Download presentation
Published byMagnus Montgomery Modified over 8 years ago
1
COBIT 5 Update FEI/CFIT Meeting December 15, 2011
Presented by: Mike O. Villegas, CISA, CISSP, GSEC, CEH Director of Information Security Newegg, Inc. President – ISACA LA Chapter
2
Technology Dependence
Information is a key resource for all enterprises, and throughout the whole life cycle of information there is a huge dependency on technology. Today, more than ever, enterprises need to achieve increased: Value creation through enterprise IT Business user satisfaction with IT engagement and services Compliance with relevant laws, regulations and policies
3
COBIT COBIT has had four major releases:
In 1996, the first edition of COBIT was released. In 1998, the second edition added "Management Guidelines". In 2000, the third edition was released. In 2003, an on-line version became available. In December 2005, the fourth edition was initially released. In May 2007, the current 4.1 revision was released. COBIT 5 is scheduled to release in 2012, will consolidate and integrate the COBIT 4.1, Val IT 2.0 and Risk IT frameworks, and also draw significantly from the Business Model for Information Security (BMIS) and ITAF.
4
Evolution of COBIT COBIT has evolved from an auditor’s tool to an IT governance framework, used increasingly by IT management.
5
COBIT Overview Business orientation is the main theme of COBIT.
Business orientation is the main theme of COBIT. It is designed not only to be employed by IT service providers, users and auditors, but also, and more important, to provide comprehensive guidance for management and business process owners. The COBIT framework is based on the following principle (figure 5): To provide the information that the enterprise requires to achieve its objectives, the enterprise needs to invest in and manage and control IT resources using a structured set of processes to provide the services that deliver the required enterprise information. Managing and controlling information are at the heart of the COBIT framework and help ensure alignment to business requirements. Business orientation is the main theme of COBIT.
6
COSO Framework The COSO framework involves several key concepts:
Internal control is a process. It is a means to an end, not an end in itself. Internal control is affected by people. It’s not merely policy, manuals, and forms, but people at every level of an organization. Internal control can be expected to provide only reasonable assurance, not absolute assurance, to an entity’s management and board. Internal control is geared to the achievement of objectives in one or more separate but overlapping categories.
7
COBIT 5 Initiative The initiative charge from the Board of Directors is to “tie together and reinforce all ISACA knowledge assets with COBIT.” The COBIT 5 Task Force: Includes experts from across the ISACA constituency groups Is co-chaired by John Lainhart (Past International President) and Derek Oliver (Past Chairman of the BMIS Development Committee) Reports to the Framework Committee and then the Knowledge Board © 2011 ISACA. All rights reserved. 7
8
COBIT 5 Objectives COBIT 5 will:
Provide a renewed and authoritative governance and management framework for enterprise information and related technology, building on the current widely recognized and accepted COBIT framework, linking together and reinforcing all other major ISACA frameworks and guidance such as: Val IT Risk IT BMIS ITAF Board Briefing Taking Governance Forward Connect to other major frameworks and standards in the marketplace (COSO, ITIL, ISO standards, etc.) © 2011 ISACA. All rights reserved. 8
9
Other COBIT Resources Val IT is a governance framework including generally accepted guiding principles and supporting processes related to the evaluation and selection of IT-enabled business investments Risk IT is a framework based on a set of guiding principles for effective management of IT risk. BMIS (Business Model for Information Security) a holistic and business-oriented approach to managing information security ITAF (IT Assurance Framework) a framework for design, conduct and reporting of IT audits and assurance assignments
10
The COBIT 5 Framework An initial publication introduces, defines and describes the components that make up the COBIT Framework Principles Architecture Enablers Introduction to implementation guidance and the COBIT process assessment approach © 2011 ISACA. All rights reserved
11
COBIT 5 Principles Integrator Framework Stakeholder Value Driven
Business and Context Focused Enable Based Governance and Management Structured © 2011 ISACA. All rights reserved
12
COBIT 5 Architecture © 2011 ISACA. All rights reserved
13
Governance Objective © 2011 ISACA. All rights reserved
14
Benefits of Using COBIT 5
Enterprisewide benefits: Increased value creation through effective governance and management of enterprise information and technology assets Increased business user satisfaction with IT engagement and services–IT seen as a key enabler. Increased compliance with relevant laws, regulations and policies IT function becomes more business focused Increases the COBIT 5 users’ contribution to the enterprise © 2011 ISACA. All rights reserved
15
Enabler-based Culture, Ethics, Behavior Organizational Structures
COBIT 5 Enablers—Systemic Model With Interacting Enablers Culture, Ethics, Behavior Organizational Structures Information Principles and Policies Skills and Competencies Service Capabilities Processes © 2011 ISACA. All rights reserved
16
Process Enabler Model Stakeholders Attributes Goals & Metrics
Good Practices Lifecycle © 2011 ISACA. All rights reserved
17
Process Reference Guide
A separate publication that expands on the process-enabler model Contains full details of the COBIT processes in a similar way to the process documentation in COBIT 4.1 © 2011 ISACA. All rights reserved
18
Governance and Management Processes
Enables multiple stakeholders to have an organized say on evaluating options, setting direction, and monitoring compliance and progress against established plans Management Judicious use of means (resources, people, processes, practices) to achieve an identified end © 2011 ISACA. All rights reserved
19
COBIT 4.1 Processes
20
COBIT 5 Process Reference Model
How many processes now? 36! © 2011 ISACA. All rights reserved
21
Implementation Guidance
A separate publication Based on the current implementation guidance publication © 2011 ISACA. All rights reserved
22
Implementation Guide What are the drivers? Where are they now?
Where do we want to be? What needs to be done? How do we get there? Did we get there? How do we keep the momentum going?
23
On COBIT Process Capability Assessment
The process maturity model of COBIT 4.1 has been replaced with a capability model based on ISO/IEC to align with and support a separate ISACA initiative, the COBIT Assessment Program (CAP). © 2011 ISACA. All rights reserved
24
Process Capability Model Comparison
COBIT 4.1 Maturity Model Levels COBIT 5 ISO/IEC Based Capability Levels Meaning of the COBIT 5 ISO/IEC Based Capability Levels Context 5. Optimised Continuously improved to meet relevant current and projected enterprise goals. Enterprise view/ corporate knowledge 4. Managed and Measurable 4. Predictable Operates within defined limits to achieve its process outcomes. 3. Defined 3. Established Implemented using a defined process that is capable of achieving its process outcomes. N/A 2. Managed Implemented in a managed fashion (planned, monitored and adjusted) and its work products are appropriately established, controlled and maintained. Instance view/ individual knowledge 1. Performed Process achieves its process purpose. 2. Repeatable 1. Ad Hoc 0. Non-existent 0. Incomplete Not implemented or little or no evidence of any systematic achievement of the process purpose. © 2011 ISACA. All rights reserved
25
Moving Forward COBIT 5 is a major, high-profile, strategic initiative for ISACA. Market validation of the development work (i.e., the public exposure of the Framework and Process Reference Guide products) was sent out in June 2011 to ensure that ISACA remains on the right track to satisfy market needs. SME exposure of the implementation guidance was recently released in late 2011. Delivery of all three products to the market is planned for early 2012. © 2011 ISACA. All rights reserved
26
On the ISACA web site, www.isaca.org/COBIT5
COBIT 5 News As the initiative progresses throughout 2011 and 2012 there will be periodic updates provided: On the ISACA web site, In the COBIT Focus newsletter In other ISACA membership communications, events, marketing materials and PR activities © 2011 ISACA. All rights reserved
27
Bio Miguel (Mike) O. Villegas is the Director of Information Security at Newegg Inc. and is responsible for Information Security, Sarbanes-Oxley (SOX) ITGC, and PCI DSS (Payment Card Industry Data Security Standard) compliance. Mike has over 30 years of Information Systems security and IT audit experience. Mike was previously VP & Technology Risk Manager for Wells Fargo Services responsible for IT Regulatory Compliance and was a partner at Ernst & Young and Arthur Andersen over their information systems security and IS audit groups over a span of nine years. Mike is a CISA, CISSP, GSEC, and CEH. Mike is currently President of the LA Chapter of ISACA and was President of the San Francisco Chapter of ISACA in
28
THANK YOU!
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.