Roadmap to Maturity FISMA and ISO 2700x. Technical Controls Data IntegritySDLC & Change Management Operations Management Authentication, Authorization.

Slides:

Advertisements

Similar presentations

Internal Control Integrated Framework

Advertisements

Agenda What is Compliance? Risk and Compliance Management

IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….

Alignment of Enterprise Governance and IT Governance

Analisa Proses. Terjemahan model analisis menjadi desain software.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

Chapter 10 Accounting Information Systems and Internal Controls

Auditing Corporate Information Security John R. Robles Tuesday, November 1, Tel:

Title Slide Higher Education Office of Information Technology Management Methodology By James M. Dutcher.

ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.

TI BISNIS ITG using COBIT &

The Importance of the COBIT Framework IT Processes For Effective Internal Control over the Reliability of Financial Reporting: An International Survey.

COBIT Framework Source:

Centro de Convenciones, August 22-23, 2006

IT Governance Capability Maturity within Government

Roger Southgate Past President of ISACA London Chapter Member of the BSI Committees for Service Management and IT Governance Leader.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Dr. Julian Lo Consulting Director ITIL v3 Expert

SOX and IT Audit Programs John R. Robles Thursday, May 31, Tel:

Security Controls – What Works

Demystifying ITIL Greg Charles, Ph.D. Area Principal Consultant, CA

1 Continuous Auditing Implications: Rethinking the Roles of Systems of Internal Controls Presented by Rob Nehmer Berry College at the Fifth Continuous.

Managing Information Technology Service Delivery

Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.

INTERNAL CONTROL. INTERNAL CONTROL DEFINED  INTERNAL CONTROL IS A PROCESS - EFFECTED BY AN ENTITY'S BOARD OF DIRECTORS, MANAGEMENT, AND OTHER PERSONNEL.

Sarbanes-Oxley Project Summary of COSO Framework Presented by Larry Dillehay & Scott Reitan Parkfield Group LLC.

Introduction to IT Auditing

Internal Control and Control Self-Assessment

© 2007 ISACA ® All Rights Reserved DAMA-NCR Chapter Meeting March 11, 2008.

Information Security Framework & Standards

Continual Service Improvement Process

© IT Management Consulting Ltd., London, Implementing IT Governance Frameworks within Regulated Institutions.

Vijay V Vijayakumar.  SOX Act  Difference between IT Management and IT Governance  Internal Controls  Frameworks for Implementing SOX  COSO - Committee.

Chapter Three IT Risks and Controls.

Enterprise Risk Management

Overview:  Different controls in an organization  Relationship between IT controls & financial controls  The Mega Process Leads  Application of COBIT.

Everyone’s Been Hacked Now What?. OakRidge What happened?

Roles and Responsibilities

Challenges in Infosecurity Practices at IT Organizations

Learning Objectives LO5 Illustrate how business risk analysis is used to assess the risk of material misstatement at the financial statement level and.

1. IT AUDITS  IT audits: provide audit services where processes or data, or both, are embedded in technologies.  Subject to ethics, guidelines, and.

CSI - Introduction General Understanding. What is ITSM and what is its Value? ITSM is a set of specialized organizational capabilities for providing value.

Systems and Software Consortium | 2214 Rock Hill Road, Herndon, VA Phone: (703) | FAX: (703) Best.

An Integrated Control Framework & Control Objectives for Information Technology – An IT Governance Framework COSO and COBIT 4.0.

Committee of Sponsoring Organizations of The Treadway Commission Formed in 1985 to sponsor the National Commission on Fraudulent Financial Reporting “Internal.

Risk Management. IT Controls Risk management process Risk management process IT controls IT controls IT Governance Frameworks IT Governance Frameworks.

© ITGI not for commercial use. 1 C OBI T ® Presentation Package Sample 10 Slides of 80-slide Deck The C OBI T ® framework explained in a complete.

Security Management Chao-Hsien Chu, Ph.D.

Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.

1 © Material United States Department of the Interior Federal Information Security Management Act (FISMA) April 2008 Larry Ruffin & Joe Seger.

IT Governance: COBIT, ISO17799 & ITIL. Introduction COBIT ITIL ISO17799Others.

Everyone’s Been Hacked Now What?. OakRidge What happened?

IT Governance – Leveraging Best Practices for Governance Success

1 MISA Model Douglas Petry Manager Information Security Architecture Methodist Health System Managed Information Security.

IT Controls Global Technology Auditing Guide 1.

International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.

Chapter 8 Auditing in an E-commerce Environment

Control and Security Frameworks Chapter Three Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc

#325 - CobiT and Service Delivery Debra Mallette, CISA, CSSBB Kaiser Permanente IT.

IT Auditor’s Role in IT Governance Fred C. Roth, CISA MIS Training Institute Session 425.

6/11/2016 Filename Session 135 Control Practices and Control Theories Jeff Roth, CISA.

COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.

1 Using CobiT to Enhance IT Security Governance LHS © John Mitchell John Mitchell PhD, MBA, CEng, CITP, FBCS, MBCS, FIIA, CIA, CISA, QiCA, CFE LHS Business.

#245 - CobiT and Software Development Debra Mallette, CISA, CSSBB Kaiser Permanente IT & Monica Jain, CSQA Convansys.

ISACA Willamette Valley Chapter Luncheon Thursday, March 20, 2008 Practical Auditors Guide for CobiT Steve Balough, CISA.

BIL 424 NETWORK ARCHITECTURE AND SERVICE PROVIDING.

Alignment of COBIT to Botswana IT Audit Methodology

IT Management Services Infrastructure Services

Presentation transcript:

Roadmap to Maturity FISMA and ISO 2700x

Technical Controls Data IntegritySDLC & Change Management Operations Management Authentication, Authorization Security Management Management Controls Risk Assessment / Management Personnel SecurityBusiness Continuity Planning Incident ResponseCompliance & Auditing Breaking Down FISMA PCAOB FFIEC ISO17799 NIST HHS CobiT ITIL SEC COSO SOX GLBA HIPPAA FISMA FERC FDA PCI Organizational Controls Security Organization & Program Policies & Procedures Comm. SecurityPhysical & Environment Security 3 rd Party Management

ObjectivesComponents Control environment: Provides the foundation for internal control, including discipline and structure Risk assessment: The identification and analysis of relevant risks to achieve the business objectives Control activities: Includes approvals, verifications, reconciliations, etc. to mitigate risks Information and communication: Flow of information to enable people to carry out control actions Monitoring: Ongoing assessment — control deficiencies reported upstream, with serious matters reported to top mgmt. 1)Operational efficiency and effectiveness 2)Financial reporting reliability 3)Compliance with laws and regulations

M1 monitor the processes M2 assess the internal control adequacy M3 obtain independent assurance M4 provide for independent audit Monitoring DS1 define and manage service levels DS2 manage third-party services DS3 manage performance and capacity DS4 ensure continuous services DS5 ensure systems security DS6 identify and allocate costs DS7 educate and train users DS8 assist and advise customers DS9 manage the configuration DS10 manage problems and incidents DS11 manage data DS12 manage facilities DS13 manage operations Delivery & Support AI1 identify automated solutions AI2 acquire and maintain application software AI3 acquire and maintain technology infrastructure AI4 develop and maintain procedures AI5 install and accredit systems AI6 manage changes Acquisition & Implementation PO1 define a strategic IT plan PO2 define the information architecture PO3 determine the technological direction PO4 define the IT organization and relationships PO5 manage the IT investment PO6 communicate management aims and direction PO7 manage human resources PO8 ensure compliance with external requirements PO9 assess risks PO10 manage projects PO11 manage quality Planning & Organization Information Effectiveness Efficiency Confidentiality Integrity Availability Compliance Reliability IT Resources People Application systems Technology Facilities Data

 Security policy  Security infrastructure  Asset classification and control  Personnel security  Physical and environmental security  Communications and ops management  Access Control  System development and maintenance  Business continuity  Compliance