SlideShare ist ein Scribd-Unternehmen logo

IT Governance & ISO 38500

Ramiro Cid
Ramiro Cid

IT Governance or Corporate governance of information technology is a subset discipline of corporate governance, focused on information and technology (IT) and its performance and risk management. The interest in IT Governance is due to the ongoing need within organizations to focus value creation efforts on an organization's strategic objectives and to better manage the performance of those responsible for creating this value in the best interest of all stakeholders.

Regierungs- und gemeinnützige Organisationen
1 von 13
Downloaden Sie, um offline zu lesen
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid Ramiro Cid | @ramirocid IT Governance & ISO 38500
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid 2 Index 1. First approach to IT Governance Slide 3 2. Problems with IT Governance Slide 4 3. IT Governance: Frameworks Slide 5 4. IT Governance: Lifecycle Slide 7 5. ISO/IEC 38500:2008 - Main topics Slide 8 6. ISO/IEC 38500:2008 - Main purposes Slide 9 7. ISO/IEC 38500:2008 - 6 Basic principles Slide 10 8. ISO/IEC 38500:2008 - Remarking 2 Basic principles Slide 11 9. Sources used to expand knowledge Slide 12
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid IT Governance or Corporate governance of information technology is a subset discipline of corporate governance, focused on information and technology (IT) and its performance and risk management. The interest in IT governance is due to the ongoing need within organizations to focus value creation efforts on an organization's strategic objectives and to better manage the performance of those responsible for creating this value in the best interest of all stakeholders. It is also very important to have an alignment of IT strategy with the business strategy. It has evolved from The Principles of Scientific Management, Total Quality Management and ISO 9001 Quality management system. An IT Governance framework is used to identify, establish and link the mechanisms to oversee the use of information and related technology to create value and manage the risks associated with using information and technology. 1. First approach to IT Governance
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid IT governance is often confused with IT management, compliance and IT controls. The problem is increased by terms such as "governance, risk and compliance (GRC)" that establish a link between governance and compliance. The primary focus of IT governance is the stewardship of IT resources on behalf of various stakeholders whose ranking is established by the organization's governing body. A simple way to explain IT governance is: what is to be achieved from the leveraging of IT resources. While IT management is about "planning, organizing, directing and controlling the use of IT resources" (that is, the how), IT governance is about creating value for the stakeholders based on the direction given by those who govern. ISO 38500 has helped clarify IT governance by describing a model to be used by company directors. While directors are responsible for this stewardship it is not unusual that will delegate this responsibility to management (business and IT) who are expected to develop the necessary capability to deliver the performance expected. Whilst managing risk and ensuring compliance are essential components of good governance, the primary focus is on delivering value and managing performance (i.e. "Governance, Value delivery and Performance management" (GVP)). 2. Problems with IT Governance
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid  AS8015-2005: Australian Standard for Corporate Governance of Information and Communication Technology. AS8015 was adopted as ISO/IEC 38500 in May 2008.  ISO/IEC 38500:2008: Corporate governance of information technology (very closely based on AS8015- 2005) provides a framework for effective governance of IT to assist those at the highest level of organizations to understand and fulfill their legal, regulatory, and ethical obligations in respect of their organizations’ use of IT. ISO/IEC 38500 is applicable to organizations from all sizes, including public and private companies, government entities, and not-for-profit organizations. 3. IT Governance: Frameworks
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid  COBIT: Is regarded as the world's leading IT governance and control framework. COBIT provides a reference model of 37 IT processes typically found in an organization. Each process is defined together with process inputs and outputs, key process activities, process objectives, performance measures and an elementary maturity model. ISACA published COBIT 5 in April 2012 as a "business framework for the governance and management of enterprise IT". COBIT 5 consolidates COBIT4.1, Val IT and Risk IT into a single framework acting as an enterprise framework aligned and interoperable with TOGAF and ITIL. Last version is COBIT 5. 3. IT Governance: Frameworks
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid 4. IT Governance: Lifecycle
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid IT Governance has an ISO, it is the ISO/IEC 38500:2008 called “Corporate governance of information technology”. This presentation will focus in this IT Governance framework. This standard was published in June 2008 and complements the set of ISO standards that affect the systems and information technologies (such as ISO/IEC 27001, ISO/IEC 20000, etc.). This rule sets standards for good management of business processes and decisions related to information and communication services that are usually managed by specialists in IS / internal or within other business units of the IT organization, such as suppliers external service. 5. ISO/IEC 38500:2008 - Main topics
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid In essence, all that this proposed rule can be summarized into three main purposes: a) Ensure that, if the rule is followed properly, the stakeholders (managers, consultants, engineers, hardware vendors, auditors, etc.), can rely on the corporate governance of IT. b) Provide information and guidance to managers that control the use of IS/IT in your organization/company. c) Provide a basis for objective evaluation by top management of IT management. IT governance framework Likewise, the rule encourages adopt a minimum set of measures for the organization to get your IT goals. 6. ISO/IEC 38500:2008 - Main purposes
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid 1. The establishment of responsibilities to competent people for decision making 2. Alignment of IT with the strategic objectives of the organization (a good planning support to the improvement of the organization) 3. The investment in IT goods suitable 4. Quality in the operation of IT systems 5. Ensuring legal compliance or regulatory IT systems 6. The involvement of the human factor and respect at the same 7. ISO/IEC 38500:2008 - 6 Basic principles
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid  Compliance with the legal environment is a growing need in the context of IS/IT organizations of any size, as there is a lot of legislation regulating the use of information, communications, etc. forming a binding legal framework that can not be ignored.  The human factor is often treated very tangentially in many business strategies and, above all, IS/IT. Fortunately, this standard (as ISO 27001 for example in his domain “8. Security linked to Human Resources”), incorporated as a fundamental pillar more. 8. ISO/IEC 38500:2008 - Remarking 2 Basic principles
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid  IT Governance Definition and Solutions | cio.com URL: http://www.cio.com/article/2438931/governance/it-governance-definition-and-solutions.html  “Corporate governance of information technology” definition | Wikipedia URL: https://en.wikipedia.org/wiki/Corporate_governance_of_information_technology  IT Governance Defined | ITGovernance URL: http://www.itgovernance.co.uk/it_governance.aspx  “IT Governance Developing a successful governance strategy” | National Computing Centre (published on Isaca.org website) URL: https://www.isaca.org/Certification/CGEIT-Certified-in-the-Governance-of-Enterprise-IT/Prepare-for-the-Exam/Study- Materials/Documents/Developing-a-Successful-Governance-Strategy.pdf 9. Sources used to expand knowledge
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid Questions? Many thanks ! Ramiro Cid CISM, CGEIT, ISO 27001 LA, ISO 22301 LA, ITIL ramiro@ramirocid.com @ramirocid http://www.linkedin.com/in/ramirocid http://ramirocid.com http://es.slideshare.net/ramirocid http://www.youtube.com/user/cidramiro

Empfohlen

Introduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT managementIntroduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT management
Christian F. Nissen
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interprom
Mart Rovers
 
IT Governance
IT GovernanceIT Governance
IT Governance
Carlos Chalico
 
Cobit 2019 framework by ISACA
Cobit 2019 framework by ISACACobit 2019 framework by ISACA
Cobit 2019 framework by ISACA
MDFazlaRabbiAbir
 
ISO 27001:2022 Introduction
ISO 27001:2022 IntroductionISO 27001:2022 Introduction
ISO 27001:2022 Introduction
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
COBIT 5.0 Vs ISO / IEC 38500 (IT Governance)
COBIT 5.0 Vs ISO / IEC 38500 (IT Governance)COBIT 5.0 Vs ISO / IEC 38500 (IT Governance)
COBIT 5.0 Vs ISO / IEC 38500 (IT Governance)
ISACA Riyadh
 
cobit 2019 presentation.pdf
cobit 2019 presentation.pdfcobit 2019 presentation.pdf
cobit 2019 presentation.pdf
mohammed539963
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptx
Dr Madhu Aman Sharma
 

Empfohlen

Introduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT managementIntroduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT management
Christian F. Nissen
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interprom
Mart Rovers
 
IT Governance
IT GovernanceIT Governance
IT Governance
Carlos Chalico
 
Cobit 2019 framework by ISACA
Cobit 2019 framework by ISACACobit 2019 framework by ISACA
Cobit 2019 framework by ISACA
MDFazlaRabbiAbir
 
ISO 27001:2022 Introduction
ISO 27001:2022 IntroductionISO 27001:2022 Introduction
ISO 27001:2022 Introduction
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
COBIT 5.0 Vs ISO / IEC 38500 (IT Governance)
COBIT 5.0 Vs ISO / IEC 38500 (IT Governance)COBIT 5.0 Vs ISO / IEC 38500 (IT Governance)
COBIT 5.0 Vs ISO / IEC 38500 (IT Governance)
ISACA Riyadh
 
cobit 2019 presentation.pdf
cobit 2019 presentation.pdfcobit 2019 presentation.pdf
cobit 2019 presentation.pdf
mohammed539963
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptx
Dr Madhu Aman Sharma
 
COBIT 2019 Overview_v1.1.pdf
COBIT 2019 Overview_v1.1.pdfCOBIT 2019 Overview_v1.1.pdf
COBIT 2019 Overview_v1.1.pdf
MartinPatrici
 
An Introduction to IT Management with COBIT 2019
An Introduction to IT Management with COBIT 2019An Introduction to IT Management with COBIT 2019
An Introduction to IT Management with COBIT 2019
Gregor Polančič
 
IT Governance Framework
IT Governance FrameworkIT Governance Framework
IT Governance Framework
Sherri Booher
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMS
Business Beam
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
Shankar Subramaniyan
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?
PECB
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
n|u - The Open Security Community
 
Information Security Governance and Strategy
Information Security Governance and Strategy Information Security Governance and Strategy
Information Security Governance and Strategy
Dam Frank
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
Dr Madhu Aman Sharma
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
Tanmay Shinde
 
IT Governance Presentation
IT Governance PresentationIT Governance Presentation
IT Governance Presentation
jmcarden
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001
Imran Ahmed
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 isms
Craig Willetts ISO Expert
 
IT Governance - COBIT Perspective
IT Governance - COBIT PerspectiveIT Governance - COBIT Perspective
IT Governance - COBIT Perspective
Sayyed Zakir Ali Rizwe
 
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardQuick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
PECB
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management System
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentation
Midhun Nirmal
 
ISO 20000-1:2018 Awareness and Auditor Training PPT Presentation kit for ITSM
ISO 20000-1:2018 Awareness and Auditor Training PPT Presentation kit for ITSMISO 20000-1:2018 Awareness and Auditor Training PPT Presentation kit for ITSM
ISO 20000-1:2018 Awareness and Auditor Training PPT Presentation kit for ITSM
Global Manager Group
 
Information Security Management System with ISO/IEC 27000:2018
Information Security Management System with ISO/IEC 27000:2018Information Security Management System with ISO/IEC 27000:2018
Information Security Management System with ISO/IEC 27000:2018
Goutama Bachtiar
 
Isms awareness presentation
Isms awareness presentationIsms awareness presentation
Isms awareness presentation
Pranay Kumar
 
IT Governance Vs IT Management Presentation V0.1
IT Governance Vs IT Management Presentation V0.1IT Governance Vs IT Management Presentation V0.1
IT Governance Vs IT Management Presentation V0.1
Richard Willis
 
Eurosec'2008 christophe feltus
Eurosec'2008 christophe feltusEurosec'2008 christophe feltus
Eurosec'2008 christophe feltus
Luxembourg Institute of Science and Technology
 

Weitere ähnliche Inhalte

Was ist angesagt?

ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?
PECB
 
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardQuick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
PECB
 

Was ist angesagt? (20)

COBIT 2019 Overview_v1.1.pdf
COBIT 2019 Overview_v1.1.pdfCOBIT 2019 Overview_v1.1.pdf
COBIT 2019 Overview_v1.1.pdf
 
An Introduction to IT Management with COBIT 2019
An Introduction to IT Management with COBIT 2019An Introduction to IT Management with COBIT 2019
An Introduction to IT Management with COBIT 2019
 
IT Governance Framework
IT Governance FrameworkIT Governance Framework
IT Governance Framework
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMS
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
 
Information Security Governance and Strategy
Information Security Governance and Strategy Information Security Governance and Strategy
Information Security Governance and Strategy
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
 
IT Governance Presentation
IT Governance PresentationIT Governance Presentation
IT Governance Presentation
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 isms
 
IT Governance - COBIT Perspective
IT Governance - COBIT PerspectiveIT Governance - COBIT Perspective
IT Governance - COBIT Perspective
 
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardQuick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management System
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentation
 
ISO 20000-1:2018 Awareness and Auditor Training PPT Presentation kit for ITSM
ISO 20000-1:2018 Awareness and Auditor Training PPT Presentation kit for ITSMISO 20000-1:2018 Awareness and Auditor Training PPT Presentation kit for ITSM
ISO 20000-1:2018 Awareness and Auditor Training PPT Presentation kit for ITSM
 
Information Security Management System with ISO/IEC 27000:2018
Information Security Management System with ISO/IEC 27000:2018Information Security Management System with ISO/IEC 27000:2018
Information Security Management System with ISO/IEC 27000:2018
 
Isms awareness presentation
Isms awareness presentationIsms awareness presentation
Isms awareness presentation
 

Ähnlich wie IT Governance & ISO 38500

Presenting VALIT Frameworks and Comparing between Them and Other Enterprise A...
Presenting VALIT Frameworks and Comparing between Them and Other Enterprise A...Presenting VALIT Frameworks and Comparing between Them and Other Enterprise A...
Presenting VALIT Frameworks and Comparing between Them and Other Enterprise A...
Eswar Publications
 
It governance 13 may20102
It governance 13 may20102It governance 13 may20102
It governance 13 may20102
James Sutter
 
Implementation of a Decision System for a Suitable IT Governance Framework
Implementation of a Decision System for a Suitable IT Governance FrameworkImplementation of a Decision System for a Suitable IT Governance Framework
Implementation of a Decision System for a Suitable IT Governance Framework
IJCSIS Research Publications
 
Report on IT Auditing and Governance_Ta_Hoang_Thang
Report on IT Auditing and Governance_Ta_Hoang_ThangReport on IT Auditing and Governance_Ta_Hoang_Thang
Report on IT Auditing and Governance_Ta_Hoang_Thang
Thang Ta Hoang
 
201306 CIO NET The Value of IT Frameworks
201306 CIO NET The Value of IT Frameworks201306 CIO NET The Value of IT Frameworks
201306 CIO NET The Value of IT Frameworks
Francisco Calzado
 
The Value of Portfolio Management
The Value of Portfolio ManagementThe Value of Portfolio Management
The Value of Portfolio Management
Productivity Intelligence Institute
 

Ähnlich wie IT Governance & ISO 38500 (20)

IT Governance Vs IT Management Presentation V0.1
IT Governance Vs IT Management Presentation V0.1IT Governance Vs IT Management Presentation V0.1
IT Governance Vs IT Management Presentation V0.1
 
Eurosec'2008 christophe feltus
Eurosec'2008 christophe feltusEurosec'2008 christophe feltus
Eurosec'2008 christophe feltus
 
rethinking marketing
rethinking marketingrethinking marketing
rethinking marketing
 
CobiT And ITIL Breakfast Seminar
CobiT And ITIL Breakfast SeminarCobiT And ITIL Breakfast Seminar
CobiT And ITIL Breakfast Seminar
 
Sharpening the Lens
Sharpening the LensSharpening the Lens
Sharpening the Lens
 
Presenting VALIT Frameworks and Comparing between Them and Other Enterprise A...
Presenting VALIT Frameworks and Comparing between Them and Other Enterprise A...Presenting VALIT Frameworks and Comparing between Them and Other Enterprise A...
Presenting VALIT Frameworks and Comparing between Them and Other Enterprise A...
 
Introduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementIntroduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT management
 
It governance 13 may20102
It governance 13 may20102It governance 13 may20102
It governance 13 may20102
 
Implementation of a Decision System for a Suitable IT Governance Framework
Implementation of a Decision System for a Suitable IT Governance FrameworkImplementation of a Decision System for a Suitable IT Governance Framework
Implementation of a Decision System for a Suitable IT Governance Framework
 
CISA DOMAIN 2 Governance & Management of IT
CISA DOMAIN 2 Governance & Management of ITCISA DOMAIN 2 Governance & Management of IT
CISA DOMAIN 2 Governance & Management of IT
 
Report on IT Auditing and Governance_Ta_Hoang_Thang
Report on IT Auditing and Governance_Ta_Hoang_ThangReport on IT Auditing and Governance_Ta_Hoang_Thang
Report on IT Auditing and Governance_Ta_Hoang_Thang
 
201306 CIO NET The Value of IT Frameworks
201306 CIO NET The Value of IT Frameworks201306 CIO NET The Value of IT Frameworks
201306 CIO NET The Value of IT Frameworks
 
CIT 3122 IS Governance Lecture 3.pptx
CIT 3122 IS Governance Lecture 3.pptxCIT 3122 IS Governance Lecture 3.pptx
CIT 3122 IS Governance Lecture 3.pptx
 
The Room | Innotrain systematization
The Room | Innotrain systematization The Room | Innotrain systematization
The Room | Innotrain systematization
 
IT Governance in Banks, May, 2014
IT Governance in Banks, May, 2014IT Governance in Banks, May, 2014
IT Governance in Banks, May, 2014
 
Cobit5 and-grc
Cobit5 and-grcCobit5 and-grc
Cobit5 and-grc
 
The Value of Portfolio Management
The Value of Portfolio ManagementThe Value of Portfolio Management
The Value of Portfolio Management
 
COBIT 2019 - DIGITAL TRUST FRAMEWORK
COBIT 2019 - DIGITAL TRUST FRAMEWORKCOBIT 2019 - DIGITAL TRUST FRAMEWORK
COBIT 2019 - DIGITAL TRUST FRAMEWORK
 
01 intro-cobit
01 intro-cobit01 intro-cobit
01 intro-cobit
 
IT Governance - Core Concepts for Business Managers
IT Governance - Core Concepts for Business ManagersIT Governance - Core Concepts for Business Managers
IT Governance - Core Concepts for Business Managers
 

Mehr von Ramiro Cid

Mehr von Ramiro Cid (20)

Seminario sobre ciberseguridad
Seminario sobre ciberseguridadSeminario sobre ciberseguridad
Seminario sobre ciberseguridad
 
Captación y registro de comunicaciones orales y de imagen
Captación y registro de comunicaciones orales y de imagenCaptación y registro de comunicaciones orales y de imagen
Captación y registro de comunicaciones orales y de imagen
 
Passwords for sale
Passwords for salePasswords for sale
Passwords for sale
 
Cyber security threats for 2017
Cyber security threats for 2017Cyber security threats for 2017
Cyber security threats for 2017
 
¿Cuáles son los peligros a los que se enfrenta su sistema informático?
¿Cuáles son los peligros a los que se enfrenta su sistema informático?¿Cuáles son los peligros a los que se enfrenta su sistema informático?
¿Cuáles son los peligros a los que se enfrenta su sistema informático?
 
Cloud Computing, IoT, BYOD Ha muerto el perímetro corporativo. ¿y ahora qué?
Cloud Computing, IoT, BYOD Ha muerto el perímetro corporativo. ¿y ahora qué?Cloud Computing, IoT, BYOD Ha muerto el perímetro corporativo. ¿y ahora qué?
Cloud Computing, IoT, BYOD Ha muerto el perímetro corporativo. ¿y ahora qué?
 
Lean Six Sigma methodology
Lean Six Sigma methodologyLean Six Sigma methodology
Lean Six Sigma methodology
 
Cyber Security Resilience & Risk Aggregation
Cyber Security Resilience & Risk AggregationCyber Security Resilience & Risk Aggregation
Cyber Security Resilience & Risk Aggregation
 
EU General Data Protection Regulation
EU General Data Protection RegulationEU General Data Protection Regulation
EU General Data Protection Regulation
 
Payment fraud
Payment fraudPayment fraud
Payment fraud
 
Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacks
 
Thinking on risk analysis
Thinking on risk analysisThinking on risk analysis
Thinking on risk analysis
 
Drones and their use on critical infrastructure
Drones and their use on critical infrastructureDrones and their use on critical infrastructure
Drones and their use on critical infrastructure
 
Internet of things, big data & mobility vs privacy
Internet of things, big data & mobility vs privacyInternet of things, big data & mobility vs privacy
Internet of things, big data & mobility vs privacy
 
Space computing
Space computingSpace computing
Space computing
 
The relation between internet of things, critical infrastructure and cyber se...
The relation between internet of things, critical infrastructure and cyber se...The relation between internet of things, critical infrastructure and cyber se...
The relation between internet of things, critical infrastructure and cyber se...
 
Internet of things
Internet of thingsInternet of things
Internet of things
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 
Risk optimization management inside it governance
Risk optimization management inside it governanceRisk optimization management inside it governance
Risk optimization management inside it governance
 

Kürzlich hochgeladen

Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...
Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...
Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...
aartirawatdelhi
 
Junnar ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Junnar ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Junnar ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Junnar ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
tanu pandey
 
Call Girls Sangamwadi Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Sangamwadi Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Sangamwadi Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Sangamwadi Call Me 7737669865 Budget Friendly No Advance Booking
roncy bisnoi
 
Top Rated Pune Call Girls Bhosari ⟟ 6297143586 ⟟ Call Me For Genuine Sex Ser...
Top Rated Pune Call Girls Bhosari ⟟ 6297143586 ⟟ Call Me For Genuine Sex Ser...Top Rated Pune Call Girls Bhosari ⟟ 6297143586 ⟟ Call Me For Genuine Sex Ser...
Top Rated Pune Call Girls Bhosari ⟟ 6297143586 ⟟ Call Me For Genuine Sex Ser...
Call Girls in Nagpur High Profile
 
celebrity 💋 Agra Escorts Just Dail 8250092165 service available anytime 24 hour
celebrity 💋 Agra Escorts Just Dail 8250092165 service available anytime 24 hourcelebrity 💋 Agra Escorts Just Dail 8250092165 service available anytime 24 hour
celebrity 💋 Agra Escorts Just Dail 8250092165 service available anytime 24 hour
Call Girls in Nagpur High Profile
 
Get Premium Budhwar Peth Call Girls (8005736733) 24x7 Rate 15999 with A/c Roo...
Get Premium Budhwar Peth Call Girls (8005736733) 24x7 Rate 15999 with A/c Roo...Get Premium Budhwar Peth Call Girls (8005736733) 24x7 Rate 15999 with A/c Roo...
Get Premium Budhwar Peth Call Girls (8005736733) 24x7 Rate 15999 with A/c Roo...
MOHANI PANDEY
 
Call Girls Nanded City Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Nanded City Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Nanded City Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Nanded City Call Me 7737669865 Budget Friendly No Advance Booking
roncy bisnoi
 

Kürzlich hochgeladen (20)

Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...
Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...
Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...
 
2024: The FAR, Federal Acquisition Regulations, Part 30
2024: The FAR, Federal Acquisition Regulations, Part 302024: The FAR, Federal Acquisition Regulations, Part 30
2024: The FAR, Federal Acquisition Regulations, Part 30
 
Election 2024 Presiding Duty Keypoints_01.pdf
Election 2024 Presiding Duty Keypoints_01.pdfElection 2024 Presiding Duty Keypoints_01.pdf
Election 2024 Presiding Duty Keypoints_01.pdf
 
Zechariah Boodey Farmstead Collaborative presentation - Humble Beginnings
Zechariah Boodey Farmstead Collaborative presentation - Humble BeginningsZechariah Boodey Farmstead Collaborative presentation - Humble Beginnings
Zechariah Boodey Farmstead Collaborative presentation - Humble Beginnings
 
Item # 4 - 231 Encino Ave (Significance Only).pdf
Item # 4 - 231 Encino Ave (Significance Only).pdfItem # 4 - 231 Encino Ave (Significance Only).pdf
Item # 4 - 231 Encino Ave (Significance Only).pdf
 
Government e Marketplace GeM Presentation
Government e Marketplace GeM PresentationGovernment e Marketplace GeM Presentation
Government e Marketplace GeM Presentation
 
Junnar ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Junnar ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Junnar ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Junnar ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
 
World Press Freedom Day 2024; May 3rd - Poster
World Press Freedom Day 2024; May 3rd - PosterWorld Press Freedom Day 2024; May 3rd - Poster
World Press Freedom Day 2024; May 3rd - Poster
 
Tuvalu Coastal Adaptation Project (TCAP)
Tuvalu Coastal Adaptation Project (TCAP)Tuvalu Coastal Adaptation Project (TCAP)
Tuvalu Coastal Adaptation Project (TCAP)
 
Call Girls Sangamwadi Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Sangamwadi Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Sangamwadi Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Sangamwadi Call Me 7737669865 Budget Friendly No Advance Booking
 
Top Rated Pune Call Girls Bhosari ⟟ 6297143586 ⟟ Call Me For Genuine Sex Ser...
Top Rated Pune Call Girls Bhosari ⟟ 6297143586 ⟟ Call Me For Genuine Sex Ser...Top Rated Pune Call Girls Bhosari ⟟ 6297143586 ⟟ Call Me For Genuine Sex Ser...
Top Rated Pune Call Girls Bhosari ⟟ 6297143586 ⟟ Call Me For Genuine Sex Ser...
 
celebrity 💋 Agra Escorts Just Dail 8250092165 service available anytime 24 hour
celebrity 💋 Agra Escorts Just Dail 8250092165 service available anytime 24 hourcelebrity 💋 Agra Escorts Just Dail 8250092165 service available anytime 24 hour
celebrity 💋 Agra Escorts Just Dail 8250092165 service available anytime 24 hour
 
CBO’s Recent Appeals for New Research on Health-Related Topics
CBO’s Recent Appeals for New Research on Health-Related TopicsCBO’s Recent Appeals for New Research on Health-Related Topics
CBO’s Recent Appeals for New Research on Health-Related Topics
 
Get Premium Budhwar Peth Call Girls (8005736733) 24x7 Rate 15999 with A/c Roo...
Get Premium Budhwar Peth Call Girls (8005736733) 24x7 Rate 15999 with A/c Roo...Get Premium Budhwar Peth Call Girls (8005736733) 24x7 Rate 15999 with A/c Roo...
Get Premium Budhwar Peth Call Girls (8005736733) 24x7 Rate 15999 with A/c Roo...
 
The Economic and Organised Crime Office (EOCO) has been advised by the Office...
The Economic and Organised Crime Office (EOCO) has been advised by the Office...The Economic and Organised Crime Office (EOCO) has been advised by the Office...
The Economic and Organised Crime Office (EOCO) has been advised by the Office...
 
Finance strategies for adaptation. Presentation for CANCC
Finance strategies for adaptation. Presentation for CANCCFinance strategies for adaptation. Presentation for CANCC
Finance strategies for adaptation. Presentation for CANCC
 
2024 Zoom Reinstein Legacy Asbestos Webinar
2024 Zoom Reinstein Legacy Asbestos Webinar2024 Zoom Reinstein Legacy Asbestos Webinar
2024 Zoom Reinstein Legacy Asbestos Webinar
 
Call Girls Nanded City Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Nanded City Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Nanded City Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Nanded City Call Me 7737669865 Budget Friendly No Advance Booking
 
Human-AI Collaboration for Virtual Capacity in Emergency Operation Centers (E...
Human-AI Collaboration for Virtual Capacity in Emergency Operation Centers (E...Human-AI Collaboration for Virtual Capacity in Emergency Operation Centers (E...
Human-AI Collaboration for Virtual Capacity in Emergency Operation Centers (E...
 
A Press for the Planet: Journalism in the face of the Environmental Crisis
A Press for the Planet: Journalism in the face of the Environmental CrisisA Press for the Planet: Journalism in the face of the Environmental Crisis
A Press for the Planet: Journalism in the face of the Environmental Crisis
 

IT Governance & ISO 38500

  • 1. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid Ramiro Cid | @ramirocid IT Governance & ISO 38500
  • 2. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid 2 Index 1. First approach to IT Governance Slide 3 2. Problems with IT Governance Slide 4 3. IT Governance: Frameworks Slide 5 4. IT Governance: Lifecycle Slide 7 5. ISO/IEC 38500:2008 - Main topics Slide 8 6. ISO/IEC 38500:2008 - Main purposes Slide 9 7. ISO/IEC 38500:2008 - 6 Basic principles Slide 10 8. ISO/IEC 38500:2008 - Remarking 2 Basic principles Slide 11 9. Sources used to expand knowledge Slide 12
  • 3. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid IT Governance or Corporate governance of information technology is a subset discipline of corporate governance, focused on information and technology (IT) and its performance and risk management. The interest in IT governance is due to the ongoing need within organizations to focus value creation efforts on an organization's strategic objectives and to better manage the performance of those responsible for creating this value in the best interest of all stakeholders. It is also very important to have an alignment of IT strategy with the business strategy. It has evolved from The Principles of Scientific Management, Total Quality Management and ISO 9001 Quality management system. An IT Governance framework is used to identify, establish and link the mechanisms to oversee the use of information and related technology to create value and manage the risks associated with using information and technology. 1. First approach to IT Governance
  • 4. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid IT governance is often confused with IT management, compliance and IT controls. The problem is increased by terms such as "governance, risk and compliance (GRC)" that establish a link between governance and compliance. The primary focus of IT governance is the stewardship of IT resources on behalf of various stakeholders whose ranking is established by the organization's governing body. A simple way to explain IT governance is: what is to be achieved from the leveraging of IT resources. While IT management is about "planning, organizing, directing and controlling the use of IT resources" (that is, the how), IT governance is about creating value for the stakeholders based on the direction given by those who govern. ISO 38500 has helped clarify IT governance by describing a model to be used by company directors. While directors are responsible for this stewardship it is not unusual that will delegate this responsibility to management (business and IT) who are expected to develop the necessary capability to deliver the performance expected. Whilst managing risk and ensuring compliance are essential components of good governance, the primary focus is on delivering value and managing performance (i.e. "Governance, Value delivery and Performance management" (GVP)). 2. Problems with IT Governance
  • 5. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid  AS8015-2005: Australian Standard for Corporate Governance of Information and Communication Technology. AS8015 was adopted as ISO/IEC 38500 in May 2008.  ISO/IEC 38500:2008: Corporate governance of information technology (very closely based on AS8015- 2005) provides a framework for effective governance of IT to assist those at the highest level of organizations to understand and fulfill their legal, regulatory, and ethical obligations in respect of their organizations’ use of IT. ISO/IEC 38500 is applicable to organizations from all sizes, including public and private companies, government entities, and not-for-profit organizations. 3. IT Governance: Frameworks
  • 6. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid  COBIT: Is regarded as the world's leading IT governance and control framework. COBIT provides a reference model of 37 IT processes typically found in an organization. Each process is defined together with process inputs and outputs, key process activities, process objectives, performance measures and an elementary maturity model. ISACA published COBIT 5 in April 2012 as a "business framework for the governance and management of enterprise IT". COBIT 5 consolidates COBIT4.1, Val IT and Risk IT into a single framework acting as an enterprise framework aligned and interoperable with TOGAF and ITIL. Last version is COBIT 5. 3. IT Governance: Frameworks
  • 7. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid 4. IT Governance: Lifecycle
  • 8. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid IT Governance has an ISO, it is the ISO/IEC 38500:2008 called “Corporate governance of information technology”. This presentation will focus in this IT Governance framework. This standard was published in June 2008 and complements the set of ISO standards that affect the systems and information technologies (such as ISO/IEC 27001, ISO/IEC 20000, etc.). This rule sets standards for good management of business processes and decisions related to information and communication services that are usually managed by specialists in IS / internal or within other business units of the IT organization, such as suppliers external service. 5. ISO/IEC 38500:2008 - Main topics
  • 9. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid In essence, all that this proposed rule can be summarized into three main purposes: a) Ensure that, if the rule is followed properly, the stakeholders (managers, consultants, engineers, hardware vendors, auditors, etc.), can rely on the corporate governance of IT. b) Provide information and guidance to managers that control the use of IS/IT in your organization/company. c) Provide a basis for objective evaluation by top management of IT management. IT governance framework Likewise, the rule encourages adopt a minimum set of measures for the organization to get your IT goals. 6. ISO/IEC 38500:2008 - Main purposes
  • 10. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid 1. The establishment of responsibilities to competent people for decision making 2. Alignment of IT with the strategic objectives of the organization (a good planning support to the improvement of the organization) 3. The investment in IT goods suitable 4. Quality in the operation of IT systems 5. Ensuring legal compliance or regulatory IT systems 6. The involvement of the human factor and respect at the same 7. ISO/IEC 38500:2008 - 6 Basic principles
  • 11. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid  Compliance with the legal environment is a growing need in the context of IS/IT organizations of any size, as there is a lot of legislation regulating the use of information, communications, etc. forming a binding legal framework that can not be ignored.  The human factor is often treated very tangentially in many business strategies and, above all, IS/IT. Fortunately, this standard (as ISO 27001 for example in his domain “8. Security linked to Human Resources”), incorporated as a fundamental pillar more. 8. ISO/IEC 38500:2008 - Remarking 2 Basic principles
  • 12. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid  IT Governance Definition and Solutions | cio.com URL: http://www.cio.com/article/2438931/governance/it-governance-definition-and-solutions.html  “Corporate governance of information technology” definition | Wikipedia URL: https://en.wikipedia.org/wiki/Corporate_governance_of_information_technology  IT Governance Defined | ITGovernance URL: http://www.itgovernance.co.uk/it_governance.aspx  “IT Governance Developing a successful governance strategy” | National Computing Centre (published on Isaca.org website) URL: https://www.isaca.org/Certification/CGEIT-Certified-in-the-Governance-of-Enterprise-IT/Prepare-for-the-Exam/Study- Materials/Documents/Developing-a-Successful-Governance-Strategy.pdf 9. Sources used to expand knowledge
  • 13. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid Questions? Many thanks ! Ramiro Cid CISM, CGEIT, ISO 27001 LA, ISO 22301 LA, ITIL ramiro@ramirocid.com @ramirocid http://www.linkedin.com/in/ramirocid http://ramirocid.com http://es.slideshare.net/ramirocid http://www.youtube.com/user/cidramiro