SlideShare uma empresa Scribd logo

IT Governance & ISO 38500

Ramiro Cid
Ramiro Cid

IT Governance or Corporate governance of information technology is a subset discipline of corporate governance, focused on information and technology (IT) and its performance and risk management. The interest in IT Governance is due to the ongoing need within organizations to focus value creation efforts on an organization's strategic objectives and to better manage the performance of those responsible for creating this value in the best interest of all stakeholders.

Governo e ONGs
1 de 13
Baixar para ler offline
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid Ramiro Cid | @ramirocid IT Governance & ISO 38500
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid 2 Index 1. First approach to IT Governance Slide 3 2. Problems with IT Governance Slide 4 3. IT Governance: Frameworks Slide 5 4. IT Governance: Lifecycle Slide 7 5. ISO/IEC 38500:2008 - Main topics Slide 8 6. ISO/IEC 38500:2008 - Main purposes Slide 9 7. ISO/IEC 38500:2008 - 6 Basic principles Slide 10 8. ISO/IEC 38500:2008 - Remarking 2 Basic principles Slide 11 9. Sources used to expand knowledge Slide 12
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid IT Governance or Corporate governance of information technology is a subset discipline of corporate governance, focused on information and technology (IT) and its performance and risk management. The interest in IT governance is due to the ongoing need within organizations to focus value creation efforts on an organization's strategic objectives and to better manage the performance of those responsible for creating this value in the best interest of all stakeholders. It is also very important to have an alignment of IT strategy with the business strategy. It has evolved from The Principles of Scientific Management, Total Quality Management and ISO 9001 Quality management system. An IT Governance framework is used to identify, establish and link the mechanisms to oversee the use of information and related technology to create value and manage the risks associated with using information and technology. 1. First approach to IT Governance
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid IT governance is often confused with IT management, compliance and IT controls. The problem is increased by terms such as "governance, risk and compliance (GRC)" that establish a link between governance and compliance. The primary focus of IT governance is the stewardship of IT resources on behalf of various stakeholders whose ranking is established by the organization's governing body. A simple way to explain IT governance is: what is to be achieved from the leveraging of IT resources. While IT management is about "planning, organizing, directing and controlling the use of IT resources" (that is, the how), IT governance is about creating value for the stakeholders based on the direction given by those who govern. ISO 38500 has helped clarify IT governance by describing a model to be used by company directors. While directors are responsible for this stewardship it is not unusual that will delegate this responsibility to management (business and IT) who are expected to develop the necessary capability to deliver the performance expected. Whilst managing risk and ensuring compliance are essential components of good governance, the primary focus is on delivering value and managing performance (i.e. "Governance, Value delivery and Performance management" (GVP)). 2. Problems with IT Governance
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid  AS8015-2005: Australian Standard for Corporate Governance of Information and Communication Technology. AS8015 was adopted as ISO/IEC 38500 in May 2008.  ISO/IEC 38500:2008: Corporate governance of information technology (very closely based on AS8015- 2005) provides a framework for effective governance of IT to assist those at the highest level of organizations to understand and fulfill their legal, regulatory, and ethical obligations in respect of their organizations’ use of IT. ISO/IEC 38500 is applicable to organizations from all sizes, including public and private companies, government entities, and not-for-profit organizations. 3. IT Governance: Frameworks
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid  COBIT: Is regarded as the world's leading IT governance and control framework. COBIT provides a reference model of 37 IT processes typically found in an organization. Each process is defined together with process inputs and outputs, key process activities, process objectives, performance measures and an elementary maturity model. ISACA published COBIT 5 in April 2012 as a "business framework for the governance and management of enterprise IT". COBIT 5 consolidates COBIT4.1, Val IT and Risk IT into a single framework acting as an enterprise framework aligned and interoperable with TOGAF and ITIL. Last version is COBIT 5. 3. IT Governance: Frameworks
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid 4. IT Governance: Lifecycle
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid IT Governance has an ISO, it is the ISO/IEC 38500:2008 called “Corporate governance of information technology”. This presentation will focus in this IT Governance framework. This standard was published in June 2008 and complements the set of ISO standards that affect the systems and information technologies (such as ISO/IEC 27001, ISO/IEC 20000, etc.). This rule sets standards for good management of business processes and decisions related to information and communication services that are usually managed by specialists in IS / internal or within other business units of the IT organization, such as suppliers external service. 5. ISO/IEC 38500:2008 - Main topics
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid In essence, all that this proposed rule can be summarized into three main purposes: a) Ensure that, if the rule is followed properly, the stakeholders (managers, consultants, engineers, hardware vendors, auditors, etc.), can rely on the corporate governance of IT. b) Provide information and guidance to managers that control the use of IS/IT in your organization/company. c) Provide a basis for objective evaluation by top management of IT management. IT governance framework Likewise, the rule encourages adopt a minimum set of measures for the organization to get your IT goals. 6. ISO/IEC 38500:2008 - Main purposes
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid 1. The establishment of responsibilities to competent people for decision making 2. Alignment of IT with the strategic objectives of the organization (a good planning support to the improvement of the organization) 3. The investment in IT goods suitable 4. Quality in the operation of IT systems 5. Ensuring legal compliance or regulatory IT systems 6. The involvement of the human factor and respect at the same 7. ISO/IEC 38500:2008 - 6 Basic principles
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid  Compliance with the legal environment is a growing need in the context of IS/IT organizations of any size, as there is a lot of legislation regulating the use of information, communications, etc. forming a binding legal framework that can not be ignored.  The human factor is often treated very tangentially in many business strategies and, above all, IS/IT. Fortunately, this standard (as ISO 27001 for example in his domain “8. Security linked to Human Resources”), incorporated as a fundamental pillar more. 8. ISO/IEC 38500:2008 - Remarking 2 Basic principles
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid  IT Governance Definition and Solutions | cio.com URL: http://www.cio.com/article/2438931/governance/it-governance-definition-and-solutions.html  “Corporate governance of information technology” definition | Wikipedia URL: https://en.wikipedia.org/wiki/Corporate_governance_of_information_technology  IT Governance Defined | ITGovernance URL: http://www.itgovernance.co.uk/it_governance.aspx  “IT Governance Developing a successful governance strategy” | National Computing Centre (published on Isaca.org website) URL: https://www.isaca.org/Certification/CGEIT-Certified-in-the-Governance-of-Enterprise-IT/Prepare-for-the-Exam/Study- Materials/Documents/Developing-a-Successful-Governance-Strategy.pdf 9. Sources used to expand knowledge
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid Questions? Many thanks ! Ramiro Cid CISM, CGEIT, ISO 27001 LA, ISO 22301 LA, ITIL ramiro@ramirocid.com @ramirocid http://www.linkedin.com/in/ramirocid http://ramirocid.com http://es.slideshare.net/ramirocid http://www.youtube.com/user/cidramiro

Recomendados

IT Governance Framework
IT Governance FrameworkIT Governance Framework
IT Governance FrameworkSherri Booher
 
Understanding IT Governance and Risk Management
Understanding IT Governance and Risk ManagementUnderstanding IT Governance and Risk Management
Understanding IT Governance and Risk Managementjiricejka
 
cobit 2019 presentation.pdf
cobit 2019 presentation.pdfcobit 2019 presentation.pdf
cobit 2019 presentation.pdfmohammed539963
 
IT Governance – The missing compass in a technology changing world
IT Governance – The missing compass in a technology changing world IT Governance – The missing compass in a technology changing world
IT Governance – The missing compass in a technology changing worldPECB
 
ITIL Introduction
ITIL IntroductionITIL Introduction
ITIL IntroductionRavi Kiran
 
IT Governance
IT GovernanceIT Governance
IT GovernanceCarlos Chalico
 
Introduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementIntroduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementChristian F. Nissen
 
Itil,cobit and ıso27001
Itil,cobit and ıso27001Itil,cobit and ıso27001
Itil,cobit and ıso27001Burcu Pelin TELLİ
 

Recomendados

IT Governance Framework
IT Governance FrameworkIT Governance Framework
IT Governance FrameworkSherri Booher
 
Understanding IT Governance and Risk Management
Understanding IT Governance and Risk ManagementUnderstanding IT Governance and Risk Management
Understanding IT Governance and Risk Managementjiricejka
 
cobit 2019 presentation.pdf
cobit 2019 presentation.pdfcobit 2019 presentation.pdf
cobit 2019 presentation.pdfmohammed539963
 
IT Governance – The missing compass in a technology changing world
IT Governance – The missing compass in a technology changing world IT Governance – The missing compass in a technology changing world
IT Governance – The missing compass in a technology changing worldPECB
 
ITIL Introduction
ITIL IntroductionITIL Introduction
ITIL IntroductionRavi Kiran
 
IT Governance
IT GovernanceIT Governance
IT GovernanceCarlos Chalico
 
Introduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementIntroduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementChristian F. Nissen
 
Itil,cobit and ıso27001
Itil,cobit and ıso27001Itil,cobit and ıso27001
Itil,cobit and ıso27001Burcu Pelin TELLİ
 
ITIL Process Assessment - Service Design (XLS)
ITIL Process Assessment - Service Design (XLS)ITIL Process Assessment - Service Design (XLS)
ITIL Process Assessment - Service Design (XLS)Flevy.com Best Practices
 
ITIL and ISO 20000: Fundamentals and necessary compliance Synergies
ITIL and ISO 20000: Fundamentals and necessary compliance SynergiesITIL and ISO 20000: Fundamentals and necessary compliance Synergies
ITIL and ISO 20000: Fundamentals and necessary compliance SynergiesPECB
 
Cobit 5 - An Overview
Cobit 5 - An OverviewCobit 5 - An Overview
Cobit 5 - An OverviewAnurag Purohit
 
IT4IT™ - Managing the Business of IT
IT4IT™ - Managing the Business of ITIT4IT™ - Managing the Business of IT
IT4IT™ - Managing the Business of ITThe Open Group SA
 
It governance
It governanceIt governance
It governanceLusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
COBIT 2019 Overview_v1.1.pdf
COBIT 2019 Overview_v1.1.pdfCOBIT 2019 Overview_v1.1.pdf
COBIT 2019 Overview_v1.1.pdfMartinPatrici
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubKaushal Trivedi
 
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGovernance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGoutama Bachtiar
 
Integrating ITSM Frameworks, Standards and Processes - ITSM Academy Webinar
Integrating ITSM Frameworks, Standards and Processes - ITSM Academy WebinarIntegrating ITSM Frameworks, Standards and Processes - ITSM Academy Webinar
Integrating ITSM Frameworks, Standards and Processes - ITSM Academy WebinarITSM Academy, Inc.
 
ITSM Foundation Course Material
ITSM Foundation Course MaterialITSM Foundation Course Material
ITSM Foundation Course Materialstefanhenry
 
History of IT Service Management Practices and Standards
History of IT Service Management Practices and StandardsHistory of IT Service Management Practices and Standards
History of IT Service Management Practices and StandardsRob Akershoek
 
Information Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsInformation Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsPECB
 
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGovernance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGoutama Bachtiar
 
Define an IT Strategy and Roadmap
Define an IT Strategy and RoadmapDefine an IT Strategy and Roadmap
Define an IT Strategy and RoadmapAndrew Byers
 
Using ITIL 4 and IT4IT together
Using ITIL 4 and IT4IT togetherUsing ITIL 4 and IT4IT together
Using ITIL 4 and IT4IT togetherRob Akershoek
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Dinesh O Bareja
 
ISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Cobit5 owerwiev and implementation proposal
Cobit5 owerwiev and implementation proposalCobit5 owerwiev and implementation proposal
Cobit5 owerwiev and implementation proposalEmilio Gratton
 
IT Governance Made Easy
IT Governance Made EasyIT Governance Made Easy
IT Governance Made EasyJerry Bishop
 
Cobit 2019 framework by ISACA
Cobit 2019 framework by ISACACobit 2019 framework by ISACA
Cobit 2019 framework by ISACAMDFazlaRabbiAbir
 
IT Governance Vs IT Management Presentation V0.1
IT Governance Vs IT Management Presentation V0.1IT Governance Vs IT Management Presentation V0.1
IT Governance Vs IT Management Presentation V0.1Richard Willis
 
Eurosec'2008 christophe feltus
Eurosec'2008 christophe feltusEurosec'2008 christophe feltus
Eurosec'2008 christophe feltusLuxembourg Institute of Science and Technology
 

Mais conteúdo relacionado

Mais procurados

ITIL Process Assessment - Service Design (XLS)
ITIL Process Assessment - Service Design (XLS)ITIL Process Assessment - Service Design (XLS)
ITIL Process Assessment - Service Design (XLS)Flevy.com Best Practices
 
ITIL and ISO 20000: Fundamentals and necessary compliance Synergies
ITIL and ISO 20000: Fundamentals and necessary compliance SynergiesITIL and ISO 20000: Fundamentals and necessary compliance Synergies
ITIL and ISO 20000: Fundamentals and necessary compliance SynergiesPECB
 
IT4IT™ - Managing the Business of IT
IT4IT™ - Managing the Business of ITIT4IT™ - Managing the Business of IT
IT4IT™ - Managing the Business of ITThe Open Group SA
 
COBIT 2019 Overview_v1.1.pdf
COBIT 2019 Overview_v1.1.pdfCOBIT 2019 Overview_v1.1.pdf
COBIT 2019 Overview_v1.1.pdfMartinPatrici
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubKaushal Trivedi
 
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGovernance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGoutama Bachtiar
 
Integrating ITSM Frameworks, Standards and Processes - ITSM Academy Webinar
Integrating ITSM Frameworks, Standards and Processes - ITSM Academy WebinarIntegrating ITSM Frameworks, Standards and Processes - ITSM Academy Webinar
Integrating ITSM Frameworks, Standards and Processes - ITSM Academy WebinarITSM Academy, Inc.
 
ITSM Foundation Course Material
ITSM Foundation Course MaterialITSM Foundation Course Material
ITSM Foundation Course Materialstefanhenry
 
History of IT Service Management Practices and Standards
History of IT Service Management Practices and StandardsHistory of IT Service Management Practices and Standards
History of IT Service Management Practices and StandardsRob Akershoek
 
Information Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsInformation Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsPECB
 
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGovernance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGoutama Bachtiar
 
Define an IT Strategy and Roadmap
Define an IT Strategy and RoadmapDefine an IT Strategy and Roadmap
Define an IT Strategy and RoadmapAndrew Byers
 
Using ITIL 4 and IT4IT together
Using ITIL 4 and IT4IT togetherUsing ITIL 4 and IT4IT together
Using ITIL 4 and IT4IT togetherRob Akershoek
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Dinesh O Bareja
 
Cobit5 owerwiev and implementation proposal
Cobit5 owerwiev and implementation proposalCobit5 owerwiev and implementation proposal
Cobit5 owerwiev and implementation proposalEmilio Gratton
 
IT Governance Made Easy
IT Governance Made EasyIT Governance Made Easy
IT Governance Made EasyJerry Bishop
 
Cobit 2019 framework by ISACA
Cobit 2019 framework by ISACACobit 2019 framework by ISACA
Cobit 2019 framework by ISACAMDFazlaRabbiAbir
 

Mais procurados (20)

ITIL Process Assessment - Service Design (XLS)
ITIL Process Assessment - Service Design (XLS)ITIL Process Assessment - Service Design (XLS)
ITIL Process Assessment - Service Design (XLS)
 
ITIL and ISO 20000: Fundamentals and necessary compliance Synergies
ITIL and ISO 20000: Fundamentals and necessary compliance SynergiesITIL and ISO 20000: Fundamentals and necessary compliance Synergies
ITIL and ISO 20000: Fundamentals and necessary compliance Synergies
 
Cobit 5 - An Overview
Cobit 5 - An OverviewCobit 5 - An Overview
Cobit 5 - An Overview
 
IT4IT™ - Managing the Business of IT
IT4IT™ - Managing the Business of ITIT4IT™ - Managing the Business of IT
IT4IT™ - Managing the Business of IT
 
It governance
It governanceIt governance
It governance
 
COBIT 2019 Overview_v1.1.pdf
COBIT 2019 Overview_v1.1.pdfCOBIT 2019 Overview_v1.1.pdf
COBIT 2019 Overview_v1.1.pdf
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit Club
 
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGovernance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 Framework
 
Integrating ITSM Frameworks, Standards and Processes - ITSM Academy Webinar
Integrating ITSM Frameworks, Standards and Processes - ITSM Academy WebinarIntegrating ITSM Frameworks, Standards and Processes - ITSM Academy Webinar
Integrating ITSM Frameworks, Standards and Processes - ITSM Academy Webinar
 
ITSM Foundation Course Material
ITSM Foundation Course MaterialITSM Foundation Course Material
ITSM Foundation Course Material
 
History of IT Service Management Practices and Standards
History of IT Service Management Practices and StandardsHistory of IT Service Management Practices and Standards
History of IT Service Management Practices and Standards
 
Information Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsInformation Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO Standards
 
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGovernance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 Framework
 
Define an IT Strategy and Roadmap
Define an IT Strategy and RoadmapDefine an IT Strategy and Roadmap
Define an IT Strategy and Roadmap
 
Using ITIL 4 and IT4IT together
Using ITIL 4 and IT4IT togetherUsing ITIL 4 and IT4IT together
Using ITIL 4 and IT4IT together
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing
 
ISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdf
 
Cobit5 owerwiev and implementation proposal
Cobit5 owerwiev and implementation proposalCobit5 owerwiev and implementation proposal
Cobit5 owerwiev and implementation proposal
 
IT Governance Made Easy
IT Governance Made EasyIT Governance Made Easy
IT Governance Made Easy
 
Cobit 2019 framework by ISACA
Cobit 2019 framework by ISACACobit 2019 framework by ISACA
Cobit 2019 framework by ISACA
 

Semelhante a IT Governance & ISO 38500

IT Governance Vs IT Management Presentation V0.1
IT Governance Vs IT Management Presentation V0.1IT Governance Vs IT Management Presentation V0.1
IT Governance Vs IT Management Presentation V0.1Richard Willis
 
rethinking marketing
rethinking marketingrethinking marketing
rethinking marketingNavneet Singh
 
Presenting VALIT Frameworks and Comparing between Them and Other Enterprise A...
Presenting VALIT Frameworks and Comparing between Them and Other Enterprise A...Presenting VALIT Frameworks and Comparing between Them and Other Enterprise A...
Presenting VALIT Frameworks and Comparing between Them and Other Enterprise A...Eswar Publications
 
It governance 13 may20102
It governance 13 may20102It governance 13 may20102
It governance 13 may20102James Sutter
 
Implementation of a Decision System for a Suitable IT Governance Framework
Implementation of a Decision System for a Suitable IT Governance FrameworkImplementation of a Decision System for a Suitable IT Governance Framework
Implementation of a Decision System for a Suitable IT Governance FrameworkIJCSIS Research Publications
 
CISA DOMAIN 2 Governance & Management of IT
CISA DOMAIN 2 Governance & Management of ITCISA DOMAIN 2 Governance & Management of IT
CISA DOMAIN 2 Governance & Management of ITShivamSharma909
 
Report on IT Auditing and Governance_Ta_Hoang_Thang
Report on IT Auditing and Governance_Ta_Hoang_ThangReport on IT Auditing and Governance_Ta_Hoang_Thang
Report on IT Auditing and Governance_Ta_Hoang_ThangThang Ta Hoang
 
201306 CIO NET The Value of IT Frameworks
201306 CIO NET The Value of IT Frameworks201306 CIO NET The Value of IT Frameworks
201306 CIO NET The Value of IT FrameworksFrancisco Calzado
 
CIT 3122 IS Governance Lecture 3.pptx
CIT 3122 IS Governance Lecture 3.pptxCIT 3122 IS Governance Lecture 3.pptx
CIT 3122 IS Governance Lecture 3.pptxanthonywanjohi5
 
The Room | Innotrain systematization
The Room | Innotrain systematization The Room | Innotrain systematization
The Room | Innotrain systematization Graphic Design Sydney
 
IT Governance in Banks, May, 2014
IT Governance in Banks, May, 2014IT Governance in Banks, May, 2014
IT Governance in Banks, May, 2014ArmeniaFED
 
IT Governance - Core Concepts for Business Managers
IT Governance - Core Concepts for Business ManagersIT Governance - Core Concepts for Business Managers
IT Governance - Core Concepts for Business ManagersWalter Adamson
 
IT Management Toolkit - ITIL Is Not Enough
IT Management Toolkit - ITIL Is Not EnoughIT Management Toolkit - ITIL Is Not Enough
IT Management Toolkit - ITIL Is Not EnoughAhmed Al-Hadidi
 

Semelhante a IT Governance & ISO 38500 (20)

IT Governance Vs IT Management Presentation V0.1
IT Governance Vs IT Management Presentation V0.1IT Governance Vs IT Management Presentation V0.1
IT Governance Vs IT Management Presentation V0.1
 
Eurosec'2008 christophe feltus
Eurosec'2008 christophe feltusEurosec'2008 christophe feltus
Eurosec'2008 christophe feltus
 
rethinking marketing
rethinking marketingrethinking marketing
rethinking marketing
 
CobiT And ITIL Breakfast Seminar
CobiT And ITIL Breakfast SeminarCobiT And ITIL Breakfast Seminar
CobiT And ITIL Breakfast Seminar
 
Sharpening the Lens
Sharpening the LensSharpening the Lens
Sharpening the Lens
 
Presenting VALIT Frameworks and Comparing between Them and Other Enterprise A...
Presenting VALIT Frameworks and Comparing between Them and Other Enterprise A...Presenting VALIT Frameworks and Comparing between Them and Other Enterprise A...
Presenting VALIT Frameworks and Comparing between Them and Other Enterprise A...
 
It governance 13 may20102
It governance 13 may20102It governance 13 may20102
It governance 13 may20102
 
Implementation of a Decision System for a Suitable IT Governance Framework
Implementation of a Decision System for a Suitable IT Governance FrameworkImplementation of a Decision System for a Suitable IT Governance Framework
Implementation of a Decision System for a Suitable IT Governance Framework
 
CISA DOMAIN 2 Governance & Management of IT
CISA DOMAIN 2 Governance & Management of ITCISA DOMAIN 2 Governance & Management of IT
CISA DOMAIN 2 Governance & Management of IT
 
Report on IT Auditing and Governance_Ta_Hoang_Thang
Report on IT Auditing and Governance_Ta_Hoang_ThangReport on IT Auditing and Governance_Ta_Hoang_Thang
Report on IT Auditing and Governance_Ta_Hoang_Thang
 
201306 CIO NET The Value of IT Frameworks
201306 CIO NET The Value of IT Frameworks201306 CIO NET The Value of IT Frameworks
201306 CIO NET The Value of IT Frameworks
 
CIT 3122 IS Governance Lecture 3.pptx
CIT 3122 IS Governance Lecture 3.pptxCIT 3122 IS Governance Lecture 3.pptx
CIT 3122 IS Governance Lecture 3.pptx
 
The Room | Innotrain systematization
The Room | Innotrain systematization The Room | Innotrain systematization
The Room | Innotrain systematization
 
IT Governance in Banks, May, 2014
IT Governance in Banks, May, 2014IT Governance in Banks, May, 2014
IT Governance in Banks, May, 2014
 
Cobit5 and-grc
Cobit5 and-grcCobit5 and-grc
Cobit5 and-grc
 
The Value of Portfolio Management
The Value of Portfolio ManagementThe Value of Portfolio Management
The Value of Portfolio Management
 
COBIT 2019 - DIGITAL TRUST FRAMEWORK
COBIT 2019 - DIGITAL TRUST FRAMEWORKCOBIT 2019 - DIGITAL TRUST FRAMEWORK
COBIT 2019 - DIGITAL TRUST FRAMEWORK
 
01 intro-cobit
01 intro-cobit01 intro-cobit
01 intro-cobit
 
IT Governance - Core Concepts for Business Managers
IT Governance - Core Concepts for Business ManagersIT Governance - Core Concepts for Business Managers
IT Governance - Core Concepts for Business Managers
 
IT Management Toolkit - ITIL Is Not Enough
IT Management Toolkit - ITIL Is Not EnoughIT Management Toolkit - ITIL Is Not Enough
IT Management Toolkit - ITIL Is Not Enough
 

Mais de Ramiro Cid

Seminario sobre ciberseguridad
Seminario sobre ciberseguridadSeminario sobre ciberseguridad
Seminario sobre ciberseguridadRamiro Cid
 
Captación y registro de comunicaciones orales y de imagen
Captación y registro de comunicaciones orales y de imagenCaptación y registro de comunicaciones orales y de imagen
Captación y registro de comunicaciones orales y de imagenRamiro Cid
 
Passwords for sale
Passwords for salePasswords for sale
Passwords for saleRamiro Cid
 
Cyber security threats for 2017
Cyber security threats for 2017Cyber security threats for 2017
Cyber security threats for 2017Ramiro Cid
 
¿Cuáles son los peligros a los que se enfrenta su sistema informático?
¿Cuáles son los peligros a los que se enfrenta su sistema informático?¿Cuáles son los peligros a los que se enfrenta su sistema informático?
¿Cuáles son los peligros a los que se enfrenta su sistema informático?Ramiro Cid
 
Cloud Computing, IoT, BYOD Ha muerto el perímetro corporativo. ¿y ahora qué?
Cloud Computing, IoT, BYOD Ha muerto el perímetro corporativo. ¿y ahora qué?Cloud Computing, IoT, BYOD Ha muerto el perímetro corporativo. ¿y ahora qué?
Cloud Computing, IoT, BYOD Ha muerto el perímetro corporativo. ¿y ahora qué?Ramiro Cid
 
Lean Six Sigma methodology
Lean Six Sigma methodologyLean Six Sigma methodology
Lean Six Sigma methodologyRamiro Cid
 
Cyber Security Resilience & Risk Aggregation
Cyber Security Resilience & Risk AggregationCyber Security Resilience & Risk Aggregation
Cyber Security Resilience & Risk AggregationRamiro Cid
 
EU General Data Protection Regulation
EU General Data Protection RegulationEU General Data Protection Regulation
EU General Data Protection RegulationRamiro Cid
 
Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacksRamiro Cid
 
Thinking on risk analysis
Thinking on risk analysisThinking on risk analysis
Thinking on risk analysisRamiro Cid
 
Drones and their use on critical infrastructure
Drones and their use on critical infrastructureDrones and their use on critical infrastructure
Drones and their use on critical infrastructureRamiro Cid
 
Internet of things, big data & mobility vs privacy
Internet of things, big data & mobility vs privacyInternet of things, big data & mobility vs privacy
Internet of things, big data & mobility vs privacyRamiro Cid
 
Space computing
Space computingSpace computing
Space computingRamiro Cid
 
The relation between internet of things, critical infrastructure and cyber se...
The relation between internet of things, critical infrastructure and cyber se...The relation between internet of things, critical infrastructure and cyber se...
The relation between internet of things, critical infrastructure and cyber se...Ramiro Cid
 
Internet of things
Internet of thingsInternet of things
Internet of thingsRamiro Cid
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityRamiro Cid
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessRamiro Cid
 
Risk optimization management inside it governance
Risk optimization management inside it governanceRisk optimization management inside it governance
Risk optimization management inside it governanceRamiro Cid
 

Mais de Ramiro Cid (20)

Seminario sobre ciberseguridad
Seminario sobre ciberseguridadSeminario sobre ciberseguridad
Seminario sobre ciberseguridad
 
Captación y registro de comunicaciones orales y de imagen
Captación y registro de comunicaciones orales y de imagenCaptación y registro de comunicaciones orales y de imagen
Captación y registro de comunicaciones orales y de imagen
 
Passwords for sale
Passwords for salePasswords for sale
Passwords for sale
 
Cyber security threats for 2017
Cyber security threats for 2017Cyber security threats for 2017
Cyber security threats for 2017
 
¿Cuáles son los peligros a los que se enfrenta su sistema informático?
¿Cuáles son los peligros a los que se enfrenta su sistema informático?¿Cuáles son los peligros a los que se enfrenta su sistema informático?
¿Cuáles son los peligros a los que se enfrenta su sistema informático?
 
Cloud Computing, IoT, BYOD Ha muerto el perímetro corporativo. ¿y ahora qué?
Cloud Computing, IoT, BYOD Ha muerto el perímetro corporativo. ¿y ahora qué?Cloud Computing, IoT, BYOD Ha muerto el perímetro corporativo. ¿y ahora qué?
Cloud Computing, IoT, BYOD Ha muerto el perímetro corporativo. ¿y ahora qué?
 
Lean Six Sigma methodology
Lean Six Sigma methodologyLean Six Sigma methodology
Lean Six Sigma methodology
 
Cyber Security Resilience & Risk Aggregation
Cyber Security Resilience & Risk AggregationCyber Security Resilience & Risk Aggregation
Cyber Security Resilience & Risk Aggregation
 
EU General Data Protection Regulation
EU General Data Protection RegulationEU General Data Protection Regulation
EU General Data Protection Regulation
 
Payment fraud
Payment fraudPayment fraud
Payment fraud
 
Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacks
 
Thinking on risk analysis
Thinking on risk analysisThinking on risk analysis
Thinking on risk analysis
 
Drones and their use on critical infrastructure
Drones and their use on critical infrastructureDrones and their use on critical infrastructure
Drones and their use on critical infrastructure
 
Internet of things, big data & mobility vs privacy
Internet of things, big data & mobility vs privacyInternet of things, big data & mobility vs privacy
Internet of things, big data & mobility vs privacy
 
Space computing
Space computingSpace computing
Space computing
 
The relation between internet of things, critical infrastructure and cyber se...
The relation between internet of things, critical infrastructure and cyber se...The relation between internet of things, critical infrastructure and cyber se...
The relation between internet of things, critical infrastructure and cyber se...
 
Internet of things
Internet of thingsInternet of things
Internet of things
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 
Risk optimization management inside it governance
Risk optimization management inside it governanceRisk optimization management inside it governance
Risk optimization management inside it governance
 

Último

Build Tomorrow’s India Today By Making Charity For Poor Students
Build Tomorrow’s India Today By Making Charity For Poor StudentsBuild Tomorrow’s India Today By Making Charity For Poor Students
Build Tomorrow’s India Today By Making Charity For Poor StudentsSERUDS INDIA
 
Angels_EDProgrammes & Services 2024.pptx
Angels_EDProgrammes & Services 2024.pptxAngels_EDProgrammes & Services 2024.pptx
Angels_EDProgrammes & Services 2024.pptxLizelle Coombs
 
UN DESA: Finance for Development 2024 Report
UN DESA: Finance for Development 2024 ReportUN DESA: Finance for Development 2024 Report
UN DESA: Finance for Development 2024 ReportEnergy for One World
 
ECOSOC YOUTH FORUM 2024 - Side Events Schedule -17 April.
ECOSOC YOUTH FORUM 2024 - Side Events Schedule -17 April.ECOSOC YOUTH FORUM 2024 - Side Events Schedule -17 April.
ECOSOC YOUTH FORUM 2024 - Side Events Schedule -17 April.Christina Parmionova
 
call girls in Kirti Nagar DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Kirti Nagar DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in Kirti Nagar DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Kirti Nagar DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️saminamagar
 
Professional Conduct and ethics lecture.pptx
Professional Conduct and ethics lecture.pptxProfessional Conduct and ethics lecture.pptx
Professional Conduct and ethics lecture.pptxjennysansano2
 
Uk-NO1 Black magic Specialist Expert in Uk Usa Uae London Canada England Amer...
Uk-NO1 Black magic Specialist Expert in Uk Usa Uae London Canada England Amer...Uk-NO1 Black magic Specialist Expert in Uk Usa Uae London Canada England Amer...
Uk-NO1 Black magic Specialist Expert in Uk Usa Uae London Canada England Amer...Amil baba
 
2024: The FAR, Federal Acquisition Regulations - Part 25
2024: The FAR, Federal Acquisition Regulations - Part 252024: The FAR, Federal Acquisition Regulations - Part 25
2024: The FAR, Federal Acquisition Regulations - Part 25JSchaus & Associates
 
PEO AVRIL POUR LA COMMUNE D'ORGERUS INFO
PEO AVRIL POUR LA COMMUNE D'ORGERUS INFOPEO AVRIL POUR LA COMMUNE D'ORGERUS INFO
PEO AVRIL POUR LA COMMUNE D'ORGERUS INFOMAIRIEORGERUS
 
call girls in moti bagh DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in moti bagh DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in moti bagh DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in moti bagh DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️saminamagar
 
2024: The FAR, Federal Acquisition Regulations - Part 23
2024: The FAR, Federal Acquisition Regulations - Part 232024: The FAR, Federal Acquisition Regulations - Part 23
2024: The FAR, Federal Acquisition Regulations - Part 23JSchaus & Associates
 
PETTY CASH FUND - GOVERNMENT ACCOUNTING.pptx
PETTY CASH FUND - GOVERNMENT ACCOUNTING.pptxPETTY CASH FUND - GOVERNMENT ACCOUNTING.pptx
PETTY CASH FUND - GOVERNMENT ACCOUNTING.pptxCrisAnnBusilan
 
2024 ECOSOC YOUTH FORUM -logistical information - United Nations Economic an...
2024 ECOSOC YOUTH FORUM -logistical information - United Nations Economic an...2024 ECOSOC YOUTH FORUM -logistical information - United Nations Economic an...
2024 ECOSOC YOUTH FORUM -logistical information - United Nations Economic an...Christina Parmionova
 
High-Level Thematic Event on Tourism - SUSTAINABILITY WEEK 2024- United Natio...
High-Level Thematic Event on Tourism - SUSTAINABILITY WEEK 2024- United Natio...High-Level Thematic Event on Tourism - SUSTAINABILITY WEEK 2024- United Natio...
High-Level Thematic Event on Tourism - SUSTAINABILITY WEEK 2024- United Natio...Christina Parmionova
 
ECOSOC YOUTH FORUM 2024 - Side Events Schedule -16 April.
ECOSOC YOUTH FORUM 2024 - Side Events Schedule -16 April.ECOSOC YOUTH FORUM 2024 - Side Events Schedule -16 April.
ECOSOC YOUTH FORUM 2024 - Side Events Schedule -16 April.Christina Parmionova
 
Press Freedom in Europe - Time to turn the tide.
Press Freedom in Europe - Time to turn the tide.Press Freedom in Europe - Time to turn the tide.
Press Freedom in Europe - Time to turn the tide.Christina Parmionova
 
办理约克大学毕业证成绩单|购买加拿大文凭证书
办理约克大学毕业证成绩单|购买加拿大文凭证书办理约克大学毕业证成绩单|购买加拿大文凭证书
办理约克大学毕业证成绩单|购买加拿大文凭证书zdzoqco
 
NL-FR Partnership - Water management roundtable 20240403.pdf
NL-FR Partnership - Water management roundtable 20240403.pdfNL-FR Partnership - Water management roundtable 20240403.pdf
NL-FR Partnership - Water management roundtable 20240403.pdfBertrand Coppin
 
2024: The FAR, Federal Acquisition Regulations - Part 24
2024: The FAR, Federal Acquisition Regulations - Part 242024: The FAR, Federal Acquisition Regulations - Part 24
2024: The FAR, Federal Acquisition Regulations - Part 24JSchaus & Associates
 

Último (20)

Build Tomorrow’s India Today By Making Charity For Poor Students
Build Tomorrow’s India Today By Making Charity For Poor StudentsBuild Tomorrow’s India Today By Making Charity For Poor Students
Build Tomorrow’s India Today By Making Charity For Poor Students
 
Angels_EDProgrammes & Services 2024.pptx
Angels_EDProgrammes & Services 2024.pptxAngels_EDProgrammes & Services 2024.pptx
Angels_EDProgrammes & Services 2024.pptx
 
UN DESA: Finance for Development 2024 Report
UN DESA: Finance for Development 2024 ReportUN DESA: Finance for Development 2024 Report
UN DESA: Finance for Development 2024 Report
 
ECOSOC YOUTH FORUM 2024 - Side Events Schedule -17 April.
ECOSOC YOUTH FORUM 2024 - Side Events Schedule -17 April.ECOSOC YOUTH FORUM 2024 - Side Events Schedule -17 April.
ECOSOC YOUTH FORUM 2024 - Side Events Schedule -17 April.
 
call girls in Kirti Nagar DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Kirti Nagar DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in Kirti Nagar DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in Kirti Nagar DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
 
Professional Conduct and ethics lecture.pptx
Professional Conduct and ethics lecture.pptxProfessional Conduct and ethics lecture.pptx
Professional Conduct and ethics lecture.pptx
 
Uk-NO1 Black magic Specialist Expert in Uk Usa Uae London Canada England Amer...
Uk-NO1 Black magic Specialist Expert in Uk Usa Uae London Canada England Amer...Uk-NO1 Black magic Specialist Expert in Uk Usa Uae London Canada England Amer...
Uk-NO1 Black magic Specialist Expert in Uk Usa Uae London Canada England Amer...
 
2024: The FAR, Federal Acquisition Regulations - Part 25
2024: The FAR, Federal Acquisition Regulations - Part 252024: The FAR, Federal Acquisition Regulations - Part 25
2024: The FAR, Federal Acquisition Regulations - Part 25
 
PEO AVRIL POUR LA COMMUNE D'ORGERUS INFO
PEO AVRIL POUR LA COMMUNE D'ORGERUS INFOPEO AVRIL POUR LA COMMUNE D'ORGERUS INFO
PEO AVRIL POUR LA COMMUNE D'ORGERUS INFO
 
call girls in moti bagh DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in moti bagh DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️call girls in moti bagh DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
call girls in moti bagh DELHI 🔝 >༒9540349809 🔝 genuine Escort Service 🔝✔️✔️
 
2024: The FAR, Federal Acquisition Regulations - Part 23
2024: The FAR, Federal Acquisition Regulations - Part 232024: The FAR, Federal Acquisition Regulations - Part 23
2024: The FAR, Federal Acquisition Regulations - Part 23
 
PETTY CASH FUND - GOVERNMENT ACCOUNTING.pptx
PETTY CASH FUND - GOVERNMENT ACCOUNTING.pptxPETTY CASH FUND - GOVERNMENT ACCOUNTING.pptx
PETTY CASH FUND - GOVERNMENT ACCOUNTING.pptx
 
2024 ECOSOC YOUTH FORUM -logistical information - United Nations Economic an...
2024 ECOSOC YOUTH FORUM -logistical information - United Nations Economic an...2024 ECOSOC YOUTH FORUM -logistical information - United Nations Economic an...
2024 ECOSOC YOUTH FORUM -logistical information - United Nations Economic an...
 
High-Level Thematic Event on Tourism - SUSTAINABILITY WEEK 2024- United Natio...
High-Level Thematic Event on Tourism - SUSTAINABILITY WEEK 2024- United Natio...High-Level Thematic Event on Tourism - SUSTAINABILITY WEEK 2024- United Natio...
High-Level Thematic Event on Tourism - SUSTAINABILITY WEEK 2024- United Natio...
 
ECOSOC YOUTH FORUM 2024 - Side Events Schedule -16 April.
ECOSOC YOUTH FORUM 2024 - Side Events Schedule -16 April.ECOSOC YOUTH FORUM 2024 - Side Events Schedule -16 April.
ECOSOC YOUTH FORUM 2024 - Side Events Schedule -16 April.
 
Press Freedom in Europe - Time to turn the tide.
Press Freedom in Europe - Time to turn the tide.Press Freedom in Europe - Time to turn the tide.
Press Freedom in Europe - Time to turn the tide.
 
Housing For All - Fair Housing Choice Report
Housing For All - Fair Housing Choice ReportHousing For All - Fair Housing Choice Report
Housing For All - Fair Housing Choice Report
 
办理约克大学毕业证成绩单|购买加拿大文凭证书
办理约克大学毕业证成绩单|购买加拿大文凭证书办理约克大学毕业证成绩单|购买加拿大文凭证书
办理约克大学毕业证成绩单|购买加拿大文凭证书
 
NL-FR Partnership - Water management roundtable 20240403.pdf
NL-FR Partnership - Water management roundtable 20240403.pdfNL-FR Partnership - Water management roundtable 20240403.pdf
NL-FR Partnership - Water management roundtable 20240403.pdf
 
2024: The FAR, Federal Acquisition Regulations - Part 24
2024: The FAR, Federal Acquisition Regulations - Part 242024: The FAR, Federal Acquisition Regulations - Part 24
2024: The FAR, Federal Acquisition Regulations - Part 24
 

IT Governance & ISO 38500

  • 1. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid Ramiro Cid | @ramirocid IT Governance & ISO 38500
  • 2. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid 2 Index 1. First approach to IT Governance Slide 3 2. Problems with IT Governance Slide 4 3. IT Governance: Frameworks Slide 5 4. IT Governance: Lifecycle Slide 7 5. ISO/IEC 38500:2008 - Main topics Slide 8 6. ISO/IEC 38500:2008 - Main purposes Slide 9 7. ISO/IEC 38500:2008 - 6 Basic principles Slide 10 8. ISO/IEC 38500:2008 - Remarking 2 Basic principles Slide 11 9. Sources used to expand knowledge Slide 12
  • 3. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid IT Governance or Corporate governance of information technology is a subset discipline of corporate governance, focused on information and technology (IT) and its performance and risk management. The interest in IT governance is due to the ongoing need within organizations to focus value creation efforts on an organization's strategic objectives and to better manage the performance of those responsible for creating this value in the best interest of all stakeholders. It is also very important to have an alignment of IT strategy with the business strategy. It has evolved from The Principles of Scientific Management, Total Quality Management and ISO 9001 Quality management system. An IT Governance framework is used to identify, establish and link the mechanisms to oversee the use of information and related technology to create value and manage the risks associated with using information and technology. 1. First approach to IT Governance
  • 4. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid IT governance is often confused with IT management, compliance and IT controls. The problem is increased by terms such as "governance, risk and compliance (GRC)" that establish a link between governance and compliance. The primary focus of IT governance is the stewardship of IT resources on behalf of various stakeholders whose ranking is established by the organization's governing body. A simple way to explain IT governance is: what is to be achieved from the leveraging of IT resources. While IT management is about "planning, organizing, directing and controlling the use of IT resources" (that is, the how), IT governance is about creating value for the stakeholders based on the direction given by those who govern. ISO 38500 has helped clarify IT governance by describing a model to be used by company directors. While directors are responsible for this stewardship it is not unusual that will delegate this responsibility to management (business and IT) who are expected to develop the necessary capability to deliver the performance expected. Whilst managing risk and ensuring compliance are essential components of good governance, the primary focus is on delivering value and managing performance (i.e. "Governance, Value delivery and Performance management" (GVP)). 2. Problems with IT Governance
  • 5. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid  AS8015-2005: Australian Standard for Corporate Governance of Information and Communication Technology. AS8015 was adopted as ISO/IEC 38500 in May 2008.  ISO/IEC 38500:2008: Corporate governance of information technology (very closely based on AS8015- 2005) provides a framework for effective governance of IT to assist those at the highest level of organizations to understand and fulfill their legal, regulatory, and ethical obligations in respect of their organizations’ use of IT. ISO/IEC 38500 is applicable to organizations from all sizes, including public and private companies, government entities, and not-for-profit organizations. 3. IT Governance: Frameworks
  • 6. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid  COBIT: Is regarded as the world's leading IT governance and control framework. COBIT provides a reference model of 37 IT processes typically found in an organization. Each process is defined together with process inputs and outputs, key process activities, process objectives, performance measures and an elementary maturity model. ISACA published COBIT 5 in April 2012 as a "business framework for the governance and management of enterprise IT". COBIT 5 consolidates COBIT4.1, Val IT and Risk IT into a single framework acting as an enterprise framework aligned and interoperable with TOGAF and ITIL. Last version is COBIT 5. 3. IT Governance: Frameworks
  • 7. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid 4. IT Governance: Lifecycle
  • 8. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid IT Governance has an ISO, it is the ISO/IEC 38500:2008 called “Corporate governance of information technology”. This presentation will focus in this IT Governance framework. This standard was published in June 2008 and complements the set of ISO standards that affect the systems and information technologies (such as ISO/IEC 27001, ISO/IEC 20000, etc.). This rule sets standards for good management of business processes and decisions related to information and communication services that are usually managed by specialists in IS / internal or within other business units of the IT organization, such as suppliers external service. 5. ISO/IEC 38500:2008 - Main topics
  • 9. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid In essence, all that this proposed rule can be summarized into three main purposes: a) Ensure that, if the rule is followed properly, the stakeholders (managers, consultants, engineers, hardware vendors, auditors, etc.), can rely on the corporate governance of IT. b) Provide information and guidance to managers that control the use of IS/IT in your organization/company. c) Provide a basis for objective evaluation by top management of IT management. IT governance framework Likewise, the rule encourages adopt a minimum set of measures for the organization to get your IT goals. 6. ISO/IEC 38500:2008 - Main purposes
  • 10. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid 1. The establishment of responsibilities to competent people for decision making 2. Alignment of IT with the strategic objectives of the organization (a good planning support to the improvement of the organization) 3. The investment in IT goods suitable 4. Quality in the operation of IT systems 5. Ensuring legal compliance or regulatory IT systems 6. The involvement of the human factor and respect at the same 7. ISO/IEC 38500:2008 - 6 Basic principles
  • 11. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid  Compliance with the legal environment is a growing need in the context of IS/IT organizations of any size, as there is a lot of legislation regulating the use of information, communications, etc. forming a binding legal framework that can not be ignored.  The human factor is often treated very tangentially in many business strategies and, above all, IS/IT. Fortunately, this standard (as ISO 27001 for example in his domain “8. Security linked to Human Resources”), incorporated as a fundamental pillar more. 8. ISO/IEC 38500:2008 - Remarking 2 Basic principles
  • 12. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid  IT Governance Definition and Solutions | cio.com URL: http://www.cio.com/article/2438931/governance/it-governance-definition-and-solutions.html  “Corporate governance of information technology” definition | Wikipedia URL: https://en.wikipedia.org/wiki/Corporate_governance_of_information_technology  IT Governance Defined | ITGovernance URL: http://www.itgovernance.co.uk/it_governance.aspx  “IT Governance Developing a successful governance strategy” | National Computing Centre (published on Isaca.org website) URL: https://www.isaca.org/Certification/CGEIT-Certified-in-the-Governance-of-Enterprise-IT/Prepare-for-the-Exam/Study- Materials/Documents/Developing-a-Successful-Governance-Strategy.pdf 9. Sources used to expand knowledge
  • 13. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid Questions? Many thanks ! Ramiro Cid CISM, CGEIT, ISO 27001 LA, ISO 22301 LA, ITIL ramiro@ramirocid.com @ramirocid http://www.linkedin.com/in/ramirocid http://ramirocid.com http://es.slideshare.net/ramirocid http://www.youtube.com/user/cidramiro