudor Damian
 
COBIT 2019 - DIGITAL TRUST FRAMEWORK
COBIT 2019 - DIGITAL TRUST FRAMEWORKCOBIT 2019 - DIGITAL TRUST FRAMEWORK
COBIT 2019 - DIGITAL TRUST FRAMEWORK
Maganathin Veeraragaloo
 
ITIL 4 - Make sense of what BA, UI/UX Designer, Coder, QA, PM and DevOps do
ITIL 4 - Make sense of what BA, UI/UX Designer, Coder, QA, PM and DevOps doITIL 4 - Make sense of what BA, UI/UX Designer, Coder, QA, PM and DevOps do
ITIL 4 - Make sense of what BA, UI/UX Designer, Coder, QA, PM and DevOps do
CliffordEgbomeade
 
ITIL v3 vs v4
ITIL v3 vs v4ITIL v3 vs v4
ITIL v3 vs v4
BITIL.COM
 
COBIT® Presentation Package.ppt
COBIT® Presentation Package.pptCOBIT® Presentation Package.ppt
COBIT® Presentation Package.ppt
Emmacuet
 
ITIL 4
ITIL 4ITIL 4
ITIL 4
CompanyWeb
 
COBIT 5 as an IT Management Best Practices Framework - by Goh Boon Nam
COBIT 5 as an IT Management Best Practices Framework - by Goh Boon NamCOBIT 5 as an IT Management Best Practices Framework - by Goh Boon Nam
COBIT 5 as an IT Management Best Practices Framework - by Goh Boon NamNUS-ISS
 
Auditing application controls
Auditing application controlsAuditing application controls
Auditing application controls
CenapSerdarolu
 
What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance
BOC Group
 
Role with IT(IL) - V3 Roles and Responsibilities - ITSM Academy Webinar
Role with IT(IL) - V3 Roles and Responsibilities - ITSM Academy WebinarRole with IT(IL) - V3 Roles and Responsibilities - ITSM Academy Webinar
Role with IT(IL) - V3 Roles and Responsibilities - ITSM Academy Webinar
ITSM Academy, Inc.
 
Introduction to COBIT 2019 Certification and Training
Introduction to COBIT 2019 Certification and TrainingIntroduction to COBIT 2019 Certification and Training
Introduction to COBIT 2019 Certification and Training
Mark Edmead
 

What's hot (20)

How to SRE when you have no SRE
How to SRE when you have no SREHow to SRE when you have no SRE
How to SRE when you have no SRE
 
Introduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementIntroduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT management
 
COBIT 5 IT Governance Model: an Introduction
COBIT 5 IT Governance Model: an IntroductionCOBIT 5 IT Governance Model: an Introduction
COBIT 5 IT Governance Model: an Introduction
 
cobit 2019 presentation.pdf
cobit 2019 presentation.pdfcobit 2019 presentation.pdf
cobit 2019 presentation.pdf
 
SRE 101
SRE 101SRE 101
SRE 101
 
ITIL,COBIT and IT4IT Mapping
ITIL,COBIT and IT4IT MappingITIL,COBIT and IT4IT Mapping
ITIL,COBIT and IT4IT Mapping
 
Cobit 2019 framework by ISACA
Cobit 2019 framework by ISACACobit 2019 framework by ISACA
Cobit 2019 framework by ISACA
 
Cobit 2019 foundation study material
Cobit 2019 foundation study materialCobit 2019 foundation study material
Cobit 2019 foundation study material
 
Qap cobit2019-20181111
Qap cobit2019-20181111Qap cobit2019-20181111
Qap cobit2019-20181111
 
IT Risk Management
IT Risk ManagementIT Risk Management
IT Risk Management
 
COBIT 2019 - DIGITAL TRUST FRAMEWORK
COBIT 2019 - DIGITAL TRUST FRAMEWORKCOBIT 2019 - DIGITAL TRUST FRAMEWORK
COBIT 2019 - DIGITAL TRUST FRAMEWORK
 
ITIL 4 - Make sense of what BA, UI/UX Designer, Coder, QA, PM and DevOps do
ITIL 4 - Make sense of what BA, UI/UX Designer, Coder, QA, PM and DevOps doITIL 4 - Make sense of what BA, UI/UX Designer, Coder, QA, PM and DevOps do
ITIL 4 - Make sense of what BA, UI/UX Designer, Coder, QA, PM and DevOps do
 
ITIL v3 vs v4
ITIL v3 vs v4ITIL v3 vs v4
ITIL v3 vs v4
 
COBIT® Presentation Package.ppt
COBIT® Presentation Package.pptCOBIT® Presentation Package.ppt
COBIT® Presentation Package.ppt
 
ITIL 4
ITIL 4ITIL 4
ITIL 4
 
COBIT 5 as an IT Management Best Practices Framework - by Goh Boon Nam
COBIT 5 as an IT Management Best Practices Framework - by Goh Boon NamCOBIT 5 as an IT Management Best Practices Framework - by Goh Boon Nam
COBIT 5 as an IT Management Best Practices Framework - by Goh Boon Nam
 
Auditing application controls
Auditing application controlsAuditing application controls
Auditing application controls
 
What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance
 
Role with IT(IL) - V3 Roles and Responsibilities - ITSM Academy Webinar
Role with IT(IL) - V3 Roles and Responsibilities - ITSM Academy WebinarRole with IT(IL) - V3 Roles and Responsibilities - ITSM Academy Webinar
Role with IT(IL) - V3 Roles and Responsibilities - ITSM Academy Webinar
 
Introduction to COBIT 2019 Certification and Training
Introduction to COBIT 2019 Certification and TrainingIntroduction to COBIT 2019 Certification and Training
Introduction to COBIT 2019 Certification and Training
 

Similar to Secure Software Development – COBIT5 Perspective

Cobit5 introduction
Cobit5 introductionCobit5 introduction
Cobit5 introduction
suhaskokate
 
Cobit 5 introduction plgr
Cobit 5 introduction plgrCobit 5 introduction plgr
Cobit 5 introduction plgr
Pedro Garcia Repetto
 
PPT-UEU-Topik-dalam-IT-Resources-Management-13.pptx
PPT-UEU-Topik-dalam-IT-Resources-Management-13.pptxPPT-UEU-Topik-dalam-IT-Resources-Management-13.pptx
PPT-UEU-Topik-dalam-IT-Resources-Management-13.pptx
ssuserd1791e
 
02-cobit5-introduction.ppt
02-cobit5-introduction.ppt02-cobit5-introduction.ppt
02-cobit5-introduction.ppt
ElonMotta
 
COBIT5 Introduction
COBIT5 IntroductionCOBIT5 Introduction
COBIT5 Introduction
Mohammad Reda Katby
 
Cobit5 introduction
Cobit5 introductionCobit5 introduction
Cobit5 introduction
Markus Yaldu
 
CobiT Foundation Free Training
CobiT Foundation Free TrainingCobiT Foundation Free Training
CobiT Foundation Free Training
EnterpriseGRC Solutions, Inc.
 
Cobit 5 for information security
Cobit 5 for information securityCobit 5 for information security
Cobit 5 for information security
Elkanouni Mohamed
 
02. cobit5 introduction
02. cobit5 introduction02. cobit5 introduction
02. cobit5 introductionMulyadi Yusuf
 
Cobi t 4.1-brochure
Cobi t 4.1-brochureCobi t 4.1-brochure
Cobi t 4.1-brochure
Deloitte
 
Business and ITSM on the same page at last! ITIL, TOGAF and COBIT working to...
Business and ITSM on the same page at last! ITIL, TOGAF and COBIT working to...Business and ITSM on the same page at last! ITIL, TOGAF and COBIT working to...
Business and ITSM on the same page at last! ITIL, TOGAF and COBIT working to...
CTE Solutions Inc.
 
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB
 
COBIT 5 Basic Concepts
COBIT 5 Basic ConceptsCOBIT 5 Basic Concepts
COBIT 5 Basic Concepts
Spyros Ktenas
 
Continuous Delivery in the Enterprise
Continuous Delivery in the EnterpriseContinuous Delivery in the Enterprise
Continuous Delivery in the Enterprise
IBM UrbanCode Products
 
COBIT 2019 Overview_v1.1.pdf
COBIT 2019 Overview_v1.1.pdfCOBIT 2019 Overview_v1.1.pdf
COBIT 2019 Overview_v1.1.pdf
MartinPatrici
 
zSecurity_L9_Standards and Policies.ppt
zSecurity_L9_Standards and Policies.pptzSecurity_L9_Standards and Policies.ppt
zSecurity_L9_Standards and Policies.ppt
ssuser45a8a6
 

Similar to Secure Software Development – COBIT5 Perspective (20)

Cobit5 introduction
Cobit5 introductionCobit5 introduction
Cobit5 introduction
 
Cobit 5 introduction plgr
Cobit 5 introduction plgrCobit 5 introduction plgr
Cobit 5 introduction plgr
 
PPT-UEU-Topik-dalam-IT-Resources-Management-13.pptx
PPT-UEU-Topik-dalam-IT-Resources-Management-13.pptxPPT-UEU-Topik-dalam-IT-Resources-Management-13.pptx
PPT-UEU-Topik-dalam-IT-Resources-Management-13.pptx
 
02-cobit5-introduction.ppt
02-cobit5-introduction.ppt02-cobit5-introduction.ppt
02-cobit5-introduction.ppt
 
COBIT5 Introduction
COBIT5 IntroductionCOBIT5 Introduction
COBIT5 Introduction
 
COBIT5-IntroductionS
COBIT5-IntroductionSCOBIT5-IntroductionS
COBIT5-IntroductionS
 
Cobit5 introduction
Cobit5 introductionCobit5 introduction
Cobit5 introduction
 
CobiT Foundation Free Training
CobiT Foundation Free TrainingCobiT Foundation Free Training
CobiT Foundation Free Training
 
Cobit 5 for information security
Cobit 5 for information securityCobit 5 for information security
Cobit 5 for information security
 
02. cobit5 introduction
02. cobit5 introduction02. cobit5 introduction
02. cobit5 introduction
 
Cobit5 and-grc
Cobit5 and-grcCobit5 and-grc
Cobit5 and-grc
 
Cobi t 4.1-brochure
Cobi t 4.1-brochureCobi t 4.1-brochure
Cobi t 4.1-brochure
 
Business and ITSM on the same page at last! ITIL, TOGAF and COBIT working to...
Business and ITSM on the same page at last! ITIL, TOGAF and COBIT working to...Business and ITSM on the same page at last! ITIL, TOGAF and COBIT working to...
Business and ITSM on the same page at last! ITIL, TOGAF and COBIT working to...
 
Cobit5 introduction
Cobit5 introductionCobit5 introduction
Cobit5 introduction
 
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
 
01 intro-cobit
01 intro-cobit01 intro-cobit
01 intro-cobit
 
COBIT 5 Basic Concepts
COBIT 5 Basic ConceptsCOBIT 5 Basic Concepts
COBIT 5 Basic Concepts
 
Continuous Delivery in the Enterprise
Continuous Delivery in the EnterpriseContinuous Delivery in the Enterprise
Continuous Delivery in the Enterprise
 
COBIT 2019 Overview_v1.1.pdf
COBIT 2019 Overview_v1.1.pdfCOBIT 2019 Overview_v1.1.pdf
COBIT 2019 Overview_v1.1.pdf
 
zSecurity_L9_Standards and Policies.ppt
zSecurity_L9_Standards and Policies.pptzSecurity_L9_Standards and Policies.ppt
zSecurity_L9_Standards and Policies.ppt
 

More from SPIN Chennai

Suresh spincon chennai 2019 saa s nation - india's trillion dollar opportu...
Suresh spincon chennai 2019 saa s nation - india's trillion dollar opportu...Suresh spincon chennai 2019 saa s nation - india's trillion dollar opportu...
Suresh spincon chennai 2019 saa s nation - india's trillion dollar opportu...
SPIN Chennai
 
Cast cloud april_2019
Cast cloud april_2019Cast cloud april_2019
Cast cloud april_2019
SPIN Chennai
 
Chandra mouli health care automaton apr 2019
Chandra mouli health care automaton apr 2019Chandra mouli health care automaton apr 2019
Chandra mouli health care automaton apr 2019
SPIN Chennai
 
Swami ibm deck
Swami ibm deckSwami ibm deck
Swami ibm deck
SPIN Chennai
 
Automation 360 meera seshadri
Automation 360 meera seshadriAutomation 360 meera seshadri
Automation 360 meera seshadri
SPIN Chennai
 
Infosys agile scale_hyper_prod_platforms
Infosys agile scale_hyper_prod_platformsInfosys agile scale_hyper_prod_platforms
Infosys agile scale_hyper_prod_platforms
SPIN Chennai
 
Bill curtis Beyond process - a challenge for SEPGs
Bill curtis Beyond process - a challenge for SEPGsBill curtis Beyond process - a challenge for SEPGs
Bill curtis Beyond process - a challenge for SEPGs
SPIN Chennai
 
GDPR Demystified
GDPR DemystifiedGDPR Demystified
GDPR Demystified
SPIN Chennai
 
Industry 4.0
Industry 4.0Industry 4.0
Industry 4.0
SPIN Chennai
 
Cloud computing and innovations
Cloud computing and innovationsCloud computing and innovations
Cloud computing and innovations
SPIN Chennai
 
Transforming learning into an experience
Transforming learning into an experienceTransforming learning into an experience
Transforming learning into an experience
SPIN Chennai
 
Centre for Innovation - IIT Madras
Centre for Innovation - IIT MadrasCentre for Innovation - IIT Madras
Centre for Innovation - IIT Madras
SPIN Chennai
 
Consistent quality in the era of constant change
Consistent quality in the era of constant changeConsistent quality in the era of constant change
Consistent quality in the era of constant change
SPIN Chennai
 
Quality in the new delivery paradigm
Quality in the new delivery paradigmQuality in the new delivery paradigm
Quality in the new delivery paradigm
SPIN Chennai
 
Tortoise and Hare
Tortoise and HareTortoise and Hare
Tortoise and Hare
SPIN Chennai
 
bimodal it - kumar
bimodal it - kumarbimodal it - kumar
bimodal it - kumar
SPIN Chennai
 
Simple approach to roadmap in the cloud
Simple approach to roadmap in the cloudSimple approach to roadmap in the cloud
Simple approach to roadmap in the cloud
SPIN Chennai
 
IT past present and promosed land
IT past present and promosed landIT past present and promosed land
IT past present and promosed land
SPIN Chennai
 
Trends and innovation in Fintech
Trends and innovation in FintechTrends and innovation in Fintech
Trends and innovation in Fintech
SPIN Chennai
 
Role of CIO in Automation
Role of CIO in AutomationRole of CIO in Automation
Role of CIO in Automation
SPIN Chennai
 

More from SPIN Chennai (20)

Suresh spincon chennai 2019 saa s nation - india's trillion dollar opportu...
Suresh spincon chennai 2019 saa s nation - india's trillion dollar opportu...Suresh spincon chennai 2019 saa s nation - india's trillion dollar opportu...
Suresh spincon chennai 2019 saa s nation - india's trillion dollar opportu...
 
Cast cloud april_2019
Cast cloud april_2019Cast cloud april_2019
Cast cloud april_2019
 
Chandra mouli health care automaton apr 2019
Chandra mouli health care automaton apr 2019Chandra mouli health care automaton apr 2019
Chandra mouli health care automaton apr 2019
 
Swami ibm deck
Swami ibm deckSwami ibm deck
Swami ibm deck
 
Automation 360 meera seshadri
Automation 360 meera seshadriAutomation 360 meera seshadri
Automation 360 meera seshadri
 
Infosys agile scale_hyper_prod_platforms
Infosys agile scale_hyper_prod_platformsInfosys agile scale_hyper_prod_platforms
Infosys agile scale_hyper_prod_platforms
 
Bill curtis Beyond process - a challenge for SEPGs
Bill curtis Beyond process - a challenge for SEPGsBill curtis Beyond process - a challenge for SEPGs
Bill curtis Beyond process - a challenge for SEPGs
 
GDPR Demystified
GDPR DemystifiedGDPR Demystified
GDPR Demystified
 
Industry 4.0
Industry 4.0Industry 4.0
Industry 4.0
 
Cloud computing and innovations
Cloud computing and innovationsCloud computing and innovations
Cloud computing and innovations
 
Transforming learning into an experience
Transforming learning into an experienceTransforming learning into an experience
Transforming learning into an experience
 
Centre for Innovation - IIT Madras
Centre for Innovation - IIT MadrasCentre for Innovation - IIT Madras
Centre for Innovation - IIT Madras
 
Consistent quality in the era of constant change
Consistent quality in the era of constant changeConsistent quality in the era of constant change
Consistent quality in the era of constant change
 
Quality in the new delivery paradigm
Quality in the new delivery paradigmQuality in the new delivery paradigm
Quality in the new delivery paradigm
 
Tortoise and Hare
Tortoise and HareTortoise and Hare
Tortoise and Hare
 
bimodal it - kumar
bimodal it - kumarbimodal it - kumar
bimodal it - kumar
 
Simple approach to roadmap in the cloud
Simple approach to roadmap in the cloudSimple approach to roadmap in the cloud
Simple approach to roadmap in the cloud
 
IT past present and promosed land
IT past present and promosed landIT past present and promosed land
IT past present and promosed land
 
Trends and innovation in Fintech
Trends and innovation in FintechTrends and innovation in Fintech
Trends and innovation in Fintech
 
Role of CIO in Automation
Role of CIO in AutomationRole of CIO in Automation
Role of CIO in Automation
 

Recently uploaded

falcon-invoice-discounting-a-premier-platform-for-investors-in-india
falcon-invoice-discounting-a-premier-platform-for-investors-in-indiafalcon-invoice-discounting-a-premier-platform-for-investors-in-india
falcon-invoice-discounting-a-premier-platform-for-investors-in-india
Falcon Invoice Discounting
 
amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05
marketing317746
 
What is the TDS Return Filing Due Date for FY 2024-25.pdf
What is the TDS Return Filing Due Date for FY 2024-25.pdfWhat is the TDS Return Filing Due Date for FY 2024-25.pdf
What is the TDS Return Filing Due Date for FY 2024-25.pdf
seoforlegalpillers
 
5 Things You Need To Know Before Hiring a Videographer
5 Things You Need To Know Before Hiring a Videographer5 Things You Need To Know Before Hiring a Videographer
5 Things You Need To Know Before Hiring a Videographer
ofm712785
 
Attending a job Interview for B1 and B2 Englsih learners
Attending a job Interview for B1 and B2 Englsih learnersAttending a job Interview for B1 and B2 Englsih learners
Attending a job Interview for B1 and B2 Englsih learners
Erika906060
 
Improving profitability for small business
Improving profitability for small businessImproving profitability for small business
Improving profitability for small business
Ben Wann
 
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdfMeas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
dylandmeas
 
Unveiling the Secrets How Does Generative AI Work.pdf
Unveiling the Secrets How Does Generative AI Work.pdfUnveiling the Secrets How Does Generative AI Work.pdf
Unveiling the Secrets How Does Generative AI Work.pdf
Sam H
 
BeMetals Presentation_May_22_2024 .pdf
BeMetals Presentation_May_22_2024 .pdfBeMetals Presentation_May_22_2024 .pdf
BeMetals Presentation_May_22_2024 .pdf
DerekIwanaka1
 
ikea_woodgreen_petscharity_cat-alogue_digital.pdf
ikea_woodgreen_petscharity_cat-alogue_digital.pdfikea_woodgreen_petscharity_cat-alogue_digital.pdf
ikea_woodgreen_petscharity_cat-alogue_digital.pdf
agatadrynko
 
April 2024 Nostalgia Products Newsletter
April 2024 Nostalgia Products NewsletterApril 2024 Nostalgia Products Newsletter
April 2024 Nostalgia Products Newsletter
NathanBaughman3
 
Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)
Lviv Startup Club
 
Brand Analysis for an artist named Struan
Brand Analysis for an artist named StruanBrand Analysis for an artist named Struan
Brand Analysis for an artist named Struan
sarahvanessa51503
 
CADAVER AS OUR FIRST TEACHER anatomt in your.pptx
CADAVER AS OUR FIRST TEACHER anatomt in your.pptxCADAVER AS OUR FIRST TEACHER anatomt in your.pptx
CADAVER AS OUR FIRST TEACHER anatomt in your.pptx
fakeloginn69
 
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s DholeraTata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Avirahi City Dholera
 
Cree_Rey_BrandIdentityKit.PDF_PersonalBd
Cree_Rey_BrandIdentityKit.PDF_PersonalBdCree_Rey_BrandIdentityKit.PDF_PersonalBd
Cree_Rey_BrandIdentityKit.PDF_PersonalBd
creerey
 
ENTREPRENEURSHIP TRAINING.ppt for graduating class (1).ppt
ENTREPRENEURSHIP TRAINING.ppt for graduating class (1).pptENTREPRENEURSHIP TRAINING.ppt for graduating class (1).ppt
ENTREPRENEURSHIP TRAINING.ppt for graduating class (1).ppt
zechu97
 
VAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and RequirementsVAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and Requirements
uae taxgpt
 
Kseniya Leshchenko: Shared development support service model as the way to ma...
Kseniya Leshchenko: Shared development support service model as the way to ma...Kseniya Leshchenko: Shared development support service model as the way to ma...
Kseniya Leshchenko: Shared development support service model as the way to ma...
Lviv Startup Club
 
Premium MEAN Stack Development Solutions for Modern Businesses
Premium MEAN Stack Development Solutions for Modern BusinessesPremium MEAN Stack Development Solutions for Modern Businesses
Premium MEAN Stack Development Solutions for Modern Businesses
SynapseIndia
 

Recently uploaded (20)

falcon-invoice-discounting-a-premier-platform-for-investors-in-india
falcon-invoice-discounting-a-premier-platform-for-investors-in-indiafalcon-invoice-discounting-a-premier-platform-for-investors-in-india
falcon-invoice-discounting-a-premier-platform-for-investors-in-india
 
amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05
 
What is the TDS Return Filing Due Date for FY 2024-25.pdf
What is the TDS Return Filing Due Date for FY 2024-25.pdfWhat is the TDS Return Filing Due Date for FY 2024-25.pdf
What is the TDS Return Filing Due Date for FY 2024-25.pdf
 
5 Things You Need To Know Before Hiring a Videographer
5 Things You Need To Know Before Hiring a Videographer5 Things You Need To Know Before Hiring a Videographer
5 Things You Need To Know Before Hiring a Videographer
 
Attending a job Interview for B1 and B2 Englsih learners
Attending a job Interview for B1 and B2 Englsih learnersAttending a job Interview for B1 and B2 Englsih learners
Attending a job Interview for B1 and B2 Englsih learners
 
Improving profitability for small business
Improving profitability for small businessImproving profitability for small business
Improving profitability for small business
 
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdfMeas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
Meas_Dylan_DMBS_PB1_2024-05XX_Revised.pdf
 
Unveiling the Secrets How Does Generative AI Work.pdf
Unveiling the Secrets How Does Generative AI Work.pdfUnveiling the Secrets How Does Generative AI Work.pdf
Unveiling the Secrets How Does Generative AI Work.pdf
 
BeMetals Presentation_May_22_2024 .pdf
BeMetals Presentation_May_22_2024 .pdfBeMetals Presentation_May_22_2024 .pdf
BeMetals Presentation_May_22_2024 .pdf
 
ikea_woodgreen_petscharity_cat-alogue_digital.pdf
ikea_woodgreen_petscharity_cat-alogue_digital.pdfikea_woodgreen_petscharity_cat-alogue_digital.pdf
ikea_woodgreen_petscharity_cat-alogue_digital.pdf
 
April 2024 Nostalgia Products Newsletter
April 2024 Nostalgia Products NewsletterApril 2024 Nostalgia Products Newsletter
April 2024 Nostalgia Products Newsletter
 
Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)
 
Brand Analysis for an artist named Struan
Brand Analysis for an artist named StruanBrand Analysis for an artist named Struan
Brand Analysis for an artist named Struan
 
CADAVER AS OUR FIRST TEACHER anatomt in your.pptx
CADAVER AS OUR FIRST TEACHER anatomt in your.pptxCADAVER AS OUR FIRST TEACHER anatomt in your.pptx
CADAVER AS OUR FIRST TEACHER anatomt in your.pptx
 
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s DholeraTata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
 
Cree_Rey_BrandIdentityKit.PDF_PersonalBd
Cree_Rey_BrandIdentityKit.PDF_PersonalBdCree_Rey_BrandIdentityKit.PDF_PersonalBd
Cree_Rey_BrandIdentityKit.PDF_PersonalBd
 
ENTREPRENEURSHIP TRAINING.ppt for graduating class (1).ppt
ENTREPRENEURSHIP TRAINING.ppt for graduating class (1).pptENTREPRENEURSHIP TRAINING.ppt for graduating class (1).ppt
ENTREPRENEURSHIP TRAINING.ppt for graduating class (1).ppt
 
VAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and RequirementsVAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and Requirements
 
Kseniya Leshchenko: Shared development support service model as the way to ma...
Kseniya Leshchenko: Shared development support service model as the way to ma...Kseniya Leshchenko: Shared development support service model as the way to ma...
Kseniya Leshchenko: Shared development support service model as the way to ma...
 
Premium MEAN Stack Development Solutions for Modern Businesses
Premium MEAN Stack Development Solutions for Modern BusinessesPremium MEAN Stack Development Solutions for Modern Businesses
Premium MEAN Stack Development Solutions for Modern Businesses
 

Secure Software Development – COBIT5 Perspective

  • 1. Secure Software Development – COBIT 5 Perspective Kewyn Walter George Management Consulting 29th June 2013
  • 2. © [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 1 COBIT - A brief Introduction •COBIT is an IT governance framework and supporting tool set that allows managers to bridge the gap between control requirements, technical issues and business risk. •COBIT enables clear policy development and good practice for IT control throughout organizations. •COBIT emphasizes regulatory compliance, helps organizations to increase the value attained from IT, enables alignment and simplifies implementation of the COBIT framework.
  • 3. © [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 2 COBIT Framework Evolution Governance of Enterprise IT COBIT 5 IT Governance COBIT4.0/4.1 Management COBIT3 Control COBIT2 Audit COBIT1 2005/720001998 Evolutionofscope 1996 2012 Val IT 2.0 (2008) Risk IT (2009) An business framework from ISACA, at www.isaca.org/cobit © 2012 ISACA® All rights reserved. From Audit (COBIT1)  Governance of Enterprise IT (COBIT5)
  • 4. © [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 3 COBIT 5: The latest version •COBIT 5 is a major strategic improvement providing the next generation of ISACA guidance on the governance and management of enterprise information technology (IT) assets. •Building on more than 15 years of practical application, ISACA designed COBIT 5 to meet the needs of stakeholders, and to align with current thinking on enterprise governance and management techniques as they relate to IT. •It focuses on the dual aspects of Governance as well as Management of Enterprise IT Source : ISACA.org Copyright@ISACA
  • 5. © [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 4 COBIT 5 : Principles & Enablers Based on 5 Principles and 7 Enablers Source : ISACA.org Copyright@ISACA
  • 6. © [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 5 COBIT 5: Overall Architecture COBIT 5 Family of Products COBIT 5 Enterprise Enablers Source: COBIT® 5, figure 12. © 2012 ISACA® All rights reserved. Source: COBIT® 5, figure 11. © 2012 ISACA® All rights reserved. Source : ISACA.org Copyright@ISACA
  • 7. © [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 6 COBIT 5: Importance on Life Cycle Management & Governance Source : ISACA.org Copyright@ISACA
  • 8. © [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 7 COBIT 5: Enabling Processes: Source : ISACA.org Copyright@ISACA
  • 9. © [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 8 Importance of Secured Software Development: • The use of internet & network systems has become all pervasive increasing the risk for data integrity during software development. • Secured software development reduces software maintenance cost and increases software reliability. • Secured software development reduces a significant number of security flaws. •Such security flaws if detected at later stages of software development may require the total overhaul of the entire software architecture.
  • 10. © [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 9 Secured Software Development: Common Pitfalls: •Organizations focus on software application and information security only after their development. •Organizations conduct security audits only after development and before deployment. •There is lack of awareness on information security norms to be followed during the Software Development Lifecycle. •Organizations spend more time on reacting to security issues after software development than proactively eliminating issues before the software development is completed.
  • 11. © [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 10 How COBIT 5 addresses these pitfalls: COBIT5 emphasizes on the following key areas to addresses the common issues related to information security and software development: • Awareness & Training • Assessment & Audit • Development & Quality Assurance • Compliance • Response Management • Metrics & Accountability • Operational Security The following sections detail how COBIT5 includes Information Security and Software Development into its processes
  • 12. © [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 11 COBIT 5 –Information Security & Secure Software Development: •COBIT 5 has also taken the valuable holistic, interrelated component model approach from the Business Model for Information Security (BMIS) work and incorporated it into the framework components Source : ISACA.org Copyright@ISACA
  • 13. © [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 12 Business Model for Information Security (BMIS) • A holistic and business-oriented approach to managing information security, and a common language for information security and business management to talk about information protection • BMIS challenges conventional thinking and enables you to creatively re-evaluate your information security investment • The Business Model for Information Security, provides an in-depth explanation to a holistic business model which examines security issues from a systems perspective. Source : ISACA.org Copyright@ISACA
  • 14. © [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 13 COBIT 5 Integrates BMIS Components • Several of the BMIS components are now integrated within COBIT 5 as interacting enablers that support the enterprise in achieving its business goals and create stakeholder value: • Organization • Process • People • Human Factors • Technology • Culture Source : ISACA.org Copyright@ISACA
  • 15. © [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 14 COBIT 5 Integrates BMIS Components • The remaining BMIS components are actually related the larger aspects of the COBIT 5 framework: • Governing—The dimensions of governance activities (evaluate, direct, monitor—ISO/IEC 38500) are addressed at the enterprise level in the COBIT 5 framework • Architecture (including a process model) —COBIT 5 includes the need to address enterprise architecture aspects to link organization and technology effectively • Emergence—The holistic and integrated nature of the COBIT 5 enablers supports enterprise in adapting to changes in both stakeholder needs and enabler capabilities as necessary Source : ISACA.org Copyright@ISACA
  • 16. © [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 15 COBIT 5 Product Family—Includes Guides on Information Security Member Source : ISACA.org Copyright@ISACA
  • 17. © [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 16 COBIT 5 for Information Security: •COBIT 5 for Information Security builds on the COBIT 5 framework in that it focuses on information security and provides more detailed and more practical guidance for information security professionals and other interested parties at all levels of the enterprise. Source : ISACA.org Copyright@ISACA
  • 18. © [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 17 Implementing Information Security using COBIT 5 Enablers •COBIT 5 defines a set of enablers to support the implementation of a comprehensive governance and management system for enterprise IT and information. Enablers are factors that, individually and collectively, influence whether something will work—in this case, governance and management over enterprise IT and, related to that, information security governance. •Enablers are driven by the goals cascade, i.e., higher level IT- related goals define what the different enablers should achieve. Source : ISACA.org Copyright@ISACA
  • 19. © [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 18 Implementing Information Security using COBIT 5 Enablers The Enablers contain detailed guidance on Information Security norms to be followed in daily processes. The following shows the example with the enabler – Culture, ethics & behaviour Source : ISACA.org Copyright@ISACA
  • 20. © [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 19 COBIT 5 Processes: Tailored for Information Security & Software Development: Source : ISACA.org Copyright@ISACA
  • 21. © [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 20 COBIT 5 Processes: Tailored for Information Security & Software Development: (An example) •COBIT 5 addresses information security specifically: •The focus on information security management system (ISMS) in the align, plan and organize (APO) management domain, APO13 Manage security, establishes the prominence of information security within the COBIT 5 process framework. •This process highlights the need for enterprise management to plan and establish an appropriate ISMS to support the information security governance principles and security- impacted business objectives resulting from the evaluate, direct and monitor (EDM) governance domain. Source : ISACA.org Copyright@ISACA
  • 22. © [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 21 Secured Software Development: Benefits of Implementing COBIT 5 • Through its IT related processes, COBIT 5 emphasizes on ‘Monitor, Evaluate and Assess’ at every stage of software development. •This ensures a significant reduction in costs due to after development security related bug fixes. • Through enablers focused on culture, ethics and behaviour, COBIT 5 ensures that the principles related to information security are imbibed into the daily processes. • Application vulnerability to external information related threats is reduced at every developmental step. Source : ISACA.org Copyright@ISACA
  • 23. © [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 22 Secured Software Development: Benefits of Implementing COBIT 5 • Through process optimization and early bug and security flaw detection COBIT 5 helps organizations reduce development time and achieve the fastest schedule for software development.
  • 24. © [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 23 Accredited COBIT 5 Foundation Course by KPMG Course Overview: COBIT 5 is the only business framework for the governance and management of enterprise IT. This evolutionary version incorporates the latest thinking in enterprise governance and management techniques, and provides globally accepted principles, practices, analytical tools and models to help increase the trust in, and value from, information systems. COBIT 5 builds and expands on COBIT 4.1 by integrating other major frameworks, standards and resources, including ISACA’s Val IT and Risk IT, Information Technology Infrastructure Library (ITIL®) and related standards from the International Organization for Standardization (ISO). Course trainer: The trainers are accredited by APMG , who have in-depth experience in COBIT 5 consulting and conducted more than 25 COBIT workshops Duration : 2 Service days Course Fee : INR 22,900 ( Trainer charges ,Training Material , Exam and certification cost) + Service Tax ( 10% - 15% Discount for SPIN and ISACA Members) Course Contents: Enablers 1. Principles, policies and frameworks 2. Processes 3. Organizational structures. 4. Culture, ethics and behavior 5. Information 6. Services, infrastructure and applications 7. People, skills and competencies 5 Principles Principle 1: Meeting Stakeholder Needs Principle 2: Covering the Enterprise End-to- End Principle 3: Applying a Single, Integrated Framework Principle 4: Enabling a Holistic Approach Principle 5: Separating Governance From Management
  • 25. © 2013 KPMG, an Indian Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name, logo and ‘cutting through complexity’ are registered trademarks or trademarks of KPMG International Cooperative (KPMG International). Thank you Kewyn Walter George KPMG Management Consulting Email: kewyn@kpmg.com Phone: 97890 11128