SlideShare ist ein Scribd-Unternehmen logo

Lecture 06 - CoBit - Control Objectives for Information and Related Technology.pdf

T
TRANANHQUAN4

CoBit - Control Objectives for Information and Related Technology

Ingenieurwesen
1 von 25
Downloaden Sie, um offline zu lesen
Software Process & Quality Management Mel Rosso-Llopart © 2018 CoBit - Control Objectives for Information and Related Technology Mel Rosso-Llopart Senior Lecturer, Executive Education Program Institute for Software Research Carnegie Mellon University
Software Process & Quality Management Truong Dinh Huy Tel: 0982.132.352 truongdinhhuy@dtu.edu.vn CoBit - Control Objectives for Information and Related Technology
History of CoBit •1996 - CoBit was developed by ISACF (Information Systems Audit and Control Foundation) •1998 - Founding of the ITGI (IT Governance Institute) •1998 - ITGI begins an initiative for better IT Governance, focused around CoBit. • http://www.isaca.org http://www.itgi.org © 2018 CMU-ISR 3
CoBiT là một chuẩn quốc tế về quản lý CNTT gồm những khuôn mẫu(framework) về các thực hành tốt nhất về quản lý CNTT do ISACA và ITGI xây dựng năm 1996. CoBiT cung cấp cho các nhà quản lý, những người kiểm tra và những người sử dụng IT một loạt các cách đo lường, dụng cụ đo, các quy trình và các hướng dẫn thực hành tốt nhất để giúp tăng tối đa lợi nhuận thông qua việc sử dụng công nghệ thông tin; giúp quản lý và kiểm soát IT trong tổ chức, doanh nghiệp. Mục đích của COBIT là “nghiên cứu, phát triển, quảng bá và xúc tiến các mục tiêu của kiểm soát CNTT dành cho các nhà quản lý doanh nghiệp và những người kiểm tra áp dụng vào trong các hoạt động công việc”
COBIT® được thiết kế với hơn 200 mục tiêu kiểm soát, phục vụ cho 34 quy trình CNTT chính yếu tổ chức theo bốn lĩnh vực quan trọng là: - Lập kế hoạch & Tổ chức (Plan & Organize), - Xây dựng & Triển Khai (Acquire & Implement), - Bàn giao & Hỗ trợ (Deliver & Support), - Giám sát & Đánh giá (Monitor & Evalute). Tất cả những tiêu thức trên được thiết kế để đảm bảo 5 yêu cầu chính của tổ chức, doanh nghiệp đối với CNTT bao gồm: - Liên kết chiến lược (Strategic Alignment), - Hiện thực hoá giá trị cam kết (Value Delivery), - Quản lý nguồn lực (Resource Management), - Quản lý rủi ro (Risk Management) và - Quản lý thực hiện (Performance Measurement).
What is COBIT? • COBIT (Control Objectives for Information and Related Technology) is globally accepted as being the most comprehensive work for IT governance, organization, as well as IT process and risk management. • COBIT provides good practices for the management of IT processes in a manageable and logical structure, meeting the multiple needs of enterprise management by bridging the gaps between business risks, technical issues, control needs and performance measurement requirements. • The COBIT mission is to research, develop, publicize and promote an authoritative, up-to-date, international set of generally accepted information technology control objectives for day-to-day use by business managers and auditors. © 2018 CMU-ISR 4
More History - Deming Cycle • Deming Cycle - continuous improvement process • CoBit uses - Plan-Do-Check-Act Cycle • CoBit reflects • Information need - Corporate view • Information technology - IT Governance © 2018 CMU-ISR 5
CoBit’s Hierarchy CoBit’s Top Down Approach • Plan and Organize (PO) • Acquire and Implement (AI) • Deliver and Support (DS) 4 Domains • Monitor and Evaluation (M) 34 Processes 318 Control Objectives 1,547 Control Practices © 2018 CMU-ISR 6
Point of View for CoBit • Starts from the premise that IT needs to deliver the 1. Planning information that the enterprise needs to achieve its 2.Acquiring & Implementing objectives. 3. Delivery & Support • Promotes process focus and process ownership 4. Monitoring • Divides IT into 34 processes belonging to four domains and provides a high level control objective for each • Looks at fiduciary, quality and security needs of 1. Effectiveness enterprises, providing seven information criteria that can 2. Efficiency be used to generically define what the business requires 3. Availability 4. Integrity from IT 5. Confidentiality • Is supported by a set of 318 detailed control objectives 6. Reliability 7. Compliance © 2018 CMU-ISR 7
CoBit Definitions - 7 Information Criteria Deals with information being relevant and pertinent to the Relates to the information business process as well as EFFECTIVENESS AVAILABILITY being available when required being delivered in a timely, by the business process now correct, consistent and and in the future usable manner Concerns the provision of the Deals with complying with EFFICIENCY information through the COMPLIANCE laws, regulations and optimal use of resources contractual arrangements. Concerns the protection of Relates to the provision of RELIABILITY OF CONFIDENTIALITY sensitive information from appropriate information for INFORMATION unauthorized disclosure the workforce of the organization Relates to the accuracy and completeness of information INTEGRITY as well as to its validity in accordance with business values and expectations © 2018 CMU-ISR 8
General Information Risk Criteria Events can be defined in terms of the processes, technology (systems) and organization (people) that compose them RISK DATA CRITERIA EVENTS Effectiveness Business Operations Efficiency PROCESS Business Opportunities Confidentiality External Requirements TECHNOLOGY Integrity Regulations Availability ORGANIZATION Compliance Reliability MESSAGE INPUT SERVICE OUTPUT © 2018 CMU-ISR 9
The 4 COBIT Domains 1. Planning & Organization 2. Acquisition & Implementation 3. Delivery & Support 4. Monitoring & Evaluation © 2018 CMU-ISR 10
Planning and Organization • This domain covers strategy and tactics, and concerns the identification of the way IT can best contribute to the achievement of the business objectives. • Furthermore, the realization of the strategic vision needs to be planned, communicated and managed for different perspectives. • Finally, a proper organization as well as technological infrastructure must be put in place. © 2018 CMU-ISR 11
Acquisition and Implementation • To realize the IT strategy, IT solutions need to be identified, developed or acquired, as well as implemented and integrated into the business process. • In addition, changes in and maintenance of existing systems are covered by this domain to make sure that the life cycle is continued for these systems. © 2018 CMU-ISR 12
Delivery and Support • This domain is concerned with the actual delivery of required services, which range from traditional operations over security and continuity aspects to training. • In order to deliver services, the necessary support processes must be set up. • This domain includes the actual processing of data by application systems, often classified under application controls. © 2018 CMU-ISR 13
Monitoring & Evaluation • All IT processes need to be regularly assessed over time for their quality and compliance with control requirements. • This domain thus addresses management’s oversight of the organization's control process and independent assurance provided by internal and external audit or obtained from alternative sources. • The assessment if the values are as expected and meet with organizational expectations. © 2018 CMU-ISR 14
IT Governance is the Key Issue • Enterprises are sacrificing money, productivity and competitive advantage by not implementing effective IT governance • Executives need a better way to: - Direct IT for optimal advantage - Measure the value provided by IT - Manage IT-related risks 2009 ISACA All Rights reserved. 15 © 2018 CMU-ISR 15
COBIT® is a Road Map to Good IT Governance • Accepted globally as a set of tools that ens effectively • Functions as an overarching framework • Provides common language to communicate goals, objectives and expected results to all stakeholders • Based on, and integrates, industry standards and good practices in: - Strategic alignment of IT with business goals - Value delivery of services and new projects - Risk management - Resource management - Performance measurement 2009 ISACA All Rights reserved. 16 © 2018 CMU-ISR 16
COBIT® Harmonises with other Standards • COBIT is often used at the highest level of IT governance • It harmonizes practices and standards such as ITIL, ISO 27001 and 27002, and PMBOK - Improves their alignment to business needs - Covers full spectrum of IT-related activities 27001/2 2009 ISACA All Rights reserved. 17 © 2018 CMU-ISR 17
Why and How is COBIT Used? COBIT as a response to the needs  Incorporates major international standards  Has become the de facto standard for overall control over IT  Starts from business requirements COBIT  Is process-oriented best practices repository for IT Processes IT Management Processes IT Governance Processes © 2018 CMU-ISR 18
COBIT PO1 Define a strategic IT plan PO2 Define the information architecture PO3 Determine the technological direction Criteria Framework PO4 Define the IT organisation and relationships • Effectiveness • Efficiency PO5 Manage the IT investment • Confidenciality PO6 Communicate management aims and direction • Integrity PO7 Manage human resources • Availability PO8 Ensure compliance with external requirements • Compliance • Reliability PO9 Assess risks PO10 Manage projects IT PO11 Manage quality M1 Monitor the process RESOURCES M2 Assess internal control adequacy M3 Obtain independent assurance • Data M4 Provide for independent audit • Applicatio • Technology • Facilities PLAN AND • People ORGANISE MONITOR AND EVALUATE ACQUIRE AND IMPLEMENT DS1 Define service levels DS2 Manage third-party services DS3 Manage peformance and capac DS4 Ensure continuous service DS5 Ensure systems security DELIVER AND DS6 Identify and attribute costs SUPPORT DS7 Educate and train users AI1 Identify automated solutions DS8 Assist and advise IT customers AI2 Acquire and mantain application software DS9 Manage the configuration AI3 Acquire and maintain technology infrastructure DS10 Manage problems and incidents AI4 Develop and maintain IT procedures DS11 Manage data AI5 Install and accredit systems DS12 Manage facilities AI6 Manage changes DS13 Manage operations © 2018 CMU-ISR 19
Basic CoBit Documentation Support Executive Summary There is a method… Framework The method is… Control Objectives Minimum controls are… Audit Guidelines Here is how you audit… Implementation Toolset Here is how you implement… Management Guidelines Here is how you measure… © 2018 CMU-ISR 20
References http://ecci.com.vn/tu-van/dich-vu/trien-khai-cobit http://quantri-cntt.blogspot.com/2013/06/gioi-thieu-ve-cobit.html http://www.isaca.org/COBIT/Documents/Recognition-table.pdf http://www.isaca.org/Knowledge-Center/cobit/Pages/COBIT-Case-Studies.aspx http://www.isaca.org/Knowledge-Center/COBIT/Pages/Overview.aspx
Homework Prepare - Case study 2 (FibreNet Project)

Empfohlen

Governance and management of IT.pptx
Governance and management of IT.pptxGovernance and management of IT.pptx
Governance and management of IT.pptx
Prashant Singh
 
CoBIT 5 (A brief Description)
CoBIT 5 (A brief Description)CoBIT 5 (A brief Description)
CoBIT 5 (A brief Description)
Sam Mandebvu
 
gray_audit_presentation.ppt
gray_audit_presentation.pptgray_audit_presentation.ppt
gray_audit_presentation.ppt
KhalilIdhman
 
It governance & cobit 5
It governance & cobit 5It governance & cobit 5
It governance & cobit 5
Laddawan Rattanaruang
 
Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)
Hendri Eka Saputra
 
CHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docx
CHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docxCHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docx
CHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docx
bartholomeocoombs
 
CHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docx
CHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docxCHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docx
CHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docx
keturahhazelhurst
 
IT Governance Presentation by omaha 2008
IT Governance Presentation by omaha 2008IT Governance Presentation by omaha 2008
IT Governance Presentation by omaha 2008
ssusera19f45
 

Empfohlen

Governance and management of IT.pptx
Governance and management of IT.pptxGovernance and management of IT.pptx
Governance and management of IT.pptx
Prashant Singh
 
CoBIT 5 (A brief Description)
CoBIT 5 (A brief Description)CoBIT 5 (A brief Description)
CoBIT 5 (A brief Description)
Sam Mandebvu
 
gray_audit_presentation.ppt
gray_audit_presentation.pptgray_audit_presentation.ppt
gray_audit_presentation.ppt
KhalilIdhman
 
It governance & cobit 5
It governance & cobit 5It governance & cobit 5
It governance & cobit 5
Laddawan Rattanaruang
 
Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)
Hendri Eka Saputra
 
CHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docx
CHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docxCHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docx
CHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docx
bartholomeocoombs
 
CHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docx
CHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docxCHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docx
CHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docx
keturahhazelhurst
 
IT Governance Presentation by omaha 2008
IT Governance Presentation by omaha 2008IT Governance Presentation by omaha 2008
IT Governance Presentation by omaha 2008
ssusera19f45
 
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB
 
Cobit 2019 framework by ISACA
Cobit 2019 framework by ISACACobit 2019 framework by ISACA
Cobit 2019 framework by ISACA
MDFazlaRabbiAbir
 
Syzygal cobit5-brc
Syzygal cobit5-brcSyzygal cobit5-brc
Syzygal cobit5-brc
Syzygal
 
Cobit 41 framework
Cobit 41 frameworkCobit 41 framework
Cobit 41 framework
Yulias Sihombing, Ak, MAk, CIA
 
COBIT® Presentation Package.ppt
COBIT® Presentation Package.pptCOBIT® Presentation Package.ppt
COBIT® Presentation Package.ppt
Emmacuet
 
COBIT
COBITCOBIT
COBIT
Ai Lun Wu
 
IT Governance - COBIT Perspective
IT Governance - COBIT PerspectiveIT Governance - COBIT Perspective
IT Governance - COBIT Perspective
Sayyed Zakir Ali Rizwe
 
information system and computers
information system and computersinformation system and computers
information system and computers
9535814851
 
IT Governance Framework
IT Governance FrameworkIT Governance Framework
IT Governance Framework
Sherri Booher
 
Sharpening the Lens
Sharpening the LensSharpening the Lens
Sharpening the Lens
Robert Koehler, MsPM, PgMP, PMP, CGEIT
 
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGovernance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 Framework
Goutama Bachtiar
 
Introduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementIntroduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT management
Christian F. Nissen
 
01 intro-cobit
01 intro-cobit01 intro-cobit
01 intro-cobit
yusrizalmukhtar
 
It Governance OC CIO Nov,2013
It Governance OC CIO Nov,2013It Governance OC CIO Nov,2013
It Governance OC CIO Nov,2013
James Sutter
 
It Governance OC CIO Nov,2013
It Governance OC CIO Nov,2013It Governance OC CIO Nov,2013
It Governance OC CIO Nov,2013
Jim Sutter
 
Executive's Handbook on IT Strategy and Governance
Executive's Handbook on IT Strategy and GovernanceExecutive's Handbook on IT Strategy and Governance
Executive's Handbook on IT Strategy and Governance
Kuda Musundire CA (Z), RPA
 
Understanding co bit 4.1
Understanding co bit 4.1Understanding co bit 4.1
Understanding co bit 4.1
n|u - The Open Security Community
 
COBIT5 Introduction
COBIT5 IntroductionCOBIT5 Introduction
COBIT5 Introduction
Mohammad Reda Katby
 
Introduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT managementIntroduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT management
Christian F. Nissen
 
IT Strategy Framework
IT Strategy FrameworkIT Strategy Framework
IT Strategy Framework
Vishal Sharma
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
dollysharma2066
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Call Girls in Nagpur High Profile
 

Weitere ähnliche Inhalte

Ähnlich wie Lecture 06 - CoBit - Control Objectives for Information and Related Technology.pdf

COBIT® Presentation Package.ppt
COBIT® Presentation Package.pptCOBIT® Presentation Package.ppt
COBIT® Presentation Package.ppt
Emmacuet
 
It Governance OC CIO Nov,2013
It Governance OC CIO Nov,2013It Governance OC CIO Nov,2013
It Governance OC CIO Nov,2013
James Sutter
 
It Governance OC CIO Nov,2013
It Governance OC CIO Nov,2013It Governance OC CIO Nov,2013
It Governance OC CIO Nov,2013
Jim Sutter
 

Ähnlich wie Lecture 06 - CoBit - Control Objectives for Information and Related Technology.pdf (20)

PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
 
Cobit 2019 framework by ISACA
Cobit 2019 framework by ISACACobit 2019 framework by ISACA
Cobit 2019 framework by ISACA
 
Syzygal cobit5-brc
Syzygal cobit5-brcSyzygal cobit5-brc
Syzygal cobit5-brc
 
Cobit 41 framework
Cobit 41 frameworkCobit 41 framework
Cobit 41 framework
 
COBIT® Presentation Package.ppt
COBIT® Presentation Package.pptCOBIT® Presentation Package.ppt
COBIT® Presentation Package.ppt
 
COBIT
COBITCOBIT
COBIT
 
IT Governance - COBIT Perspective
IT Governance - COBIT PerspectiveIT Governance - COBIT Perspective
IT Governance - COBIT Perspective
 
information system and computers
information system and computersinformation system and computers
information system and computers
 
IT Governance Framework
IT Governance FrameworkIT Governance Framework
IT Governance Framework
 
Sharpening the Lens
Sharpening the LensSharpening the Lens
Sharpening the Lens
 
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGovernance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 Framework
 
Introduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementIntroduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT management
 
01 intro-cobit
01 intro-cobit01 intro-cobit
01 intro-cobit
 
It Governance OC CIO Nov,2013
It Governance OC CIO Nov,2013It Governance OC CIO Nov,2013
It Governance OC CIO Nov,2013
 
It Governance OC CIO Nov,2013
It Governance OC CIO Nov,2013It Governance OC CIO Nov,2013
It Governance OC CIO Nov,2013
 
Executive's Handbook on IT Strategy and Governance
Executive's Handbook on IT Strategy and GovernanceExecutive's Handbook on IT Strategy and Governance
Executive's Handbook on IT Strategy and Governance
 
Understanding co bit 4.1
Understanding co bit 4.1Understanding co bit 4.1
Understanding co bit 4.1
 
COBIT5 Introduction
COBIT5 IntroductionCOBIT5 Introduction
COBIT5 Introduction
 
Introduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT managementIntroduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT management
 
IT Strategy Framework
IT Strategy FrameworkIT Strategy Framework
IT Strategy Framework
 

Kürzlich hochgeladen

FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
dollysharma2066
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Call Girls in Nagpur High Profile
 
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...
Christo Ananth
 
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
roncy bisnoi
 
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdf
ankushspencer015
 
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
roncy bisnoi
 

Kürzlich hochgeladen (20)

FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
 
Vivazz, Mieres Social Housing Design Spain
Vivazz, Mieres Social Housing Design SpainVivazz, Mieres Social Housing Design Spain
Vivazz, Mieres Social Housing Design Spain
 
PVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELL
PVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELLPVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELL
PVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELL
 
Roadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and RoutesRoadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and Routes
 
Thermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptThermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . ppt
 
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
 
Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...
 
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptxBSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
 
Online banking management system project.pdf
Online banking management system project.pdfOnline banking management system project.pdf
Online banking management system project.pdf
 
Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptThermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.ppt
 
UNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISUNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSIS
 
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
 
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations
 
Unit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdfUnit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdf
 
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdf
 
Double rodded leveling 1 pdf activity 01
Double rodded leveling 1 pdf activity 01Double rodded leveling 1 pdf activity 01
Double rodded leveling 1 pdf activity 01
 
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
 
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
 

Lecture 06 - CoBit - Control Objectives for Information and Related Technology.pdf

  • 1. Software Process & Quality Management Mel Rosso-Llopart © 2018 CoBit - Control Objectives for Information and Related Technology Mel Rosso-Llopart Senior Lecturer, Executive Education Program Institute for Software Research Carnegie Mellon University
  • 2. Software Process & Quality Management Truong Dinh Huy Tel: 0982.132.352 truongdinhhuy@dtu.edu.vn CoBit - Control Objectives for Information and Related Technology
  • 3. History of CoBit •1996 - CoBit was developed by ISACF (Information Systems Audit and Control Foundation) •1998 - Founding of the ITGI (IT Governance Institute) •1998 - ITGI begins an initiative for better IT Governance, focused around CoBit. • http://www.isaca.org http://www.itgi.org © 2018 CMU-ISR 3
  • 4. CoBiT là một chuẩn quốc tế về quản lý CNTT gồm những khuôn mẫu(framework) về các thực hành tốt nhất về quản lý CNTT do ISACA và ITGI xây dựng năm 1996. CoBiT cung cấp cho các nhà quản lý, những người kiểm tra và những người sử dụng IT một loạt các cách đo lường, dụng cụ đo, các quy trình và các hướng dẫn thực hành tốt nhất để giúp tăng tối đa lợi nhuận thông qua việc sử dụng công nghệ thông tin; giúp quản lý và kiểm soát IT trong tổ chức, doanh nghiệp. Mục đích của COBIT là “nghiên cứu, phát triển, quảng bá và xúc tiến các mục tiêu của kiểm soát CNTT dành cho các nhà quản lý doanh nghiệp và những người kiểm tra áp dụng vào trong các hoạt động công việc”
  • 5.
  • 6. COBIT® được thiết kế với hơn 200 mục tiêu kiểm soát, phục vụ cho 34 quy trình CNTT chính yếu tổ chức theo bốn lĩnh vực quan trọng là: - Lập kế hoạch & Tổ chức (Plan & Organize), - Xây dựng & Triển Khai (Acquire & Implement), - Bàn giao & Hỗ trợ (Deliver & Support), - Giám sát & Đánh giá (Monitor & Evalute). Tất cả những tiêu thức trên được thiết kế để đảm bảo 5 yêu cầu chính của tổ chức, doanh nghiệp đối với CNTT bao gồm: - Liên kết chiến lược (Strategic Alignment), - Hiện thực hoá giá trị cam kết (Value Delivery), - Quản lý nguồn lực (Resource Management), - Quản lý rủi ro (Risk Management) và - Quản lý thực hiện (Performance Measurement).
  • 7. What is COBIT? • COBIT (Control Objectives for Information and Related Technology) is globally accepted as being the most comprehensive work for IT governance, organization, as well as IT process and risk management. • COBIT provides good practices for the management of IT processes in a manageable and logical structure, meeting the multiple needs of enterprise management by bridging the gaps between business risks, technical issues, control needs and performance measurement requirements. • The COBIT mission is to research, develop, publicize and promote an authoritative, up-to-date, international set of generally accepted information technology control objectives for day-to-day use by business managers and auditors. © 2018 CMU-ISR 4
  • 8. More History - Deming Cycle • Deming Cycle - continuous improvement process • CoBit uses - Plan-Do-Check-Act Cycle • CoBit reflects • Information need - Corporate view • Information technology - IT Governance © 2018 CMU-ISR 5
  • 9. CoBit’s Hierarchy CoBit’s Top Down Approach • Plan and Organize (PO) • Acquire and Implement (AI) • Deliver and Support (DS) 4 Domains • Monitor and Evaluation (M) 34 Processes 318 Control Objectives 1,547 Control Practices © 2018 CMU-ISR 6
  • 10. Point of View for CoBit • Starts from the premise that IT needs to deliver the 1. Planning information that the enterprise needs to achieve its 2.Acquiring & Implementing objectives. 3. Delivery & Support • Promotes process focus and process ownership 4. Monitoring • Divides IT into 34 processes belonging to four domains and provides a high level control objective for each • Looks at fiduciary, quality and security needs of 1. Effectiveness enterprises, providing seven information criteria that can 2. Efficiency be used to generically define what the business requires 3. Availability 4. Integrity from IT 5. Confidentiality • Is supported by a set of 318 detailed control objectives 6. Reliability 7. Compliance © 2018 CMU-ISR 7
  • 11. CoBit Definitions - 7 Information Criteria Deals with information being relevant and pertinent to the Relates to the information business process as well as EFFECTIVENESS AVAILABILITY being available when required being delivered in a timely, by the business process now correct, consistent and and in the future usable manner Concerns the provision of the Deals with complying with EFFICIENCY information through the COMPLIANCE laws, regulations and optimal use of resources contractual arrangements. Concerns the protection of Relates to the provision of RELIABILITY OF CONFIDENTIALITY sensitive information from appropriate information for INFORMATION unauthorized disclosure the workforce of the organization Relates to the accuracy and completeness of information INTEGRITY as well as to its validity in accordance with business values and expectations © 2018 CMU-ISR 8
  • 12. General Information Risk Criteria Events can be defined in terms of the processes, technology (systems) and organization (people) that compose them RISK DATA CRITERIA EVENTS Effectiveness Business Operations Efficiency PROCESS Business Opportunities Confidentiality External Requirements TECHNOLOGY Integrity Regulations Availability ORGANIZATION Compliance Reliability MESSAGE INPUT SERVICE OUTPUT © 2018 CMU-ISR 9
  • 13. The 4 COBIT Domains 1. Planning & Organization 2. Acquisition & Implementation 3. Delivery & Support 4. Monitoring & Evaluation © 2018 CMU-ISR 10
  • 14. Planning and Organization • This domain covers strategy and tactics, and concerns the identification of the way IT can best contribute to the achievement of the business objectives. • Furthermore, the realization of the strategic vision needs to be planned, communicated and managed for different perspectives. • Finally, a proper organization as well as technological infrastructure must be put in place. © 2018 CMU-ISR 11
  • 15. Acquisition and Implementation • To realize the IT strategy, IT solutions need to be identified, developed or acquired, as well as implemented and integrated into the business process. • In addition, changes in and maintenance of existing systems are covered by this domain to make sure that the life cycle is continued for these systems. © 2018 CMU-ISR 12
  • 16. Delivery and Support • This domain is concerned with the actual delivery of required services, which range from traditional operations over security and continuity aspects to training. • In order to deliver services, the necessary support processes must be set up. • This domain includes the actual processing of data by application systems, often classified under application controls. © 2018 CMU-ISR 13
  • 17. Monitoring & Evaluation • All IT processes need to be regularly assessed over time for their quality and compliance with control requirements. • This domain thus addresses management’s oversight of the organization's control process and independent assurance provided by internal and external audit or obtained from alternative sources. • The assessment if the values are as expected and meet with organizational expectations. © 2018 CMU-ISR 14
  • 18. IT Governance is the Key Issue • Enterprises are sacrificing money, productivity and competitive advantage by not implementing effective IT governance • Executives need a better way to: - Direct IT for optimal advantage - Measure the value provided by IT - Manage IT-related risks 2009 ISACA All Rights reserved. 15 © 2018 CMU-ISR 15
  • 19. COBIT® is a Road Map to Good IT Governance • Accepted globally as a set of tools that ens effectively • Functions as an overarching framework • Provides common language to communicate goals, objectives and expected results to all stakeholders • Based on, and integrates, industry standards and good practices in: - Strategic alignment of IT with business goals - Value delivery of services and new projects - Risk management - Resource management - Performance measurement 2009 ISACA All Rights reserved. 16 © 2018 CMU-ISR 16
  • 20. COBIT® Harmonises with other Standards • COBIT is often used at the highest level of IT governance • It harmonizes practices and standards such as ITIL, ISO 27001 and 27002, and PMBOK - Improves their alignment to business needs - Covers full spectrum of IT-related activities 27001/2 2009 ISACA All Rights reserved. 17 © 2018 CMU-ISR 17
  • 21. Why and How is COBIT Used? COBIT as a response to the needs  Incorporates major international standards  Has become the de facto standard for overall control over IT  Starts from business requirements COBIT  Is process-oriented best practices repository for IT Processes IT Management Processes IT Governance Processes © 2018 CMU-ISR 18
  • 22. COBIT PO1 Define a strategic IT plan PO2 Define the information architecture PO3 Determine the technological direction Criteria Framework PO4 Define the IT organisation and relationships • Effectiveness • Efficiency PO5 Manage the IT investment • Confidenciality PO6 Communicate management aims and direction • Integrity PO7 Manage human resources • Availability PO8 Ensure compliance with external requirements • Compliance • Reliability PO9 Assess risks PO10 Manage projects IT PO11 Manage quality M1 Monitor the process RESOURCES M2 Assess internal control adequacy M3 Obtain independent assurance • Data M4 Provide for independent audit • Applicatio • Technology • Facilities PLAN AND • People ORGANISE MONITOR AND EVALUATE ACQUIRE AND IMPLEMENT DS1 Define service levels DS2 Manage third-party services DS3 Manage peformance and capac DS4 Ensure continuous service DS5 Ensure systems security DELIVER AND DS6 Identify and attribute costs SUPPORT DS7 Educate and train users AI1 Identify automated solutions DS8 Assist and advise IT customers AI2 Acquire and mantain application software DS9 Manage the configuration AI3 Acquire and maintain technology infrastructure DS10 Manage problems and incidents AI4 Develop and maintain IT procedures DS11 Manage data AI5 Install and accredit systems DS12 Manage facilities AI6 Manage changes DS13 Manage operations © 2018 CMU-ISR 19
  • 23. Basic CoBit Documentation Support Executive Summary There is a method… Framework The method is… Control Objectives Minimum controls are… Audit Guidelines Here is how you audit… Implementation Toolset Here is how you implement… Management Guidelines Here is how you measure… © 2018 CMU-ISR 20
  • 25. Homework Prepare - Case study 2 (FibreNet Project)