ISACA San Francisco 2011 Fall Security Conference G32 A Modest Proposal

•Download as PPSX, PDF•

1 like•363 views

The document maps the control objectives of ITIL V3, ISO/IEC 27002, and CobiT 4.1 frameworks across each process area. It provides mappings for four process areas: Acquire and Implement (AI), Deliver and Support (DS), Monitor and Evaluate (ME), and Plan and Organize (PO). For each process area, it lists the relevant control objectives from each framework and the associated page numbers where the mappings are described in detail. It concludes by thanking the audience and providing contact information for the author.

G32
The Changing Influences of Social
Media, WikiLeaks and Whistleblowers
A Modest Proposal: The Future of IT Auditing
by
Mapping ITIL V3 and ISO/IEC 27002 With
CobiT 4.1 Control Objectives

Mapping ITIL V3 and ISO/IEC 27002 With
CobiT 4.1 Control Objectives
• AI (Acquire & Implement)
• 1, 2, 3 & 4 --- 6 & 7
• DS (Deliver & Support)
• 3, 4, & 5 --- 8, 9, 10, 11, 12 & 13
• ME (Monitor & Evaluate)
• 1&2
• PO (Plan & Organize)
• 1, 2, & 3 --- 5 & 6 --- 8, 9, & 10

2

Mapping ITIL V3 & ISO/IEC 27002 W/CobiT 4.1 Control
Objectives: Acquire and Implement (AI)

3

Mapping ITIL V3 & ISO/IEC 27002 W/CobiT 4.1 Control
Objectives: Acquire and Implement (AI)

4

Mapping ITIL V3 & ISO/IEC 27002 W/CobiT 4.1 Control
Objectives: Acquire and Implement (AI)

5

Mapping ITIL V3 & ISO/IEC 27002 W/CobiT 4.1 Control
Objectives: Acquire and Implement (AI)

6

Mapping ITIL V3 & ISO/IEC 27002 W/CobiT 4.1 Control
Objectives: Acquire and Implement (AI)

7

Mapping ITIL V3 & ISO/IEC 27002 W/CobiT 4.1 Control
Objectives: Acquire and Implement (AI)

8

Mapping ITIL V3 & ISO/IEC 27002 W/CobiT 4.1 Control
Objectives: Acquire and Implement (AI)

9

Mapping ITIL V3 & ISO/IEC 27002 W/CobiT 4.1 Control
Objectives: Acquire and Implement (AI)

10

Mapping ITIL V3 & ISO/IEC 27002 W/CobiT 4.1 Control
Objectives: Acquire and Implement (AI)

11

Mapping ITIL V3 & ISO/IEC 27002 W/CobiT 4.1 Control
Objectives: Acquire and Implement (AI)

12

Mapping ITIL V3 and ISO/IEC 27002 With
CobiT 4.1 Control Objectives: Deliver and Support (DS)

Mapping ITIL V3 and ISO/IEC 27002 With
CobiT 4.1 Control Objectives: Deliver and Support (DS)

16

Mapping ITIL V3 and ISO/IEC 27002 With
CobiT 4.1 Control Objectives: Deliver and Support (DS)

17

Mapping ITIL V3 and ISO/IEC 27002 With
CobiT 4.1 Control Objectives: Deliver and Support (DS)

18

Mapping ITIL V3 and ISO/IEC 27002 With
CobiT 4.1 Control Objectives: Deliver and Support (DS)

19

Mapping ITIL V3 and ISO/IEC 27002 With
CobiT 4.1 Control Objectives: Deliver and Support (DS)

20

Mapping ITIL V3 and ISO/IEC 27002 With
CobiT 4.1 Control Objectives: Deliver and Support (DS)

21

Mapping ITIL V3 and ISO/IEC 27002 With
CobiT 4.1 Control Objectives: Deliver and Support (DS)

22

Mapping ITIL V3 and ISO/IEC 27002 With
CobiT 4.1 Control Objectives: Deliver and Support (DS)

23

Mapping ITIL V3 and ISO/IEC 27002 With
CobiT 4.1 Control Objectives: Deliver and Support (DS)

24

Mapping ITIL V3 and ISO/IEC 27002 With
CobiT 4.1 Control Objectives: Deliver and Support (DS)

25

Mapping ITIL V3 and ISO/IEC 27002 With
CobiT 4.1 Control Objectives: Deliver and Support (DS)

26

Mapping ITIL V3 and ISO/IEC 27002 With
CobiT 4.1 Control Objectives: Deliver and Support (DS)

27

Mapping ITIL V3 and ISO/IEC 27002 With
CobiT 4.1 Control Objectives: Deliver and Support (DS)

28

Mapping ITIL V3 and ISO/IEC 27002 With
CobiT 4.1 Control Objectives: Deliver and Support (DS)

29

Mapping ITIL V3 and ISO/IEC 27002 With
CobiT 4.1 Control Objectives: Deliver and Support (DS)

30

Mapping ITIL V3 and ISO/IEC 27002 With
CobiT 4.1 Control Objectives: Deliver and Support (DS)

31

Mapping ITIL V3 and ISO/IEC 27002 With
CobiT 4.1 Control Objectives: Deliver and Support (DS)

32

Mapping ITIL V3 and ISO/IEC 27002 With
CobiT 4.1 Control Objectives: Deliver and Support (DS)

33

Mapping ITIL V3 and ISO/IEC 27002 With
CobiT 4.1 Control Objectives: Monitor and Evaluate (ME)

34

Mapping ITIL V3 and ISO/IEC 27002 With
CobiT 4.1 Control Objectives: Monitor and Evaluate (ME)

35

Mapping ITIL V3 and ISO/IEC 27002 With
CobiT 4.1 Control Objectives: Monitor and Evaluate (ME)

36

Mapping ITIL V3 and ISO/IEC 27002 With
CobiT 4.1 Control Objectives: Monitor and Evaluate (ME)

37

Mapping ITIL V3 and ISO/IEC 27002 With
CobiT 4.1 Control Objectives: Monitor and Evaluate (ME)

38

Mapping ITIL V3 and ISO/IEC 27002 With
CobiT 4.1 Control Objectives: Plan & Organize (PO)

39

Mapping ITIL V3 and ISO/IEC 27002 With
CobiT 4.1 Control Objectives: Plan & Organize (PO)

40

Mapping ITIL V3 and ISO/IEC 27002 With
CobiT 4.1 Control Objectives: Plan & Organize (PO)

41

Mapping ITIL V3 and ISO/IEC 27002 With
CobiT 4.1 Control Objectives: Plan & Organize (PO)

42

Mapping ITIL V3 and ISO/IEC 27002 With
CobiT 4.1 Control Objectives: Plan & Organize (PO)

43

Mapping ITIL V3 and ISO/IEC 27002 With
CobiT 4.1 Control Objectives: Plan & Organize (PO)

44

Mapping ITIL V3 and ISO/IEC 27002 With
CobiT 4.1 Control Objectives: Plan & Organize (PO)

45

Mapping ITIL V3 and ISO/IEC 27002 With
CobiT 4.1 Control Objectives: Plan & Organize (PO)

46

Mapping ITIL V3 and ISO/IEC 27002 With
CobiT 4.1 Control Objectives: Plan & Organize (PO)

47

Mapping ITIL V3 and ISO/IEC 27002 With
CobiT 4.1 Control Objectives: Plan & Organize (PO)

48

Mapping ITIL V3 and ISO/IEC 27002 With
CobiT 4.1 Control Objectives: Plan & Organize (PO)

49

Mapping ITIL V3 and ISO/IEC 27002 With
CobiT 4.1 Control Objectives: Plan & Organize (PO)

50

Mapping ITIL V3 and ISO/IEC 27002 With
CobiT 4.1 Control Objectives: Plan & Organize (PO)

51

Mapping ITIL V3 and ISO/IEC 27002 With
CobiT 4.1 Control Objectives: Plan & Organize (PO)

52

Mapping ITIL V3 and ISO/IEC 27002 With
CobiT 4.1 Control Objectives: Plan & Organize (PO)

53

Mapping ITIL V3 and ISO/IEC 27002 With
CobiT 4.1 Control Objectives: Plan & Organize (PO)

54

Mapping ITIL V3 and ISO/IEC 27002 With
CobiT 4.1 Control Objectives: Plan & Organize (PO)

55

Mapping ITIL V3 and ISO/IEC 27002 With
CobiT 4.1 Control Objectives: Plan & Organize (PO)

56

Mapping ITIL V3 and ISO/IEC 27002 With
CobiT 4.1 Control Objectives: Plan & Organize (PO)

57

Mapping ITIL V3 and ISO/IEC 27002 With
CobiT 4.1 Control Objectives: Plan & Organize (PO)

58

Summary, Conclusions & Questions

Thank you all for your courteous time and attention today:

• Please Note: We’ll be open to and available for discussing any & all areas
addressed during this presentation.

Respectfully yours,

Pw Carey
Consultant CISA-CISSP
Compliance Partners, LLC
1250 Grove Avenue, Suite 200
Barrington, IL 60010
pwc.pwcarey@gmail.com/
pwcarey@complysys.com
650-278-3731 or 224-633-1378
Fax: 847-381-2067

59

Mapping ITIL V3 and ISO/IEC 27002 With
CobiT 4.1 Control Objectives References
1. Aligning Cob iT® 4.1, ITIL® V3 and ISO/IEC 27002 for Business Benefit ® A Management Briefing From
ITGI and OGC

Reservation of Rights
© 2008 ITGI. All rights reserved. No part of this publication may be used, copied, reproduced, modified,
distributed, displayed, stored in a retrieval system, or transmitted in any form by any means (electronic,
mechanical, photocopying, recording or otherwise), without the prior written authorisation of ITGI.

Reproduction and use of all or portions of this publication are solely permitted for academic, internal and non-
commercial use and for consulting/advisory engagements, and must include full attribution of the material’s
source. No other right or permission is granted with respect to this work.

© Crown Copyright material 2008, published in conjunction with the Office of Government Commerce, is
reproduced with the permission of the controller of HMSO and Queen’s Printer for Scotland.

ISACA and ITGI are registered trademarks of ISACA. Co b i T® is a registered trademark of ISACA and ITGI.
ITIL® is a Registered Trade Mark of the Office of Government Commerce in the United Kingdom and other
countries. IT Infrastructure Library® is a Registered Trade Mark of the Office of Government Commerce in
the United Kingdom and other countries.

Copies of ISO/IEC 27002:2005 and all ISO standards can be purchased from the American National Standards
Institute (ANSI) at http://webstore.ansi.org, phone: +1.212.642.4980; BSI in the UK (www.bsi-
global.com/shop.html); and ISO (www.iso.org/iso/store.htm).

60

The document maps the control objectives of ITIL V3, ISO/IEC 27002, and CobiT 4.1 frameworks. It provides mappings for each process area (Acquire and Implement, Deliver and Support, Monitor and Evaluate, Plan and Organize) and lists the relevant control objectives from each framework. Tables and diagrams are used to visually depict the mappings between frameworks. The document aims to show alignments between the frameworks to benefit business.

San Francisco Isaca Fall Security Conference G32 A Modest Via Cobi T Proposal...

Pw Carey

The document maps the control objectives of ITIL V3, ISO/IEC 27002, and CobiT 4.1 frameworks across each process area. It provides mappings for four process areas: Acquire and Implement (AI), Deliver and Support (DS), Monitor and Evaluate (ME), and Plan and Organize (PO). For each process area, it lists the relevant control objectives from each framework and the associated section numbers to show how they correspond to one another. It concludes by thanking the audience and providing contact information for the author.

C24 Fraud In The Workplace 3 Mock Trials)[1]

Pw Carey

The document summarizes key aspects of Eli Lilly's audit committee charter and compliance program for monitoring sales and marketing activities. It notes that Lilly conducts risk-based monitoring and auditing of sales and marketing functions. However, a prosecution witness alleges that Lilly salespeople used tactics like planted questions at physician events to promote off-label uses of the drug Zyprexa, despite risks of weight gain.

San Francisco Isaca Fall Security Conference G32 Wiki Leaks Social Media &amp...

Pw Carey

This document discusses the changing influences of social media, WikiLeaks, and whistleblowers on the future of IT auditing. It covers topics such as the impact of social media protests like BART, WikiLeaks' role in exposing government and corporate secrets, the emergence of whistleblowing sites like OpenLeaks, and hacktivist groups like Anonymous and LulzSec. It also addresses growth in whistleblowers reporting financial and tax fraud, and challenges facing auditors in detecting abuse and fraud by top executives.

San Francisco Isaca Fall Security Conference G32 Wiki Leaks Social Media &amp...

Pw Carey

San Francisco Isaca 2010 Fall Security Conference C24 Fraud In The Workplac...

Pw Carey

1) The document discusses Cressey's Fraud Triad which outlines the three factors that commonly lead to fraud: perceived unshareable financial need, perceived opportunity, and rationalization. 2) It provides an overview of common mistakes made by whistleblowers and steps that should be taken when exposing wrongdoing. 3) The document outlines the typical steps involved in a mock trial, including opening statements, witness questioning, closing arguments, and the jury deliberating to reach a verdict.

IT SECURITY ASSESSMENT PROPOSAL

CYBER SENSE

This document is an IT security assessment proposal from Cybersense that outlines the need for IT security assessments. It discusses why assessments are important for protecting organizations from cyber threats. The proposal describes Cybersense's approach, deliverables including a detailed report, and costs varying by project scope. Cybersense is presented as an information security consulting firm that can help organizations strengthen their security and risk management.

Ch. 2, section 3 Internal Forces

John Hext

The movement of tectonic plates causes various geological phenomena including volcanoes, mountains, and earthquakes. There are three types of plate boundaries - divergent where plates move apart, convergent where they collide in subduction or collision zones, and transform where they slide past each other. Earthquakes occur when stress builds up at faults until the plates suddenly slip, releasing energy. Large earthquakes can generate tsunamis through displacement of water. Volcanoes form at plate boundaries as magma rises from below the crust.

The document maps the control objectives of ITIL V3, ISO/IEC 27002, and CobiT 4.1 frameworks across each process area. It provides mappings for four process areas: Acquire and Implement (AI), Deliver and Support (DS), Monitor and Evaluate (ME), and Plan and Organize (PO). For each process area, it lists the relevant control objectives from each framework and the associated section numbers to show how they correspond to one another. It concludes by thanking the audience and providing contact information for the author.

C24 Fraud In The Workplace 3 Mock Trials)[1]

Pw Carey

San Francisco Isaca Fall Security Conference G32 Wiki Leaks Social Media &amp...

Pw Carey

San Francisco Isaca Fall Security Conference G32 Wiki Leaks Social Media &amp...

Pw Carey

San Francisco Isaca 2010 Fall Security Conference C24 Fraud In The Workplac...

Pw Carey

IT SECURITY ASSESSMENT PROPOSAL

CYBER SENSE

Ch. 2, section 3 Internal Forces

John Hext

Zoologist- Prairie Dogs

kkriner72

The document describes various animals that inhabit prairie grasslands and plains. It provides brief 1-2 sentence descriptions about the prairie dog, jackrabbit, coyote, bison, pronghorn, and warthog. Characteristics mentioned include what they eat, how they live in family groups or packs, physical attributes like fur color and horns, and maximum speeds. The document also lists several online sources and images about these prairie animals.

TCD2011 - Grunnleggende innføring i forskjellen mellom anbefalinger, retnings...Mintra Trainingportal - Training for the Oil and Gas Industry

Trainingportal Competence Days 2013 - Hugo Halvorsen - Samarbeid for SikkerhetMintra Trainingportal - Training for the Oil and Gas Industry

Presentasjon for fylkestinget 29 09 2010 av arne eidsmoRDA Tromsø

DPGroup eBrochure

boatindave

David Kaleel and DPGroup LLC provide a range of professional consulting services to businesses from small startups to large corporations, including strategic partnerships, management consulting, board advisors, mentoring, and commercial real estate services. They have over 30 years of experience working with companies across many industries. Their services are designed to meet each client's unique needs and provide cost-effective solutions to improve operations and foster business success.

2011 Chevrolet Silverado 2500 HD For Sale In Marshfield WI | Wheelers Automotive

Wheelers Automotive

Flo & Jo 2013

Sergiy Sev

Politicas y procedimientos administrativos y financieros

Adonay Rojas Ortiz

Este documento establece lineamientos para la planificación integral de programas y presupuestos de diferentes comités e áreas de la IPUC. Se define que anualmente cada área debe realizar un plan de trabajo detallando las principales necesidades del año siguiente. Además, se explican los componentes clave de un plan de trabajo como metas, cronograma, responsabilidades y recursos, y se provee un formato para plasmar proyectos. Finalmente, se destacan la importancia de la planificación y principios como la precisión, flexibilidad y participación.

Ch. 16, sec. 2 and 3

John Hext

The document provides information on the Transcaucasia region which includes Georgia, Armenia, and Azerbaijan located between Europe and Asia. It discusses the various ethnic groups and languages spoken in the region as well as the influence and control of outside powers like Russia throughout history. Modern life in the region includes high literacy rates and important cultural traditions like Georgian dinner parties.

Tcd2015 pecha kucha_mintra_fast track_fse

Mintra Trainingportal - Training for the Oil and Gas Industry

ISO/IEC 27001:2022 – What are the changes?

PECB

ISO/IEC 27001 is the main standard that aims to enhance an organization’s information security. Amongst others, the webinar covers: • ISO/IEC 27001 & ISO/IEC 27002, catching up with history • Quick recap on the ISO/IEC 27002:2022 • From ISO/IEC 27002 to the ISO/IEC 27001 updates • Some considerations & consequences of the update • What's up next with ISO/IEC 27001, in practice? Presenters: Peter Geelen Peter Geelen is the director and managing consultant at CyberMinute and Owner of Quest for Security, Belgium. Over more than 20 years, Peter has built strong experience in enterprise security & architecture, Identity & Access management, but also privacy, information & data protection, cyber- and cloud security. Last few years, the focus is on ISO/IEC 27001 and other ISO certification mechanisms. Peter is accredited Lead Auditor for ISO/IEC 27001, ISO 9001, PECB Trainer and Fellow in Privacy. Committed to continuous learning, Peter holds renowned security certificates as certified ISO/IEC 27701 lead implementer and lead auditor, ISO/IEC 27001 Master, Sr. Lead Cybersecurity Manager, ISO/IEC 27002 lead manager, ISO/IEC 27701 Lead Implementer, cDPO, Risk management, Lead Incident Mgr., Disaster Recovery, and many more. Stefan Mathuvis Stefan Mathuvis, is owner & senior consultant at Quality Management & Auditing BV, Zonhoven, Belgium. With over 20 years of experience, Stefan built strong experience in quality management systems, Information Security management systems, GDPR, data privacy & data protection. Stefan is accredited ISO/IEC 27001 Lead Auditor and operates as a third party auditor for DQS Belgium. Dividing his time between consultancy, training & third party auditing on an international scale, Stefan remains in touch with the issues of today allowing him to assist clients in their needs for Information Security and Data Privacy. Date: November 9, 2022 ------------------------------------------------------------------------------- Find out more about ISO training and certification services Training: https://pecb.com/whitepaper/isoiec-270022022--information-security-cybersecurity-and-privacy-protection https://pecb.com/article/isoiec-27001---what-are-the-main-changes-in-2022 https://pecb.com/article/investing-in-information-security-awareness Webinars: https://pecb.com/webinars Article: https://pecb.com/article Whitepaper: https://pecb.com/whitepaper ------------------------------------------------------------------------------- For more information about PECB: Website: https://pecb.com/ LinkedIn: https://www.linkedin.com/company/pecb/ Facebook: https://www.facebook.com/PECBInternational/ Slideshare: http://www.slideshare.net/PECBCERTIFICATION

ITSM Foundation Course Material

stefanhenry

ITSM is one of the most popular and globally acknowledge IT service management certification for IT professionals. ITSM certification is offered to professionals who qualify in the ISO/IEC 20000 exam. To make this certification achievable, Simplilearn brings to you online ITSM training that lets you prepare for the ISO/IEC 20000 exam at your pace and from your own place. This presentation on ITSM includes all important topics based on the ISO/IEC 20000 exam. Each slide is prepared by our certified and experienced ITSM trainers. Understand all the service management processes including resolution process, control process, release process, service delivery process and relationship process through this ITSM training reference material. Improve your knowledge and enhance your confidence towards attaining the ITSM certification with Simplilearn.

ITIL and ISO 20000: Fundamentals and necessary compliance Synergies

PECB

The world of Information Technology (IT) is voluminous, fast paced, innovative and very exciting! You have to love IT to make it work! To love IT you must live IT, to live IT you must embrace a design for success and understand business impacts from system failures (not just the hardware). To embrace a design for success and mitigate system failures you need a formal structure and independent validation. This webinar will introduce you to the structure and choices within the ITIL fundamentals (Information Technology Infrastructure Library fundamentals) and a mechanism to validate the performance of the implemented ITIL structure compliant with the ISO 20000 standard (Information Technology -- Service management -- Part 1: Service management system requirements). The object of this webinar is to excite you about a formal IT structure and encourage you to be fearless about independently validating your service management arrangements. Main points covered: - Introducing an IT structure for service delivery and a case for IT system validation - ITIL component options for IT service provision structure - ISO 20000 as an IT service provision validation mechanism - Synergy of ISO 20000 requirements and mandatory ITIL components Presenter: Eugene is an accomplished high-calibre sustainability and resilience authority, professional engineer and Fellow of the Business Continuity Institute (BCI). With over 25 years of hands-on experience he has developed and improved corporate resilience for a number of organisations from various sectors. His accomplishments include delivery of legislative & regulatory compliance requirements, implementation of ITIL, service, business continuity, information security, quality & risk management systems. In addition Eugene has many years of experience auditing ISO management systems. Eugene has represented the UK Institute of Directors (IoD) on the British Standards Institute (BSI) technical committees responsible for developing ISO resilience standards. He has published many thought provoking articles and a book chapter endorsing the importance of standards as the foundation for good organisational practice. Eugene is an experienced design engineer, implementer, exercise facilitator, trainer and auditor with internationally gifted credentials. Listen to the recorded webinar here: https://youtu.be/2CmWnNtFrcY

Cobit5 owerwiev and implementation proposal

Emilio Gratton

CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know

PECB

New data protection regulations have significantly impacted the way that businesses collect, store, and handle clients’ personal information. Considering the continuously increasing importance of data protection and privacy in today’s world, businesses should be up to speed with their data privacy policies and procedures. The webinar covers: 1. ISO/IEC 27001 – Information Security Framework Key requirements under CCPA, CPRA, GDPR • ISO/IEC 27005 – Information Security Risk Management • ISO/IEC 27035 – Information Security Incident Management • ISO/IEC 22301 & 27031 - Business Continuity Management (BCM) 2. Alternative Frameworks • CMMC - Cybersecurity Maturity Model Certification • NIST CSF Cybersecurity Framework • ISO/IEC 27032 – Guidelines for Cybersecurity 3. Supplier Management Date: April 21, 2021 Recorded Webinar: https://youtu.be/bi3tvvhGV1s

Presentation_P5_4560310_ISO_19650_inWebGIS.pdf

Arief Rahman

The document discusses implementing a Common Data Environment (CDE) in web GIS to enable ISO 19650 compliant workflows for web services. It presents a case study of a Dutch infrastructure project involving both GIS and BIM data. It then summarizes the key components of a CDE according to ISO 19650 standards, including states, metadata, and access privileges. Finally, it proposes a reference implementation in ArcGIS Online utilizing existing features to configure a CDE solution and allow ISO 19650 compliant workflows for web services.

Bs 0 2011 principles of standardisation

Normdocs

This document provides principles for how standards are developed and maintained in Britain. It outlines the role of BSI as the national standards body and how standards committees are formed and operate. The document also discusses principles for standards content, drafting, publishing, and maintaining standards over time. The goal is to establish a framework that allows flexibility while supporting common expectations.

Cobit® 5 Comparação com Cobit® 4

brunise

Pré Lançamento: COBIT 5 Uma prévia do Manual COBIT® 5 framework está disponível! “COBIT 5 fornece um quadro global que auxilia as empresas a atingir os seus objetivos para a governança corporativa e gestão de TI. Simplificando, isso ajuda as empresas a criar valor para a TI, mantendo um equilíbrio entre a realização dos benefícios e otimizando os níveis de risco e utilização de recursos. Confira as novidades dessa versão em relação à versão anterior: Veja mais informações em: brunise.com.br

Cobit5 compare-with-4.1

AVASP - Ambiente Virtual de Aprendizado de São Paulo

The document summarizes the key changes between COBIT 5 and previous versions like COBIT 4.1. Some of the major changes discussed include: 1) COBIT 5 introduces new principles for governance of enterprise IT. 2) There is an increased focus on enablers in COBIT 5 like principles, policies and organizational structure. 3) COBIT 5 features a new process reference model with new and modified processes covering both business and IT activities end-to-end. 4) COBIT 5 integrates practices and activities from previous versions into a single framework and model. 5) COBIT 5 introduces a revised goals cascade and provides examples of goals and metrics.

Viewers also liked

Zoologist- Prairie Dogs

kkriner72

TCD2011 - Grunnleggende innføring i forskjellen mellom anbefalinger, retnings...Mintra Trainingportal - Training for the Oil and Gas Industry

Trainingportal Competence Days 2013 - Hugo Halvorsen - Samarbeid for SikkerhetMintra Trainingportal - Training for the Oil and Gas Industry

Presentasjon for fylkestinget 29 09 2010 av arne eidsmoRDA Tromsø

DPGroup eBrochure

boatindave

2011 Chevrolet Silverado 2500 HD For Sale In Marshfield WI | Wheelers Automotive

Wheelers Automotive

Flo & Jo 2013

Sergiy Sev

Politicas y procedimientos administrativos y financieros

Adonay Rojas Ortiz

Ch. 16, sec. 2 and 3

John Hext

Tcd2015 pecha kucha_mintra_fast track_fse

Mintra Trainingportal - Training for the Oil and Gas Industry

Viewers also liked (10)

Zoologist- Prairie Dogs

TCD2011 - Grunnleggende innføring i forskjellen mellom anbefalinger, retnings...

Trainingportal Competence Days 2013 - Hugo Halvorsen - Samarbeid for Sikkerhet

Presentasjon for fylkestinget 29 09 2010 av arne eidsmo

DPGroup eBrochure

2011 Chevrolet Silverado 2500 HD For Sale In Marshfield WI | Wheelers Automotive

Flo & Jo 2013

Politicas y procedimientos administrativos y financieros

Ch. 16, sec. 2 and 3

Tcd2015 pecha kucha_mintra_fast track_fse

Similar to ISACA San Francisco 2011 Fall Security Conference G32 A Modest Proposal

ISO/IEC 27001:2022 – What are the changes?

PECB

ITSM Foundation Course Material

stefanhenry

ITIL and ISO 20000: Fundamentals and necessary compliance Synergies

PECB

Cobit5 owerwiev and implementation proposal

Emilio Gratton

CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know

PECB

Presentation_P5_4560310_ISO_19650_inWebGIS.pdf

Arief Rahman

Bs 0 2011 principles of standardisation

Normdocs

Cobit® 5 Comparação com Cobit® 4

brunise

Cobit5 compare-with-4.1

AVASP - Ambiente Virtual de Aprendizado de São Paulo

Similar to ISACA San Francisco 2011 Fall Security Conference G32 A Modest Proposal (9)

ISO/IEC 27001:2022 – What are the changes?

ITSM Foundation Course Material

ITIL and ISO 20000: Fundamentals and necessary compliance Synergies

Cobit5 owerwiev and implementation proposal

CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know

Presentation_P5_4560310_ISO_19650_inWebGIS.pdf

Bs 0 2011 principles of standardisation

Cobit® 5 Comparação com Cobit® 4

Cobit5 compare-with-4.1

ISACA San Francisco 2011 Fall Security Conference G32 A Modest Proposal

1. G32 The Changing Influences of Social Media, WikiLeaks and Whistleblowers A Modest Proposal: The Future of IT Auditing by Mapping ITIL V3 and ISO/IEC 27002 With CobiT 4.1 Control Objectives

2. Mapping ITIL V3 and ISO/IEC 27002 With CobiT 4.1 Control Objectives • AI (Acquire & Implement) • 1, 2, 3 & 4 --- 6 & 7 • DS (Deliver & Support) • 3, 4, & 5 --- 8, 9, 10, 11, 12 & 13 • ME (Monitor & Evaluate) • 1&2 • PO (Plan & Organize) • 1, 2, & 3 --- 5 & 6 --- 8, 9, & 10 2

3. Mapping ITIL V3 & ISO/IEC 27002 W/CobiT 4.1 Control Objectives: Acquire and Implement (AI) 3

4. Mapping ITIL V3 & ISO/IEC 27002 W/CobiT 4.1 Control Objectives: Acquire and Implement (AI) 4

5. Mapping ITIL V3 & ISO/IEC 27002 W/CobiT 4.1 Control Objectives: Acquire and Implement (AI) 5

6. Mapping ITIL V3 & ISO/IEC 27002 W/CobiT 4.1 Control Objectives: Acquire and Implement (AI) 6

7. Mapping ITIL V3 & ISO/IEC 27002 W/CobiT 4.1 Control Objectives: Acquire and Implement (AI) 7

8. Mapping ITIL V3 & ISO/IEC 27002 W/CobiT 4.1 Control Objectives: Acquire and Implement (AI) 8

9. Mapping ITIL V3 & ISO/IEC 27002 W/CobiT 4.1 Control Objectives: Acquire and Implement (AI) 9

10. Mapping ITIL V3 & ISO/IEC 27002 W/CobiT 4.1 Control Objectives: Acquire and Implement (AI) 10

11. Mapping ITIL V3 & ISO/IEC 27002 W/CobiT 4.1 Control Objectives: Acquire and Implement (AI) 11

12. Mapping ITIL V3 & ISO/IEC 27002 W/CobiT 4.1 Control Objectives: Acquire and Implement (AI) 12

13. Mapping ITIL V3 and ISO/IEC 27002 With CobiT 4.1 Control Objectives: Deliver and Support (DS)

14. Mapping ITIL V3 and ISO/IEC 27002 With CobiT 4.1 Control Objectives: Deliver and Support (DS)

15. Mapping ITIL V3 and ISO/IEC 27002 With CobiT 4.1 Control Objectives: Deliver and Support (DS)

16. Mapping ITIL V3 and ISO/IEC 27002 With CobiT 4.1 Control Objectives: Deliver and Support (DS) 16

17. Mapping ITIL V3 and ISO/IEC 27002 With CobiT 4.1 Control Objectives: Deliver and Support (DS) 17

18. Mapping ITIL V3 and ISO/IEC 27002 With CobiT 4.1 Control Objectives: Deliver and Support (DS) 18

19. Mapping ITIL V3 and ISO/IEC 27002 With CobiT 4.1 Control Objectives: Deliver and Support (DS) 19

20. Mapping ITIL V3 and ISO/IEC 27002 With CobiT 4.1 Control Objectives: Deliver and Support (DS) 20

21. Mapping ITIL V3 and ISO/IEC 27002 With CobiT 4.1 Control Objectives: Deliver and Support (DS) 21

22. Mapping ITIL V3 and ISO/IEC 27002 With CobiT 4.1 Control Objectives: Deliver and Support (DS) 22

23. Mapping ITIL V3 and ISO/IEC 27002 With CobiT 4.1 Control Objectives: Deliver and Support (DS) 23

24. Mapping ITIL V3 and ISO/IEC 27002 With CobiT 4.1 Control Objectives: Deliver and Support (DS) 24

25. Mapping ITIL V3 and ISO/IEC 27002 With CobiT 4.1 Control Objectives: Deliver and Support (DS) 25

26. Mapping ITIL V3 and ISO/IEC 27002 With CobiT 4.1 Control Objectives: Deliver and Support (DS) 26

27. Mapping ITIL V3 and ISO/IEC 27002 With CobiT 4.1 Control Objectives: Deliver and Support (DS) 27

28. Mapping ITIL V3 and ISO/IEC 27002 With CobiT 4.1 Control Objectives: Deliver and Support (DS) 28

29. Mapping ITIL V3 and ISO/IEC 27002 With CobiT 4.1 Control Objectives: Deliver and Support (DS) 29

30. Mapping ITIL V3 and ISO/IEC 27002 With CobiT 4.1 Control Objectives: Deliver and Support (DS) 30

31. Mapping ITIL V3 and ISO/IEC 27002 With CobiT 4.1 Control Objectives: Deliver and Support (DS) 31

32. Mapping ITIL V3 and ISO/IEC 27002 With CobiT 4.1 Control Objectives: Deliver and Support (DS) 32

33. Mapping ITIL V3 and ISO/IEC 27002 With CobiT 4.1 Control Objectives: Deliver and Support (DS) 33

34. Mapping ITIL V3 and ISO/IEC 27002 With CobiT 4.1 Control Objectives: Monitor and Evaluate (ME) 34

35. Mapping ITIL V3 and ISO/IEC 27002 With CobiT 4.1 Control Objectives: Monitor and Evaluate (ME) 35

36. Mapping ITIL V3 and ISO/IEC 27002 With CobiT 4.1 Control Objectives: Monitor and Evaluate (ME) 36

37. Mapping ITIL V3 and ISO/IEC 27002 With CobiT 4.1 Control Objectives: Monitor and Evaluate (ME) 37

38. Mapping ITIL V3 and ISO/IEC 27002 With CobiT 4.1 Control Objectives: Monitor and Evaluate (ME) 38

39. Mapping ITIL V3 and ISO/IEC 27002 With CobiT 4.1 Control Objectives: Plan & Organize (PO) 39

40. Mapping ITIL V3 and ISO/IEC 27002 With CobiT 4.1 Control Objectives: Plan & Organize (PO) 40

41. Mapping ITIL V3 and ISO/IEC 27002 With CobiT 4.1 Control Objectives: Plan & Organize (PO) 41

42. Mapping ITIL V3 and ISO/IEC 27002 With CobiT 4.1 Control Objectives: Plan & Organize (PO) 42

43. Mapping ITIL V3 and ISO/IEC 27002 With CobiT 4.1 Control Objectives: Plan & Organize (PO) 43

44. Mapping ITIL V3 and ISO/IEC 27002 With CobiT 4.1 Control Objectives: Plan & Organize (PO) 44

45. Mapping ITIL V3 and ISO/IEC 27002 With CobiT 4.1 Control Objectives: Plan & Organize (PO) 45

46. Mapping ITIL V3 and ISO/IEC 27002 With CobiT 4.1 Control Objectives: Plan & Organize (PO) 46

47. Mapping ITIL V3 and ISO/IEC 27002 With CobiT 4.1 Control Objectives: Plan & Organize (PO) 47

48. Mapping ITIL V3 and ISO/IEC 27002 With CobiT 4.1 Control Objectives: Plan & Organize (PO) 48

49. Mapping ITIL V3 and ISO/IEC 27002 With CobiT 4.1 Control Objectives: Plan & Organize (PO) 49

50. Mapping ITIL V3 and ISO/IEC 27002 With CobiT 4.1 Control Objectives: Plan & Organize (PO) 50

51. Mapping ITIL V3 and ISO/IEC 27002 With CobiT 4.1 Control Objectives: Plan & Organize (PO) 51

52. Mapping ITIL V3 and ISO/IEC 27002 With CobiT 4.1 Control Objectives: Plan & Organize (PO) 52

53. Mapping ITIL V3 and ISO/IEC 27002 With CobiT 4.1 Control Objectives: Plan & Organize (PO) 53

54. Mapping ITIL V3 and ISO/IEC 27002 With CobiT 4.1 Control Objectives: Plan & Organize (PO) 54

55. Mapping ITIL V3 and ISO/IEC 27002 With CobiT 4.1 Control Objectives: Plan & Organize (PO) 55

56. Mapping ITIL V3 and ISO/IEC 27002 With CobiT 4.1 Control Objectives: Plan & Organize (PO) 56

57. Mapping ITIL V3 and ISO/IEC 27002 With CobiT 4.1 Control Objectives: Plan & Organize (PO) 57

58. Mapping ITIL V3 and ISO/IEC 27002 With CobiT 4.1 Control Objectives: Plan & Organize (PO) 58

59. Summary, Conclusions & Questions Thank you all for your courteous time and attention today: • Please Note: We’ll be open to and available for discussing any & all areas addressed during this presentation. Respectfully yours, Pw Carey Consultant CISA-CISSP Compliance Partners, LLC 1250 Grove Avenue, Suite 200 Barrington, IL 60010 pwc.pwcarey@gmail.com/ pwcarey@complysys.com 650-278-3731 or 224-633-1378 Fax: 847-381-2067 59

60. Mapping ITIL V3 and ISO/IEC 27002 With CobiT 4.1 Control Objectives References 1. Aligning Cob iT® 4.1, ITIL® V3 and ISO/IEC 27002 for Business Benefit ® A Management Briefing From ITGI and OGC Reservation of Rights © 2008 ITGI. All rights reserved. No part of this publication may be used, copied, reproduced, modified, distributed, displayed, stored in a retrieval system, or transmitted in any form by any means (electronic, mechanical, photocopying, recording or otherwise), without the prior written authorisation of ITGI. Reproduction and use of all or portions of this publication are solely permitted for academic, internal and non- commercial use and for consulting/advisory engagements, and must include full attribution of the material’s source. No other right or permission is granted with respect to this work. © Crown Copyright material 2008, published in conjunction with the Office of Government Commerce, is reproduced with the permission of the controller of HMSO and Queen’s Printer for Scotland. ISACA and ITGI are registered trademarks of ISACA. Co b i T® is a registered trademark of ISACA and ITGI. ITIL® is a Registered Trade Mark of the Office of Government Commerce in the United Kingdom and other countries. IT Infrastructure Library® is a Registered Trade Mark of the Office of Government Commerce in the United Kingdom and other countries. Copies of ISO/IEC 27002:2005 and all ISO standards can be purchased from the American National Standards Institute (ANSI) at http://webstore.ansi.org, phone: +1.212.642.4980; BSI in the UK (www.bsi- global.com/shop.html); and ISO (www.iso.org/iso/store.htm). 60

ISACA San Francisco 2011 Fall Security Conference G32 A Modest Proposal

Recommended

Recommended

More Related Content

Viewers also liked

Viewers also liked (10)

Similar to ISACA San Francisco 2011 Fall Security Conference G32 A Modest Proposal

Similar to ISACA San Francisco 2011 Fall Security Conference G32 A Modest Proposal (9)

ISACA San Francisco 2011 Fall Security Conference G32 A Modest Proposal