SlideShare uma empresa Scribd logo

Lecture 06 - CoBit - Control Objectives for Information and Related Technology.pdf

T
TRANANHQUAN4

CoBit - Control Objectives for Information and Related Technology

Engenharia
1 de 25
Baixar para ler offline
Software Process & Quality Management Mel Rosso-Llopart © 2018 CoBit - Control Objectives for Information and Related Technology Mel Rosso-Llopart Senior Lecturer, Executive Education Program Institute for Software Research Carnegie Mellon University
Software Process & Quality Management Truong Dinh Huy Tel: 0982.132.352 truongdinhhuy@dtu.edu.vn CoBit - Control Objectives for Information and Related Technology
History of CoBit •1996 - CoBit was developed by ISACF (Information Systems Audit and Control Foundation) •1998 - Founding of the ITGI (IT Governance Institute) •1998 - ITGI begins an initiative for better IT Governance, focused around CoBit. • http://www.isaca.org http://www.itgi.org © 2018 CMU-ISR 3
CoBiT là một chuẩn quốc tế về quản lý CNTT gồm những khuôn mẫu(framework) về các thực hành tốt nhất về quản lý CNTT do ISACA và ITGI xây dựng năm 1996. CoBiT cung cấp cho các nhà quản lý, những người kiểm tra và những người sử dụng IT một loạt các cách đo lường, dụng cụ đo, các quy trình và các hướng dẫn thực hành tốt nhất để giúp tăng tối đa lợi nhuận thông qua việc sử dụng công nghệ thông tin; giúp quản lý và kiểm soát IT trong tổ chức, doanh nghiệp. Mục đích của COBIT là “nghiên cứu, phát triển, quảng bá và xúc tiến các mục tiêu của kiểm soát CNTT dành cho các nhà quản lý doanh nghiệp và những người kiểm tra áp dụng vào trong các hoạt động công việc”
COBIT® được thiết kế với hơn 200 mục tiêu kiểm soát, phục vụ cho 34 quy trình CNTT chính yếu tổ chức theo bốn lĩnh vực quan trọng là: - Lập kế hoạch & Tổ chức (Plan & Organize), - Xây dựng & Triển Khai (Acquire & Implement), - Bàn giao & Hỗ trợ (Deliver & Support), - Giám sát & Đánh giá (Monitor & Evalute). Tất cả những tiêu thức trên được thiết kế để đảm bảo 5 yêu cầu chính của tổ chức, doanh nghiệp đối với CNTT bao gồm: - Liên kết chiến lược (Strategic Alignment), - Hiện thực hoá giá trị cam kết (Value Delivery), - Quản lý nguồn lực (Resource Management), - Quản lý rủi ro (Risk Management) và - Quản lý thực hiện (Performance Measurement).
What is COBIT? • COBIT (Control Objectives for Information and Related Technology) is globally accepted as being the most comprehensive work for IT governance, organization, as well as IT process and risk management. • COBIT provides good practices for the management of IT processes in a manageable and logical structure, meeting the multiple needs of enterprise management by bridging the gaps between business risks, technical issues, control needs and performance measurement requirements. • The COBIT mission is to research, develop, publicize and promote an authoritative, up-to-date, international set of generally accepted information technology control objectives for day-to-day use by business managers and auditors. © 2018 CMU-ISR 4
More History - Deming Cycle • Deming Cycle - continuous improvement process • CoBit uses - Plan-Do-Check-Act Cycle • CoBit reflects • Information need - Corporate view • Information technology - IT Governance © 2018 CMU-ISR 5
CoBit’s Hierarchy CoBit’s Top Down Approach • Plan and Organize (PO) • Acquire and Implement (AI) • Deliver and Support (DS) 4 Domains • Monitor and Evaluation (M) 34 Processes 318 Control Objectives 1,547 Control Practices © 2018 CMU-ISR 6
Point of View for CoBit • Starts from the premise that IT needs to deliver the 1. Planning information that the enterprise needs to achieve its 2.Acquiring & Implementing objectives. 3. Delivery & Support • Promotes process focus and process ownership 4. Monitoring • Divides IT into 34 processes belonging to four domains and provides a high level control objective for each • Looks at fiduciary, quality and security needs of 1. Effectiveness enterprises, providing seven information criteria that can 2. Efficiency be used to generically define what the business requires 3. Availability 4. Integrity from IT 5. Confidentiality • Is supported by a set of 318 detailed control objectives 6. Reliability 7. Compliance © 2018 CMU-ISR 7
CoBit Definitions - 7 Information Criteria Deals with information being relevant and pertinent to the Relates to the information business process as well as EFFECTIVENESS AVAILABILITY being available when required being delivered in a timely, by the business process now correct, consistent and and in the future usable manner Concerns the provision of the Deals with complying with EFFICIENCY information through the COMPLIANCE laws, regulations and optimal use of resources contractual arrangements. Concerns the protection of Relates to the provision of RELIABILITY OF CONFIDENTIALITY sensitive information from appropriate information for INFORMATION unauthorized disclosure the workforce of the organization Relates to the accuracy and completeness of information INTEGRITY as well as to its validity in accordance with business values and expectations © 2018 CMU-ISR 8
General Information Risk Criteria Events can be defined in terms of the processes, technology (systems) and organization (people) that compose them RISK DATA CRITERIA EVENTS Effectiveness Business Operations Efficiency PROCESS Business Opportunities Confidentiality External Requirements TECHNOLOGY Integrity Regulations Availability ORGANIZATION Compliance Reliability MESSAGE INPUT SERVICE OUTPUT © 2018 CMU-ISR 9
The 4 COBIT Domains 1. Planning & Organization 2. Acquisition & Implementation 3. Delivery & Support 4. Monitoring & Evaluation © 2018 CMU-ISR 10
Planning and Organization • This domain covers strategy and tactics, and concerns the identification of the way IT can best contribute to the achievement of the business objectives. • Furthermore, the realization of the strategic vision needs to be planned, communicated and managed for different perspectives. • Finally, a proper organization as well as technological infrastructure must be put in place. © 2018 CMU-ISR 11
Acquisition and Implementation • To realize the IT strategy, IT solutions need to be identified, developed or acquired, as well as implemented and integrated into the business process. • In addition, changes in and maintenance of existing systems are covered by this domain to make sure that the life cycle is continued for these systems. © 2018 CMU-ISR 12
Delivery and Support • This domain is concerned with the actual delivery of required services, which range from traditional operations over security and continuity aspects to training. • In order to deliver services, the necessary support processes must be set up. • This domain includes the actual processing of data by application systems, often classified under application controls. © 2018 CMU-ISR 13
Monitoring & Evaluation • All IT processes need to be regularly assessed over time for their quality and compliance with control requirements. • This domain thus addresses management’s oversight of the organization's control process and independent assurance provided by internal and external audit or obtained from alternative sources. • The assessment if the values are as expected and meet with organizational expectations. © 2018 CMU-ISR 14
IT Governance is the Key Issue • Enterprises are sacrificing money, productivity and competitive advantage by not implementing effective IT governance • Executives need a better way to: - Direct IT for optimal advantage - Measure the value provided by IT - Manage IT-related risks 2009 ISACA All Rights reserved. 15 © 2018 CMU-ISR 15
COBIT® is a Road Map to Good IT Governance • Accepted globally as a set of tools that ens effectively • Functions as an overarching framework • Provides common language to communicate goals, objectives and expected results to all stakeholders • Based on, and integrates, industry standards and good practices in: - Strategic alignment of IT with business goals - Value delivery of services and new projects - Risk management - Resource management - Performance measurement 2009 ISACA All Rights reserved. 16 © 2018 CMU-ISR 16
COBIT® Harmonises with other Standards • COBIT is often used at the highest level of IT governance • It harmonizes practices and standards such as ITIL, ISO 27001 and 27002, and PMBOK - Improves their alignment to business needs - Covers full spectrum of IT-related activities 27001/2 2009 ISACA All Rights reserved. 17 © 2018 CMU-ISR 17
Why and How is COBIT Used? COBIT as a response to the needs  Incorporates major international standards  Has become the de facto standard for overall control over IT  Starts from business requirements COBIT  Is process-oriented best practices repository for IT Processes IT Management Processes IT Governance Processes © 2018 CMU-ISR 18
COBIT PO1 Define a strategic IT plan PO2 Define the information architecture PO3 Determine the technological direction Criteria Framework PO4 Define the IT organisation and relationships • Effectiveness • Efficiency PO5 Manage the IT investment • Confidenciality PO6 Communicate management aims and direction • Integrity PO7 Manage human resources • Availability PO8 Ensure compliance with external requirements • Compliance • Reliability PO9 Assess risks PO10 Manage projects IT PO11 Manage quality M1 Monitor the process RESOURCES M2 Assess internal control adequacy M3 Obtain independent assurance • Data M4 Provide for independent audit • Applicatio • Technology • Facilities PLAN AND • People ORGANISE MONITOR AND EVALUATE ACQUIRE AND IMPLEMENT DS1 Define service levels DS2 Manage third-party services DS3 Manage peformance and capac DS4 Ensure continuous service DS5 Ensure systems security DELIVER AND DS6 Identify and attribute costs SUPPORT DS7 Educate and train users AI1 Identify automated solutions DS8 Assist and advise IT customers AI2 Acquire and mantain application software DS9 Manage the configuration AI3 Acquire and maintain technology infrastructure DS10 Manage problems and incidents AI4 Develop and maintain IT procedures DS11 Manage data AI5 Install and accredit systems DS12 Manage facilities AI6 Manage changes DS13 Manage operations © 2018 CMU-ISR 19
Basic CoBit Documentation Support Executive Summary There is a method… Framework The method is… Control Objectives Minimum controls are… Audit Guidelines Here is how you audit… Implementation Toolset Here is how you implement… Management Guidelines Here is how you measure… © 2018 CMU-ISR 20
References http://ecci.com.vn/tu-van/dich-vu/trien-khai-cobit http://quantri-cntt.blogspot.com/2013/06/gioi-thieu-ve-cobit.html http://www.isaca.org/COBIT/Documents/Recognition-table.pdf http://www.isaca.org/Knowledge-Center/cobit/Pages/COBIT-Case-Studies.aspx http://www.isaca.org/Knowledge-Center/COBIT/Pages/Overview.aspx
Homework Prepare - Case study 2 (FibreNet Project)

Recomendados

Governance and management of IT.pptx
Governance and management of IT.pptxGovernance and management of IT.pptx
Governance and management of IT.pptx
Prashant Singh
 
CoBIT 5 (A brief Description)
CoBIT 5 (A brief Description)CoBIT 5 (A brief Description)
CoBIT 5 (A brief Description)
Sam Mandebvu
 
gray_audit_presentation.ppt
gray_audit_presentation.pptgray_audit_presentation.ppt
gray_audit_presentation.ppt
KhalilIdhman
 
It governance & cobit 5
It governance & cobit 5It governance & cobit 5
It governance & cobit 5
Laddawan Rattanaruang
 
Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)
Hendri Eka Saputra
 
CHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docx
CHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docxCHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docx
CHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docx
bartholomeocoombs
 
CHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docx
CHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docxCHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docx
CHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docx
keturahhazelhurst
 
IT Governance Presentation by omaha 2008
IT Governance Presentation by omaha 2008IT Governance Presentation by omaha 2008
IT Governance Presentation by omaha 2008
ssusera19f45
 

Recomendados

Governance and management of IT.pptx
Governance and management of IT.pptxGovernance and management of IT.pptx
Governance and management of IT.pptx
Prashant Singh
 
CoBIT 5 (A brief Description)
CoBIT 5 (A brief Description)CoBIT 5 (A brief Description)
CoBIT 5 (A brief Description)
Sam Mandebvu
 
gray_audit_presentation.ppt
gray_audit_presentation.pptgray_audit_presentation.ppt
gray_audit_presentation.ppt
KhalilIdhman
 
It governance & cobit 5
It governance & cobit 5It governance & cobit 5
It governance & cobit 5
Laddawan Rattanaruang
 
Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)
Hendri Eka Saputra
 
CHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docx
CHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docxCHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docx
CHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docx
bartholomeocoombs
 
CHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docx
CHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docxCHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docx
CHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docx
keturahhazelhurst
 
IT Governance Presentation by omaha 2008
IT Governance Presentation by omaha 2008IT Governance Presentation by omaha 2008
IT Governance Presentation by omaha 2008
ssusera19f45
 
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB
 
Cobit 2019 framework by ISACA
Cobit 2019 framework by ISACACobit 2019 framework by ISACA
Cobit 2019 framework by ISACA
MDFazlaRabbiAbir
 
Syzygal cobit5-brc
Syzygal cobit5-brcSyzygal cobit5-brc
Syzygal cobit5-brc
Syzygal
 
Cobit 41 framework
Cobit 41 frameworkCobit 41 framework
Cobit 41 framework
Yulias Sihombing, Ak, MAk, CIA
 
COBIT® Presentation Package.ppt
COBIT® Presentation Package.pptCOBIT® Presentation Package.ppt
COBIT® Presentation Package.ppt
Emmacuet
 
COBIT
COBITCOBIT
COBIT
Ai Lun Wu
 
IT Governance - COBIT Perspective
IT Governance - COBIT PerspectiveIT Governance - COBIT Perspective
IT Governance - COBIT Perspective
Sayyed Zakir Ali Rizwe
 
information system and computers
information system and computersinformation system and computers
information system and computers
9535814851
 
IT Governance Framework
IT Governance FrameworkIT Governance Framework
IT Governance Framework
Sherri Booher
 
Sharpening the Lens
Sharpening the LensSharpening the Lens
Sharpening the Lens
Robert Koehler, MsPM, PgMP, PMP, CGEIT
 
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGovernance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 Framework
Goutama Bachtiar
 
Introduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementIntroduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT management
Christian F. Nissen
 
01 intro-cobit
01 intro-cobit01 intro-cobit
01 intro-cobit
yusrizalmukhtar
 
It Governance OC CIO Nov,2013
It Governance OC CIO Nov,2013It Governance OC CIO Nov,2013
It Governance OC CIO Nov,2013
James Sutter
 
It Governance OC CIO Nov,2013
It Governance OC CIO Nov,2013It Governance OC CIO Nov,2013
It Governance OC CIO Nov,2013
Jim Sutter
 
Executive's Handbook on IT Strategy and Governance
Executive's Handbook on IT Strategy and GovernanceExecutive's Handbook on IT Strategy and Governance
Executive's Handbook on IT Strategy and Governance
Kuda Musundire CA (Z), RPA
 
Understanding co bit 4.1
Understanding co bit 4.1Understanding co bit 4.1
Understanding co bit 4.1
n|u - The Open Security Community
 
COBIT5 Introduction
COBIT5 IntroductionCOBIT5 Introduction
COBIT5 Introduction
Mohammad Reda Katby
 
Introduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT managementIntroduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT management
Christian F. Nissen
 
IT Strategy Framework
IT Strategy FrameworkIT Strategy Framework
IT Strategy Framework
Vishal Sharma
 
Employee leave management system project.
Employee leave management system project.Employee leave management system project.
Employee leave management system project.
Kamal Acharya
 
PE 459 LECTURE 2- natural gas basic concepts and properties
PE 459 LECTURE 2- natural gas basic concepts and propertiesPE 459 LECTURE 2- natural gas basic concepts and properties
PE 459 LECTURE 2- natural gas basic concepts and properties
sarkmank1
 

Mais conteúdo relacionado

Semelhante a Lecture 06 - CoBit - Control Objectives for Information and Related Technology.pdf

COBIT® Presentation Package.ppt
COBIT® Presentation Package.pptCOBIT® Presentation Package.ppt
COBIT® Presentation Package.ppt
Emmacuet
 
It Governance OC CIO Nov,2013
It Governance OC CIO Nov,2013It Governance OC CIO Nov,2013
It Governance OC CIO Nov,2013
James Sutter
 
It Governance OC CIO Nov,2013
It Governance OC CIO Nov,2013It Governance OC CIO Nov,2013
It Governance OC CIO Nov,2013
Jim Sutter
 

Semelhante a Lecture 06 - CoBit - Control Objectives for Information and Related Technology.pdf (20)

PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
 
Cobit 2019 framework by ISACA
Cobit 2019 framework by ISACACobit 2019 framework by ISACA
Cobit 2019 framework by ISACA
 
Syzygal cobit5-brc
Syzygal cobit5-brcSyzygal cobit5-brc
Syzygal cobit5-brc
 
Cobit 41 framework
Cobit 41 frameworkCobit 41 framework
Cobit 41 framework
 
COBIT® Presentation Package.ppt
COBIT® Presentation Package.pptCOBIT® Presentation Package.ppt
COBIT® Presentation Package.ppt
 
COBIT
COBITCOBIT
COBIT
 
IT Governance - COBIT Perspective
IT Governance - COBIT PerspectiveIT Governance - COBIT Perspective
IT Governance - COBIT Perspective
 
information system and computers
information system and computersinformation system and computers
information system and computers
 
IT Governance Framework
IT Governance FrameworkIT Governance Framework
IT Governance Framework
 
Sharpening the Lens
Sharpening the LensSharpening the Lens
Sharpening the Lens
 
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGovernance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 Framework
 
Introduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementIntroduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT management
 
01 intro-cobit
01 intro-cobit01 intro-cobit
01 intro-cobit
 
It Governance OC CIO Nov,2013
It Governance OC CIO Nov,2013It Governance OC CIO Nov,2013
It Governance OC CIO Nov,2013
 
It Governance OC CIO Nov,2013
It Governance OC CIO Nov,2013It Governance OC CIO Nov,2013
It Governance OC CIO Nov,2013
 
Executive's Handbook on IT Strategy and Governance
Executive's Handbook on IT Strategy and GovernanceExecutive's Handbook on IT Strategy and Governance
Executive's Handbook on IT Strategy and Governance
 
Understanding co bit 4.1
Understanding co bit 4.1Understanding co bit 4.1
Understanding co bit 4.1
 
COBIT5 Introduction
COBIT5 IntroductionCOBIT5 Introduction
COBIT5 Introduction
 
Introduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT managementIntroduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT management
 
IT Strategy Framework
IT Strategy FrameworkIT Strategy Framework
IT Strategy Framework
 

Último

School management system project Report.pdf
School management system project Report.pdfSchool management system project Report.pdf
School management system project Report.pdf
Kamal Acharya
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
ssuser89054b
 
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
Call Girls Mumbai
 
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak HamilCara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Kandungan 087776558899
 
Hospital management system project report.pdf
Hospital management system project report.pdfHospital management system project report.pdf
Hospital management system project report.pdf
Kamal Acharya
 
DeepFakes presentation : brief idea of DeepFakes
DeepFakes presentation : brief idea of DeepFakesDeepFakes presentation : brief idea of DeepFakes
DeepFakes presentation : brief idea of DeepFakes
MayuraD1
 
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments""Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
mphochane1998
 

Último (20)

Employee leave management system project.
Employee leave management system project.Employee leave management system project.
Employee leave management system project.
 
PE 459 LECTURE 2- natural gas basic concepts and properties
PE 459 LECTURE 2- natural gas basic concepts and propertiesPE 459 LECTURE 2- natural gas basic concepts and properties
PE 459 LECTURE 2- natural gas basic concepts and properties
 
Unit 4_Part 1 CSE2001 Exception Handling and Function Template and Class Temp...
Unit 4_Part 1 CSE2001 Exception Handling and Function Template and Class Temp...Unit 4_Part 1 CSE2001 Exception Handling and Function Template and Class Temp...
Unit 4_Part 1 CSE2001 Exception Handling and Function Template and Class Temp...
 
AIRCANVAS[1].pdf mini project for btech students
AIRCANVAS[1].pdf mini project for btech studentsAIRCANVAS[1].pdf mini project for btech students
AIRCANVAS[1].pdf mini project for btech students
 
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptxHOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
 
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced LoadsFEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
 
Work-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptxWork-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptx
 
School management system project Report.pdf
School management system project Report.pdfSchool management system project Report.pdf
School management system project Report.pdf
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
 
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak HamilCara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
 
A Study of Urban Area Plan for Pabna Municipality
A Study of Urban Area Plan for Pabna MunicipalityA Study of Urban Area Plan for Pabna Municipality
A Study of Urban Area Plan for Pabna Municipality
 
Hospital management system project report.pdf
Hospital management system project report.pdfHospital management system project report.pdf
Hospital management system project report.pdf
 
DeepFakes presentation : brief idea of DeepFakes
DeepFakes presentation : brief idea of DeepFakesDeepFakes presentation : brief idea of DeepFakes
DeepFakes presentation : brief idea of DeepFakes
 
Double Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torqueDouble Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torque
 
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptxOrlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
 
Block diagram reduction techniques in control systems.ppt
Block diagram reduction techniques in control systems.pptBlock diagram reduction techniques in control systems.ppt
Block diagram reduction techniques in control systems.ppt
 
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments""Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
 
Design For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the startDesign For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the start
 
Hostel management system project report..pdf
Hostel management system project report..pdfHostel management system project report..pdf
Hostel management system project report..pdf
 

Lecture 06 - CoBit - Control Objectives for Information and Related Technology.pdf

  • 1. Software Process & Quality Management Mel Rosso-Llopart © 2018 CoBit - Control Objectives for Information and Related Technology Mel Rosso-Llopart Senior Lecturer, Executive Education Program Institute for Software Research Carnegie Mellon University
  • 2. Software Process & Quality Management Truong Dinh Huy Tel: 0982.132.352 truongdinhhuy@dtu.edu.vn CoBit - Control Objectives for Information and Related Technology
  • 3. History of CoBit •1996 - CoBit was developed by ISACF (Information Systems Audit and Control Foundation) •1998 - Founding of the ITGI (IT Governance Institute) •1998 - ITGI begins an initiative for better IT Governance, focused around CoBit. • http://www.isaca.org http://www.itgi.org © 2018 CMU-ISR 3
  • 4. CoBiT là một chuẩn quốc tế về quản lý CNTT gồm những khuôn mẫu(framework) về các thực hành tốt nhất về quản lý CNTT do ISACA và ITGI xây dựng năm 1996. CoBiT cung cấp cho các nhà quản lý, những người kiểm tra và những người sử dụng IT một loạt các cách đo lường, dụng cụ đo, các quy trình và các hướng dẫn thực hành tốt nhất để giúp tăng tối đa lợi nhuận thông qua việc sử dụng công nghệ thông tin; giúp quản lý và kiểm soát IT trong tổ chức, doanh nghiệp. Mục đích của COBIT là “nghiên cứu, phát triển, quảng bá và xúc tiến các mục tiêu của kiểm soát CNTT dành cho các nhà quản lý doanh nghiệp và những người kiểm tra áp dụng vào trong các hoạt động công việc”
  • 5.
  • 6. COBIT® được thiết kế với hơn 200 mục tiêu kiểm soát, phục vụ cho 34 quy trình CNTT chính yếu tổ chức theo bốn lĩnh vực quan trọng là: - Lập kế hoạch & Tổ chức (Plan & Organize), - Xây dựng & Triển Khai (Acquire & Implement), - Bàn giao & Hỗ trợ (Deliver & Support), - Giám sát & Đánh giá (Monitor & Evalute). Tất cả những tiêu thức trên được thiết kế để đảm bảo 5 yêu cầu chính của tổ chức, doanh nghiệp đối với CNTT bao gồm: - Liên kết chiến lược (Strategic Alignment), - Hiện thực hoá giá trị cam kết (Value Delivery), - Quản lý nguồn lực (Resource Management), - Quản lý rủi ro (Risk Management) và - Quản lý thực hiện (Performance Measurement).
  • 7. What is COBIT? • COBIT (Control Objectives for Information and Related Technology) is globally accepted as being the most comprehensive work for IT governance, organization, as well as IT process and risk management. • COBIT provides good practices for the management of IT processes in a manageable and logical structure, meeting the multiple needs of enterprise management by bridging the gaps between business risks, technical issues, control needs and performance measurement requirements. • The COBIT mission is to research, develop, publicize and promote an authoritative, up-to-date, international set of generally accepted information technology control objectives for day-to-day use by business managers and auditors. © 2018 CMU-ISR 4
  • 8. More History - Deming Cycle • Deming Cycle - continuous improvement process • CoBit uses - Plan-Do-Check-Act Cycle • CoBit reflects • Information need - Corporate view • Information technology - IT Governance © 2018 CMU-ISR 5
  • 9. CoBit’s Hierarchy CoBit’s Top Down Approach • Plan and Organize (PO) • Acquire and Implement (AI) • Deliver and Support (DS) 4 Domains • Monitor and Evaluation (M) 34 Processes 318 Control Objectives 1,547 Control Practices © 2018 CMU-ISR 6
  • 10. Point of View for CoBit • Starts from the premise that IT needs to deliver the 1. Planning information that the enterprise needs to achieve its 2.Acquiring & Implementing objectives. 3. Delivery & Support • Promotes process focus and process ownership 4. Monitoring • Divides IT into 34 processes belonging to four domains and provides a high level control objective for each • Looks at fiduciary, quality and security needs of 1. Effectiveness enterprises, providing seven information criteria that can 2. Efficiency be used to generically define what the business requires 3. Availability 4. Integrity from IT 5. Confidentiality • Is supported by a set of 318 detailed control objectives 6. Reliability 7. Compliance © 2018 CMU-ISR 7
  • 11. CoBit Definitions - 7 Information Criteria Deals with information being relevant and pertinent to the Relates to the information business process as well as EFFECTIVENESS AVAILABILITY being available when required being delivered in a timely, by the business process now correct, consistent and and in the future usable manner Concerns the provision of the Deals with complying with EFFICIENCY information through the COMPLIANCE laws, regulations and optimal use of resources contractual arrangements. Concerns the protection of Relates to the provision of RELIABILITY OF CONFIDENTIALITY sensitive information from appropriate information for INFORMATION unauthorized disclosure the workforce of the organization Relates to the accuracy and completeness of information INTEGRITY as well as to its validity in accordance with business values and expectations © 2018 CMU-ISR 8
  • 12. General Information Risk Criteria Events can be defined in terms of the processes, technology (systems) and organization (people) that compose them RISK DATA CRITERIA EVENTS Effectiveness Business Operations Efficiency PROCESS Business Opportunities Confidentiality External Requirements TECHNOLOGY Integrity Regulations Availability ORGANIZATION Compliance Reliability MESSAGE INPUT SERVICE OUTPUT © 2018 CMU-ISR 9
  • 13. The 4 COBIT Domains 1. Planning & Organization 2. Acquisition & Implementation 3. Delivery & Support 4. Monitoring & Evaluation © 2018 CMU-ISR 10
  • 14. Planning and Organization • This domain covers strategy and tactics, and concerns the identification of the way IT can best contribute to the achievement of the business objectives. • Furthermore, the realization of the strategic vision needs to be planned, communicated and managed for different perspectives. • Finally, a proper organization as well as technological infrastructure must be put in place. © 2018 CMU-ISR 11
  • 15. Acquisition and Implementation • To realize the IT strategy, IT solutions need to be identified, developed or acquired, as well as implemented and integrated into the business process. • In addition, changes in and maintenance of existing systems are covered by this domain to make sure that the life cycle is continued for these systems. © 2018 CMU-ISR 12
  • 16. Delivery and Support • This domain is concerned with the actual delivery of required services, which range from traditional operations over security and continuity aspects to training. • In order to deliver services, the necessary support processes must be set up. • This domain includes the actual processing of data by application systems, often classified under application controls. © 2018 CMU-ISR 13
  • 17. Monitoring & Evaluation • All IT processes need to be regularly assessed over time for their quality and compliance with control requirements. • This domain thus addresses management’s oversight of the organization's control process and independent assurance provided by internal and external audit or obtained from alternative sources. • The assessment if the values are as expected and meet with organizational expectations. © 2018 CMU-ISR 14
  • 18. IT Governance is the Key Issue • Enterprises are sacrificing money, productivity and competitive advantage by not implementing effective IT governance • Executives need a better way to: - Direct IT for optimal advantage - Measure the value provided by IT - Manage IT-related risks 2009 ISACA All Rights reserved. 15 © 2018 CMU-ISR 15
  • 19. COBIT® is a Road Map to Good IT Governance • Accepted globally as a set of tools that ens effectively • Functions as an overarching framework • Provides common language to communicate goals, objectives and expected results to all stakeholders • Based on, and integrates, industry standards and good practices in: - Strategic alignment of IT with business goals - Value delivery of services and new projects - Risk management - Resource management - Performance measurement 2009 ISACA All Rights reserved. 16 © 2018 CMU-ISR 16
  • 20. COBIT® Harmonises with other Standards • COBIT is often used at the highest level of IT governance • It harmonizes practices and standards such as ITIL, ISO 27001 and 27002, and PMBOK - Improves their alignment to business needs - Covers full spectrum of IT-related activities 27001/2 2009 ISACA All Rights reserved. 17 © 2018 CMU-ISR 17
  • 21. Why and How is COBIT Used? COBIT as a response to the needs  Incorporates major international standards  Has become the de facto standard for overall control over IT  Starts from business requirements COBIT  Is process-oriented best practices repository for IT Processes IT Management Processes IT Governance Processes © 2018 CMU-ISR 18
  • 22. COBIT PO1 Define a strategic IT plan PO2 Define the information architecture PO3 Determine the technological direction Criteria Framework PO4 Define the IT organisation and relationships • Effectiveness • Efficiency PO5 Manage the IT investment • Confidenciality PO6 Communicate management aims and direction • Integrity PO7 Manage human resources • Availability PO8 Ensure compliance with external requirements • Compliance • Reliability PO9 Assess risks PO10 Manage projects IT PO11 Manage quality M1 Monitor the process RESOURCES M2 Assess internal control adequacy M3 Obtain independent assurance • Data M4 Provide for independent audit • Applicatio • Technology • Facilities PLAN AND • People ORGANISE MONITOR AND EVALUATE ACQUIRE AND IMPLEMENT DS1 Define service levels DS2 Manage third-party services DS3 Manage peformance and capac DS4 Ensure continuous service DS5 Ensure systems security DELIVER AND DS6 Identify and attribute costs SUPPORT DS7 Educate and train users AI1 Identify automated solutions DS8 Assist and advise IT customers AI2 Acquire and mantain application software DS9 Manage the configuration AI3 Acquire and maintain technology infrastructure DS10 Manage problems and incidents AI4 Develop and maintain IT procedures DS11 Manage data AI5 Install and accredit systems DS12 Manage facilities AI6 Manage changes DS13 Manage operations © 2018 CMU-ISR 19
  • 23. Basic CoBit Documentation Support Executive Summary There is a method… Framework The method is… Control Objectives Minimum controls are… Audit Guidelines Here is how you audit… Implementation Toolset Here is how you implement… Management Guidelines Here is how you measure… © 2018 CMU-ISR 20
  • 25. Homework Prepare - Case study 2 (FibreNet Project)