Understanding COBIT 5.0 (IT Governance) by Mr. Avinash Totade
President of Information Systems Audit and Control Association (ISACA) UAE Chapter
OpenThinking Day 2012
Qualified Audit Partners advices executive management on IT governance, performs IT audits, optimises business processes and provides training and education in IT Governance and audit.
From technology risk_to_enterprise_risk_the_new_frontierRamsés Gallego
This presentation was given at ISRM Conference in Las Vegas (September 2010) and shows the shift in perception from Technology Risk to Enterprise Risk and how businesses and TI need to embrace that new frontier
Business continuity management fundamentals updateExo Futures
BCM is a holistic management process
that identifies potential impacts that threaten an organisation
and provides a framework for building resilience with the capability for an effective response
that safeguards the interests of its key stakeholders, reputation, brand and value creating activities.
BIA is a process designed to prioritize business functions by assessing the potential quantitative (financial) and qualitative (non-financial) impact that may result if an organization was to experience a disruption from a disaster event.
A simpler definition, BIA is a survey that shows how soon you need to have something and do something in order to not ruin your reputation, not lose a lot of money, and not go out of business.
Governance, Risk, and Compliance ServicesCapgemini
Capgemini’s integrated and centralized approach to Governance, Risk, and Compliance (GRC) breaks through traditional functional silos to deliver effective enterprise risk management and compliance as a continuous process. We help organizations manage a range of enterprise risks in the areas of IT, finance and accounting, operations, and regulatory compliance with flexible solutions comprised of a highly qualified CPA and CISA talent pool, innovative tools, and our unique collection of GPM best practice processes and controls.
Enterprise IT Governance if properly supported eventually becomes embedded in the culture and
decision making process. The larger and more diverse the enterprise, the slower the evolutionary
process becomes. Digité Enterprise helps maintain a shared vision by allowing talent, skills
and knowledge to collaborate to achieve common goal, share ownership, and foster collective
communication with complete focus on the results.
This paper describes how a continuous improvement IT Security Governance process provides effective planning and decision making capabilities for a cybersecurity program. Governance can be thought of “doing the right things” while management is “doing things right”. IT Security Governance focuses on doing the right things to protect organizations and agencies.
1. Learn about the evolving role of the chief risk officer (CRO) both before and during the current global economic crisis.
2. Develop an understanding of the complementary aspects of the CRO and chief audit executive (CAE) roles, as well as the potential conflicts to avoid.
3. Discover strategies and critical success factors for an effective CRO and CAE partnership.
Understanding COBIT 5.0 (IT Governance) by Mr. Avinash Totade
President of Information Systems Audit and Control Association (ISACA) UAE Chapter
OpenThinking Day 2012
Qualified Audit Partners advices executive management on IT governance, performs IT audits, optimises business processes and provides training and education in IT Governance and audit.
From technology risk_to_enterprise_risk_the_new_frontierRamsés Gallego
This presentation was given at ISRM Conference in Las Vegas (September 2010) and shows the shift in perception from Technology Risk to Enterprise Risk and how businesses and TI need to embrace that new frontier
Business continuity management fundamentals updateExo Futures
BCM is a holistic management process
that identifies potential impacts that threaten an organisation
and provides a framework for building resilience with the capability for an effective response
that safeguards the interests of its key stakeholders, reputation, brand and value creating activities.
BIA is a process designed to prioritize business functions by assessing the potential quantitative (financial) and qualitative (non-financial) impact that may result if an organization was to experience a disruption from a disaster event.
A simpler definition, BIA is a survey that shows how soon you need to have something and do something in order to not ruin your reputation, not lose a lot of money, and not go out of business.
Governance, Risk, and Compliance ServicesCapgemini
Capgemini’s integrated and centralized approach to Governance, Risk, and Compliance (GRC) breaks through traditional functional silos to deliver effective enterprise risk management and compliance as a continuous process. We help organizations manage a range of enterprise risks in the areas of IT, finance and accounting, operations, and regulatory compliance with flexible solutions comprised of a highly qualified CPA and CISA talent pool, innovative tools, and our unique collection of GPM best practice processes and controls.
Enterprise IT Governance if properly supported eventually becomes embedded in the culture and
decision making process. The larger and more diverse the enterprise, the slower the evolutionary
process becomes. Digité Enterprise helps maintain a shared vision by allowing talent, skills
and knowledge to collaborate to achieve common goal, share ownership, and foster collective
communication with complete focus on the results.
This paper describes how a continuous improvement IT Security Governance process provides effective planning and decision making capabilities for a cybersecurity program. Governance can be thought of “doing the right things” while management is “doing things right”. IT Security Governance focuses on doing the right things to protect organizations and agencies.
1. Learn about the evolving role of the chief risk officer (CRO) both before and during the current global economic crisis.
2. Develop an understanding of the complementary aspects of the CRO and chief audit executive (CAE) roles, as well as the potential conflicts to avoid.
3. Discover strategies and critical success factors for an effective CRO and CAE partnership.
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...Levi Shapiro
Letter from the Congress of the United States regarding Anti-Semitism sent June 3rd to MIT President Sally Kornbluth, MIT Corp Chair, Mark Gorenberg
Dear Dr. Kornbluth and Mr. Gorenberg,
The US House of Representatives is deeply concerned by ongoing and pervasive acts of antisemitic
harassment and intimidation at the Massachusetts Institute of Technology (MIT). Failing to act decisively to ensure a safe learning environment for all students would be a grave dereliction of your responsibilities as President of MIT and Chair of the MIT Corporation.
This Congress will not stand idly by and allow an environment hostile to Jewish students to persist. The House believes that your institution is in violation of Title VI of the Civil Rights Act, and the inability or
unwillingness to rectify this violation through action requires accountability.
Postsecondary education is a unique opportunity for students to learn and have their ideas and beliefs challenged. However, universities receiving hundreds of millions of federal funds annually have denied
students that opportunity and have been hijacked to become venues for the promotion of terrorism, antisemitic harassment and intimidation, unlawful encampments, and in some cases, assaults and riots.
The House of Representatives will not countenance the use of federal funds to indoctrinate students into hateful, antisemitic, anti-American supporters of terrorism. Investigations into campus antisemitism by the Committee on Education and the Workforce and the Committee on Ways and Means have been expanded into a Congress-wide probe across all relevant jurisdictions to address this national crisis. The undersigned Committees will conduct oversight into the use of federal funds at MIT and its learning environment under authorities granted to each Committee.
• The Committee on Education and the Workforce has been investigating your institution since December 7, 2023. The Committee has broad jurisdiction over postsecondary education, including its compliance with Title VI of the Civil Rights Act, campus safety concerns over disruptions to the learning environment, and the awarding of federal student aid under the Higher Education Act.
• The Committee on Oversight and Accountability is investigating the sources of funding and other support flowing to groups espousing pro-Hamas propaganda and engaged in antisemitic harassment and intimidation of students. The Committee on Oversight and Accountability is the principal oversight committee of the US House of Representatives and has broad authority to investigate “any matter” at “any time” under House Rule X.
• The Committee on Ways and Means has been investigating several universities since November 15, 2023, when the Committee held a hearing entitled From Ivory Towers to Dark Corners: Investigating the Nexus Between Antisemitism, Tax-Exempt Universities, and Terror Financing. The Committee followed the hearing with letters to those institutions on January 10, 202
Biological screening of herbal drugs: Introduction and Need for
Phyto-Pharmacological Screening, New Strategies for evaluating
Natural Products, In vitro evaluation techniques for Antioxidants, Antimicrobial and Anticancer drugs. In vivo evaluation techniques
for Anti-inflammatory, Antiulcer, Anticancer, Wound healing, Antidiabetic, Hepatoprotective, Cardio protective, Diuretics and
Antifertility, Toxicity studies as per OECD guidelines
Normal Labour/ Stages of Labour/ Mechanism of LabourWasim Ak
Normal labor is also termed spontaneous labor, defined as the natural physiological process through which the fetus, placenta, and membranes are expelled from the uterus through the birth canal at term (37 to 42 weeks
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Dr. Vinod Kumar Kanvaria
Exploiting Artificial Intelligence for Empowering Researchers and Faculty,
International FDP on Fundamentals of Research in Social Sciences
at Integral University, Lucknow, 06.06.2024
By Dr. Vinod Kumar Kanvaria
This slide is special for master students (MIBS & MIFB) in UUM. Also useful for readers who are interested in the topic of contemporary Islamic banking.
This presentation includes basic of PCOS their pathology and treatment and also Ayurveda correlation of PCOS and Ayurvedic line of treatment mentioned in classics.
2024.06.01 Introducing a competency framework for languag learning materials ...Sandy Millin
http://sandymillin.wordpress.com/iateflwebinar2024
Published classroom materials form the basis of syllabuses, drive teacher professional development, and have a potentially huge influence on learners, teachers and education systems. All teachers also create their own materials, whether a few sentences on a blackboard, a highly-structured fully-realised online course, or anything in between. Despite this, the knowledge and skills needed to create effective language learning materials are rarely part of teacher training, and are mostly learnt by trial and error.
Knowledge and skills frameworks, generally called competency frameworks, for ELT teachers, trainers and managers have existed for a few years now. However, until I created one for my MA dissertation, there wasn’t one drawing together what we need to know and do to be able to effectively produce language learning materials.
This webinar will introduce you to my framework, highlighting the key competencies I identified from my research. It will also show how anybody involved in language teaching (any language, not just English!), teacher training, managing schools or developing language learning materials can benefit from using the framework.
Delivering Micro-Credentials in Technical and Vocational Education and TrainingAG2 Design
Explore how micro-credentials are transforming Technical and Vocational Education and Training (TVET) with this comprehensive slide deck. Discover what micro-credentials are, their importance in TVET, the advantages they offer, and the insights from industry experts. Additionally, learn about the top software applications available for creating and managing micro-credentials. This presentation also includes valuable resources and a discussion on the future of these specialised certifications.
For more detailed information on delivering micro-credentials in TVET, visit this https://tvettrainer.com/delivering-micro-credentials-in-tvet/
Safalta Digital marketing institute in Noida, provide complete applications that encompass a huge range of virtual advertising and marketing additives, which includes search engine optimization, virtual communication advertising, pay-per-click on marketing, content material advertising, internet analytics, and greater. These university courses are designed for students who possess a comprehensive understanding of virtual marketing strategies and attributes.Safalta Digital Marketing Institute in Noida is a first choice for young individuals or students who are looking to start their careers in the field of digital advertising. The institute gives specialized courses designed and certification.
for beginners, providing thorough training in areas such as SEO, digital communication marketing, and PPC training in Noida. After finishing the program, students receive the certifications recognised by top different universitie, setting a strong foundation for a successful career in digital marketing.
Macroeconomics- Movie Location
This will be used as part of your Personal Professional Portfolio once graded.
Objective:
Prepare a presentation or a paper using research, basic comparative analysis, data organization and application of economic information. You will make an informed assessment of an economic climate outside of the United States to accomplish an entertainment industry objective.
#sitbru Session 3 IT Governance for sap practitioners by Prof. G. Ataya
1. IT Governance Masterclass
Georges Ataya
CISA, CGEIT, CISA, CISSP, MSCS, PBA
External Relations Chair, ISACA
Professor, Solvay Business School
Managing Partner, ICT Control NV
2. Georges Ataya MSCS, PBA, CISA, CISM, CISSP
• Professor and Academic Director at Solvay Brussels School of Economics and
Management in charge of IT Management Education www.solvay.edu/it)
www.solvay.edu/it)
• Academic relations Committee Chair at ISACA (ISACA.org)
(ISACA.org)
• Managing Partner ICT Control SA (www.ictcontrol.eu)
• Participated in various researches and publications.
• Georges@ictcontrol.eu – www.ataya.info
3. Why Does IT needs a Governance Framework?
Do any of these conditions sound familiar?
• Growing complexity of IT environments
• Fragmented IT infrastructures or applications
• Demand for technologists outstripping supply
• Communication gap between business and IT managers
• IT service levels that are disappointing
• Marginal productivity gains on technology investments
• Impaired organisational flexibility and nimbleness to change
• User frustration leading to ad hoc solutions
• IT managers operating like fire fighters
4. IT Governance Needs a Management Framework
Driving Forces
Map Onto the IT
IT Governance GOVERNANCE
Concepts
Focus Areas
RESOURCE
MANAGEMENT
5. Six IT Governance domains
IT Governance Risk
Concepts Management
Strategic Resources
Alignment Management
Value Performance
Management Measurement
7. Governance, Risk & Compliance: GRC
Compliance is the act of
adhering to, and demonstrating
adherence to, external laws and
Compliance regulations as well as corporate
policies and procedures.
Risk is the effect
of uncertainty on
business
objectives; risk
management is
the coordinated
Risk Governance is the
culture, policies,
activities to direct processes, laws,
and control an and institutions that
organization to
realize
Governance define the structure
by which
opportunities companies are
while managing directed and
negative events. managed.
Source: OCEG (Open Compliance and Ethics Group)
8. Practices and processes in value governance
Value Governance – elements
Strategy Management A M
r a
c n
h a
Portfolio Management i g
t e
e m
VALUE c e
RISK
Programme Management A M
s g t n
Total s m u t
Benefits – r
Total e t
Costs Project Management t e
Operations Management
Source: IT Governance Institute
10. Value Governance is based around
The Four “Ares” - continually asking…
Are we Are we
doing getting
the right the
things? benefits?
Are we Are we
doing them getting
the right them done
way? well?
Source: Fujitsu Consulting
11. Risk approaches
Dependent on the type of risk and its
significance to the business, management
and the board may choose to:
to:
Mitigate
Implementing controls, e.g., acquire
and deploy security technology to
protect the IT infrastructure
Transfer
Sharing risk with partners or
transferring it to insurance coverage
Accept
Formally acknowledging that the risk
exists and monitoring it
12. Risk management of enterprise IT resources
(application, information, infrastructure, people)
IT Risk Analysis Approach
Source: IT Governance Institute
13. Does Your IT Architecture Look Like…
(needed a) …blueprint to bring order to “spaghetti layer of applications,
boxes and wires” Toby Redshaw VP of Strategy & Architecture Motorola
14. Four architectural views
Business View
Application View
Information View
Technology View
What are the business strategies and processes that will
make Which applications do we need to facilitate the business
us successful
What information do we need to manage in the
process and manipulateneeded to support the information and
What technology is the information
business
application needs
15. IT Governance needs a control framework
How is it being used?
IT Governance
IT Governance Audit Methodology
Security
Security CobiT Sarbanes Oxley
- Oxley
Framework
Outsourcing
Outsourcing Process Standards
Policy
Policy
“CobiT is the framework that gives me an end-to-end view of IT.”
John Carrow, CIO, Unisys
“CobiT is an end-to-end catalogue of IT decisions.”
Simon Shapiro, CIO, Investec
16. COBIT Framework
BUSINESS OBJECTIVES AND
GOVERNANCE OBJECTIVES
C O B I T
ME1 Monitor and evaluate IT FRAMEWORK PO1 Define a strategic IT plan.
performance. INFORMATION
PO2 Define the information
ME2 Monitor and evaluate
architecture.
internal control.
Efficiency Integrity PO3 Determine technological
ME3 Ensure compliance with
Effectiveness Availability direction.
external requirements.
Compliance PO4 Define the IT processes,
ME4 Provide IT governance. Confidentiality
organisation and
Reliability relationships.
MONITOR PLAN PO5 Manage the IT investment.
AND AND PO6 Communicate management
EVALUATE ORGANISE aims and direction.
IT PO7 Manage IT human resources.
DS1 Define and manage service RESOURCES PO8 Manage quality.
levels.
PO9 Assess and manage IT risks.
DS2 Manage third-party services. PO10 Manage projects.
DS3 Manage performance and
capacity.
DS4 Ensure continuous service. Applications
Information
DS5 Ensure systems security. AI1 Identify automated solutions.
Infrastructure
DS6 Identify and allocate costs. People AI2 Acquire and maintain
DS7 Educate and train users. DELIVER application software.
ACQUIRE
DS8 Manage service desk and AND AI3 Acquire and maintain
AND
incidents. SUPPORT IMPLEMENT technology infrastructure.
DS9 Manage the configuration. AI4 Enable operation and use.
DS10 Manage problems. AI5 Procure IT resources.
DS11 Manage data. AI6 Manage changes.
DS12 Manage the physical AI7 Install and accredit solutions
environment. and changes.
DS13 Manage operations.
17. Setting the Direction of IT Governance across the enterprise (in
support of the business)
Provide Direction
Set Objectives IT Activities
IT is aligned with the
Increase automation
business
(make the business
IT enables the business
effective)
& maximises benefits Compare Decrease cost (make the
IT resources are used
enterprise efficient)
responsibly
Manage risks (security,
IT-related risks are
reliability & compliance)
managed appropriately
Measure
Performance
• Objective: ensure that IT enables, sustains and extends the
organisation’s strategies and objectives
• Method: providing direction and exercising control
• Content: Leadership, organisational structures and processes
• Responsibility: board of directors and executive management
Source: IT Governance Institute
18. Value chain linkage between Enterprise Strategy and IT
Enterprise Business IT IT
Strategy & Goals for IT Goals Processes Scorecard
Architecture IT
deliver
Business Governance Information
Requirements Requirements
require influence run
Information IT
Applications
Services Processes
imply
Information Infrastructure
Criteria need & People
Source: IT Governance Institute
19. Benchmarking IT process maturity by industry sector
Po1
3.50
M1 Po3
3.00
DS11 Po5 Finance
2.50
Other
DS10 2.00 Po9
IT Services
1.50
DS5 Po10 Public Sector
Ret & Manu
DS4 A11
DS1 A12
A16 A15
Po1 Po1 Po1
3.50 3.50
M1 3.50 Po3 M1 Po3 M1 Po3
3.00 3.00 3.00
DS11 Po5 DS11
2.50
Po5 DS11 2.50
Po5
2.50
2.00 2.00 2.00
DS10 Po9 DS10 Po9 DS10 Po9
1.50 1.50 1.50
1.00 1.00 1.00
DS5 Po10 DS5 Po10 DS5 Po10
DS4 A11 DS4 A11 DS4 A11
DS1 A12 DS1 A12 DS1 A12
A16 A15 A16 A15 A16 A15
Financial Services Public Sector Retail/Manufacturing
Source: IT Governance Institute
20. Where Does Frameworks Fit?
CONFORMANCE
PERFORMANCE:
Drivers Basel II, Sarbanes-
Business Goals Oxley Act, etc.
Balanced
Enterprise Governance Scorecard
COSO
IT Governance COBIT 4.1
ISO ISO ISO
Standards Best Practice 9001:2000 27002 20000
QA Security ITIL V3
Processes and Procedures procedures Principles
21. Why Isn’t Everyone Doing This?
We do this already.
It’s not exciting.
You’re making it
much too complex.
It’s not easy.
It’s an IT problem.
Lack of business
engagement /
accountability
We don’t know where
to start!
21