1. CGEIT
Best Practices
and Concepts
http://80na20.blogspot.com
Strategy
Boston Consulting Group (BSG) Matrix
Balanced Scorecard (BSC)
Key Concepts
SWOT analysis
Gap Analysis
Porter five forces analysis
Ansoff Matrix
Jo-Hari Window
Continuous
Improvement
Cycles
DMAIC Cycle
DMADV Cycle
PDCA Cycle
7 phases of the
Implementation Life Cycle
Boyd Cycle (OODA)
Agility Loops
Governance
COBIT 5
ISO 38500
ISO/IEC 38500:2015
Information technology --
Governance of IT for the organization
ISO/IEC TR 38502:2014
Information technology --
Governance of IT --
Framework and model
ISO 27014:2013
Information technology -- Security techniques
-- Governance of information security
ISO 17998:2012
Information technology -- SOA Governance Framework
SOA - service-oriented architecture
Strategic alignment model (SAM)
Key Concepts
Stakeholders
RACI charts
Project Management
PMBoK
PRINCE2
Managing Successful Programmes (MSP)
Key Concepts
Project, Program, & Portfolio Management
PERT charts
SOW – statement of work
Gantt chart
Risk Management
ISO 31000
ISO 31000:2009, Risk management – Principles
and guidelines, provides principles, framework
and a process for managing risk.
COSO Framework ERM
ISO 27005
ISO/IEC 27005:2011
Information technology -- Security
techniques -- Information security
risk management
RISK IT
Management of Risk (M_o_R)
COBIT5 for Risk
OCTAVE
NIST 800-37 rev.1 Guide for Applying
the Risk Management Framework to
Federal Information Systems: a
Security Life Cycle Approach
NIST 800-39
Managing Information Security Risk: Organization,
Mission, and Information System View
Key Concepts
Business Impact
Key Risk Indicators (KRIs)
Types of risk – quantitative and qualitative
Root cause analysis
Delphi technique
Monte Carlo simulation
Risk Treatments
Avoidance (eliminate, withdraw
from or not become involved)
Reduction (optimize – mitigate)
Sharing (transfer – outsource or insure)
Retention (accept and budget)
...
Benefits realization,
Resource Optimization
Val IT
COBIT5 for Business Benefits Realization
Key Concepts
The Business Case
Cost-benefit analysis (CBA)
Internal rate of return (IRR)
Net present value (NPV)
Payback period
Retorn on investment (ROI)
Total Cost of Ownership (TCO)
Benchmarking
SMART
Metrics, KPI, KGI, CSF
ITSM + Enterprise
Architecture (EA)
ITIL v3
ITIL Service Strategy
ITIL Service Design
ITIL Service Transition
ITIL Service Operation
ITIL Continual Service Improvement (CSI)
ISO 20000
ISO/IEC 20000-1:2011
Information technology -- Service management --
Part 1: Service management system requirements
ISO/IEC 20000-2:2012
Information technology -- Service management
-- Part 2: Guidance on the application of service
management systems
ISO/IEC TR 20000-4:2010
Information technology -- Service management
-- Part 4: Process reference model
...
The Open Group Architecture Framework (TOGAF)
COBIT5 Implementation
Zachman Framework
Quality Management
Six Sigma
ISO 9001ISO 9001:2015
Quality management systems -- Requirements
Total Quality Management (TQM)
EFQM - European Foundation for Quality Management
Information Security
ISO 27001
ISO/IEC 27001:2013
Information technology -- Security techniques --
Information security management systems --
Requirements
ISO/IEC 27002:2013
Information technology -- Security techniques --
Code of practice for information security controls
ISO/IEC 27013:2015
Information technology -- Security techniques --
Guidance on the integrated implementation of
ISO/IEC 27001 and ISO/IEC 20000-1
...
COBIT5 for Information Security
Business Model for Information Security (BMIS)
NIST 800-100 Information Security
Handbook: A Guide for Managers
SABSA (Sherwood Applied Business Security Architecture
http://sabsa.org/
NIST 800-53 rev.4
Security and Privacy Controls for Federal
Information Systems and Organizations
Business
Continuity
ISO 22301
ISO 22301:2012
Societal security -- Business continuity management
systems --- Requirements
ISO 22313:2012
Societal security -- Business continuity management systems -- Guidance
ISO/IEC 27031:2011
Information technology -- Security techniques -- Guidelines
for information and communication technology readiness
for business continuity
BS 25999
ANSI/ASIS/BSI BCM.01.2010
Business Continuity Management Systems:
Requirements with Guidance for Use
NIST SP 800-34 rev.1
Contingency Planning Guide for Federal Information Systems
CMMI and etc
Capability Maturity Model Integration (CMMI)
ISO 15504
ISO/IEC TR 20000-4:2010
Information technology -- Service management
-- Part 4: Process reference model
ISO/IEC 15504-3:2004
Information technology -- Process assessment --
Part 3: Guidance on performing an assessment
COBIT 5 Assessment Programme
Outsoursing
ISO 37500-2014 Guidance on outsourcing
Outsourcing Professional Body of Knowledge - OPBOK Version 10
NOA Outsourcing Life Cycle
NIST 800-35 Guide to Information Technology Security Services
Information Management
COBIT 5 Enabling Information
Key Concepts
DIKW
Other
ASL - Application Services Library
BiSL - Business Information Services Library
eTOM - Enhanced Telecom Operations Map
eSCM - eSourcing Capability Model
ISPL - Information Services Procurement Library
...
Domains
Domain 1: Framework for the Governance of Enterprise IT (25%)
Domain 2: Strategic Management (20%)
Domain 3: Benefits Realization (16%)
Domain 4: Risk Optimization (24%)
Domain 5: Resource Optimization (15%)
mm CGEIT draft.mmap - 16.10.2016 - Mindjet