COBIT - IT Governance
Maintain Security Smooth running of the system Meet Organization Mission Network Platform Ongoing Compliance Cost Effective Turnover IT governance is an integrated part of the organization and main resistibility of Executive and senior management. : With vast dependence on technology devices and to achieve the above objective. Organization are in need to introduce an It governance in place; Organization need a clear structure policy or set or responsibilities for all organization IT users Mitigating any possible riks that can interrupt the smooth of operational activities. Verification of different employees access levels and identity.
IT Governance Measures Vision/Mission It ensure the integration between business objectives to meet with different IT plans that do interrupt the smooth of operations Value Added Enhance IT outputs with promising costs that can added value to the main organization strategy i.e. ensure the value of IT. Better Resource Utilization Here resources are not only the operators that use the system, but a proper management of different resources times , IT resources, applications, integration and speed i.e. knowledge and interfaces Risk management Highlight the different risks that may occur on different operational activities. Raise the awareness of such risks, giving an opportunity to analyse and mitigate them. Dedicate different responsibilities that can manage, monitor and identify any risks as soon as it occurs or a chance of its occurrence. This slide highlights the five focus areas of IT governance as defined by ITGI. Performance Efficiency Plan, act, check (track) and monitor different project phases for a successful completion. Managing of resource, process performance measures i.e. maintain value added activities with the process, ensure completion of the service on time and as required to meet the market demand and organization strategy
IT Governance Principles Ensuring Confidentiality Allowing authorized user to modify/ access to information Preventing unauthorized users to access information Ensuring that information and resources are accessible when needed Preventing information and resources from being inaccessible when needed Functional Policies Procedures Standards Guidelines Baselines Laws, Regulations, Requirements, Organizational Goals, Objectives General Organizational Policies
Policies and Procedures are statements of management intentions and goals Backup Stakeholders and senior management support Meet organization mission Clear instruction for the use of internet, log on and different internet information Procedures Clear steps to perform different activities Detailed of the identify organization Detailed user accounts setting up, passwords , access level Identify roles and responsibilities
Standards and Guidelines formalize the use of technology in a structured manner Identify the use of different platforms settings and configuration, applications and tools Guidelines are recommended methods for performing a task Recommended, but not required Malware cleanup, spyware removal, data conversion, sanitization, etc Baselines Applying different technologies and versions from different vendors Install network server baselines
COBIT Framework Characteristics COBIT is a framework that mitigate the gaps between business process control needs, control needs and technical problem i.e. standardisation of good practices COBIT - Control Objectives for Information and Related Technology : Starts from mapping business requirements Leverage resource required for IT process-orientation and activities into an effective model Defines the stakeholders and management policy Monitor, control and sustain different objectives to be met on time. Incorporates major international standards This slide summarises the main attributes of the COBIT framework.
COBIT Framework Characteristics It recognizes globally as IT standard practice and audit Defines IT goals to meet with the business ones and vice versa User friendly and can be understood by different operators level Maintain security of different devices that be used through network nodes. Clear identification of ownership and responsibilities General acceptability with third parties and regulators Shared understanding amongst all stakeholders, based on a common language Meet COSO IT control requirements This slide summarises the main attributes of the COBIT framework.
COBIT: Framework Advantages It can be work in parallel with our IT techniques and framework, Provide a well structure and flexible working environment Provides a well maintained control environment Update its owns interference according to different safety regulatory Recent corporate scandals have increased regulatory pressures on boards of directors to report their status and ensure that internal controls are appropriate. This pressure covers IT controls as well It is a proven to be globally accepted standard to enhance the use of IT for organizational success. Implement Global IT professionals ideas to improve its activities and to keep in pace with good practice and market needs It direct and improves IT governance procedures in organizations.
IT Governance – COBIT Business Requirements Aligning business objectives with IT ones Ensure the implementation and meeting business strategy. Supported business measures metrics, can ensure to the value delivery and not looking only at the technical aspects. When organizations implement COBIT, their focus is more process-oriented. Incidents and problems no longer divert attention from processes. Exceptions can be clearly defined as part of standard processes.
IT Governance – COBIT With process ownership defined, assigned and accepted, the organization is better able to maintain control through periods of rapid change or organizational crisis. COBIT maintains the IT life cycle in four categories: Plan and Organize Organization policy an procedures Acquire and Implement Access level Deliver and Support Meet business mission and goals Monitor and Evaluate Control and Sustain
COBIT Cube: Information Criteria (Cont.) Effectiveness Maintain and availability of relevant information in a timely, correct and useful manner when and where it is needed Efficiency Enhance the synchronization of tasks and activities to improve operational efficiency Confidentiality Protect the sensitivity of information Integrity Maintain the accuracy and completeness of different information access to meet with business mission and objectives Availability Availability of information when and where is needed, hence securing different network platform e.g. mobility and cloud systems Compliance Adherence to laws, policies, regulations along with internal and external policies. Reliability Management approval for different IT governance and regulation to meet with economic , market and social needs Fiduciary Requirements Security Requirements Quality Requirements Information Criteria IT Resources IT Processes
References http://www.rsd.com/en/products/rsd-glass RSD information governance definition [Kooper, M., Maes, R., and Roos Lindgreen, E. (2011). On the governance of information: Introducing a new concept of governance to support the management of information. International Journal of Information Management, 31(3), 195-200] http://www.arma.org/pdf/WhatIsRIM.pdf https://www.igt.hscic.gov.uk/ http://www.arma.org/principles http://www.arma.org/principles/metrics.cfm White Paper (2011). Ledergerber, Marcus, ed. How the Information Governance Reference Model (IGRM)Complements ARMA International’s Generally Accepted Recordkeeping Principles). EDRM and ARMA International. p. 15. RSD. "RSD". http://en.wikipedia.org/wiki/RSD_(company). http://www.irs.gov/businesses/corporations/article/0,,id=236667,00.html https://www.pcisecuritystandards.org/