Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Using CobiT to Enhance IT Security Governance LHS © John Mitchell John Mitchell PhD, MBA, CEng, CITP, FBCS, MBCS, FIIA, CIA, CISA, QiCA, CFE LHS Business.

Published byShana Payne Modified over 7 years ago

Similar presentations

Presentation on theme: "1 Using CobiT to Enhance IT Security Governance LHS © John Mitchell John Mitchell PhD, MBA, CEng, CITP, FBCS, MBCS, FIIA, CIA, CISA, QiCA, CFE LHS Business."— Presentation transcript:

1 1 Using CobiT to Enhance IT Security Governance LHS © John Mitchell John Mitchell PhD, MBA, CEng, CITP, FBCS, MBCS, FIIA, CIA, CISA, QiCA, CFE LHS Business Control Tel: +44 (0)1707 851454 47 GrangewoodFax: +44 (0)1707 851455 Potters BarMobile: +44 (0)7774 145638 Herts EN6 1SL john@lhscontrol.com Englandwww.lhscontrol.com

2 LHS © John Mitchell 2 IT Security Governance Road Map n Identify Needs –Risk analysis –Raise awareness n Envisage Solution –Where are you now? –Where do you want to be –Gap analysis n Plan Solution –Identify measurement metrics –Develop change programme –Define projects n Implement Solution –Generate Balanced Score Card –Collect metrics –Report

3 LHS © John Mitchell 3 012345 Non- Existent InitialRepeatableDefinedManagedOptimised Where is Your IT Security?

4 LHS © John Mitchell 4 Maturity Models n A strategic management tool n Helps in self-assessment and for making decisions about where the IT function currently is and where it should be going n Developed with the help of world-wide experts in the field of IT governance, IT management, performance management, and information security and control. n Provides a pragmatic benchmark:“ Where is my IT department placed and where do we want it to be?”

5 LHS © John Mitchell 5 CMM Concepts n Initially proposed in 1991 by the Software Engineering Group at the Carnegie Mellon University, USA n Identified 6 maturity levels in the development of quality software n Extended by the Information Systems Audit & Control Association (ISACA) to include all aspects of IT

6 LHS © John Mitchell 6 CMM Levels 0 Non-Existent 1 Initial/Ad Hoc 2 Repeatable but intuitive 3 Defined Process 4 Managed & measurable 5 Optimised

7 LHS © John Mitchell 7 Security Maturity Models

8 LHS © John Mitchell 8 Security Maturity Models

9 LHS © John Mitchell 9 IT Security Governance Encompasses Technology Processes People

10 LHS © John Mitchell 10 IT Security Governance Requires n Planning & Organisation n Acquisition and Implementation n Delivery and Support n Monitoring and Enhancement

11 LHS © John Mitchell 11 Control Objectives for IT (CobiT) n Open standard provided by the Information Systems Audit & Control Association (ISACA) n Used by over 43,000 control professionals throughout the world n Increasingly seen as an IT Governance tool

12 LHS © John Mitchell 12 Where CobiT Fits-in Corporate Governance IT Governance Finance Governance Marketing Governance CobiT ISO17799BS15000CMM ITIL ISO9126 ISO15504ISO 12207 ISO9000 TickIT

13 LHS © John Mitchell 13 CobiT & IT Governance IT GOVERNANCE PROGRAMME Planning & OrganisationAcquisition & Impl.Delivery & SupportMonitoring - Strategic Planning - Information Architecture - Technological Direction - IT Organisation & Relationships - Manage the IT Investment - Communicate Aims & Direction - Manage human resources - Ensure Compliance - Assess Risks - Manage Projects - Manage Quality - Identify Solutions - Acquire & Maintain Application Software - Acquire & Maintain Technology Architecture - Develop & Maintain IT Procedures - Install & Accredit systems - Manage Changes - Define Service Levels - Manage third-party services - Manage performance and capacity - Ensure continuous service - Ensure systems security - Identify and attribute costs - Educate and train users - Assist & advise IT customers - Manage the configuration - Manage problems & incidents - Manage data - Manage facilities - Manage operations - Monitor the processes - Assess internal control adequacy - Obtain independent assurance - Provide for independent audit

14 LHS © John Mitchell 14 CobiT Structure n Area Framework (i.e. IT Security) n Control Objectives n Audit Guidelines n Key Goal Indicators n Key Performance Indicators n Critical Success Factors n Maturity Models

15 LHS © John Mitchell 15 Security Framework

16 LHS © John Mitchell 16 Control Objectives n Control Objectives provide high level control statements linking the need for control to business requirements based on the CobiT Information Criteria n By addressing 34 high level control objectives, the business process owner can ensure that an adequate internal control system is in place for the IT environment n There are also over 300 detailed management & control objectives for 34 IT processes n These objectives have been derived from research across many sources of IT standards and best practice, including topics such as IT quality, security, service delivery and financial control n These objectives are intended to be a management tool, helping auditors, IT management and business management understand how to control IT activities to meet business requirements

17 LHS © John Mitchell 17 Control Objectives

18 LHS © John Mitchell 18 Audit Guidelines n A management tool n Helps in self-assessment and for making choices for control implementation and capability improvements n Developed with the help of world-wide experts in the field of IT governance, IT management, performance management, and information security and control. n Provides a set of tools to assist management in responding to the question:“ What is the right level of control for my IT such that it will support my business objectives?”

19 LHS © John Mitchell 19 Audit Guidelines

20 LHS © John Mitchell 20 Measurement Components n Key Goal Indicators (KGIs) –Where do you want to be? n Critical Success Factors (CSFs) –Those things that MUST happen to reach the KGI n Key Performance Indicators (KPIs) –Those measures that confirm you are meeting the CSFs or which warn you when we are drifting off course

21 LHS © John Mitchell 21 Key Goal Indicators

22 LHS © John Mitchell 22 Critical Success Factors

23 LHS © John Mitchell 23 Key Performance Indicators

24 LHS © John Mitchell 24 Control Practices n The benefits listed under ‘why do it’ are tangible and motivate to implement controls complete n The set of control practices is complete (e.g. key controls) and implementation satisfies the control objective good business practice n Control practices listed are generally accepted as good business practice sustainable n Control practices suggest sustainable solutions effective n The control practices are effective in addressing the risk linked to not achieving the detailed control objective efficient n The control practices suggest efficient solutions concise n The wording of the control practices is concise while providing clear and unambiguous guidance on what is expected for implementation realistic n The control practices are realistic

25 LHS © John Mitchell 25 Control Practices

26 LHS © John Mitchell 26 Useful Sites & Tools n Sites –www.isaca.org –www.isaca-london.org –www.bcs-irma.org –www.itgi.org –www.bsi-global.com n Tools –Control Objectives for IT (CobiT) –IT Infrastructure Library (ITIL) –International Standards (ISO 17799, ISO 9000, etc.)

27 LHS © John Mitchell 27 Summary n IT security governance is about measurement & control of IT security within the corporate framework to ensure that IT supports and helps to extend the enterprise’s capabilities n Much of IT security governance involves risk management of: –Confidentiality –Integrity –Availability –Compliance n Knowing where you are is a prerequisite to knowing where you want to be: – Capability maturity assessment – ISO 17799 gap analysis

28 LHS © John Mitchell 28 Questions? John Mitchell PhD, MBA, CEng, CITP, FBCS, MBCS, FIIA, CIA, CISA, QiCA, CFE LHS Business Control 47 Grangewood Potters Bar Hertfordshire EN6 1SL England Tel: +44 (0)1707 851454 Fax: +44 (0)1707 851455 Mobile +44 (0)7774 145638 john@lhscontrol.com www.lhscontrol.com

Download ppt "1 Using CobiT to Enhance IT Security Governance LHS © John Mitchell John Mitchell PhD, MBA, CEng, CITP, FBCS, MBCS, FIIA, CIA, CISA, QiCA, CFE LHS Business."

Similar presentations

IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….

IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….
Alignment of COBIT to Botswana IT Audit Methodology

Alignment of COBIT to Botswana IT Audit Methodology
Course: e-Governance Project Lifecycle Day 1

Course: e-Governance Project Lifecycle Day 1
Alignment of Enterprise Governance and IT Governance

Alignment of Enterprise Governance and IT Governance
Analisa Proses. Terjemahan model analisis menjadi desain software.

Analisa Proses. Terjemahan model analisis menjadi desain software.
Auditing Corporate Information Security John R. Robles Tuesday, November 1, 2005 Tel: 787-647-396.

Auditing Corporate Information Security John R. Robles Tuesday, November 1, Tel:
ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.

ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.
Copyright 2005 CMMI and ITIL Alison Adams & Kieran Doyle.

Copyright 2005 CMMI and ITIL Alison Adams & Kieran Doyle.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
TI BISNIS ITG using COBIT &

TI BISNIS ITG using COBIT &
COBIT Framework Source:

COBIT Framework Source:
Centro de Convenciones, August 22-23, 2006

Centro de Convenciones, August 22-23, 2006
COBIT - II.

COBIT - II.
IT Governance Capability Maturity within Government

IT Governance Capability Maturity within Government
Www.isaca-malta.org Roger Southgate Past President of ISACA London Chapter Member of the BSI Committees for Service Management and IT Governance Leader.

Roger Southgate Past President of ISACA London Chapter Member of the BSI Committees for Service Management and IT Governance Leader.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Dr. Julian Lo Consulting Director ITIL v3 Expert

Dr. Julian Lo Consulting Director ITIL v3 Expert
IT Infrastructure Library ITIL vs COBIT. ANDRIAN EDUARD BANGGA IKHSAN BASKARA JOOVANNY PASUHUK RANGGA FAJARULLAH TEAM.

IT Infrastructure Library ITIL vs COBIT. ANDRIAN EDUARD BANGGA IKHSAN BASKARA JOOVANNY PASUHUK RANGGA FAJARULLAH TEAM.
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.

AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.

Similar presentations

Ads by Google