Presentation is loading. Please wait.

Presentation is loading. Please wait.

COBIT 5 Update FEI/CFIT Meeting December 15, 2011

Published byMagnus Montgomery Modified over 8 years ago

Similar presentations

Presentation on theme: "COBIT 5 Update FEI/CFIT Meeting December 15, 2011"— Presentation transcript:

1 COBIT 5 Update FEI/CFIT Meeting December 15, 2011
Presented by: Mike O. Villegas, CISA, CISSP, GSEC, CEH Director of Information Security Newegg, Inc. President – ISACA LA Chapter

2 Technology Dependence
Information is a key resource for all enterprises, and throughout the whole life cycle of information there is a huge dependency on technology. Today, more than ever, enterprises need to achieve increased: Value creation through enterprise IT Business user satisfaction with IT engagement and services Compliance with relevant laws, regulations and policies

3 COBIT COBIT has had four major releases:
In 1996, the first edition of COBIT was released. In 1998, the second edition added "Management Guidelines". In 2000, the third edition was released. In 2003, an on-line version became available. In December 2005, the fourth edition was initially released. In May 2007, the current 4.1 revision was released. COBIT 5 is scheduled to release in 2012, will consolidate and integrate the COBIT 4.1, Val IT 2.0 and Risk IT frameworks, and also draw significantly from the Business Model for Information Security (BMIS) and ITAF.

4 Evolution of COBIT COBIT has evolved from an auditor’s tool to an IT governance framework, used increasingly by IT management.

5 COBIT Overview Business orientation is the main theme of COBIT.
Business orientation is the main theme of COBIT. It is designed not only to be employed by IT service providers, users and auditors, but also, and more important, to provide comprehensive guidance for management and business process owners. The COBIT framework is based on the following principle (figure 5): To provide the information that the enterprise requires to achieve its objectives, the enterprise needs to invest in and manage and control IT resources using a structured set of processes to provide the services that deliver the required enterprise information. Managing and controlling information are at the heart of the COBIT framework and help ensure alignment to business requirements. Business orientation is the main theme of COBIT.

6 COSO Framework The COSO framework involves several key concepts:
Internal control is a process. It is a means to an end, not an end in itself. Internal control is affected by people. It’s not merely policy, manuals, and forms, but people at every level of an organization. Internal control can be expected to provide only reasonable assurance, not absolute assurance, to an entity’s management and board. Internal control is geared to the achievement of objectives in one or more separate but overlapping categories.

7 COBIT 5 Initiative The initiative charge from the Board of Directors is to “tie together and reinforce all ISACA knowledge assets with COBIT.” The COBIT 5 Task Force: Includes experts from across the ISACA constituency groups Is co-chaired by John Lainhart (Past International President) and Derek Oliver (Past Chairman of the BMIS Development Committee) Reports to the Framework Committee and then the Knowledge Board © 2011 ISACA. All rights reserved. 7

8 COBIT 5 Objectives COBIT 5 will:
Provide a renewed and authoritative governance and management framework for enterprise information and related technology, building on the current widely recognized and accepted COBIT framework, linking together and reinforcing all other major ISACA frameworks and guidance such as: Val IT Risk IT BMIS ITAF Board Briefing Taking Governance Forward Connect to other major frameworks and standards in the marketplace (COSO, ITIL, ISO standards, etc.) © 2011 ISACA. All rights reserved. 8

9 Other COBIT Resources Val IT is a governance framework including generally accepted guiding principles and supporting processes related to the evaluation and selection of IT-enabled business investments Risk IT is a framework based on a set of guiding principles for effective management of IT risk. BMIS (Business Model for Information Security) a holistic and business-oriented approach to managing information security ITAF (IT Assurance Framework) a framework for design, conduct and reporting of IT audits and assurance assignments

10 The COBIT 5 Framework An initial publication introduces, defines and describes the components that make up the COBIT Framework Principles Architecture Enablers Introduction to implementation guidance and the COBIT process assessment approach © 2011 ISACA. All rights reserved

11 COBIT 5 Principles Integrator Framework Stakeholder Value Driven
Business and Context Focused Enable Based Governance and Management Structured © 2011 ISACA. All rights reserved

12 COBIT 5 Architecture © 2011 ISACA. All rights reserved

13 Governance Objective © 2011 ISACA. All rights reserved

14 Benefits of Using COBIT 5
Enterprisewide benefits: Increased value creation through effective governance and management of enterprise information and technology assets Increased business user satisfaction with IT engagement and services–IT seen as a key enabler. Increased compliance with relevant laws, regulations and policies IT function becomes more business focused Increases the COBIT 5 users’ contribution to the enterprise © 2011 ISACA. All rights reserved

15 Enabler-based Culture, Ethics, Behavior Organizational Structures
COBIT 5 Enablers—Systemic Model With Interacting Enablers Culture, Ethics, Behavior Organizational Structures Information Principles and Policies Skills and Competencies Service Capabilities Processes © 2011 ISACA. All rights reserved

16 Process Enabler Model Stakeholders Attributes Goals & Metrics
Good Practices Lifecycle © 2011 ISACA. All rights reserved

17 Process Reference Guide
A separate publication that expands on the process-enabler model Contains full details of the COBIT processes in a similar way to the process documentation in COBIT 4.1 © 2011 ISACA. All rights reserved

18 Governance and Management Processes
Enables multiple stakeholders to have an organized say on evaluating options, setting direction, and monitoring compliance and progress against established plans Management Judicious use of means (resources, people, processes, practices) to achieve an identified end © 2011 ISACA. All rights reserved

19 COBIT 4.1 Processes

20 COBIT 5 Process Reference Model
How many processes now? 36! © 2011 ISACA. All rights reserved

21 Implementation Guidance
A separate publication Based on the current implementation guidance publication © 2011 ISACA. All rights reserved

22 Implementation Guide What are the drivers? Where are they now?
Where do we want to be? What needs to be done? How do we get there? Did we get there? How do we keep the momentum going?

23 On COBIT Process Capability Assessment
The process maturity model of COBIT 4.1 has been replaced with a capability model based on ISO/IEC to align with and support a separate ISACA initiative, the COBIT Assessment Program (CAP). © 2011 ISACA. All rights reserved

24 Process Capability Model Comparison
COBIT 4.1 Maturity Model Levels COBIT 5 ISO/IEC Based Capability Levels Meaning of the COBIT 5 ISO/IEC Based Capability Levels Context 5. Optimised Continuously improved to meet relevant current and projected enterprise goals. Enterprise view/ corporate knowledge 4. Managed and Measurable 4. Predictable Operates within defined limits to achieve its process outcomes. 3. Defined 3. Established Implemented using a defined process that is capable of achieving its process outcomes. N/A 2. Managed Implemented in a managed fashion (planned, monitored and adjusted) and its work products are appropriately established, controlled and maintained. Instance view/ individual knowledge 1. Performed Process achieves its process purpose. 2. Repeatable 1. Ad Hoc 0. Non-existent 0. Incomplete Not implemented or little or no evidence of any systematic achievement of the process purpose. © 2011 ISACA. All rights reserved

25 Moving Forward COBIT 5 is a major, high-profile, strategic initiative for ISACA. Market validation of the development work (i.e., the public exposure of the Framework and Process Reference Guide products) was sent out in June 2011 to ensure that ISACA remains on the right track to satisfy market needs. SME exposure of the implementation guidance was recently released in late 2011. Delivery of all three products to the market is planned for early 2012. © 2011 ISACA. All rights reserved

26 On the ISACA web site, www.isaca.org/COBIT5
COBIT 5 News As the initiative progresses throughout 2011 and 2012 there will be periodic updates provided: On the ISACA web site, In the COBIT Focus newsletter In other ISACA membership communications, events, marketing materials and PR activities © 2011 ISACA. All rights reserved

27 Bio Miguel (Mike) O. Villegas is the Director of Information Security at Newegg Inc. and is responsible for Information Security, Sarbanes-Oxley (SOX) ITGC, and PCI DSS (Payment Card Industry Data Security Standard) compliance. Mike has over 30 years of Information Systems security and IT audit experience. Mike was previously VP & Technology Risk Manager for Wells Fargo Services responsible for IT Regulatory Compliance and was a partner at Ernst & Young and Arthur Andersen over their information systems security and IS audit groups over a span of nine years. Mike is a CISA, CISSP, GSEC, and CEH. Mike is currently President of the LA Chapter of ISACA and was President of the San Francisco Chapter of ISACA in

28 THANK YOU!

Download ppt "COBIT 5 Update FEI/CFIT Meeting December 15, 2011"

Similar presentations

Internal Control–Integrated Framework

Internal Control–Integrated Framework
COBIT 5: Using or Abusing It

COBIT 5: Using or Abusing It
Lisanne Sison Director ERM Bickmore

Lisanne Sison Director ERM Bickmore
Overview of Priorities and Activities: Shared Services Canada Presentation to the Information Technology Infrastructure Roundtable June 17, 2013 Liseanne.

Overview of Priorities and Activities: Shared Services Canada Presentation to the Information Technology Infrastructure Roundtable June 17, 2013 Liseanne.
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Control and Accounting Information Systems

Control and Accounting Information Systems
Strategy 2022: A Holistic View Tony Hayes International President ISACA 2013-2014 © 2012, ISACA. All rights reserved.

Strategy 2022: A Holistic View Tony Hayes International President ISACA © 2012, ISACA. All rights reserved.
Agenda COBIT 5 Product Family Information Security COBIT 5 content

Agenda COBIT 5 Product Family Information Security COBIT 5 content
Www.isaca-malta.org Roger Southgate Past President of ISACA London Chapter Member of the BSI Committees for Service Management and IT Governance Leader.

Roger Southgate Past President of ISACA London Chapter Member of the BSI Committees for Service Management and IT Governance Leader.
Security Controls – What Works

Security Controls – What Works
By Collin Smith http://techinitiatives.blogspot.com COBIT Introduction By Collin Smith http://techinitiatives.blogspot.com.

By Collin Smith COBIT Introduction By Collin Smith
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.

6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
Information Security Governance and Risk Chapter 2 Part 1 Pages 21 to 69.

Information Security Governance and Risk Chapter 2 Part 1 Pages 21 to 69.
Expanded Version of COSO a presentation by Steve Wadleigh Expanded Version of COSO a presentation by Steve Wadleigh Standards for Internal Control in the.

Expanded Version of COSO a presentation by Steve Wadleigh Expanded Version of COSO a presentation by Steve Wadleigh Standards for Internal Control in the.
COSO Framework Update IIA Columbus Chapter May 17, 2013

COSO Framework Update IIA Columbus Chapter May 17, 2013
COBIT 5: Framework, BMIS, Implementation and future Information Security Guidance Presented by.

COBIT 5: Framework, BMIS, Implementation and future Information Security Guidance Presented by.
COBIT® 5 for Risk Introduction

COBIT® 5 for Risk Introduction

Similar presentations

Ads by Google