Presentation is loading. Please wait.

Presentation is loading. Please wait.

IT Governance: COBIT, ISO17799 & ITIL. Introduction COBIT ITIL ISO17799Others.

Published byAllyson Lloyd Modified over 8 years ago

Similar presentations

Presentation on theme: "IT Governance: COBIT, ISO17799 & ITIL. Introduction COBIT ITIL ISO17799Others."— Presentation transcript:

1 IT Governance: COBIT, ISO17799 & ITIL

2 Introduction COBIT ITIL ISO17799Others

3 Introduction Effectiveness Efficiency External Stakeholders External Stakeholders Internal Stakeholders Internal Stakeholders IT Governance

4 Introduction IT governance: Effective Meets management’s requirements Risks managed Controlled Provides value for money

5 “We are fast approaching the stage of IT evolution at which innovation must translate into overall process improvements, as it did in the mainframe world of 20 years ago.” Source: Forrester Introduction

6 COBIT Control Objectives for Information and related Technology by ISACA / ITGI

7 COBIT Plan and organize Acquire and implement Deliver and support Monitor and evaluate

8 COBIT - Plan and Organize Define strategic IT plan Define information architecture Determine technological direction Define IT processes, organization and relationships Manage IT investment Communicate management aims and direction Manage IT human resources Manage quality Assess and manage IT risks Manage projects

9 COBIT - Acquire and Implement Identify automated solutions Acquire and maintain application software Acquire and maintain technology infrastructure Enable operation and use Procure IT resources Manage changes Install and accredit solutions and changes

10 COBIT - Deliver and Support Define and manage service levels Manage third-party services Manage performance and capacity Ensure continuous service Ensure systems security Identify and allocate costs Educate and train users Manage service desk and incidents Manage configuration Manage problems

11 COBIT - Deliver and Support (cont.) Manage data Manage physical environment Manage operations

12 COBIT - Monitor and Evaluate Monitor and evaluate IT performance Monitor and evaluate internal control Ensure regulatory compliance Provide IT governance

13 ISO17799 Information Technology / Security Techniques - Code of Practice for information Security Management by International Standards Organization (ISO)

14 ISO17799 Security policy Organizing information security Asset management Human resources security Physical and environmental security Communications and operations management Access control Information system acquisition, development and maintenance Information security incident management Business continuity management Compliance

15 ITIL Information Technology Infrastructure Library by UK government / Office of Government Commerce

16 ITIL Service support Service delivery

17 ITIL - Service Support Incident management Configuration management Problem management Change management Release management

18 ITIL - Service Delivery Service level management Capacity management Availability management Security management Continuity management Financial management

19 Mapping COBIT, ISO17799 & ITIL COBIT: PO1 – Define strategic IT plan ISO17799: - ITIL: - Key: Strong relationshipWeak relationshipNo relationship

20 Mapping COBIT, ISO17799 & ITIL COBIT: PO2 – Define information architecture ISO17799: Asset management (classification) ITIL: - Key: Strong relationshipWeak relationshipNo relationship

21 Mapping COBIT, ISO17799 & ITIL COBIT: PO3 – Determine technological direction ISO17799: - ITIL: - Key: Strong relationshipWeak relationshipNo relationship

22 Mapping COBIT, ISO17799 & ITIL COBIT: PO4 – Define IT processes, organization and relationships ISO17799: Organizing information security (internal) Asset management (responsibility) Access control (users) ITIL: - Key: Strong relationshipWeak relationshipNo relationship

23 Mapping COBIT, ISO17799 & ITIL COBIT: PO5 – Manage IT investment ISO17799: - ITIL: Financial management for IT services (budgeting) Key: Strong relationshipWeak relationshipNo relationship

24 Mapping COBIT, ISO17799 & ITIL COBIT: PO6 – Communicate management aims and direction ISO17799: - ITIL: - Key: Strong relationshipWeak relationshipNo relationship

25 Mapping COBIT, ISO17799 & ITIL COBIT: PO7 – Manage IT human resources ISO17799: Human resources security ITIL: - Key: Strong relationshipWeak relationshipNo relationship

26 Mapping COBIT, ISO17799 & ITIL COBIT: PO8 – Manage quality ISO17799: - ITIL: - Key: Strong relationshipWeak relationshipNo relationship

27 Mapping COBIT, ISO17799 & ITIL COBIT: PO9 – Assess and manage IT risks ISO17799: - ITIL: - Key: Strong relationshipWeak relationshipNo relationship

28 Mapping COBIT, ISO17799 & ITIL COBIT: PO10 – Manage projects ISO17799: - ITIL: - Key: Strong relationshipWeak relationshipNo relationship

29 Mapping COBIT, ISO17799 & ITIL COBIT: AI1 – Identify automated solutions ISO17799: - ITIL: - Key: Strong relationshipWeak relationshipNo relationship

30 Mapping COBIT, ISO17799 & ITIL COBIT: AI2 – Acquire and maintain application software ISO17799: Assess control (development) Information system acquisition, development and maintenance (development – software) ITIL: - Key: Strong relationshipWeak relationshipNo relationship

31 Mapping COBIT, ISO17799 & ITIL COBIT: AI3 – Acquire and maintain technology infrastructure ISO17799: Information system acquisition, development and maintenance (development – infrastructure) ITIL: - Key: Strong relationshipWeak relationshipNo relationship

32 Mapping COBIT, ISO17799 & ITIL COBIT: AI4 – Enable operation and use ISO17799: - ITIL: - Key: Strong relationshipWeak relationshipNo relationship

33 Mapping COBIT, ISO17799 & ITIL COBIT: AI5 – Procure IT resources ISO17799: - ITIL: - Key: Strong relationshipWeak relationshipNo relationship

34 Mapping COBIT, ISO17799 & ITIL COBIT: AI6 – Manage changes ISO17799: Access control (maintenance) Information system acquisition, development and maintenance (maintenance) ITIL: Change management Key: Strong relationshipWeak relationshipNo relationship

35 Mapping COBIT, ISO17799 & ITIL COBIT: AI7 – Install and accredit solutions and changes ISO17799: Information system acquisition, development and maintenance (maintenance) ITIL: Release management Key: Strong relationshipWeak relationshipNo relationship

36 Mapping COBIT, ISO17799 & ITIL COBIT: DS1 – Define and manage service levels ISO17799: - ITIL: Service level management Key: Strong relationshipWeak relationshipNo relationship

37 Mapping COBIT, ISO17799 & ITIL COBIT: DS2 – Manage third-party services ISO17799: Organizing information security (external) ITIL: - Key: Strong relationshipWeak relationshipNo relationship

38 Mapping COBIT, ISO17799 & ITIL COBIT: DS3 – Manage performance and capacity ISO17799: Communication and operations management ITIL: Capacity management Key: Strong relationshipWeak relationshipNo relationship

39 Mapping COBIT, ISO17799 & ITIL COBIT: DS4 – Ensure continuous service ISO17799: Business continuity management ITIL: IT service continuity management Key: Strong relationshipWeak relationshipNo relationship

40 Mapping COBIT, ISO17799 & ITIL COBIT: DS5 – Ensure system security ISO17799: Security policy Communications and operations management (security) Access control (security) Information system acquisition, development and maintenance (security

41 Mapping COBIT, ISO17799 & ITIL ITIL: Security management Key: Strong relationshipWeak relationshipNo relationship

42 Mapping COBIT, ISO17799 & ITIL COBIT: DS6 – Identify and allocate costs ISO17799: - ITIL: Financial management of IT services (costing) Key: Strong relationshipWeak relationshipNo relationship

43 Mapping COBIT, ISO17799 & ITIL COBIT: DS7 – Educate and train users ISO17799: - ITIL: - Key: Strong relationshipWeak relationshipNo relationship

44 Mapping COBIT, ISO17799 & ITIL COBIT: DS8 – Manage service desk and incidents ISO17799: Information security incident management ITIL: Incident management Key: Strong relationshipWeak relationshipNo relationship

45 Mapping COBIT, ISO17799 & ITIL COBIT: DS9 – Manage configuration ISO17799: - ITIL: Configuration management Key: Strong relationshipWeak relationshipNo relationship

46 Mapping COBIT, ISO17799 & ITIL COBIT: DS10 – Manage problems ISO17799: - ITIL: Problem management Key: Strong relationshipWeak relationshipNo relationship

47 Mapping COBIT, ISO17799 & ITIL COBIT: DS11 – Manage data ISO17799: Communications and operations management (backups) ITIL: Availability management Key: Strong relationshipWeak relationshipNo relationship

48 Mapping COBIT, ISO17799 & ITIL COBIT: DS12 – Manage physical environment ISO17799: Physical and environmental security ITIL: - Key: Strong relationshipWeak relationshipNo relationship

49 Mapping COBIT, ISO17799 & ITIL COBIT: DS13 – Manage operations ISO17799: Communication and operations management (operations) ITIL: - Key: Strong relationshipWeak relationshipNo relationship

50 Mapping COBIT, ISO17799 & ITIL COBIT: ME1 – Monitor and evaluate IT performance ISO17799: - ITIL: - Key: Strong relationshipWeak relationshipNo relationship

51 Mapping COBIT, ISO17799 & ITIL COBIT: ME2 – Monitor and evaluate internal control ISO17799: Compliance (audit) ITIL: - Key: Strong relationshipWeak relationshipNo relationship

52 Mapping COBIT, ISO17799 & ITIL COBIT: ME3 – Ensure regulatory compliance ISO17799: Compliance (standards) ITIL: - Key: Strong relationshipWeak relationshipNo relationship

53 Mapping COBIT, ISO17799 & ITIL COBIT: ME4 – Provide IT governance ISO17799: - ITIL: - Key: Strong relationshipWeak relationshipNo relationship

54 Case Study Key: Maturity level ≥ 3 Maturity level 2 – 2.9 Maturity level ≤ 1.9 0Non-Existent: No processes 1Initial: Processes are ad hoc 2Repeatable: Processes are regular 3Defined: Processes are repeatable, as well as documented and communicated 4Managed: Processes are defined, as well as measured and monitored 5Optimized: Processes are managed, and best practices are followed and automated

55 Case Study Acquire & Implement Deliver & Support Monitor & Evaluate Plan & Organize Define Strategic IT Plan Define Information Architecture Manage Quality Determine Technological Direction Define IT Processes, Organization, Relationships Manage IT Investment Communicate Management Aims & Direction Manage IT Human Resources Manage Projects Assess & Manage IT Risks Identify Automated Solutions Acquire & Maintain Application Software Acquire & Maintain Technology infrastructure Enable Operation & Use Procure IT Resources Manage Changes Define & Manage Service Level Ensure Continuous Service Educate & Train Users Manage Third- party Services Manage Performance & Capacity Ensure System Security Identify & Allocate Costs Manage Service Desk & Incidents Manage Configuration Monitor & Evaluate IT Performance Monitor & Evaluate Internal Control Ensure Regulatory compliance Install & Accredit Solutions & Changes Manage Problems Manage Data Manage Physical Environment Provide IT Governance Manage Operations

56 Case Study Acquire & Implement Deliver & Support Monitor & Evaluate Plan & Organize Define Strategic IT Plan Define Information Architecture Manage Quality Determine Technological Direction Define IT Processes, Organization, Relationships Manage IT Investment Communicate Management Aims & Direction Manage IT Human Resources Manage Projects Assess & Manage IT Risks Identify Automated Solutions Acquire & Maintain Application Software Acquire & Maintain Technology infrastructure Enable Operation & Use Procure IT Resources Manage Changes Define & Manage Service Level Ensure Continuous Service Educate & Train Users Manage Third- party Services Manage Performance & Capacity Ensure System Security Identify & Allocate Costs Manage Service Desk & Incidents Manage Configuration Monitor & Evaluate IT Performance Monitor & Evaluate Internal Control Ensure Regulatory compliance Install & Accredit Solutions & Changes Manage Problems Manage Data Manage Physical Environment Provide IT Governance Manage Operations

57 Case Study

58 Conclusion More dependent upon information systems that support their business critical functions Challenge of ensuring confidentially, integrity and availability of these information systems, as well as protecting related technology infrastructure Due to increasingly more complex environments and demanding expectations of management, organizations are using number of international standards to achieve international best practice related to IT governance

59 Conclusion AssessDesignImplement PresentFuture Roadmap

Download ppt "IT Governance: COBIT, ISO17799 & ITIL. Introduction COBIT ITIL ISO17799Others."

Similar presentations

1 NameMatrix Number Francis YeeHT036029M George Goh Alex LimHT052467E Hoe Swee SimHT052560I Vijay.

1 NameMatrix Number Francis YeeHT036029M George Goh Alex LimHT052467E Hoe Swee SimHT052560I Vijay.
Options appraisal, the business case & procurement

Options appraisal, the business case & procurement
Agenda What is Compliance? Risk and Compliance Management

Agenda What is Compliance? Risk and Compliance Management
IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….

IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….
Alignment of COBIT to Botswana IT Audit Methodology

Alignment of COBIT to Botswana IT Audit Methodology
Alignment of Enterprise Governance and IT Governance

Alignment of Enterprise Governance and IT Governance
Analisa Proses. Terjemahan model analisis menjadi desain software.

Analisa Proses. Terjemahan model analisis menjadi desain software.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
Auditing Corporate Information Security John R. Robles Tuesday, November 1, 2005 Tel: 787-647-396.

Auditing Corporate Information Security John R. Robles Tuesday, November 1, Tel:
Title Slide Higher Education Office of Information Technology Management Methodology By James M. Dutcher.

Title Slide Higher Education Office of Information Technology Management Methodology By James M. Dutcher.
ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.

ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.
Agenda COBIT 5 Product Family Information Security COBIT 5 content

Agenda COBIT 5 Product Family Information Security COBIT 5 content
Copyright 2005 CMMI and ITIL Alison Adams & Kieran Doyle.

Copyright 2005 CMMI and ITIL Alison Adams & Kieran Doyle.
TI BISNIS ITG using COBIT &

TI BISNIS ITG using COBIT &
COBIT Framework Source:

COBIT Framework Source:
Centro de Convenciones, August 22-23, 2006

Centro de Convenciones, August 22-23, 2006
COBIT - II.

COBIT - II.
IT Governance Capability Maturity within Government

IT Governance Capability Maturity within Government
Www.isaca-malta.org Roger Southgate Past President of ISACA London Chapter Member of the BSI Committees for Service Management and IT Governance Leader.

Roger Southgate Past President of ISACA London Chapter Member of the BSI Committees for Service Management and IT Governance Leader.
Using COBIT and ITIL Robert E Stroud CGEIT

Using COBIT and ITIL Robert E Stroud CGEIT

Similar presentations

Ads by Google