SlideShare uma empresa Scribd logo

COBIT 5 Secure Software

SPIN Chennai
SPIN Chennai

This presentation elucidates Secure Software Development based on COBIT 5, an IT governance framework and supporting tool set which emphasizes regulatory compliance, helps organizations to increase the value attained from IT, enables alignment and simplifies implementation of the COBIT framework.

Negócios
1 de 25
Baixar para ler offline
Secure Software Development – COBIT 5 Perspective Kewyn Walter George Management Consulting 29th June 2013
© [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 1 COBIT - A brief Introduction •COBIT is an IT governance framework and supporting tool set that allows managers to bridge the gap between control requirements, technical issues and business risk. •COBIT enables clear policy development and good practice for IT control throughout organizations. •COBIT emphasizes regulatory compliance, helps organizations to increase the value attained from IT, enables alignment and simplifies implementation of the COBIT framework.
© [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 2 COBIT Framework Evolution Governance of Enterprise IT COBIT 5 IT Governance COBIT4.0/4.1 Management COBIT3 Control COBIT2 Audit COBIT1 2005/720001998 Evolutionofscope 1996 2012 Val IT 2.0 (2008) Risk IT (2009) An business framework from ISACA, at www.isaca.org/cobit © 2012 ISACA® All rights reserved. From Audit (COBIT1)  Governance of Enterprise IT (COBIT5)
© [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 3 COBIT 5: The latest version •COBIT 5 is a major strategic improvement providing the next generation of ISACA guidance on the governance and management of enterprise information technology (IT) assets. •Building on more than 15 years of practical application, ISACA designed COBIT 5 to meet the needs of stakeholders, and to align with current thinking on enterprise governance and management techniques as they relate to IT. •It focuses on the dual aspects of Governance as well as Management of Enterprise IT Source : ISACA.org Copyright@ISACA
© [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 4 COBIT 5 : Principles & Enablers Based on 5 Principles and 7 Enablers Source : ISACA.org Copyright@ISACA
© [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 5 COBIT 5: Overall Architecture COBIT 5 Family of Products COBIT 5 Enterprise Enablers Source: COBIT® 5, figure 12. © 2012 ISACA® All rights reserved. Source: COBIT® 5, figure 11. © 2012 ISACA® All rights reserved. Source : ISACA.org Copyright@ISACA
© [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 6 COBIT 5: Importance on Life Cycle Management & Governance Source : ISACA.org Copyright@ISACA
© [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 7 COBIT 5: Enabling Processes: Source : ISACA.org Copyright@ISACA
© [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 8 Importance of Secured Software Development: • The use of internet & network systems has become all pervasive increasing the risk for data integrity during software development. • Secured software development reduces software maintenance cost and increases software reliability. • Secured software development reduces a significant number of security flaws. •Such security flaws if detected at later stages of software development may require the total overhaul of the entire software architecture.
© [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 9 Secured Software Development: Common Pitfalls: •Organizations focus on software application and information security only after their development. •Organizations conduct security audits only after development and before deployment. •There is lack of awareness on information security norms to be followed during the Software Development Lifecycle. •Organizations spend more time on reacting to security issues after software development than proactively eliminating issues before the software development is completed.
© [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 10 How COBIT 5 addresses these pitfalls: COBIT5 emphasizes on the following key areas to addresses the common issues related to information security and software development: • Awareness & Training • Assessment & Audit • Development & Quality Assurance • Compliance • Response Management • Metrics & Accountability • Operational Security The following sections detail how COBIT5 includes Information Security and Software Development into its processes
© [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 11 COBIT 5 –Information Security & Secure Software Development: •COBIT 5 has also taken the valuable holistic, interrelated component model approach from the Business Model for Information Security (BMIS) work and incorporated it into the framework components Source : ISACA.org Copyright@ISACA
© [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 12 Business Model for Information Security (BMIS) • A holistic and business-oriented approach to managing information security, and a common language for information security and business management to talk about information protection • BMIS challenges conventional thinking and enables you to creatively re-evaluate your information security investment • The Business Model for Information Security, provides an in-depth explanation to a holistic business model which examines security issues from a systems perspective. Source : ISACA.org Copyright@ISACA
© [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 13 COBIT 5 Integrates BMIS Components • Several of the BMIS components are now integrated within COBIT 5 as interacting enablers that support the enterprise in achieving its business goals and create stakeholder value: • Organization • Process • People • Human Factors • Technology • Culture Source : ISACA.org Copyright@ISACA
© [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 14 COBIT 5 Integrates BMIS Components • The remaining BMIS components are actually related the larger aspects of the COBIT 5 framework: • Governing—The dimensions of governance activities (evaluate, direct, monitor—ISO/IEC 38500) are addressed at the enterprise level in the COBIT 5 framework • Architecture (including a process model) —COBIT 5 includes the need to address enterprise architecture aspects to link organization and technology effectively • Emergence—The holistic and integrated nature of the COBIT 5 enablers supports enterprise in adapting to changes in both stakeholder needs and enabler capabilities as necessary Source : ISACA.org Copyright@ISACA
© [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 15 COBIT 5 Product Family—Includes Guides on Information Security Member Source : ISACA.org Copyright@ISACA
© [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 16 COBIT 5 for Information Security: •COBIT 5 for Information Security builds on the COBIT 5 framework in that it focuses on information security and provides more detailed and more practical guidance for information security professionals and other interested parties at all levels of the enterprise. Source : ISACA.org Copyright@ISACA
© [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 17 Implementing Information Security using COBIT 5 Enablers •COBIT 5 defines a set of enablers to support the implementation of a comprehensive governance and management system for enterprise IT and information. Enablers are factors that, individually and collectively, influence whether something will work—in this case, governance and management over enterprise IT and, related to that, information security governance. •Enablers are driven by the goals cascade, i.e., higher level IT- related goals define what the different enablers should achieve. Source : ISACA.org Copyright@ISACA
© [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 18 Implementing Information Security using COBIT 5 Enablers The Enablers contain detailed guidance on Information Security norms to be followed in daily processes. The following shows the example with the enabler – Culture, ethics & behaviour Source : ISACA.org Copyright@ISACA
© [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 19 COBIT 5 Processes: Tailored for Information Security & Software Development: Source : ISACA.org Copyright@ISACA
© [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 20 COBIT 5 Processes: Tailored for Information Security & Software Development: (An example) •COBIT 5 addresses information security specifically: •The focus on information security management system (ISMS) in the align, plan and organize (APO) management domain, APO13 Manage security, establishes the prominence of information security within the COBIT 5 process framework. •This process highlights the need for enterprise management to plan and establish an appropriate ISMS to support the information security governance principles and security- impacted business objectives resulting from the evaluate, direct and monitor (EDM) governance domain. Source : ISACA.org Copyright@ISACA
© [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 21 Secured Software Development: Benefits of Implementing COBIT 5 • Through its IT related processes, COBIT 5 emphasizes on ‘Monitor, Evaluate and Assess’ at every stage of software development. •This ensures a significant reduction in costs due to after development security related bug fixes. • Through enablers focused on culture, ethics and behaviour, COBIT 5 ensures that the principles related to information security are imbibed into the daily processes. • Application vulnerability to external information related threats is reduced at every developmental step. Source : ISACA.org Copyright@ISACA
© [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 22 Secured Software Development: Benefits of Implementing COBIT 5 • Through process optimization and early bug and security flaw detection COBIT 5 helps organizations reduce development time and achieve the fastest schedule for software development.
© [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 23 Accredited COBIT 5 Foundation Course by KPMG Course Overview: COBIT 5 is the only business framework for the governance and management of enterprise IT. This evolutionary version incorporates the latest thinking in enterprise governance and management techniques, and provides globally accepted principles, practices, analytical tools and models to help increase the trust in, and value from, information systems. COBIT 5 builds and expands on COBIT 4.1 by integrating other major frameworks, standards and resources, including ISACA’s Val IT and Risk IT, Information Technology Infrastructure Library (ITIL®) and related standards from the International Organization for Standardization (ISO). Course trainer: The trainers are accredited by APMG , who have in-depth experience in COBIT 5 consulting and conducted more than 25 COBIT workshops Duration : 2 Service days Course Fee : INR 22,900 ( Trainer charges ,Training Material , Exam and certification cost) + Service Tax ( 10% - 15% Discount for SPIN and ISACA Members) Course Contents: Enablers 1. Principles, policies and frameworks 2. Processes 3. Organizational structures. 4. Culture, ethics and behavior 5. Information 6. Services, infrastructure and applications 7. People, skills and competencies 5 Principles Principle 1: Meeting Stakeholder Needs Principle 2: Covering the Enterprise End-to- End Principle 3: Applying a Single, Integrated Framework Principle 4: Enabling a Holistic Approach Principle 5: Separating Governance From Management
© 2013 KPMG, an Indian Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name, logo and ‘cutting through complexity’ are registered trademarks or trademarks of KPMG International Cooperative (KPMG International). Thank you Kewyn Walter George KPMG Management Consulting Email: kewyn@kpmg.com Phone: 97890 11128

Recomendados

Data Quality Integration (ETL) Open Source
Data Quality Integration (ETL) Open SourceData Quality Integration (ETL) Open Source
Data Quality Integration (ETL) Open SourceStratebi
 
Data Lake Architecture – Modern Strategies & Approaches
Data Lake Architecture – Modern Strategies & ApproachesData Lake Architecture – Modern Strategies & Approaches
Data Lake Architecture – Modern Strategies & ApproachesDATAVERSITY
 
Data Governance: Keystone of Information Management Initiatives
Data Governance: Keystone of Information Management InitiativesData Governance: Keystone of Information Management Initiatives
Data Governance: Keystone of Information Management InitiativesAlan McSweeney
 
Enterprise Data World Webinars: Master Data Management: Ensuring Value is Del...
Enterprise Data World Webinars: Master Data Management: Ensuring Value is Del...Enterprise Data World Webinars: Master Data Management: Ensuring Value is Del...
Enterprise Data World Webinars: Master Data Management: Ensuring Value is Del...DATAVERSITY
 
Data Catalogs Are the Answer – What is the Question?
Data Catalogs Are the Answer – What is the Question?Data Catalogs Are the Answer – What is the Question?
Data Catalogs Are the Answer – What is the Question?DATAVERSITY
 
Demystifying Healthcare Data Governance
Demystifying Healthcare Data GovernanceDemystifying Healthcare Data Governance
Demystifying Healthcare Data GovernanceHealth Catalyst
 
IT Asset Management by Miradore
IT Asset Management by MiradoreIT Asset Management by Miradore
IT Asset Management by MiradoreMiradore
 
Introduction to Enterprise Architecture
Introduction to Enterprise ArchitectureIntroduction to Enterprise Architecture
Introduction to Enterprise ArchitectureMohammed Omar
 

Recomendados

Data Quality Integration (ETL) Open Source
Data Quality Integration (ETL) Open SourceData Quality Integration (ETL) Open Source
Data Quality Integration (ETL) Open SourceStratebi
 
Data Lake Architecture – Modern Strategies & Approaches
Data Lake Architecture – Modern Strategies & ApproachesData Lake Architecture – Modern Strategies & Approaches
Data Lake Architecture – Modern Strategies & ApproachesDATAVERSITY
 
Data Governance: Keystone of Information Management Initiatives
Data Governance: Keystone of Information Management InitiativesData Governance: Keystone of Information Management Initiatives
Data Governance: Keystone of Information Management InitiativesAlan McSweeney
 
Enterprise Data World Webinars: Master Data Management: Ensuring Value is Del...
Enterprise Data World Webinars: Master Data Management: Ensuring Value is Del...Enterprise Data World Webinars: Master Data Management: Ensuring Value is Del...
Enterprise Data World Webinars: Master Data Management: Ensuring Value is Del...DATAVERSITY
 
Data Catalogs Are the Answer – What is the Question?
Data Catalogs Are the Answer – What is the Question?Data Catalogs Are the Answer – What is the Question?
Data Catalogs Are the Answer – What is the Question?DATAVERSITY
 
Demystifying Healthcare Data Governance
Demystifying Healthcare Data GovernanceDemystifying Healthcare Data Governance
Demystifying Healthcare Data GovernanceHealth Catalyst
 
IT Asset Management by Miradore
IT Asset Management by MiradoreIT Asset Management by Miradore
IT Asset Management by MiradoreMiradore
 
Introduction to Enterprise Architecture
Introduction to Enterprise ArchitectureIntroduction to Enterprise Architecture
Introduction to Enterprise ArchitectureMohammed Omar
 
Software Asset Management (SAM) Maturity landscape in India
Software Asset Management (SAM) Maturity landscape in IndiaSoftware Asset Management (SAM) Maturity landscape in India
Software Asset Management (SAM) Maturity landscape in Indiafranc24
 
Data Quality Services in SQL Server 2012
Data Quality Services in SQL Server 2012Data Quality Services in SQL Server 2012
Data Quality Services in SQL Server 2012Stéphane Fréchette
 
Chapter 4: Data Architecture Management
Chapter 4: Data Architecture ManagementChapter 4: Data Architecture Management
Chapter 4: Data Architecture ManagementAhmed Alorage
 
Introduction to Data Governance
Introduction to Data GovernanceIntroduction to Data Governance
Introduction to Data GovernanceJohn Bao Vuu
 
8 Steps to Creating a Data Strategy
8 Steps to Creating a Data Strategy8 Steps to Creating a Data Strategy
8 Steps to Creating a Data StrategySilicon Valley Data Science
 
The Data Driven University - Automating Data Governance and Stewardship in Au...
The Data Driven University - Automating Data Governance and Stewardship in Au...The Data Driven University - Automating Data Governance and Stewardship in Au...
The Data Driven University - Automating Data Governance and Stewardship in Au...Pieter De Leenheer
 
Build and Information Security Strategy
Build and Information Security StrategyBuild and Information Security Strategy
Build and Information Security StrategyInfo-Tech Research Group
 
Data Governance Initiative
Data Governance InitiativeData Governance Initiative
Data Governance InitiativeDataWorks Summit
 
LeanIX-ServiceNow Integration
LeanIX-ServiceNow IntegrationLeanIX-ServiceNow Integration
LeanIX-ServiceNow IntegrationLeanIX GmbH
 
Building a Data Strategy – Practical Steps for Aligning with Business Goals
Building a Data Strategy – Practical Steps for Aligning with Business GoalsBuilding a Data Strategy – Practical Steps for Aligning with Business Goals
Building a Data Strategy – Practical Steps for Aligning with Business GoalsDATAVERSITY
 
DAS Slides: Data Governance - Combining Data Management with Organizational ...
DAS Slides: Data Governance - Combining Data Management with Organizational ...DAS Slides: Data Governance - Combining Data Management with Organizational ...
DAS Slides: Data Governance - Combining Data Management with Organizational ...DATAVERSITY
 
Data Lakes com Hadoop e Spark: Agile Analytics na prática
Data Lakes com Hadoop e Spark: Agile Analytics na práticaData Lakes com Hadoop e Spark: Agile Analytics na prática
Data Lakes com Hadoop e Spark: Agile Analytics na práticaRicardo Wendell Rodrigues da Silveira
 
Introduction to Data Management Maturity Models
Introduction to Data Management Maturity ModelsIntroduction to Data Management Maturity Models
Introduction to Data Management Maturity ModelsKingland
 
Automating Data Quality Processes at Reckitt
Automating Data Quality Processes at ReckittAutomating Data Quality Processes at Reckitt
Automating Data Quality Processes at ReckittDatabricks
 
Chapter 5: Data Development
Chapter 5: Data Development Chapter 5: Data Development
Chapter 5: Data Development Ahmed Alorage
 
Introduction to Enterprise Architecture
Introduction to Enterprise Architecture Introduction to Enterprise Architecture
Introduction to Enterprise Architecture Leo Shuster
 
ITIL vs. COBIT
ITIL vs. COBITITIL vs. COBIT
ITIL vs. COBITMohsen Yousefi
 
‏‏‏‏‏‏‏‏Chapter 11: Meta-data Management
‏‏‏‏‏‏‏‏Chapter 11: Meta-data Management‏‏‏‏‏‏‏‏Chapter 11: Meta-data Management
‏‏‏‏‏‏‏‏Chapter 11: Meta-data ManagementAhmed Alorage
 
Oracle Data Warehouse
Oracle Data WarehouseOracle Data Warehouse
Oracle Data WarehouseDataminingTools Inc
 
CISA Review Course Slides - Part1
CISA Review Course Slides - Part1CISA Review Course Slides - Part1
CISA Review Course Slides - Part1Iyad Mourtada, CMA, CIA, CFE, CCSA, CRMA, CPLP
 
Cobit5 introduction
Cobit5 introductionCobit5 introduction
Cobit5 introductionsuhaskokate
 
Cobit 5 introduction plgr
Cobit 5 introduction plgrCobit 5 introduction plgr
Cobit 5 introduction plgrPedro Garcia Repetto
 

Mais conteúdo relacionado

Mais procurados

Software Asset Management (SAM) Maturity landscape in India
Software Asset Management (SAM) Maturity landscape in IndiaSoftware Asset Management (SAM) Maturity landscape in India
Software Asset Management (SAM) Maturity landscape in Indiafranc24
 
Data Quality Services in SQL Server 2012
Data Quality Services in SQL Server 2012Data Quality Services in SQL Server 2012
Data Quality Services in SQL Server 2012Stéphane Fréchette
 
Chapter 4: Data Architecture Management
Chapter 4: Data Architecture ManagementChapter 4: Data Architecture Management
Chapter 4: Data Architecture ManagementAhmed Alorage
 
Introduction to Data Governance
Introduction to Data GovernanceIntroduction to Data Governance
Introduction to Data GovernanceJohn Bao Vuu
 
The Data Driven University - Automating Data Governance and Stewardship in Au...
The Data Driven University - Automating Data Governance and Stewardship in Au...The Data Driven University - Automating Data Governance and Stewardship in Au...
The Data Driven University - Automating Data Governance and Stewardship in Au...Pieter De Leenheer
 
Data Governance Initiative
Data Governance InitiativeData Governance Initiative
Data Governance InitiativeDataWorks Summit
 
LeanIX-ServiceNow Integration
LeanIX-ServiceNow IntegrationLeanIX-ServiceNow Integration
LeanIX-ServiceNow IntegrationLeanIX GmbH
 
Building a Data Strategy – Practical Steps for Aligning with Business Goals
Building a Data Strategy – Practical Steps for Aligning with Business GoalsBuilding a Data Strategy – Practical Steps for Aligning with Business Goals
Building a Data Strategy – Practical Steps for Aligning with Business GoalsDATAVERSITY
 
DAS Slides: Data Governance - Combining Data Management with Organizational ...
DAS Slides: Data Governance - Combining Data Management with Organizational ...DAS Slides: Data Governance - Combining Data Management with Organizational ...
DAS Slides: Data Governance - Combining Data Management with Organizational ...DATAVERSITY
 
Introduction to Data Management Maturity Models
Introduction to Data Management Maturity ModelsIntroduction to Data Management Maturity Models
Introduction to Data Management Maturity ModelsKingland
 
Automating Data Quality Processes at Reckitt
Automating Data Quality Processes at ReckittAutomating Data Quality Processes at Reckitt
Automating Data Quality Processes at ReckittDatabricks
 
Chapter 5: Data Development
Chapter 5: Data Development Chapter 5: Data Development
Chapter 5: Data Development Ahmed Alorage
 
Introduction to Enterprise Architecture
Introduction to Enterprise Architecture Introduction to Enterprise Architecture
Introduction to Enterprise Architecture Leo Shuster
 
‏‏‏‏‏‏‏‏Chapter 11: Meta-data Management
‏‏‏‏‏‏‏‏Chapter 11: Meta-data Management‏‏‏‏‏‏‏‏Chapter 11: Meta-data Management
‏‏‏‏‏‏‏‏Chapter 11: Meta-data ManagementAhmed Alorage
 

Mais procurados (20)

Software Asset Management (SAM) Maturity landscape in India
Software Asset Management (SAM) Maturity landscape in IndiaSoftware Asset Management (SAM) Maturity landscape in India
Software Asset Management (SAM) Maturity landscape in India
 
Data Quality Services in SQL Server 2012
Data Quality Services in SQL Server 2012Data Quality Services in SQL Server 2012
Data Quality Services in SQL Server 2012
 
Chapter 4: Data Architecture Management
Chapter 4: Data Architecture ManagementChapter 4: Data Architecture Management
Chapter 4: Data Architecture Management
 
Introduction to Data Governance
Introduction to Data GovernanceIntroduction to Data Governance
Introduction to Data Governance
 
8 Steps to Creating a Data Strategy
8 Steps to Creating a Data Strategy8 Steps to Creating a Data Strategy
8 Steps to Creating a Data Strategy
 
The Data Driven University - Automating Data Governance and Stewardship in Au...
The Data Driven University - Automating Data Governance and Stewardship in Au...The Data Driven University - Automating Data Governance and Stewardship in Au...
The Data Driven University - Automating Data Governance and Stewardship in Au...
 
Build and Information Security Strategy
Build and Information Security StrategyBuild and Information Security Strategy
Build and Information Security Strategy
 
Data Governance Initiative
Data Governance InitiativeData Governance Initiative
Data Governance Initiative
 
LeanIX-ServiceNow Integration
LeanIX-ServiceNow IntegrationLeanIX-ServiceNow Integration
LeanIX-ServiceNow Integration
 
Building a Data Strategy – Practical Steps for Aligning with Business Goals
Building a Data Strategy – Practical Steps for Aligning with Business GoalsBuilding a Data Strategy – Practical Steps for Aligning with Business Goals
Building a Data Strategy – Practical Steps for Aligning with Business Goals
 
DAS Slides: Data Governance - Combining Data Management with Organizational ...
DAS Slides: Data Governance - Combining Data Management with Organizational ...DAS Slides: Data Governance - Combining Data Management with Organizational ...
DAS Slides: Data Governance - Combining Data Management with Organizational ...
 
Data Lakes com Hadoop e Spark: Agile Analytics na prática
Data Lakes com Hadoop e Spark: Agile Analytics na práticaData Lakes com Hadoop e Spark: Agile Analytics na prática
Data Lakes com Hadoop e Spark: Agile Analytics na prática
 
Introduction to Data Management Maturity Models
Introduction to Data Management Maturity ModelsIntroduction to Data Management Maturity Models
Introduction to Data Management Maturity Models
 
Automating Data Quality Processes at Reckitt
Automating Data Quality Processes at ReckittAutomating Data Quality Processes at Reckitt
Automating Data Quality Processes at Reckitt
 
Chapter 5: Data Development
Chapter 5: Data Development Chapter 5: Data Development
Chapter 5: Data Development
 
Introduction to Enterprise Architecture
Introduction to Enterprise Architecture Introduction to Enterprise Architecture
Introduction to Enterprise Architecture
 
ITIL vs. COBIT
ITIL vs. COBITITIL vs. COBIT
ITIL vs. COBIT
 
‏‏‏‏‏‏‏‏Chapter 11: Meta-data Management
‏‏‏‏‏‏‏‏Chapter 11: Meta-data Management‏‏‏‏‏‏‏‏Chapter 11: Meta-data Management
‏‏‏‏‏‏‏‏Chapter 11: Meta-data Management
 
Oracle Data Warehouse
Oracle Data WarehouseOracle Data Warehouse
Oracle Data Warehouse
 
CISA Review Course Slides - Part1
CISA Review Course Slides - Part1CISA Review Course Slides - Part1
CISA Review Course Slides - Part1
 

Semelhante a COBIT 5 Secure Software

Cobit5 introduction
Cobit5 introductionCobit5 introduction
Cobit5 introductionsuhaskokate
 
PPT-UEU-Topik-dalam-IT-Resources-Management-13.pptx
PPT-UEU-Topik-dalam-IT-Resources-Management-13.pptxPPT-UEU-Topik-dalam-IT-Resources-Management-13.pptx
PPT-UEU-Topik-dalam-IT-Resources-Management-13.pptxssuserd1791e
 
02-cobit5-introduction.ppt
02-cobit5-introduction.ppt02-cobit5-introduction.ppt
02-cobit5-introduction.pptElonMotta
 
Cobit5 introduction
Cobit5 introductionCobit5 introduction
Cobit5 introductionMarkus Yaldu
 
Cobit 5 for information security
Cobit 5 for information securityCobit 5 for information security
Cobit 5 for information securityElkanouni Mohamed
 
Introduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT managementIntroduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT managementChristian F. Nissen
 
02. cobit5 introduction
02. cobit5 introduction02. cobit5 introduction
02. cobit5 introductionMulyadi Yusuf
 
Cobi t 4.1-brochure
Cobi t 4.1-brochureCobi t 4.1-brochure
Cobi t 4.1-brochureDeloitte
 
COBIT® Presentation Package.ppt
COBIT® Presentation Package.pptCOBIT® Presentation Package.ppt
COBIT® Presentation Package.pptEmmacuet
 
Business and ITSM on the same page at last! ITIL, TOGAF and COBIT working to...
Business and ITSM on the same page at last! ITIL, TOGAF and COBIT working to...Business and ITSM on the same page at last! ITIL, TOGAF and COBIT working to...
Business and ITSM on the same page at last! ITIL, TOGAF and COBIT working to...CTE Solutions Inc.
 
Introduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementIntroduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementChristian F. Nissen
 
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise ITCOBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise ITMark Constable
 
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500PECB
 

Semelhante a COBIT 5 Secure Software (20)

Cobit5 introduction
Cobit5 introductionCobit5 introduction
Cobit5 introduction
 
Cobit 5 introduction plgr
Cobit 5 introduction plgrCobit 5 introduction plgr
Cobit 5 introduction plgr
 
PPT-UEU-Topik-dalam-IT-Resources-Management-13.pptx
PPT-UEU-Topik-dalam-IT-Resources-Management-13.pptxPPT-UEU-Topik-dalam-IT-Resources-Management-13.pptx
PPT-UEU-Topik-dalam-IT-Resources-Management-13.pptx
 
02-cobit5-introduction.ppt
02-cobit5-introduction.ppt02-cobit5-introduction.ppt
02-cobit5-introduction.ppt
 
COBIT5 Introduction
COBIT5 IntroductionCOBIT5 Introduction
COBIT5 Introduction
 
COBIT5-IntroductionS
COBIT5-IntroductionSCOBIT5-IntroductionS
COBIT5-IntroductionS
 
Cobit5 introduction
Cobit5 introductionCobit5 introduction
Cobit5 introduction
 
CobiT Foundation Free Training
CobiT Foundation Free TrainingCobiT Foundation Free Training
CobiT Foundation Free Training
 
Cobit 5 for information security
Cobit 5 for information securityCobit 5 for information security
Cobit 5 for information security
 
Introduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT managementIntroduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT management
 
02. cobit5 introduction
02. cobit5 introduction02. cobit5 introduction
02. cobit5 introduction
 
Cobit5 and-grc
Cobit5 and-grcCobit5 and-grc
Cobit5 and-grc
 
Cobi t 4.1-brochure
Cobi t 4.1-brochureCobi t 4.1-brochure
Cobi t 4.1-brochure
 
COBIT® Presentation Package.ppt
COBIT® Presentation Package.pptCOBIT® Presentation Package.ppt
COBIT® Presentation Package.ppt
 
Business and ITSM on the same page at last! ITIL, TOGAF and COBIT working to...
Business and ITSM on the same page at last! ITIL, TOGAF and COBIT working to...Business and ITSM on the same page at last! ITIL, TOGAF and COBIT working to...
Business and ITSM on the same page at last! ITIL, TOGAF and COBIT working to...
 
Introduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementIntroduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT management
 
Cobit5 introduction
Cobit5 introductionCobit5 introduction
Cobit5 introduction
 
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise ITCOBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
 
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
 
01 intro-cobit
01 intro-cobit01 intro-cobit
01 intro-cobit
 

Mais de SPIN Chennai

Suresh spincon chennai 2019 saa s nation - india's trillion dollar opportu...
Suresh spincon chennai 2019 saa s nation - india's trillion dollar opportu...Suresh spincon chennai 2019 saa s nation - india's trillion dollar opportu...
Suresh spincon chennai 2019 saa s nation - india's trillion dollar opportu...SPIN Chennai
 
Cast cloud april_2019
Cast cloud april_2019Cast cloud april_2019
Cast cloud april_2019SPIN Chennai
 
Chandra mouli health care automaton apr 2019
Chandra mouli health care automaton apr 2019Chandra mouli health care automaton apr 2019
Chandra mouli health care automaton apr 2019SPIN Chennai
 
Automation 360 meera seshadri
Automation 360 meera seshadriAutomation 360 meera seshadri
Automation 360 meera seshadriSPIN Chennai
 
Infosys agile scale_hyper_prod_platforms
Infosys agile scale_hyper_prod_platformsInfosys agile scale_hyper_prod_platforms
Infosys agile scale_hyper_prod_platformsSPIN Chennai
 
Bill curtis Beyond process - a challenge for SEPGs
Bill curtis Beyond process - a challenge for SEPGsBill curtis Beyond process - a challenge for SEPGs
Bill curtis Beyond process - a challenge for SEPGsSPIN Chennai
 
Cloud computing and innovations
Cloud computing and innovationsCloud computing and innovations
Cloud computing and innovationsSPIN Chennai
 
Transforming learning into an experience
Transforming learning into an experienceTransforming learning into an experience
Transforming learning into an experienceSPIN Chennai
 
Centre for Innovation - IIT Madras
Centre for Innovation - IIT MadrasCentre for Innovation - IIT Madras
Centre for Innovation - IIT MadrasSPIN Chennai
 
Consistent quality in the era of constant change
Consistent quality in the era of constant changeConsistent quality in the era of constant change
Consistent quality in the era of constant changeSPIN Chennai
 
Quality in the new delivery paradigm
Quality in the new delivery paradigmQuality in the new delivery paradigm
Quality in the new delivery paradigmSPIN Chennai
 
bimodal it - kumar
bimodal it - kumarbimodal it - kumar
bimodal it - kumarSPIN Chennai
 
Simple approach to roadmap in the cloud
Simple approach to roadmap in the cloudSimple approach to roadmap in the cloud
Simple approach to roadmap in the cloudSPIN Chennai
 
IT past present and promosed land
IT past present and promosed landIT past present and promosed land
IT past present and promosed landSPIN Chennai
 
Trends and innovation in Fintech
Trends and innovation in FintechTrends and innovation in Fintech
Trends and innovation in FintechSPIN Chennai
 
Role of CIO in Automation
Role of CIO in AutomationRole of CIO in Automation
Role of CIO in AutomationSPIN Chennai
 

Mais de SPIN Chennai (20)

Suresh spincon chennai 2019 saa s nation - india's trillion dollar opportu...
Suresh spincon chennai 2019 saa s nation - india's trillion dollar opportu...Suresh spincon chennai 2019 saa s nation - india's trillion dollar opportu...
Suresh spincon chennai 2019 saa s nation - india's trillion dollar opportu...
 
Cast cloud april_2019
Cast cloud april_2019Cast cloud april_2019
Cast cloud april_2019
 
Chandra mouli health care automaton apr 2019
Chandra mouli health care automaton apr 2019Chandra mouli health care automaton apr 2019
Chandra mouli health care automaton apr 2019
 
Swami ibm deck
Swami ibm deckSwami ibm deck
Swami ibm deck
 
Automation 360 meera seshadri
Automation 360 meera seshadriAutomation 360 meera seshadri
Automation 360 meera seshadri
 
Infosys agile scale_hyper_prod_platforms
Infosys agile scale_hyper_prod_platformsInfosys agile scale_hyper_prod_platforms
Infosys agile scale_hyper_prod_platforms
 
Bill curtis Beyond process - a challenge for SEPGs
Bill curtis Beyond process - a challenge for SEPGsBill curtis Beyond process - a challenge for SEPGs
Bill curtis Beyond process - a challenge for SEPGs
 
GDPR Demystified
GDPR DemystifiedGDPR Demystified
GDPR Demystified
 
Industry 4.0
Industry 4.0Industry 4.0
Industry 4.0
 
Cloud computing and innovations
Cloud computing and innovationsCloud computing and innovations
Cloud computing and innovations
 
Transforming learning into an experience
Transforming learning into an experienceTransforming learning into an experience
Transforming learning into an experience
 
Centre for Innovation - IIT Madras
Centre for Innovation - IIT MadrasCentre for Innovation - IIT Madras
Centre for Innovation - IIT Madras
 
Consistent quality in the era of constant change
Consistent quality in the era of constant changeConsistent quality in the era of constant change
Consistent quality in the era of constant change
 
Quality in the new delivery paradigm
Quality in the new delivery paradigmQuality in the new delivery paradigm
Quality in the new delivery paradigm
 
Tortoise and Hare
Tortoise and HareTortoise and Hare
Tortoise and Hare
 
bimodal it - kumar
bimodal it - kumarbimodal it - kumar
bimodal it - kumar
 
Simple approach to roadmap in the cloud
Simple approach to roadmap in the cloudSimple approach to roadmap in the cloud
Simple approach to roadmap in the cloud
 
IT past present and promosed land
IT past present and promosed landIT past present and promosed land
IT past present and promosed land
 
Trends and innovation in Fintech
Trends and innovation in FintechTrends and innovation in Fintech
Trends and innovation in Fintech
 
Role of CIO in Automation
Role of CIO in AutomationRole of CIO in Automation
Role of CIO in Automation
 

Último

Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Anamaria Contreras
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyotictsugar
 
Kenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby AfricaKenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby Africaictsugar
 
Digital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfDigital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfJos Voskuil
 
Guide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDFGuide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDFChandresh Chudasama
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfKhaled Al Awadi
 
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...ictsugar
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCRashishs7044
 
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCRashishs7044
 
Memorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMMemorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMVoces Mineras
 
Cyber Security Training in Office Environment
Cyber Security Training in Office EnvironmentCyber Security Training in Office Environment
Cyber Security Training in Office Environmentelijahj01012
 
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607dollysharma2066
 
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCRashishs7044
 
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCRashishs7044
 
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607dollysharma2066
 
Innovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfInnovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfrichard876048
 
Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Kirill Klimov
 

Último (20)

Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyot
 
Japan IT Week 2024 Brochure by 47Billion (English)
Japan IT Week 2024 Brochure by 47Billion (English)Japan IT Week 2024 Brochure by 47Billion (English)
Japan IT Week 2024 Brochure by 47Billion (English)
 
Kenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby AfricaKenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby Africa
 
Call Us ➥9319373153▻Call Girls In North Goa
Call Us ➥9319373153▻Call Girls In North GoaCall Us ➥9319373153▻Call Girls In North Goa
Call Us ➥9319373153▻Call Girls In North Goa
 
Digital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfDigital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdf
 
Guide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDFGuide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDF
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
 
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
 
Corporate Profile 47Billion Information Technology
Corporate Profile 47Billion Information TechnologyCorporate Profile 47Billion Information Technology
Corporate Profile 47Billion Information Technology
 
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
 
Memorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMMemorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQM
 
Cyber Security Training in Office Environment
Cyber Security Training in Office EnvironmentCyber Security Training in Office Environment
Cyber Security Training in Office Environment
 
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
 
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
 
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
 
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
 
Innovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfInnovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdf
 
Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024
 

COBIT 5 Secure Software

  • 1. Secure Software Development – COBIT 5 Perspective Kewyn Walter George Management Consulting 29th June 2013
  • 2. © [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 1 COBIT - A brief Introduction •COBIT is an IT governance framework and supporting tool set that allows managers to bridge the gap between control requirements, technical issues and business risk. •COBIT enables clear policy development and good practice for IT control throughout organizations. •COBIT emphasizes regulatory compliance, helps organizations to increase the value attained from IT, enables alignment and simplifies implementation of the COBIT framework.
  • 3. © [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 2 COBIT Framework Evolution Governance of Enterprise IT COBIT 5 IT Governance COBIT4.0/4.1 Management COBIT3 Control COBIT2 Audit COBIT1 2005/720001998 Evolutionofscope 1996 2012 Val IT 2.0 (2008) Risk IT (2009) An business framework from ISACA, at www.isaca.org/cobit © 2012 ISACA® All rights reserved. From Audit (COBIT1)  Governance of Enterprise IT (COBIT5)
  • 4. © [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 3 COBIT 5: The latest version •COBIT 5 is a major strategic improvement providing the next generation of ISACA guidance on the governance and management of enterprise information technology (IT) assets. •Building on more than 15 years of practical application, ISACA designed COBIT 5 to meet the needs of stakeholders, and to align with current thinking on enterprise governance and management techniques as they relate to IT. •It focuses on the dual aspects of Governance as well as Management of Enterprise IT Source : ISACA.org Copyright@ISACA
  • 5. © [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 4 COBIT 5 : Principles & Enablers Based on 5 Principles and 7 Enablers Source : ISACA.org Copyright@ISACA
  • 6. © [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 5 COBIT 5: Overall Architecture COBIT 5 Family of Products COBIT 5 Enterprise Enablers Source: COBIT® 5, figure 12. © 2012 ISACA® All rights reserved. Source: COBIT® 5, figure 11. © 2012 ISACA® All rights reserved. Source : ISACA.org Copyright@ISACA
  • 7. © [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 6 COBIT 5: Importance on Life Cycle Management & Governance Source : ISACA.org Copyright@ISACA
  • 8. © [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 7 COBIT 5: Enabling Processes: Source : ISACA.org Copyright@ISACA
  • 9. © [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 8 Importance of Secured Software Development: • The use of internet & network systems has become all pervasive increasing the risk for data integrity during software development. • Secured software development reduces software maintenance cost and increases software reliability. • Secured software development reduces a significant number of security flaws. •Such security flaws if detected at later stages of software development may require the total overhaul of the entire software architecture.
  • 10. © [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 9 Secured Software Development: Common Pitfalls: •Organizations focus on software application and information security only after their development. •Organizations conduct security audits only after development and before deployment. •There is lack of awareness on information security norms to be followed during the Software Development Lifecycle. •Organizations spend more time on reacting to security issues after software development than proactively eliminating issues before the software development is completed.
  • 11. © [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 10 How COBIT 5 addresses these pitfalls: COBIT5 emphasizes on the following key areas to addresses the common issues related to information security and software development: • Awareness & Training • Assessment & Audit • Development & Quality Assurance • Compliance • Response Management • Metrics & Accountability • Operational Security The following sections detail how COBIT5 includes Information Security and Software Development into its processes
  • 12. © [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 11 COBIT 5 –Information Security & Secure Software Development: •COBIT 5 has also taken the valuable holistic, interrelated component model approach from the Business Model for Information Security (BMIS) work and incorporated it into the framework components Source : ISACA.org Copyright@ISACA
  • 13. © [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 12 Business Model for Information Security (BMIS) • A holistic and business-oriented approach to managing information security, and a common language for information security and business management to talk about information protection • BMIS challenges conventional thinking and enables you to creatively re-evaluate your information security investment • The Business Model for Information Security, provides an in-depth explanation to a holistic business model which examines security issues from a systems perspective. Source : ISACA.org Copyright@ISACA
  • 14. © [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 13 COBIT 5 Integrates BMIS Components • Several of the BMIS components are now integrated within COBIT 5 as interacting enablers that support the enterprise in achieving its business goals and create stakeholder value: • Organization • Process • People • Human Factors • Technology • Culture Source : ISACA.org Copyright@ISACA
  • 15. © [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 14 COBIT 5 Integrates BMIS Components • The remaining BMIS components are actually related the larger aspects of the COBIT 5 framework: • Governing—The dimensions of governance activities (evaluate, direct, monitor—ISO/IEC 38500) are addressed at the enterprise level in the COBIT 5 framework • Architecture (including a process model) —COBIT 5 includes the need to address enterprise architecture aspects to link organization and technology effectively • Emergence—The holistic and integrated nature of the COBIT 5 enablers supports enterprise in adapting to changes in both stakeholder needs and enabler capabilities as necessary Source : ISACA.org Copyright@ISACA
  • 16. © [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 15 COBIT 5 Product Family—Includes Guides on Information Security Member Source : ISACA.org Copyright@ISACA
  • 17. © [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 16 COBIT 5 for Information Security: •COBIT 5 for Information Security builds on the COBIT 5 framework in that it focuses on information security and provides more detailed and more practical guidance for information security professionals and other interested parties at all levels of the enterprise. Source : ISACA.org Copyright@ISACA
  • 18. © [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 17 Implementing Information Security using COBIT 5 Enablers •COBIT 5 defines a set of enablers to support the implementation of a comprehensive governance and management system for enterprise IT and information. Enablers are factors that, individually and collectively, influence whether something will work—in this case, governance and management over enterprise IT and, related to that, information security governance. •Enablers are driven by the goals cascade, i.e., higher level IT- related goals define what the different enablers should achieve. Source : ISACA.org Copyright@ISACA
  • 19. © [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 18 Implementing Information Security using COBIT 5 Enablers The Enablers contain detailed guidance on Information Security norms to be followed in daily processes. The following shows the example with the enabler – Culture, ethics & behaviour Source : ISACA.org Copyright@ISACA
  • 20. © [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 19 COBIT 5 Processes: Tailored for Information Security & Software Development: Source : ISACA.org Copyright@ISACA
  • 21. © [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 20 COBIT 5 Processes: Tailored for Information Security & Software Development: (An example) •COBIT 5 addresses information security specifically: •The focus on information security management system (ISMS) in the align, plan and organize (APO) management domain, APO13 Manage security, establishes the prominence of information security within the COBIT 5 process framework. •This process highlights the need for enterprise management to plan and establish an appropriate ISMS to support the information security governance principles and security- impacted business objectives resulting from the evaluate, direct and monitor (EDM) governance domain. Source : ISACA.org Copyright@ISACA
  • 22. © [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 21 Secured Software Development: Benefits of Implementing COBIT 5 • Through its IT related processes, COBIT 5 emphasizes on ‘Monitor, Evaluate and Assess’ at every stage of software development. •This ensures a significant reduction in costs due to after development security related bug fixes. • Through enablers focused on culture, ethics and behaviour, COBIT 5 ensures that the principles related to information security are imbibed into the daily processes. • Application vulnerability to external information related threats is reduced at every developmental step. Source : ISACA.org Copyright@ISACA
  • 23. © [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 22 Secured Software Development: Benefits of Implementing COBIT 5 • Through process optimization and early bug and security flaw detection COBIT 5 helps organizations reduce development time and achieve the fastest schedule for software development.
  • 24. © [year] [legal member firm name], a [jurisdiction] [legal structure] and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. 23 Accredited COBIT 5 Foundation Course by KPMG Course Overview: COBIT 5 is the only business framework for the governance and management of enterprise IT. This evolutionary version incorporates the latest thinking in enterprise governance and management techniques, and provides globally accepted principles, practices, analytical tools and models to help increase the trust in, and value from, information systems. COBIT 5 builds and expands on COBIT 4.1 by integrating other major frameworks, standards and resources, including ISACA’s Val IT and Risk IT, Information Technology Infrastructure Library (ITIL®) and related standards from the International Organization for Standardization (ISO). Course trainer: The trainers are accredited by APMG , who have in-depth experience in COBIT 5 consulting and conducted more than 25 COBIT workshops Duration : 2 Service days Course Fee : INR 22,900 ( Trainer charges ,Training Material , Exam and certification cost) + Service Tax ( 10% - 15% Discount for SPIN and ISACA Members) Course Contents: Enablers 1. Principles, policies and frameworks 2. Processes 3. Organizational structures. 4. Culture, ethics and behavior 5. Information 6. Services, infrastructure and applications 7. People, skills and competencies 5 Principles Principle 1: Meeting Stakeholder Needs Principle 2: Covering the Enterprise End-to- End Principle 3: Applying a Single, Integrated Framework Principle 4: Enabling a Holistic Approach Principle 5: Separating Governance From Management
  • 25. © 2013 KPMG, an Indian Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name, logo and ‘cutting through complexity’ are registered trademarks or trademarks of KPMG International Cooperative (KPMG International). Thank you Kewyn Walter George KPMG Management Consulting Email: kewyn@kpmg.com Phone: 97890 11128