1 Chapter 2 Reference Models, Standards & Frameworks.

Slides:

Advertisements

Similar presentations

Security Frameworks Robert M. Slade, MSc, CISSP

Advertisements

Chapter 10 Accounting Information Systems and Internal Controls

Agenda COBIT 5 Product Family Information Security COBIT 5 content

©2006 OLC 1 Process Management: The Foundation for Achieving Organizational Excellence Process Management Implementation Worldwide.

Copyright 2005 CMMI and ITIL Alison Adams & Kieran Doyle.

Sarbanes Oxley & CMMI Mazars / Lamri

CPIS 357 Software Quality & Testing I.Rehab Bahaaddin Ashary Faculty of Computing and Information Technology Information Systems Department Fall 2010.

© The McGraw-Hill Companies, Inc., 2008 McGraw-Hill/Irwin 1-1 Financial Accounting THIRTEENTH EDITION Williams Haka Bettner Carcello.

Organizational Project Management Maturity Organizational Project Management Maturity Model (OPM3) PMI-MN Breakfast sessions Process Management.

1/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley CMM vs. ISO David S. Craft CIRM, PMP Engineering & Manufactuing Services.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

© The McGraw-Hill Companies, Inc., 2008 McGraw-Hill/Irwin 1-1 Accounting Information for Decision Making Chapter 1.

Glen Knight, PMP, CSP President How Mature Do You Think Your Are? The Project Management Maturity Model.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

Information Security Governance and Risk Chapter 2 Part 1 Pages 21 to 69.

Capability Maturity Model Integration (CMMI) COMP Group Assignment #1 Ario Nejad, Davit Stepanyan, Ian Jackman, Sebastian Henneberg, Wan Chi Chio.

Karen Evans, national director of the U.S. Cyber Challenge and former Office of Management and Budget administrator Auditor Responsibility?

Chicagoland IASA Spring Conference

Project Management Methodology More about Quality Control.

A NASSCOM ® Initiative Security and Quality Kamlesh Bajaj CEO, DSCI May 23, 2009 NASSCOM Quality Summit Hyderabad 1.

Information Security Framework & Standards

Bucharest, Romania October 2006 The World is Changing and so is Information Assurance Management This document is confidential and is intended solely for.

The Evergreen, Background, Methodology and IT Service Management Model

Evolving IT Framework Standards (Compliance and IT)

Continual Service Improvement Process

Karen Evans, national director of the U.S. Cyber Challenge and former Office of Management and Budget administrator Auditor Responsibility?

Karen Evans, national director of the U.S. Cyber Challenge and former Office of Management and Budget administrator Auditor Responsibility?

ISA 562 Internet Security Theory & Practice

Vijay V Vijayakumar.  SOX Act  Difference between IT Management and IT Governance  Internal Controls  Frameworks for Implementing SOX  COSO - Committee.

Chapter Three IT Risks and Controls.

Overview:  Different controls in an organization  Relationship between IT controls & financial controls  The Mega Process Leads  Application of COBIT.

IT Pro Day Auditing in SQL Server 2012 Charley Hanania Principal Consultant, QS2 AG – Quality Software Solutions

Everyone’s Been Hacked Now What?. OakRidge What happened?

1 Chapter Three IT Risks and Controls. 2 The Risk Management Process Identify IT Risks Assess IT Risks Identify IT Controls Document IT Controls Monitor.

CSI - Introduction General Understanding. What is ITSM and what is its Value? ITSM is a set of specialized organizational capabilities for providing value.

Roadmap to Maturity FISMA and ISO 2700x. Technical Controls Data IntegritySDLC & Change Management Operations Management Authentication, Authorization.

An Integrated Control Framework & Control Objectives for Information Technology – An IT Governance Framework COSO and COBIT 4.0.

Committee of Sponsoring Organizations of The Treadway Commission Formed in 1985 to sponsor the National Commission on Fraudulent Financial Reporting “Internal.

1 Information Technology (IT) Auditing & Control Instructor: Dr. Princely Ifinedo Cape Breton University (CBU)

Tallahassee Area Chapter of NIGP September 14, 2006 DMS Office of Efficient Government.

ITIL Framework. What is ITIL ? ITIL stands for the Information Technology Infrastructure Library. ITIL is the international de facto management framework.

Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.

IT Governance: COBIT, ISO17799 & ITIL. Introduction COBIT ITIL ISO17799Others.

SEI CMM Robert Johnson Bobby Kolski Rafi Seddiqi Kumeel Alsmail.

Everyone’s Been Hacked Now What?. OakRidge What happened?

© The McGraw-Hill Companies, Inc., 2008 McGraw-Hill/Irwin Principles of Accounting (Accounting 1 for BBA - Undergraduate) SBS Victor Yerris, PhD

CSE4002CMMI Capability Maturity Model Integration (CMMI) CMMI is replacing the well established CMM rating for software developers and systems engineers.

McGraw-Hill/Irwin Copyright © 2010 by The McGraw-Hill Companies, Inc. All rights reserved. Accounting and the Business Environment Chapter 1.

© | Hansan Global | All Rights Reserved WELCOME Hansan Global Pte Ltd For illustration.

IT GOVERNANCE  Objective : The objective of this area is to ensure that the Certified Information Systems Auditor ( CISA ) candidate understands and can.

Samantha Schreiner University of Illinois at Urbana- Champaign BA 559 – Professor Michael Shaw December 15 th, 2008 A Survey of IT Governance Through COBIT,

COBIT®. COBIT® - Control Objectives for Information and related Technology. C OBI T was initially created by the Information Systems Audit & Control Foundation.

International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.

ITIL VS COBIT 06 PLM - Group 9

2/20/2016 Leveraging IT Governance and COBIT Chip Council, PhD, CGEIT, CISM, CISA Matt Schmidt, MS, CISSP, CISA Adjunct Professors, University of Minnesota.

C OBI T Brooke Pollack & Ian Paul November 14, 2007.

© | Hansan Global | All Rights Reserved 1 INTRODUCTION TO IT SERVICE MANAGEMENT Hansan Global Pte Ltd.

1 Security Architecture and Designs  Security Architecture Description and benefits  Definition of Trusted Computing Base (TCB)  System level and Enterprise.

Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.

Certification: CMMI Emerson Murphy-Hill. Capability Maturity Model Integration (CMMI) Creation of the Software Engineering Institute (SEI) at Carnegie.

By Oliver Arnold. WHAT IS A PROJECT? WHAT IS PROJECT MANAGEMENT?  Projects are anything which involve change.  Projects have a beginning and an end.

1 Using CobiT to Enhance IT Security Governance LHS © John Mitchell John Mitchell PhD, MBA, CEng, CITP, FBCS, MBCS, FIIA, CIA, CISA, QiCA, CFE LHS Business.

Dr. Yeffry Handoko Putra, M.T

Introduction Outline: Importance IT Governance

BIL 424 NETWORK ARCHITECTURE AND SERVICE PROVIDING.

EITS Planning & Decision Support

IT and Project Management Best Practice Training

Accounting and the Business Environment

PROJECT MANAGEMENT MATURITY MODEL (PMMM)

Presentation transcript:

1 Chapter 2 Reference Models, Standards & Frameworks

2 Learning Objectives  IT Governance frameworks  Related industry standards, guideline  Maturity model, reference  การเลือกใช้งาน framework

3 ข้อจำกัดของ model, standard, framework  ส่วนใหญ่ ไม่ครบวงจร  ไม่มี How to Process Template Checklist Tools  Too flexible / too rigid

4 Integrated IT Governance Framework  Philosophy  Key issue  Legal  Maturity  Culture

5 Maturity model

6 เนื้อหาสำคัญและจำเป็นใน Framework / Model (from chapter1) 1.Business plan 2.IT plan ที่สัมพันธ์กับ ข้อ 1, investment port folio 3. การนำ IT plan ไปปฏิบัติ, ความเสี่ยง, ภัย 4. ประสิทธิภาพ ตัวควบคุม ตัววัด 5.Vendor & Outsourcing 6.IT People, process improvement

7 International Standards & Frameworks: Focus Areas  IT Governance – General  Project management  System/Software development  Quality/Security  IT Operations & Infrastructure More….

8 International Standards & Frameworks: Focus Areas cont.  Human Resources  Performance measurement  Regulatory Compliance  Outsourcing & Vendor management  Voice of Customer

9 IT Governance -General  ModelName CObit  Author ITGI/ Well & Ross / U of Holland v  Use A framework which links IT process Decision maker  Certification: CISA/ CISM

10 IT Governance –General cont.  Model name COSO internal control framework  Author COSO Comittee of Sponsoring Organsations of Tredway Comission, AICPA, AAA  Use Reliability of financial statement

COSO  Consists of 5 components Control environment Risk assessment Control activities Information & communications Monitoring 11

12 Project Management  Model IT Investment Management (ITIM)  Author General Account Office (GAO) of US Government  Use Evaluate select & prioritize IT investment

ITIM Maturity stages 13

14 Project Management cont.  Model PMBOK – Project Mamangement Book of Knowledge OPM3 Organizational PM Maturity Model  Author Project Management Institute PMI, 2004  Use 9 Knowledge & 5 Processes areas of PM Tool for self assessment PM maturity  Certification PMP Project Management Professional

OPM3 Framework 15

16 Project Management cont.  Model PMMM – PM Maturity Model blends PMBOK with CMMI  Author Crawford 2002  Use Map CMMI to PMBOK to provide PM maturity roadmap

17 Project Management cont.  Model PRINCE2  Author Central Computer and Telecommunications Agency (CCTA) or Office of Government Commerce (OGC)  Use UK Government application development

18 System / Software Development  Model Capability Maturity Model Integration (CMMI)  Author SEI / Carnegie Melon University 2002, 2005  Use 5 stage maturity acquisition / system & software development  Certification Organization: Level of maturity

19 Quality /Security cont.  Model ISO 9001  Author Motorola & GE ( ร่วมกันศึกษา )  Use Quality management policy

20 8 Quality principle ISO  Customer  Leadership  People  Process approach  System approach (inter-process)  Continuous Improvement  Decision on facts  Supplier management

21 Quality /Security  Model Six sigma, Lean, Baldridge Quality Award  Author Motorola & GE  Use Reduce error & defect  Certification: black belt

22 Quality /Security cont.  Model ISO ISO27001 implementation guideline for  Author ISO 2005  Use IT security model  Certification organizational level

23 ISO &  Plan-Do-Check-Act (PDCA model) Plan Do: implement / operated /maintained Check: monitored/measured/ audited/reviewed Act: improved  11 security policy domains

24 IT Operation & Infrastructure  Model ISO  Author ITSMF IT Service Management Forum V  Use 10 processes of IT service management

25 ISO  Key Process 1.Service Level Management SLM 2.Service delivery 3.Relationship management (supplier) 4.Resolution management (Problem) 5.Control & release (Config & change)

26 IT Operation & Infrastructure  Model ITIL IT Infrastructure Library v2 v3  Author CCTA, APMG Accrediting Professional Management group 2007  Use 10 processes of IT service management

27 Human Resource  Model P-CMM people capability maturity model  Author SEI software engineering institute, Carnegie Mellon University  Use Advancing people & competencies

28 Performance management  Model Balance Scored Card, Critical success Factor  Author Kaplan & Norton, Cattuci, Rockhart  Use วัดผลของความสำเร็จด้วย กลยุทธ์

29 Outsourcing & Vendor Management  Model OPBOK, eSCM (eSourcing Capability Model)  Author Carnegie Mellon University  Use How to outsource IT & how to manage vendor  Certification: COP Certify Outsourcing Personal

30 Outsourcing & Vendor Management  eSCM eSCM –SP for service provider eSCM – CL for customer  OPBOK Outsourcing Processional Body of Knowledge

31 Customer  Model VOC Voice of Customer  Author Kano  Use Customer requirement

32 Regularity Compliance กฎหมาย  Model Sarbanes-Oxley Act SOX 2002  Author US Congress  Use For Board & executive responsibility

33 Regularity Compliance กฎหมาย cont. Sarbanes-Oxley Act of 2002  Public Company Accounting Reform and Investor Protection Act of 2002  SOX or Sarbox  Senator Paul Sarbanes (D-MD) and Representative Michael G. OxleyPaul SarbanesDMDMichael G. Oxley  SOX Section 404: Assessment of internal control

34 Regularity Compliance กฎหมาย cont. AS 8000 / AS 8015  Model AS8000 for enterprise governance AS8015 for ICT governance  Author Standard Australia 2003

35 Regularity Compliance กฎหมาย cont.  Model FDA, FDIC, HIPPA, SEC  Author US government agency  Use Selected industry

ค้นคว้าต่อ chapter The Carnegie Mellon Software Engineering Institute (SEI) สมาคมผู้ควบคุมและตรวจสอบระบบ สารสนเทศ - ภาคพื้นกรุงเทพฯ The American Institute of Certified Public Accountants (AICPA) The American Accounting Association The General Accounting Office (GAO), created by the Budget and Accounting Act Project management Institute The Office of Government Commerce (OGC) is the most widely accepted approach to IT service management Professor Noriaki Kano