Suche senden
Hochladen
Cobit 5 for Information Security
•
3 gefällt mir
•
4,343 views
Seto Joseles
Folgen
Technologie
Melden
Teilen
Melden
Teilen
1 von 8
Jetzt herunterladen
Downloaden Sie, um offline zu lesen
Empfohlen
Cobit 5 used in an information security review
Cobit 5 used in an information security review
Johnbarchie
Cobit 5 for information security
Cobit 5 for information security
Elkanouni Mohamed
GDPR and Security.pdf
GDPR and Security.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
An Introduction to IT Management with COBIT 2019
An Introduction to IT Management with COBIT 2019
Gregor Polančič
Cobit 2019 framework by ISACA
Cobit 2019 framework by ISACA
MDFazlaRabbiAbir
Why ISO27001 For My Organisation
Why ISO27001 For My Organisation
Vigilant Software
IT Governance - COBIT Perspective
IT Governance - COBIT Perspective
Sayyed Zakir Ali Rizwe
IT Governance - Capability Assessment using COBIT 5
IT Governance - Capability Assessment using COBIT 5
Eryk Budi Pratama
Empfohlen
Cobit 5 used in an information security review
Cobit 5 used in an information security review
Johnbarchie
Cobit 5 for information security
Cobit 5 for information security
Elkanouni Mohamed
GDPR and Security.pdf
GDPR and Security.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
An Introduction to IT Management with COBIT 2019
An Introduction to IT Management with COBIT 2019
Gregor Polančič
Cobit 2019 framework by ISACA
Cobit 2019 framework by ISACA
MDFazlaRabbiAbir
Why ISO27001 For My Organisation
Why ISO27001 For My Organisation
Vigilant Software
IT Governance - COBIT Perspective
IT Governance - COBIT Perspective
Sayyed Zakir Ali Rizwe
IT Governance - Capability Assessment using COBIT 5
IT Governance - Capability Assessment using COBIT 5
Eryk Budi Pratama
Information Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO Standards
PECB
Introduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT management
Christian F. Nissen
COBIT® Presentation Package.ppt
COBIT® Presentation Package.ppt
Emmacuet
Cobit 5 - An Overview
Cobit 5 - An Overview
Anurag Purohit
Project plan for ISO 27001
Project plan for ISO 27001
technakama
Privacy by design
Privacy by design
Prof. Jacques Folon (Ph.D)
It governance & cobit 5
It governance & cobit 5
Laddawan Rattanaruang
Iso27001 The Road To Certification
Iso27001 The Road To Certification
tschraider
IT Strategy Assessment & Optimization - Catallysts Approach
IT Strategy Assessment & Optimization - Catallysts Approach
Rajanish Dass
All about a DPIA by Andrey Prozorov 2.0, 220518.pdf
All about a DPIA by Andrey Prozorov 2.0, 220518.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
Iso 27001 awareness
Iso 27001 awareness
Ãsħâr Ãâlâm
Itil,cobit and ıso27001
Itil,cobit and ıso27001
Burcu Pelin TELLİ
ISO 27701
ISO 27701
UtkarshDhiman4
Data Architecture Strategies
Data Architecture Strategies
DATAVERSITY
Basic introduction to iso27001
Basic introduction to iso27001
Imran Ahmed
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation Guide
NQA
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?
PECB
27001 awareness Training
27001 awareness Training
Dr Madhu Aman Sharma
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...
PECB
IT System & Security Audit
IT System & Security Audit
Mufaddal Nullwala
Cobit5 laminate
Cobit5 laminate
claudiocj7
Cobit 5 introduction plgr
Cobit 5 introduction plgr
Pedro Garcia Repetto
Weitere ähnliche Inhalte
Was ist angesagt?
Information Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO Standards
PECB
Introduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT management
Christian F. Nissen
COBIT® Presentation Package.ppt
COBIT® Presentation Package.ppt
Emmacuet
Cobit 5 - An Overview
Cobit 5 - An Overview
Anurag Purohit
Project plan for ISO 27001
Project plan for ISO 27001
technakama
Privacy by design
Privacy by design
Prof. Jacques Folon (Ph.D)
It governance & cobit 5
It governance & cobit 5
Laddawan Rattanaruang
Iso27001 The Road To Certification
Iso27001 The Road To Certification
tschraider
IT Strategy Assessment & Optimization - Catallysts Approach
IT Strategy Assessment & Optimization - Catallysts Approach
Rajanish Dass
All about a DPIA by Andrey Prozorov 2.0, 220518.pdf
All about a DPIA by Andrey Prozorov 2.0, 220518.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
Iso 27001 awareness
Iso 27001 awareness
Ãsħâr Ãâlâm
Itil,cobit and ıso27001
Itil,cobit and ıso27001
Burcu Pelin TELLİ
ISO 27701
ISO 27701
UtkarshDhiman4
Data Architecture Strategies
Data Architecture Strategies
DATAVERSITY
Basic introduction to iso27001
Basic introduction to iso27001
Imran Ahmed
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation Guide
NQA
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?
PECB
27001 awareness Training
27001 awareness Training
Dr Madhu Aman Sharma
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...
PECB
IT System & Security Audit
IT System & Security Audit
Mufaddal Nullwala
Was ist angesagt?
(20)
Information Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO Standards
Introduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT management
COBIT® Presentation Package.ppt
COBIT® Presentation Package.ppt
Cobit 5 - An Overview
Cobit 5 - An Overview
Project plan for ISO 27001
Project plan for ISO 27001
Privacy by design
Privacy by design
It governance & cobit 5
It governance & cobit 5
Iso27001 The Road To Certification
Iso27001 The Road To Certification
IT Strategy Assessment & Optimization - Catallysts Approach
IT Strategy Assessment & Optimization - Catallysts Approach
All about a DPIA by Andrey Prozorov 2.0, 220518.pdf
All about a DPIA by Andrey Prozorov 2.0, 220518.pdf
Iso 27001 awareness
Iso 27001 awareness
Itil,cobit and ıso27001
Itil,cobit and ıso27001
ISO 27701
ISO 27701
Data Architecture Strategies
Data Architecture Strategies
Basic introduction to iso27001
Basic introduction to iso27001
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation Guide
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?
27001 awareness Training
27001 awareness Training
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...
IT System & Security Audit
IT System & Security Audit
Ähnlich wie Cobit 5 for Information Security
Cobit5 laminate
Cobit5 laminate
claudiocj7
Cobit 5 introduction plgr
Cobit 5 introduction plgr
Pedro Garcia Repetto
Feb 26 NETP Slide Deck
Feb 26 NETP Slide Deck
ddcomeau
Cobit 5 Business Framework -Governance and Management of Enterprise IT
Cobit 5 Business Framework -Governance and Management of Enterprise IT
Balasubramanian.C PMP®,ITIL®,PRINCE2®,COBIT®5
ACFN vISO eBook
ACFN vISO eBook
Patrick Whelan, CISA
5 essential-facts-about-cobit
5 essential-facts-about-cobit
Sreechith Radhakrishnan
Cobit5 and-grc
Cobit5 and-grc
Tatto Sugiopranoto
COBIT5 Introduction
COBIT5 Introduction
Mohammad Reda Katby
01-Build-an-IT-Risk-Management-Program--Phases-1-3.pptx
01-Build-an-IT-Risk-Management-Program--Phases-1-3.pptx
jamiejohngianna
Introduction to cobit 5.0
Introduction to cobit 5.0
Sreechith Radhakrishnan
Cobit Foundation Training
Cobit Foundation Training
vyomlabs
Intro to COBIT 5.0
Intro to COBIT 5.0
Iyad Mourtada, CMA, CIA, CFE, CCSA, CRMA, CPLP
Marcos cobi t -e-itil-v040811
Marcos cobi t -e-itil-v040811
faau09
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 Framework
Goutama Bachtiar
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...
PECB
Cobit5 introduction
Cobit5 introduction
suhaskokate
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?
PECB
10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know
IBM Security
COBIT 5 FAQ
COBIT 5 FAQ
Mas'ud Adhi Saputra
Savings, security, and stability: how ShareGate benefits everyone
Savings, security, and stability: how ShareGate benefits everyone
sammart93
Ähnlich wie Cobit 5 for Information Security
(20)
Cobit5 laminate
Cobit5 laminate
Cobit 5 introduction plgr
Cobit 5 introduction plgr
Feb 26 NETP Slide Deck
Feb 26 NETP Slide Deck
Cobit 5 Business Framework -Governance and Management of Enterprise IT
Cobit 5 Business Framework -Governance and Management of Enterprise IT
ACFN vISO eBook
ACFN vISO eBook
5 essential-facts-about-cobit
5 essential-facts-about-cobit
Cobit5 and-grc
Cobit5 and-grc
COBIT5 Introduction
COBIT5 Introduction
01-Build-an-IT-Risk-Management-Program--Phases-1-3.pptx
01-Build-an-IT-Risk-Management-Program--Phases-1-3.pptx
Introduction to cobit 5.0
Introduction to cobit 5.0
Cobit Foundation Training
Cobit Foundation Training
Intro to COBIT 5.0
Intro to COBIT 5.0
Marcos cobi t -e-itil-v040811
Marcos cobi t -e-itil-v040811
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 Framework
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...
Cobit5 introduction
Cobit5 introduction
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?
10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know
COBIT 5 FAQ
COBIT 5 FAQ
Savings, security, and stability: how ShareGate benefits everyone
Savings, security, and stability: how ShareGate benefits everyone
Kürzlich hochgeladen
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
Manik S Magar
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
Rick Flair
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
BookNet Canada
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
LoriGlavin3
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
mohitsingh558521
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
hariprasad279825
Training state-of-the-art general text embedding
Training state-of-the-art general text embedding
Zilliz
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
LoriGlavin3
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
MounikaPolabathina
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
Lars Bell
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
BookNet Canada
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
BookNet Canada
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
BookNet Canada
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
2toLead Limited
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
LoriGlavin3
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
Addepto
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
Fwdays
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
Raghuram Pandurangan
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
Fwdays
Kürzlich hochgeladen
(20)
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
Training state-of-the-art general text embedding
Training state-of-the-art general text embedding
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
Cobit 5 for Information Security
1.
for Information Security COBIT 5
Product Family COBIT® 5 COBIT 5 Enabler Guides COBIT® 5: Enabling Processes COBIT® 5: Enabling Information Other Enabler Guides COBIT 5 Professional Guides COBIT® 5 Implementation COBIT® 5 for Information Security COBIT® 5 for Assurance COBIT® 5 for Risk COBIT 5 Online Collaborative Environment Source: COBIT 5 for Information Security, figure 1 COBIT 5 Principles 1. Meeting Stakeholder Needs 5. Separating Governance From Management 2. Covering the Enterprise End-to-end COBIT 5 Principles 3. Applying a Single Integrated Framework 4. Enabling a Holistic Approach Source: COBIT 5, figure 2 3701 Algonquin Road, Suite 1010 • Rolling Meadows, IL 60008 USA Phone: +1.847.253.1545 • Fax: +1.847.253.1443 • Email: info@isaca.org Web site: www.isaca.org ©2013 ISACA. A l l r i g h t s r e s e r v e d . Other Professional Guides
2.
for Information Security COBIT 5
Goals Cascade Overview Stakeholder Drivers (Environment, Technology Evolution, …) Influence Stakeholder Needs Benefits Realisation Risk Optimisation Resource Optimisation Cascade to Enterprise Goals Cascade to IT-related Goals Cascade to Enabler Goals Source: COBIT 5, figure 4 Selected Guidance From the COBIT 5 Family These charts and figures are elements of COBIT 5 and its supporting guides. This excerpt is available as a complimentary PDF (www.isaca.org/cobit) and for purchase in hard copy (www.isaca.org/bookstore). It provides an overview of the COBIT 5 guidance, its five principles and seven enablers. We encourage you to share this document with your enterprise leaders, team members, clients and/or consultants. COBIT enables enterprises to maximize the value and minimize the risk related to information, which has become the currency of the 21st century. COBIT 5 is a comprehensive framework of globally accepted principles, practices, analytical tools and models that can help any enterprise effectively address critical business issues related to the governance and management of information and technology. Additional information is available at www.isaca.org/cobit. ©2013 ISACA. A l l r i g h t s r e s e r v e d .
3.
for Information Security Governance and
Management in COBIT 5 Governance Objective: Value Creation Benefits Realisation Risk Optimisation Resource Optimisation Governance Enablers Governance Scope Roles, Activities and Relationships Source: COBIT 5, figure 8 Key Roles, Activities and Relationships Roles, Activities and Relationships Delegate Owners and Stakeholders Accountable Instruct and Align Set Direction Governing Body Management Monitor Report Source: COBIT 5, figure 9 COBIT 5 Governance and Management Key Areas Business Needs Governance Evaluate Direct Monitor Management Feedback Management Plan (APO) Build (BAI) Run (DSS) Monitor (MEA) Source: COBIT 5, figure 15 ©2013 ISACA. A l l r i g h t s r e s e r v e d . Operations and Execution
4.
for Information Security Information Security
Skills/Competencies Skills/Competencies Information security governance Information security strategy formulation Information risk management Information security architecture development Information security operations Information assessment and testing and compliance Source: COBIT 5 for Information Security, Figure 20 Example Stakeholders for Information Security-related Information (Small/Medium Enterprise) A Chief executive officer (CEO) U A U I U U U Policies Information Security Dashboard I Information Risk Profile Information Security Review Reports U Information Security Requirements I Information Security Plan U Stakeholder Information Security Budget Board Information Security Strategy Awareness Material Information Security Service Catalogue Information Type Internal: Enterprise Chief financial officer (CFO) A U Chief information security officer (CISO) O U O O A A A A U U Information security steering committee (ISSC) A O A U U I U I U U Business process owner U O U U U Head of human resources (HR) U U U O O O U Internal: IT Chief information officer (CIO)/IT manager U O U U U U I Information security manager (ISM) U U U O U O O External Investors I Insurers I I I I Business Partners I I Vendors/Suppliers I Regulators I External Auditors I I An indication of the nature of the relationship of the stakeholder for each information type: A—Approver O—Originator I—Informed of information type U—User of information type Source: COBIT 5 for Information Security, Figure 17 ©2013 ISACA. A l l r i g h t s r e s e r v e d . I I I I
5.
for Information Security Advantages and
Disadvantages of Potential Paths for Information Security Reporting Role Advantages Disadvantages Chief executive officer (CEO) Information risk is elevated to the highest level in the enterprise. Information risk needs to be presented in a format that is understandable to the CEO. Given the multitude of responsibilities of the CEO, information risk might be monitored and managed at too high a level of abstraction or might not be fully understood in its relevant details. Chief information officer (CIO) Information security issues and solutions can be aligned with all IT initiatives. Information risk may not be addressed due to other IT initiatives and deadlines taking precedence over information security. There is a potential conflict of interest. The work performed by information security professionals may be IT-focussed and not information security-focussed. In other words, there may be an insufficient business focus. Chief financial officer (CFO) Information security issues can be addressed from a financial business impact point of view. Information risk may not be addressed due to financial initiatives and deadlines taking precedence over information security. There is a potential conflict of interest. Chief risk officer (CRO) Information risk is elevated to a position that can also look at risk from strategic, financial, operational, reputational and compliance perspectives. This role does not exist in most enterprises. It is most often found in financial service organisations. In enterprises in which a CRO is not present, organisational risk decisions may be decided by the CEO or board of directors. Chief technology officer (CTO) Information security can be partnered and included in future technology road maps. Information risk may not be addressed due to technology directions taking precedence over information security. Chief operating officer (COO) Information security issues and solutions can be addressed from the standpoint of impact to the business’ operations. Information risk may not be addressed due to operational initiatives and deadlines taking precedence over information security. Board of directors (indirect report) Information risk is elevated to the highest level in the enterprise. Information risk needs to be presented in a format that is understandable to board members, and hence may become too high-level to be relevant. Source: COBIT 5 for Information Security, Figure 14 Policy Framework Policy Framework Input Information Security Principles Mandatory Information Security Standards, Frameworks and Models Information Security Policy Specific Information Security Policies Generic Information Security Standards, Frameworks and Models Information Security Procedures Information Security Requirements and Documentation Source: COBIT 5 for Information Security, Figure 10 ©2013 ISACA. A l l r i g h t s r e s e r v e d .
6.
APO03 Manage Enterprise Architecture EDM02 Ensure Benefits
Delivery ©2013 ISACA. A l l r i g h t s r e s e r v e d BAI09 Manage Assets BAI02 Manage Requirements Definition . Source: COBIT 5, figure 16 DSS01 Manage Operations DSS02 Manage Service Requests and Incidents Deliver, Service and Support BAI08 Manage Knowledge BAI01 Manage Programmes and Projects DSS04 Manage Continuity BAI04 Manage Availability and Capacity APO11 Manage Quality APO04 Manage Innovation EDM03 Ensure Risk Optimisation DSS05 Manage Security Services BAI05 Manage Organisational Change Enablement APO12 Manage Risk APO05 Manage Portfolio DSS06 Manage Business Process Controls BAI06 Manage Changes APO13 Manage Security APO06 Manage Budget and Costs EDM04 Ensure Resource Optimisation Processes for Management of Enterprise IT DSS03 Manage Problems BAI10 Manage Configuration BAI03 Manage Solutions Identification and Build APO09 Manage Service Agreements APO08 Manage Relationships Build, Acquire and Implement APO10 Manage Suppliers APO02 Manage Strategy APO01 Manage the IT Management Framework Align, Plan and Organise EDM01 Ensure Governance Framework Setting and Maintenance Evaluate, Direct and Monitor Processes for Governance of Enterprise IT COBIT 5 Process Reference Model BAI07 Manage Change Acceptance and Transitioning APO07 Manage Human Resources EDM05 Ensure Stakeholder Transparency MEA03 Monitor, Evaluate and Assess Compliance With External Requirements MEA02 Monitor, Evaluate and Assess the System of Internal Control MEA01 Monitor, Evaluate and Assess Performance and Conformance Monitor, Evaluate and Assess for Information Security
7.
for Information Security COBIT 5
Enterprise Enablers 4. Culture, Ethics and Behaviour 3. Organisational Structures 2. Processes 1. Principles, Policies and Frameworks 6. Services, Infrastructure and Applications 5. Information 7. People, Skills and Competencies Resources Source: COBIT 5, figure 12 Enabler Performance Management Enabler Dimension COBIT 5 Enablers: Generic Stakeholders Goals Life Cycle Good Practices • Internal Stakeholders • External Stakeholders • Intrinsic Quality • Contextual Quality (Relevance, Effectiveness) • Accessibility and Security • Plan • Design • Build/Acquire/ Create/Implement • Use/Operate • Evaluate/Monitor • Update/Dispose • Practices • Work Products (Inputs/Outputs) Are Stakeholders Needs Addressed? Are Enabler Goals Achieved? Is Life Cycle Managed? Are Good Practices Applied? Metrics for Application of Practice (Lead Indicators) Metrics for Achievement of Goals (Lag Indicators) Source: COBIT 5, figure 13 ©2013 ISACA. A l l r i g h t s r e s e r v e d .
8.
for Information Security p do we t re ? (middle
ring) fi n e? to b ed ge th e ap m Co o De • Change enablement ant te n (outer ring) ew cu ow I d e n tif y r o l e pla ye rs oa e s er ta B u il d i m pro ve m e nts m ut u ni co c a m e te fi rg n e ta e t te e en n t ts • Programme management • Continual improvement life cycle (inner ring) dm Operate and measur e Embed n approach ew es Realise ben efits le m I m p o ve m r imp at er O p d us an E xe 5H e De re we now? here a Recog need nise act to ementation impl rm team Fo r nito Mo and ate alu ev 2W Establ is to ch h des ang ire e n stai Su la Initiat e pr ogr am me ow e ctiv ffe e re th ed rive rs? ss Asseent curr te sta 6 Did we get the ow 1 What a going? entum mom the p kee we viewness do Re ms and probleities ine un Def opport re? 7H The Seven Phases of the Implementation Life Cycle P la n p ro g ra m m e 3 4 W hat n eeds to be d one? Wh er Source: COBIT 5, figure 17 and COBIT 5 Implementation, figure 6 Summary of the COBIT 5 Process Capability Model Generic Process Capability Attributes Performance Attribute (PA) 1.1 Process Performance Incomplete Process Performed Process 0 PA 2.1 Performance Management PA 2.2 Work Product Management Managed Process 1 PA 3.1 Process Definition PA 3.2 PA 4.1 Process Process Deployment Management Established Process 2 Predictable Process 3 COBIT 5 Process Assessment Model—Performance Indicators PA 4.2 Process Control PA 5.1 Process Innovation PA 5.2 Process Optimisation Optimising Process 4 COBIT 5 Process Assessment Model–Capability Indicators Process Outcomes Base Practices (Management/ Governance Practices) Work Products (Inputs/ Outputs) Generic Resources Generic Practices Source: COBIT 5, figure 19 ©2013 ISACA. A l l r i g h t s r e s e r v e d . Generic Work Products 5
Jetzt herunterladen