Presentation is loading. Please wait.

Presentation is loading. Please wait.

Click to see next slide COBIT5@MAVIM Speed up your GDPR program Develop your IT Management System Accelerate your Information Security System … WITHOUT.

Published byKarin Avis Simon Modified over 6 years ago

Similar presentations

Presentation on theme: "Click to see next slide COBIT5@MAVIM Speed up your GDPR program Develop your IT Management System Accelerate your Information Security System … WITHOUT."— Presentation transcript:

1 Click to see next slide Speed up your GDPR program Develop your IT Management System Accelerate your Information Security System … WITHOUT expensive consultancy fees….. ! Greet Volders Managing Consultant Voquals N.V.

2 Deliverables included in this service offering
Complete content of COBIT5 Available in the DataBase Presentable on your website GDPR compliant processes & documents Necessary procedures Useful Information Practical examples & templates Greet Volders _ Voquals N.V. MAVIM / COBIT5

3 Deliverables included in this service offering
Based on COBIT for Security Mapped to: ISO27001:2013 ISF (Information Security Forum) and NIST (National Institute of Standards and Technology) Additional integrated content RACI Level1 Process Capability Assessment IT related goals and metrics Specific templates for some processes Cross-reference to ITIL Greet Volders _ Voquals N.V. MAVIM / COBIT5

4 Website - homepage On the home page, you get access to the 4 most important parts of COBIT5, being : The processes, with flow and descriptions KPI’s based on the IT-related goals and KPI’s defined by Voquals Level 1 Process Capability Assessment execution & results RACI based on the standard RACI provided in COBIT5 On the home page, you get access to the 4 most important parts of COBIT5, being : The processes, with flow and descriptions KPI’s based on the IT-related goals and KPI’s defined by Voquals Level 1 assessment results RACI based on the standard RACI provided in COBIT5 Greet Volders _ Voquals N.V. MAVIM / COBIT5

5 Website - Processes Do you want to learn a about ...
In this solution, you do not only manage your IT-related processes, but ALL company processes in an integrated, coherent way. All organisationational structures are linked with the processes. Reporting is done in a consistent way. Do you want to learn a about ... COBIT5, Processes and reporting Voquals 4 GDPR Voquals 4 Info Security The END Greet Volders _ Voquals N.V. MAVIM / COBIT5

6 Website - GDPR Part of the management processes is GDPR
Greet Volders _ Voquals N.V. MAVIM / COBIT5

7 Website - GDPR GDPR contains all required processes,
and useful information, such as definitions, templates, examples Greet Volders _ Voquals N.V. MAVIM / COBIT5

8 Website - GDPR example process
Example : Manage Data Processor Agreeement With detailed description of the 2 sub-processes Greet Volders _ Voquals N.V. MAVIM / COBIT5

9 Website - GDPR example process
With detailed description of the 2 sub-parts Including links to Data Processor information And an example Data Processors’ Agreement With detailed description of the 2 sub-parts Including links to Data Processor information With detailed description of the 2 sub-parts Greet Volders _ Voquals N.V. MAVIM / COBIT5

10 Website - GDPR After the GDPR, do you want to learn a about ...
COBIT5, Processes and reporting Voquals 4 GDPR Voquals 4 Info Security The END Greet Volders _ Voquals N.V. MAVIM / COBIT5

11 Website - Security & Compliance
1 of the pre-defined views is related to Information Security & Compliance Greet Volders _ Voquals N.V. MAVIM / COBIT5

12 Website - Security & Compliance
Greet Volders _ Voquals N.V. MAVIM / COBIT5

13 Website - Security & Compliance
Greet Volders _ Voquals N.V. MAVIM / COBIT5

14 Website - Security & Compliance
Available description of the Manage Security process The same exist for all the other processes on the schema Greet Volders _ Voquals N.V. MAVIM / COBIT5

15 How to protect from Logical Attacks
We explain some examples to mitigate the threat of Logical Attacks : Security Process Goals, related metrics, resulting in Security Specific Actions Greet Volders _ Voquals N.V. MAVIM / COBIT5

16 How to protect from Logical Attacks
Security Specific Process Goals Information security requirements are embedded within the enterprise architecture and translated into a formal information security architecture Information security architecture is understood as part of the overall enterprise architecture is aligned and evolves with changes to the enterprise architecture Information security architecture framework and methodology are used to enable reuse of information security components across the enterprise. Related Metrics Number of exceptions to information security architecture standards Number of deviations between information security architecture and enterprise architecture Date of last review and/or update to information security controls applied to enterprise architecture Percent of projects that use the information security architecture framework and methodology Number of people trained in the information security framework and methodology Security Specific Activities Ensure inclusion of information security artefacts, policies and standards in the architecture repository. Ensure that information security is integrated across all architectural domains (e.g., business, information, data, applications, technology). Greet Volders _ Voquals N.V. MAVIM / COBIT5

17 How to protect from Logical Attacks
Related Metrics 1. Number of updates of the information security policy Management approval of the information security policy Security Specific Process Goals 1. An information security policy framework is defined and maintained. 2. A comprehensive information security strategy is in place and is aligned with the overall enterprise and IT strategy 3. cost-effective, appropriate, realistic, achievable, enterprise-focussed and balanced 4. aligned with long-term enterprise strategic goals and objectives. 2. Number of updates of the information security policy Management approval of the information security policy 3. Percent and number of initiatives for which a value metric (e.g., ROI) has been calculated Enterprise stakeholder satisfaction survey feedback on the effectiveness of the information security strategy 4. Percent of projects in the enterprise and IT project portfolios that involve information security Percent of IT initiatives/projects that have information security Security Specific Activities Ensure that information security requirements are included in the definition of target IT capabilities. Define the target state for information security. Define and agree on the impact of information security requirements on enterprise architecture, acknowledging the relevant stakeholders. Greet Volders _ Voquals N.V. MAVIM / COBIT5

18 How to protect from Logical Attacks
Related Metrics 3. Average time between change and update of accounts Number of accounts (vs. number of authorised users/staff) information security strategy Security Specific Process Goals 3. All users are uniquely identifiable and have access rights in accordance with their business roles. 4. Physical measures have been implemented to protect information from unauthorised access, damage and interference when being processed, stored or transmitted. 4. Percent of periodic tests of environmental security devices Average rating for physical security assessments Number of physical security-related incidents Security Specific Activities 3. Authenticate all access to information assets based on their security classification, co-ordinating with business units that manage authentication within applications used in business processes to ensure that authentication controls have been properly administered. 4. Administer all changes to access rights (creation, modifications and deletions) to take effect at the appropriate time, based only on approved and documented transactions authorised by designated management individuals. Greet Volders _ Voquals N.V. MAVIM / COBIT5 Greet Volders _ Voquals N.V. MAVIM / COBIT5

19 How to protect from Logical Attacks
Related Metrics 1. Number of enterprise and IT processes with which information security is integrated Percent of processes and practices with clear traceability to principles Number of information security breaches related to non-compliance with ethical and professional behaviour guidelines Security Specific Process Goals 1. The information security governance system is embedded in the enterprise. 2. Assurance is obtained over the information security governance system. 2. Frequency of independent reviews of governance of information security Frequency of governance of information security reporting to the executive committee and board Number of external/internal audits and reviews Number of non-compliance issues Security Specific Activities Evaluate the extent to which information security meets the business and compliance/regulatory needs. Articulate principles that will guide the design of information security enablers and promote a security-positive environment. Understand the enterprise’s decision-making culture and determine the optimal decision-making model for information security. Greet Volders _ Voquals N.V. MAVIM / COBIT5

20 How to protect from Logical Attacks
Security Specific Process Goals 1. A system is in place that considers and effectively addresses enterprise information security requirements. 2. A security plan has been established, accepted and communicated throughout the enterprise. 3. Information security solutions are implemented and operated consistently throughout the enterprise. Security Specific Activities Define the scope and boundaries of the ISMS Define an ISMS in accordance with enterprise policy and aligned with the enterprise, the organisation, its location, assets and technology. Conduct internal ISMS audits at planned intervals. Maintain, as part of the enterprise architecture, an inventory of solution components that are in place to manage security-related risk. Related Metrics 1. Number of key security roles clearly defined Number of security-related incidents 2. Level of stakeholder satisfaction with the security plan throughout the enterprise Number of security solutions deviating from the plan Number of security solutions deviating from the enterprise architecture 3. Number of services with confirmed alignment to the security plan Number of solutions developed with confirmed alignment to the security plan Greet Volders _ Voquals N.V. MAVIM / COBIT5

21 Website - Security & Compliance
After Information Security & Compliance, do you want to learn a about ... COBIT5, Processes and reporting Voquals 4 GDPR Voquals 4 Info Security The END Greet Volders _ Voquals N.V. MAVIM / COBIT5

22 Website - ICT Processes
IT processes are part of the Supportive Processes In this part, you find 4 possible views on the complete set of 37 COBIT5 processes If you click in ICT, you receive the COBIT5 Process Reference Model Greet Volders _ Voquals N.V. MAVIM / COBIT5

23 Website - COBIT Processes
All 37 COBIT5 processes are present in this overview Via this schema you can consult all the processes This can be done by clicking on the process-box All 37 COBIT5 processes are present in this overview Via this schema you can consult all the processes presented. This can be done by clicking on the box or by clicking on the “+” Greet Volders _ Voquals N.V. MAVIM / COBIT5

24 Website - COBIT Processes, example
After clicking on the process, you receive the detailed flow, with – at the right, the introduction to this process. For each of the detailed boxes exists a description, which can be seen by clicking on each box. These are the steps for “Manage Security Services” Process DSS05 in COBIT5. After clicking on the “+”, you receive the detailed flow, with – at the right, the introduction to this process. For each of the detailed boxes exist a description, which can be seen by clicking on each box. Greet Volders _ Voquals N.V. MAVIM / COBIT5

25 Website - COBIT Processes, example
By clicking on 1 box, you receive the detailed content of that process. See example for the last practice of “Managing Security Services”, Periodic Reporting. Greet Volders _ Voquals N.V. MAVIM / COBIT5

26 Website - COBIT Processes
By clicking on the tree-structure, you find the processes grouped into : Primary Management Supportive processes If you click on the tree-structure, you find the processes grouped into : Governance of IT (EDM processes) Management of IT (APO-, BAI-, DSS-processes) Monitor, Evaluate and Assess In the MAVIM db, you find the same structure. Greet Volders _ Voquals N.V. MAVIM / COBIT5

27 Website - COBIT Processes
Under Supportive Processes, you find all IT-related views on the processes ICT, which contains the complete COBIT5 process set IT Service Management = ITIL oriented IT Project Management Security & Compliance If you click on the tree-structure, you find the processes grouped into : Governance of IT (EDM processes) Management of IT (APO-, BAI-, DSS-processes) Monitor, Evaluate and Assess In the MAVIM db, you find the same structure. Greet Volders _ Voquals N.V. MAVIM / COBIT5

28 Website - COBIT Processes
The ICT processes are divided in : Governance of IT (EDM processes) Management of IT (APO-, BAI-, DSS-processes) Monitor, Evaluate and Assess (MEA processes) If you click on the tree-structure, you find the processes grouped into : Governance of IT (EDM processes) Management of IT (APO-, BAI-, DSS-processes) Monitor, Evaluate and Assess In the MAVIM db, you find the same structure. Greet Volders _ Voquals N.V. MAVIM / COBIT5

29 Website - IT Service Processes
Another view on your IT processes can easily be created. This schema shows the example for IT Service Management The next schema is focusing on IT Development All the processes mentioned on this schema refer to the – already created – COBIT5 processes In this way it’s easy to create your own process structure. Another view on your IT processes can easily be created. This schema shows the example for IT Service Management The next schema is focusing on IT Development All the processes mentioned on this schema refer to the – already created – COBIT5 processes. In this way it’s easy to create your own process structure. Some examples are given below. Greet Volders _ Voquals N.V. MAVIM / COBIT5

30 Website - IT Project Delivery
Another view on your IT processes can easily be created. This schema shows the example for IT Service Management The next schema is focusing on IT Development All the processes mentioned on this schema refer to the – already created – COBIT5 processes. In this way it’s easy to create your own process structure. Some examples are given below. Greet Volders _ Voquals N.V. MAVIM / COBIT5

31 Website - KPI’s Other management tools available are :
Level 1 Process Capability Assessment KPI’s (Key Performance Indicators) RACI (Responsibility matrix) Greet Volders _ Voquals N.V. MAVIM / COBIT5

32 Website - Level 1 Level1 Process Capability Assessment is based on the COBIT5 Process Assessment Model (PAM), which enables assessments by enterprises to support process improvement. Level 1 is the assessment against the practices and work products, which are specific for each process. Greet Volders _ Voquals N.V. MAVIM / COBIT5

33 Website - KPI’s The Key Performance Indicators, based on
the IT-related goals, the Goals & Metrics per process, and specific experience of Voquals. Greet Volders _ Voquals N.V. MAVIM / COBIT5

34 Website - RACI Identifies who is Responsible or Accountable for the Practice / Activities, and who is Consulted and Informed about the Practice / Activities Greet Volders _ Voquals N.V. MAVIM / COBIT5

35 Website - Processes After the generic information on the COBIT5 solution, do you want to learn a about ... COBIT5, Processes and reporting Voquals 4 GDPR Voquals 4 Info Security The END Greet Volders _ Voquals N.V. MAVIM / COBIT5

36 More Information - Coordinates
Voquals N.V. Greet Volders Phone Genebroek 34 Mobile 2450 Meerhout, Belgium Website MAVIM See video’s for more information on MAVIM and their other solutions Business Process & Quality Management and demonstration Governance, Risk & Compliance and demonstration Application Implementation Management and demonstration IT Portfolio Management and demonstration Strategic Portfolio Management and demonstration Enterprise Architecture and demonstration               Greet Volders _ Voquals N.V. MAVIM / COBIT5

Download ppt "Click to see next slide COBIT5@MAVIM Speed up your GDPR program Develop your IT Management System Accelerate your Information Security System … WITHOUT."

Similar presentations

Alignment of COBIT to Botswana IT Audit Methodology

Alignment of COBIT to Botswana IT Audit Methodology
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Agenda COBIT 5 Product Family Information Security COBIT 5 content

Agenda COBIT 5 Product Family Information Security COBIT 5 content
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.

AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
By Collin Smith http://techinitiatives.blogspot.com COBIT Introduction By Collin Smith http://techinitiatives.blogspot.com.

By Collin Smith COBIT Introduction By Collin Smith
ISS IT Assessment Framework

ISS IT Assessment Framework
Benchmarking as a management tool for continuous improvement in public services u Presentation to Ministry of Culture of the Russian Federation u Peter.

Benchmarking as a management tool for continuous improvement in public services u Presentation to Ministry of Culture of the Russian Federation u Peter.
How can projects be controlled?

How can projects be controlled?
COBIT 5: Framework, BMIS, Implementation and future Information Security Guidance Presented by.

COBIT 5: Framework, BMIS, Implementation and future Information Security Guidance Presented by.
COBIT® 5 for Risk Introduction

COBIT® 5 for Risk Introduction
Project Human Resource Management

Project Human Resource Management
What is Business Analysis Planning & Monitoring?

What is Business Analysis Planning & Monitoring?
Developing Enterprise Architecture

Developing Enterprise Architecture
Information Security Governance 25 th June 2007 Gordon Micallef Vice President – ISACA MALTA CHAPTER.

Information Security Governance 25 th June 2007 Gordon Micallef Vice President – ISACA MALTA CHAPTER.
Continual Service Improvement Process

Continual Service Improvement Process
Organize to improve Data Quality Data Quality?. © 2012 GS1 To fully exploit and utilize the data available, a strategic approach to data governance at.

Organize to improve Data Quality Data Quality?. © 2012 GS1 To fully exploit and utilize the data available, a strategic approach to data governance at.
GRC - Governance, Risk MANAGEMENT, and Compliance

GRC - Governance, Risk MANAGEMENT, and Compliance
The Challenge of IT-Business Alignment

The Challenge of IT-Business Alignment
Certificate IV in Project Management Introduction to Project Management Course Number 17871 Qualification Code BSB41507.

Certificate IV in Project Management Introduction to Project Management Course Number Qualification Code BSB41507.

Similar presentations

Ads by Google