This presentation, I along with my team mates........ Vishal, Anju, Sonali, Shivangi, Charu, Khyati and Shreeya made to Anand Jangid Sir....... in respect with the subject Governance & Compliance in Trimester 5 in MBA from welingkar on 18th Sept 2009
8. International StandardsCobit is developed by ISACA and the IT Governance Institute (ITGI) in order to implement IT Governance in organizations Control Objectives for Information and Related Technology.
12. Common Sense – maximize benefits of IT while providing IT governance and control.Executive Summary - “There is a method…” Framework - “The method is…” Control Objectives - “The minimum controls are…” Audit Guidelines - “Here’s how you audit…” Management Guidelines - “Here’s how you measure your performance…” Implementation Guide - “Here’s how you implement…” The Cobit Model
20. Information Criteria: Effectiveness Efficiency Confidentiality Integrity Availability Compliance Reliability Business Processes PO1 Define a Strategic IT Plan PO2 Define the Information Architecture PO3 Determine Technological Direction PO4 Define the IT Organization and Relationships PO5 Manage the IT Investment PO6 Communicate Management Aims and Direction PO7 Manage Human Resources PO8 Ensure Compliance with External Requirements PO9 Assess Risks PO10 Manage Projects PO11 Manage Quality IT Resources Data Applications Technology Facilities People ME1 Monitor the Process ME2 Assess Internal Control Adequacy ME3 Obtain Independent Assurance ME4 Provide for Independent Audit Monitor & Evaluate Plan & Organize DS1 Define and Manage Service Levels DS2 Manage Third-Party Services DS3 Manage Performance and Capacity DS4 Ensure Continuous Service DS5 Ensure Systems Security DS6 Identify and Allocate Costs DS7 Educate and Train Users DS8 Assist and Advise Customers DS9 Manage the Configuration DS10 Manage Problems and Incidents DS11 Manage Data DS12 Manage Facilities DS13 Manage Operations Deliver & Support Acquire & Implement AI1 Identify Automated Solutions AI2 Acquire and Maintain Application Software AI3 Acquire and Maintain Technology Infrastructure AI4 Develop and Maintain Procedures AI5 Install and Accredit Systems AI6 Manage Changes
21.
22. Describes what needs to be taken into account when making IT related decisions and investments; helps balance risk and control investment.
32. ISO 17799 / BS 7799 SECURITY PARAMETERS ORGANISATIONAL AND INFORMATION SECURITY STRUCTURE RISK ASSESSMENT AND TREATMENT ASSET MANAGEMENT SECURITY POLICY HUMAN RESOURCE SECURITY
33. ISO 17799 / BS 7799 PHYSICAL SECURITY ACQUISITION, DEVELOPMENT AND MAINTAINANCE COMMUNICATION AND OPERATIONAL SECURITY INCIDENTAL MANAGEMENT BUSINESS CONTINUITY ACCESS CONTROL INFORMATION SYSTEMS COMPLIANCE
Investors Have Lost Trust and ConfidenceEnronAdelphia CommunicationsXeroxMartha StewartAccounting fraudsRestatementsAccounting irregularities. Activities of both ISACF and the ITGI will be handled by the renamed entity, ensuring that the leading-edge research, publishing andIT governance:IT governance is the responsibility of executives and the board of directors, and consists of the leadership, organisational structures and processes that ensure that the enterprise’s IT sustains and extends the organisation’s strategies and objectives.What is CobitControl Objectives for Information and related Technology (COBIT®) provides good practices across a domain and processframework and presents activities in a manageable and logical structure. COBIT’s good practices represent the consensus of experts.They are strongly focused more on control, less on execution. These practices will help optimise IT-enabled investments, ensureservice delivery and provide a measure against which to judge when things do go wrong.For IT to be successful in delivering against business requirements, management should put an internal control system or frameworkin place. The COBIT control framework contributes to these needs by:• Making a link to the business requirements• Organising IT activities into a generally accepted process model• Identifying the major IT resources to be leveraged• Defining the management control objectives to be consideredImportance of controlsControl - The policies, procedures, practices, and organizational structures designed to provide reasonable assurance that business objectives will be achieved and that undesired events will be prevented or detected and corrected.Increased Government Regulation(s) require focus on Enterprise Risk ManagementCOSO (Committee of Sponsoring Organizations) FrameworkDependence on Financial SystemsIncreased Need for Standard IT Processes and ProjectsRequirements for Enhanced IT Controls
Originally COBIT was released and used primarily by the IT assurance community. After the addition of Management Guidelines in 1998, COBIT has become the internationally accepted framework for IT governance and control, providing management tools such as metrics and maturity models to complement the control framework.ISO/IEC 17799:2000-The Code of Practice for Information Security Management is an international standard, based on BS 7799-1. It is presented as best practice for implementing information security management.COBIT by its nature is broader and ISO/IEC 17799 tends to be deeper in the area of security.ISSUER- COBIT IT Governance Institute, USA .ISO/IEC 17799:2000 International Organization for Standardization and International Electrotechnical Commission Joint Technical Committee (ISO/IEC JTC 1), Switzerland