SlideShare a Scribd company logo

Mark thomas cobit-and-frameworks

Abou Tesnime
Abou Tesnime

cobit

Technology
1 of 36
Download to read offline
Avoid Framework Overload Use COBIT5 to Leverage Multiple Best Practices Mark Thomas  CGEIT, CRISC,  ITIL Expert, PRINCE2 
Areas of expertise  Governance of Enterprise IT (CGEIT)  Enterprise Risk Management (CRISC)  COBIT  ITIL Expert  PRINCE2 Practitioner Experience  IT Director  VP, IT Operations  Enterprise Program Manager  Governance frameworks consulting Mark Thomas, CGEIT, CRISC
Agenda Introduction and Background Value Creation The Framework Ecosystem A Framework to Manage Frameworks Closing and Questions
Presentation Synopsis In the IT Governance environment there are multiple frameworks, models and standards to choose from. A challenge for most organizations is simply understanding what all of these are, and which ones are applicable or appropriate for them. Some common questions include: If we’re using ITIL, should we consider COBIT? How do ISO standards fit into my model? Should I be using Project Management models if I already use COBIT? In this insightful presentation on frameworks and standards integration, explore the many models that are available today: what they are, how they fit, and why choose them. Most importantly, we will use COBIT as the framework integrator to create a more holistic approach to leveraging multiple best practices under a single model. The purpose of this presentation is to gain an understanding of various applicable frameworks that exist in the GEIT space, and how to understand, position, and integrate multiple frameworks using COBIT5.
Presentation Goals Recognize the various frameworks in the GEIT ecosystem and how they can be collectively used to align with enterprise needs. Understand a model to synchronize various frameworks such as COBIT, ITIL, TOGAF, PRINCE2, PMBOK, and many more. Understand a model to synchronize various standards such as ISO38500, ISO27000, ISO20000, ISO31000, and many more. Identify approaches to selecting appropriate frameworks for your needs by leveraging COBIT5 as the framework integrator.
Value Creation Why the enterprise exists
Today’s Challenges
Why Does the Enterprise Exist?
How Do We Provide This Value?  EVALUATE stakeholder needs, conditions and options  DIRECT through prioritization and decision making  MONITOR performance, compliance and progress against agreed-on direction and objectives  PLAN, BUILD, RUS and MONITOR activities  Align with the direction set by the governance body to achieve the enterprise objectives
The Framework Ecosystem What is out there?
Drivers for Framework Adoption  Rising demand for best practices  More competitive landscape  Cost control  Conformance and performance  Meeting enterprise objectives  Technology investment justification
Standards and Good Practices Example Framework Categories Governance Architecture ITService Management Programand Project Management Risk Management Security Management Qualityand Improvement Lifecycles Example Standards ISO38500 ISO42010 ISO20000 ISO21500 ISO31000 NIST ISO27001 NIST ISO15504 ISO12207 Example Good Practices COSO COBIT TOGAF ASL/BiSL ITIL PMBOK PRINCE2 COBIT5 For Risk COBIT5 for Security SIX SIGMA PDCA SDLC AGILE DEVOPS This is not a complete list.  It is a representation of the presenter’s experience only.
A Framework to Manage Frameworks Using COBIT5
Scenario Company Background  Managed service provider  Mid-market  Multi-tenant environment Challenges  Regulatory and compliance  Multiple fragmented frameworks  Customer satisfaction  Duplicated efforts
Goals Adopt an enterprise IT governance framework that supports value creation and alignment. Leverage applicable standards and industry best practices to balance performance and conformance.
Approach
Analyze Business Needs  Leverage the Goals Cascade from COBIT.  Translate stakeholder needs into specific, practical and customized goals.  Cascade the goals to selected enablers.  Consider external regulations, laws and contractual obligations.  Determine the implications of the overall enterprise control environment with regard to IT. ISACA – Information Systems Audit and Control Association. ITGI – IT Governance Institute
Modified Goals Cascade
Approach
Understand the Enablers  Principles, Policies and Frameworks  Processes  Organizational Structures  Culture, Ethics and Behaviours  Information  Services, Infrastructure and Applications  People, Skills and Competencies
Approach
Inventory Frameworks Standards Best Practices
Inventory Frameworks EDM APO BAI DSS MEA COSO ISO/IEC 38500 King III OECD COSO/ERM ISO/IEC 31000 TOGAF 9 ISO/IEC 20000 ISO/IEC 27002 ITIL 2011 TOGAF 9 SFIA ISO/IEC 27002 PMBOK ISO/IEC 9001-2008 ISO/IEC 27001:2005 ISO/IEC 27002:2011 NIST SP800-53 Rev 1 PMBOK PRINCE2 ISO/IEC 20000 ITIL 2011 ITIL V3 2011 ISO/IEC 20000 ISO/IEC 27002 BS 25999:2007 ISO/IEC 27002:2011 NIST SP800-53 Rev 1 ISO/IEC 20000 ITIL 2011 COSO = Committee of Sponsoring Organizations of the Treadway Committee OECD = Organization for Economic Cooperation and Development TOGAF = The Open Group Architecture Forum SFIA = Skills Framework for the Information Age PMBOK = Project Management Body of Knowledge NIST = National Institute of Standards and Technology
Approach
Link Frameworks to Selected Enablers  Initial focus on the process enabler.  Process selection based on internal assessment.  Cross reference to avoid duplication.  Use the COBIT5 Enabling Process Guide for guidance.
Domains and Processes ISACA – Information Systems Audit and Control Association.  ITGI – IT Governance Institute
COBIT5 Process Reference Model Process Identification Process Description Process Purpose Statement Goals Cascade Information Process Goals & Metrics RACI Chart Detailed Practice Descriptions Related Guidance ISACA – Information Systems Audit and Control Association. ITGI – IT Governance Institute
Link Frameworks to Selected Enablers
Closing and Questions
Consideration and Tips  You don’t have to call it by its name!  Use more than one framework, they each have unique focus areas.  There is no such thing as a single silver bullet.  Ownership and accountability are key.  Communicate value in business terms.  Use COBIT Online to assist.  Don’t underestimate Culture, Ethics and Behaviors.
Mark thomas cobit-and-frameworks
Mark thomas cobit-and-frameworks

Recommended

Qap cobit2019-20181111
Qap cobit2019-20181111Qap cobit2019-20181111
Qap cobit2019-20181111
Patrick Soenen
 
DevOps, BA and COBIT don’t really align, or do they?
DevOps, BA and COBIT don’t really align, or do they?DevOps, BA and COBIT don’t really align, or do they?
DevOps, BA and COBIT don’t really align, or do they?
IIBA-Canberra
 
COBIT 5.0 vs COBIT 2019
COBIT 5.0 vs COBIT 2019COBIT 5.0 vs COBIT 2019
COBIT 5.0 vs COBIT 2019
Sreechith Radhakrishnan
 
COBIT 5 as a standard in the Jordanian banking system
COBIT 5 as a standard in the Jordanian banking systemCOBIT 5 as a standard in the Jordanian banking system
COBIT 5 as a standard in the Jordanian banking system
Mark Constable
 
Cobit 2019 framework by ISACA
Cobit 2019 framework by ISACACobit 2019 framework by ISACA
Cobit 2019 framework by ISACA
MDFazlaRabbiAbir
 
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise ITCOBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
Mark Constable
 
Big Data Framework - How to get started!
Big Data Framework - How to get started!Big Data Framework - How to get started!
Big Data Framework - How to get started!
Mark Constable
 
Demystifying Agile!
Demystifying Agile!Demystifying Agile!
Demystifying Agile!
Mark Constable
 

Recommended

Qap cobit2019-20181111
Qap cobit2019-20181111Qap cobit2019-20181111
Qap cobit2019-20181111
Patrick Soenen
 
DevOps, BA and COBIT don’t really align, or do they?
DevOps, BA and COBIT don’t really align, or do they?DevOps, BA and COBIT don’t really align, or do they?
DevOps, BA and COBIT don’t really align, or do they?
IIBA-Canberra
 
COBIT 5.0 vs COBIT 2019
COBIT 5.0 vs COBIT 2019COBIT 5.0 vs COBIT 2019
COBIT 5.0 vs COBIT 2019
Sreechith Radhakrishnan
 
COBIT 5 as a standard in the Jordanian banking system
COBIT 5 as a standard in the Jordanian banking systemCOBIT 5 as a standard in the Jordanian banking system
COBIT 5 as a standard in the Jordanian banking system
Mark Constable
 
Cobit 2019 framework by ISACA
Cobit 2019 framework by ISACACobit 2019 framework by ISACA
Cobit 2019 framework by ISACA
MDFazlaRabbiAbir
 
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise ITCOBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
Mark Constable
 
Big Data Framework - How to get started!
Big Data Framework - How to get started!Big Data Framework - How to get started!
Big Data Framework - How to get started!
Mark Constable
 
Demystifying Agile!
Demystifying Agile!Demystifying Agile!
Demystifying Agile!
Mark Constable
 
Introduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT managementIntroduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT management
Christian F. Nissen
 
Advanced Project Data Analytics for Improved Project Delivery
Advanced Project Data Analytics for Improved Project DeliveryAdvanced Project Data Analytics for Improved Project Delivery
Advanced Project Data Analytics for Improved Project Delivery
Mark Constable
 
Cobit5 introduction
Cobit5 introductionCobit5 introduction
Cobit5 introduction
Markus Yaldu
 
Cobit 5 - An Overview
Cobit 5 - An OverviewCobit 5 - An Overview
Cobit 5 - An Overview
Anurag Purohit
 
Managing Change Overload!
Managing Change Overload!Managing Change Overload!
Managing Change Overload!
Mark Constable
 
COBIT 5 Basic Concepts
COBIT 5 Basic ConceptsCOBIT 5 Basic Concepts
COBIT 5 Basic Concepts
Spyros Ktenas
 
Initiating IT Governance Strategy to Identify Business Needs
Initiating IT Governance Strategy to Identify Business NeedsInitiating IT Governance Strategy to Identify Business Needs
Initiating IT Governance Strategy to Identify Business Needs
PECB
 
Cobit5
Cobit5Cobit5
Cobit5
ISACA-Istanbul
 
CobiT Foundation Free Training
CobiT Foundation Free TrainingCobiT Foundation Free Training
CobiT Foundation Free Training
EnterpriseGRC Solutions, Inc.
 
How to pass cobit exam
How to pass cobit exam How to pass cobit exam
How to pass cobit exam
Egyptian Engineers Association
 
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGovernance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 Framework
Goutama Bachtiar
 
Cobit 5 Business Framework -Governance and Management of Enterprise IT
Cobit 5 Business Framework -Governance and Management of Enterprise ITCobit 5 Business Framework -Governance and Management of Enterprise IT
Cobit 5 Business Framework -Governance and Management of Enterprise IT
Balasubramanian.C PMP®,ITIL®,PRINCE2®,COBIT®5
 
Business and ITSM on the same page at last! ITIL, TOGAF and COBIT working to...
Business and ITSM on the same page at last! ITIL, TOGAF and COBIT working to...Business and ITSM on the same page at last! ITIL, TOGAF and COBIT working to...
Business and ITSM on the same page at last! ITIL, TOGAF and COBIT working to...
CTE Solutions Inc.
 
COBIT5 Introduction
COBIT5 IntroductionCOBIT5 Introduction
COBIT5 Introduction
Mohammad Reda Katby
 
COBIT 5.0 Vs ISO / IEC 38500 (IT Governance)
COBIT 5.0 Vs ISO / IEC 38500 (IT Governance)COBIT 5.0 Vs ISO / IEC 38500 (IT Governance)
COBIT 5.0 Vs ISO / IEC 38500 (IT Governance)
ISACA Riyadh
 
Qecb#iia#cobit5 training en_announce#201208
Qecb#iia#cobit5 training en_announce#201208Qecb#iia#cobit5 training en_announce#201208
Qecb#iia#cobit5 training en_announce#201208
Patrick Soenen
 
Introduction to COBIT 2019 Certification and Training
Introduction to COBIT 2019 Certification and TrainingIntroduction to COBIT 2019 Certification and Training
Introduction to COBIT 2019 Certification and Training
Mark Edmead
 
Cobit 2019 foundation study material
Cobit 2019 foundation study materialCobit 2019 foundation study material
Cobit 2019 foundation study material
Anees Shaikh
 
Why IT Service Managemement implementations sometimes fail in real life
Why IT Service Managemement implementations sometimes fail in real lifeWhy IT Service Managemement implementations sometimes fail in real life
Why IT Service Managemement implementations sometimes fail in real life
Christian F. Nissen
 
Cobit 5 used in an information security review
Cobit 5 used in an information security reviewCobit 5 used in an information security review
Cobit 5 used in an information security review
Johnbarchie
 
IT frameworks
IT frameworksIT frameworks
IT frameworks
cyouss
 
David Pultorak ISECON 2007 Keynote: IT Frameworks
David Pultorak ISECON 2007 Keynote: IT FrameworksDavid Pultorak ISECON 2007 Keynote: IT Frameworks
David Pultorak ISECON 2007 Keynote: IT Frameworks
David Pultorak
 

More Related Content

What's hot

Advanced Project Data Analytics for Improved Project Delivery
Advanced Project Data Analytics for Improved Project DeliveryAdvanced Project Data Analytics for Improved Project Delivery
Advanced Project Data Analytics for Improved Project Delivery
Mark Constable
 
Managing Change Overload!
Managing Change Overload!Managing Change Overload!
Managing Change Overload!
Mark Constable
 
Initiating IT Governance Strategy to Identify Business Needs
Initiating IT Governance Strategy to Identify Business NeedsInitiating IT Governance Strategy to Identify Business Needs
Initiating IT Governance Strategy to Identify Business Needs
PECB
 
Cobit 2019 foundation study material
Cobit 2019 foundation study materialCobit 2019 foundation study material
Cobit 2019 foundation study material
Anees Shaikh
 
Why IT Service Managemement implementations sometimes fail in real life
Why IT Service Managemement implementations sometimes fail in real lifeWhy IT Service Managemement implementations sometimes fail in real life
Why IT Service Managemement implementations sometimes fail in real life
Christian F. Nissen
 

What's hot (20)

Introduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT managementIntroduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT management
 
Advanced Project Data Analytics for Improved Project Delivery
Advanced Project Data Analytics for Improved Project DeliveryAdvanced Project Data Analytics for Improved Project Delivery
Advanced Project Data Analytics for Improved Project Delivery
 
Cobit5 introduction
Cobit5 introductionCobit5 introduction
Cobit5 introduction
 
Cobit 5 - An Overview
Cobit 5 - An OverviewCobit 5 - An Overview
Cobit 5 - An Overview
 
Managing Change Overload!
Managing Change Overload!Managing Change Overload!
Managing Change Overload!
 
COBIT 5 Basic Concepts
COBIT 5 Basic ConceptsCOBIT 5 Basic Concepts
COBIT 5 Basic Concepts
 
Initiating IT Governance Strategy to Identify Business Needs
Initiating IT Governance Strategy to Identify Business NeedsInitiating IT Governance Strategy to Identify Business Needs
Initiating IT Governance Strategy to Identify Business Needs
 
Cobit5
Cobit5Cobit5
Cobit5
 
CobiT Foundation Free Training
CobiT Foundation Free TrainingCobiT Foundation Free Training
CobiT Foundation Free Training
 
How to pass cobit exam
How to pass cobit exam How to pass cobit exam
How to pass cobit exam
 
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGovernance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 Framework
 
Cobit 5 Business Framework -Governance and Management of Enterprise IT
Cobit 5 Business Framework -Governance and Management of Enterprise ITCobit 5 Business Framework -Governance and Management of Enterprise IT
Cobit 5 Business Framework -Governance and Management of Enterprise IT
 
Business and ITSM on the same page at last! ITIL, TOGAF and COBIT working to...
Business and ITSM on the same page at last! ITIL, TOGAF and COBIT working to...Business and ITSM on the same page at last! ITIL, TOGAF and COBIT working to...
Business and ITSM on the same page at last! ITIL, TOGAF and COBIT working to...
 
COBIT5 Introduction
COBIT5 IntroductionCOBIT5 Introduction
COBIT5 Introduction
 
COBIT 5.0 Vs ISO / IEC 38500 (IT Governance)
COBIT 5.0 Vs ISO / IEC 38500 (IT Governance)COBIT 5.0 Vs ISO / IEC 38500 (IT Governance)
COBIT 5.0 Vs ISO / IEC 38500 (IT Governance)
 
Qecb#iia#cobit5 training en_announce#201208
Qecb#iia#cobit5 training en_announce#201208Qecb#iia#cobit5 training en_announce#201208
Qecb#iia#cobit5 training en_announce#201208
 
Introduction to COBIT 2019 Certification and Training
Introduction to COBIT 2019 Certification and TrainingIntroduction to COBIT 2019 Certification and Training
Introduction to COBIT 2019 Certification and Training
 
Cobit 2019 foundation study material
Cobit 2019 foundation study materialCobit 2019 foundation study material
Cobit 2019 foundation study material
 
Why IT Service Managemement implementations sometimes fail in real life
Why IT Service Managemement implementations sometimes fail in real lifeWhy IT Service Managemement implementations sometimes fail in real life
Why IT Service Managemement implementations sometimes fail in real life
 
Cobit 5 used in an information security review
Cobit 5 used in an information security reviewCobit 5 used in an information security review
Cobit 5 used in an information security review
 

Similar to Mark thomas cobit-and-frameworks

David Pultorak ISECON 2007 Keynote: IT Frameworks
David Pultorak ISECON 2007 Keynote: IT FrameworksDavid Pultorak ISECON 2007 Keynote: IT Frameworks
David Pultorak ISECON 2007 Keynote: IT Frameworks
David Pultorak
 
COBIT® Presentation Package.ppt
COBIT® Presentation Package.pptCOBIT® Presentation Package.ppt
COBIT® Presentation Package.ppt
Emmacuet
 
Multi Model Performance Improvement
Multi Model Performance ImprovementMulti Model Performance Improvement
Multi Model Performance Improvement
George Brotbeck
 
Comparison of it governance framework-COBIT, ITIL, BS7799
Comparison of it governance framework-COBIT, ITIL, BS7799Comparison of it governance framework-COBIT, ITIL, BS7799
Comparison of it governance framework-COBIT, ITIL, BS7799
Meghna Verma
 

Similar to Mark thomas cobit-and-frameworks (20)

IT frameworks
IT frameworksIT frameworks
IT frameworks
 
David Pultorak ISECON 2007 Keynote: IT Frameworks
David Pultorak ISECON 2007 Keynote: IT FrameworksDavid Pultorak ISECON 2007 Keynote: IT Frameworks
David Pultorak ISECON 2007 Keynote: IT Frameworks
 
Co5bit
Co5bitCo5bit
Co5bit
 
CobiT And ITIL Breakfast Seminar
CobiT And ITIL Breakfast SeminarCobiT And ITIL Breakfast Seminar
CobiT And ITIL Breakfast Seminar
 
Cobit Foundation Training
Cobit Foundation TrainingCobit Foundation Training
Cobit Foundation Training
 
COBIT®5 - Foundation
COBIT®5 - FoundationCOBIT®5 - Foundation
COBIT®5 - Foundation
 
Cobit 4.1 ivo oktavianti
Cobit 4.1 ivo oktaviantiCobit 4.1 ivo oktavianti
Cobit 4.1 ivo oktavianti
 
Cobit 4.1 ivooktavianti
Cobit 4.1 ivooktaviantiCobit 4.1 ivooktavianti
Cobit 4.1 ivooktavianti
 
Cobit 4.1 ivo oktavianti
Cobit 4.1 ivo oktaviantiCobit 4.1 ivo oktavianti
Cobit 4.1 ivo oktavianti
 
COBIT® Presentation Package.ppt
COBIT® Presentation Package.pptCOBIT® Presentation Package.ppt
COBIT® Presentation Package.ppt
 
COBIT 5 IT Governance Model: an Introduction
COBIT 5 IT Governance Model: an IntroductionCOBIT 5 IT Governance Model: an Introduction
COBIT 5 IT Governance Model: an Introduction
 
EXIN Lean IT Course Preview
EXIN Lean IT Course PreviewEXIN Lean IT Course Preview
EXIN Lean IT Course Preview
 
Frameworks For Predictability
Frameworks For PredictabilityFrameworks For Predictability
Frameworks For Predictability
 
ITSM Frameworks - Coming of Age
ITSM Frameworks - Coming of AgeITSM Frameworks - Coming of Age
ITSM Frameworks - Coming of Age
 
Nick Milton - APM Knowledge SIG Conference 2018
Nick Milton - APM Knowledge SIG Conference 2018 Nick Milton - APM Knowledge SIG Conference 2018
Nick Milton - APM Knowledge SIG Conference 2018
 
01 intro-cobit
01 intro-cobit01 intro-cobit
01 intro-cobit
 
Multi Model Performance Improvement
Multi Model Performance ImprovementMulti Model Performance Improvement
Multi Model Performance Improvement
 
COBIT Approach to Maintain Healthy Cyber Security Status Using NIST - CSF
COBIT Approach to Maintain Healthy Cyber Security Status Using NIST - CSF COBIT Approach to Maintain Healthy Cyber Security Status Using NIST - CSF
COBIT Approach to Maintain Healthy Cyber Security Status Using NIST - CSF
 
IT Management Toolkit - ITIL Is Not Enough
IT Management Toolkit - ITIL Is Not EnoughIT Management Toolkit - ITIL Is Not Enough
IT Management Toolkit - ITIL Is Not Enough
 
Comparison of it governance framework-COBIT, ITIL, BS7799
Comparison of it governance framework-COBIT, ITIL, BS7799Comparison of it governance framework-COBIT, ITIL, BS7799
Comparison of it governance framework-COBIT, ITIL, BS7799
 

Recently uploaded

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 

Recently uploaded (20)

presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 

Mark thomas cobit-and-frameworks

  • 1.
  • 3. Areas of expertise  Governance of Enterprise IT (CGEIT)  Enterprise Risk Management (CRISC)  COBIT  ITIL Expert  PRINCE2 Practitioner Experience  IT Director  VP, IT Operations  Enterprise Program Manager  Governance frameworks consulting Mark Thomas, CGEIT, CRISC
  • 5. Presentation Synopsis In the IT Governance environment there are multiple frameworks, models and standards to choose from. A challenge for most organizations is simply understanding what all of these are, and which ones are applicable or appropriate for them. Some common questions include: If we’re using ITIL, should we consider COBIT? How do ISO standards fit into my model? Should I be using Project Management models if I already use COBIT? In this insightful presentation on frameworks and standards integration, explore the many models that are available today: what they are, how they fit, and why choose them. Most importantly, we will use COBIT as the framework integrator to create a more holistic approach to leveraging multiple best practices under a single model. The purpose of this presentation is to gain an understanding of various applicable frameworks that exist in the GEIT space, and how to understand, position, and integrate multiple frameworks using COBIT5.
  • 6. Presentation Goals Recognize the various frameworks in the GEIT ecosystem and how they can be collectively used to align with enterprise needs. Understand a model to synchronize various frameworks such as COBIT, ITIL, TOGAF, PRINCE2, PMBOK, and many more. Understand a model to synchronize various standards such as ISO38500, ISO27000, ISO20000, ISO31000, and many more. Identify approaches to selecting appropriate frameworks for your needs by leveraging COBIT5 as the framework integrator.
  • 9. Why Does the Enterprise Exist?
  • 10. How Do We Provide This Value?  EVALUATE stakeholder needs, conditions and options  DIRECT through prioritization and decision making  MONITOR performance, compliance and progress against agreed-on direction and objectives  PLAN, BUILD, RUS and MONITOR activities  Align with the direction set by the governance body to achieve the enterprise objectives
  • 12. Drivers for Framework Adoption  Rising demand for best practices  More competitive landscape  Cost control  Conformance and performance  Meeting enterprise objectives  Technology investment justification
  • 13.
  • 14. Standards and Good Practices Example Framework Categories Governance Architecture ITService Management Programand Project Management Risk Management Security Management Qualityand Improvement Lifecycles Example Standards ISO38500 ISO42010 ISO20000 ISO21500 ISO31000 NIST ISO27001 NIST ISO15504 ISO12207 Example Good Practices COSO COBIT TOGAF ASL/BiSL ITIL PMBOK PRINCE2 COBIT5 For Risk COBIT5 for Security SIX SIGMA PDCA SDLC AGILE DEVOPS This is not a complete list.  It is a representation of the presenter’s experience only.
  • 15. A Framework to Manage Frameworks Using COBIT5
  • 16. Scenario Company Background  Managed service provider  Mid-market  Multi-tenant environment Challenges  Regulatory and compliance  Multiple fragmented frameworks  Customer satisfaction  Duplicated efforts
  • 17. Goals Adopt an enterprise IT governance framework that supports value creation and alignment. Leverage applicable standards and industry best practices to balance performance and conformance.
  • 18.
  • 20. Analyze Business Needs  Leverage the Goals Cascade from COBIT.  Translate stakeholder needs into specific, practical and customized goals.  Cascade the goals to selected enablers.  Consider external regulations, laws and contractual obligations.  Determine the implications of the overall enterprise control environment with regard to IT. ISACA – Information Systems Audit and Control Association. ITGI – IT Governance Institute
  • 23. Understand the Enablers  Principles, Policies and Frameworks  Processes  Organizational Structures  Culture, Ethics and Behaviours  Information  Services, Infrastructure and Applications  People, Skills and Competencies
  • 26.
  • 27. Inventory Frameworks EDM APO BAI DSS MEA COSO ISO/IEC 38500 King III OECD COSO/ERM ISO/IEC 31000 TOGAF 9 ISO/IEC 20000 ISO/IEC 27002 ITIL 2011 TOGAF 9 SFIA ISO/IEC 27002 PMBOK ISO/IEC 9001-2008 ISO/IEC 27001:2005 ISO/IEC 27002:2011 NIST SP800-53 Rev 1 PMBOK PRINCE2 ISO/IEC 20000 ITIL 2011 ITIL V3 2011 ISO/IEC 20000 ISO/IEC 27002 BS 25999:2007 ISO/IEC 27002:2011 NIST SP800-53 Rev 1 ISO/IEC 20000 ITIL 2011 COSO = Committee of Sponsoring Organizations of the Treadway Committee OECD = Organization for Economic Cooperation and Development TOGAF = The Open Group Architecture Forum SFIA = Skills Framework for the Information Age PMBOK = Project Management Body of Knowledge NIST = National Institute of Standards and Technology
  • 29. Link Frameworks to Selected Enablers  Initial focus on the process enabler.  Process selection based on internal assessment.  Cross reference to avoid duplication.  Use the COBIT5 Enabling Process Guide for guidance.
  • 30. Domains and Processes ISACA – Information Systems Audit and Control Association.  ITGI – IT Governance Institute
  • 31. COBIT5 Process Reference Model Process Identification Process Description Process Purpose Statement Goals Cascade Information Process Goals & Metrics RACI Chart Detailed Practice Descriptions Related Guidance ISACA – Information Systems Audit and Control Association. ITGI – IT Governance Institute
  • 32. Link Frameworks to Selected Enablers
  • 34. Consideration and Tips  You don’t have to call it by its name!  Use more than one framework, they each have unique focus areas.  There is no such thing as a single silver bullet.  Ownership and accountability are key.  Communicate value in business terms.  Use COBIT Online to assist.  Don’t underestimate Culture, Ethics and Behaviors.