Presentation is loading. Please wait.

Presentation is loading. Please wait.

Www.isaca-malta.org Roger Southgate Past President of ISACA London Chapter Member of the BSI Committees for Service Management and IT Governance Leader.

Similar presentations


Presentation on theme: "Www.isaca-malta.org Roger Southgate Past President of ISACA London Chapter Member of the BSI Committees for Service Management and IT Governance Leader."— Presentation transcript:

1 www.isaca-malta.org Roger Southgate Past President of ISACA London Chapter Member of the BSI Committees for Service Management and IT Governance Leader of the COBIT Development Group in London Obtaining Assurance from IT through governance frameworks

2 www.isaca-malta.org Delegate Update 2 The next five slides were added to my presentation to provide some more detail on COBIT Security Baseline, which was introduced by Eric in the session immediately before lunch

3 www.isaca-malta.org 3 Page 16 - 22 C OBI T Security Baseline Structure 48 Pages

4 www.isaca-malta.org 4 Plan and Organise  Define the security strategy and the information architecture  Define the IT Organisation and relationships  Communicate management aims and direction  Manage IT human resources  Assess and manage IT risks Acquire and Implement  Identify automated solutions  Acquire and maintain application technology infrastructure  Enable operation and use  Manage changes  Install and accredit solutions and changes 10 steps The C OBI T Security Baseline – 44 Steps

5 www.isaca-malta.org Deliver and Support  Define and manage service levels  Manage third-party services  Ensure continuous service  Manage the configuration  Manage data  Manage the physical environment Monitor and Evaluate  Monitor and evaluate IT performance – assess internal control adequacy  Obtain independent assurance  Ensure regulatory compliance 21 steps 3 steps The C OBI T Security Baseline – 44 Steps

6 www.isaca-malta.org 6 Regularly discuss with key staff (from business and IT management) where and when security problems can adversely impact business objectives and how to protect against them. Prepare a risk management action plan to address all risks according to business risk. Establish staff understanding of the need for responsiveness and consider cost-effective means to manage the identified security risks through security controls (e.g., backup, access control, virus protection, firewalls) and insurance coverage. 8 9 10 ISO/IEC 27002:2005 4.1 4.2 4.1, 4.2, 6.1, 8.2 COBIT 4.1 PO2: 2.3 PO9: 9.1, 9.2, 9.3, 9.4 PO9: 9.5, 9.6 PO7: 7.4 AI1: 1.1, 1.2 PO9: 9.5 Assess and Manage IT Risks

7 www.isaca-malta.org 7 Boards of Directors / Trustees Senior Executives Home Users 15 Non Technical Precautions +7 Technical Professional Users 10 “Dos” and 10 “Don’ts” Managers 38 Conditions to Check Executives 13 Questions to Ask + 17 Items to Action 13 Questions to Ask + 7 Items to Action 9 Questions to Ask + 7 Items to Action 6 6 7 5 6 6 Specific Information Security Risks Six Information Security Survival Kits

8 www.isaca-malta.org Session Plan How I got started The challenges we face A word of caution How can I get stated? What help is available? 8

9 www.isaca-malta.org How I got started 9

10 www.isaca-malta.org Session Plan How I got started The challenges we face A word of caution How can I get stated? What help is available? 10

11 www.isaca-malta.org Enterprise Governance in Practice Enterprise Governance ConformancePerformance Corporate Governance processes Business Governance processes Chairman / CEO Non-Executive Directors Audit Committee Resource and Remuneration Committee Strategic Risk Management for compliance Controls Assurance Accountability Assurance Value Creation Resource Utilisation Strategic Planning and Alignment Strategic Decision Making Dashboards / Scorecards Strategic Enterprise Systems Continuous Improvement Strategic Risk Management 11

12 www.isaca-malta.org The Challenges We Face Are we doing the right things ? Are we doing them the right way? 12 Are we getting them done well? Are we getting the benefits?

13 www.isaca-malta.org The Roots Assurance v1 1996 IT Control v2 1998 Management of IT Performance v3 2000 Governance - IT Focus v4.1 2005/2007 Business Goals IT Goals IT Processes IT Activities The journey continues 2001-3 13

14 www.isaca-malta.org C OBI T Components and inter-relationships Maturity Models Outcome Measures Performance Indicators IT Goals IT Processes Business Goals requirements information measured by for performance for outcome for maturity Key Activities broken down into RACI Chart performed by Control Design Tests audited with Control Outcome Tests derived from based on Control Objectives controlled by Control Practices implemented with Value Drivers Risk Drivers why 14

15 www.isaca-malta.org COSO International / National Legal Framework ISO 38500 ISO 9000 CMMI ISO 27000 ITIL ISO 20000 Frameworks, Standards and Codes of Practice “COBIT the integrator“ 15

16 www.isaca-malta.org Sets out six principles for good corporate governance of IT. 1: Responsibility 2: Strategy 3: Acquisition 4: Performance 5: Conformance 6: Human Behaviour Directors should govern IT through three main tasks: a) Evaluate the current and future use of IT. b) Direct preparation and implementation of plans and policies to ensure that use of IT meets business objectives. c) Monitor conformance to policies, and performance against the plans. ITGI Enables ISO/IEC 38500 © ISO/IEC 2008 – All rights reserved 16

17 www.isaca-malta.org Implementing and Continually Improving IT Governance 17

18 www.isaca-malta.org Session Plan How I got started The challenges we face A word of caution How can I get stated? What help is available? 18

19 www.isaca-malta.org How we L OO k at things...............really does make a difference What can you see? 19

20 www.isaca-malta.org We are ALL human after all What we plan to do What we think we do What we say we do What we actually do From the neck up there is no limitation on what a person can accomplish From the shoulders down, we are all severely limited in what we can accomplish by ourselves We are all fallible, frail and forgetful Thought + Action = Result + Consequences “Mind the gap!” 20

21 www.isaca-malta.org Complexity, Detail and Time Models – Frameworks – Good Practices help us make sense of the context and the challenges we face they provide roadmaps Route maps or plans reflect the choices we make to guide our organisations to our defined destination 21

22 www.isaca-malta.org Session Plan How I got started The challenges we face A word of caution How can I get stated? What help is available? 22

23 www.isaca-malta.org Where are we right now? How are we going to get there? Where do we need to get to? Are we on the same page? 23

24 www.isaca-malta.org Getting Started with Value Management Diagram from page 20 24

25 www.isaca-malta.org Where are we right now? 25

26 www.isaca-malta.org 26 Where are we right now?

27 www.isaca-malta.org Session Plan How I got started The challenges we face A word of caution How can I get stated? What help is available? 27

28 www.isaca-malta.org The Opportunity Clock is always ticking… The demands of Today The needs of Tomorrow Maturity Model Attributes: A&C Awareness and Communication PSP Policies, Standards and Procedures T&A Tools and Automation S&E Skills and Expertise R&A Responsibility and Accountability GSM Goal Setting and Measurement Requirements for Information: Effectiveness Efficiency Confidentiality Integrity Availability Compliance Information Reliability 28

29 www.isaca-malta.org Define strategy Preserve value Create value Good things to happen Bad things not happening Resolve problems Continuous improvement Measure results What? How? Risk Management Value Delivery IT Resource Management Strategic Alignment Performance Measurement The Five Focus Areas of IT Governance Are we doing the right things ? Are we doing them the right way? Are we getting them done well? Are we getting the benefits? 29

30 www.isaca-malta.org Business Process/es Business Controls IT Processes Application Controls Generic Process Controls General IT Controls IT Resource Stack Systems development Change management Security Computer operations Data Desktops Data Information Services Resource and Control View 30

31 www.isaca-malta.org The Business Requirements for Information IT Processes Resources Effectiveness Efficiency Confidentiality Integrity Availability Compliance Information Reliability Plan and Organise Acquire and Implement Deliver and Support Monitor and Evaluate Applications Information Infrastructure People “To provide the information that the organisation needs to achieve its objectives, IT resources need to be managed by a set of naturally grouped processes.” C OBI T Fundamentals Maturity Model Attributes: A&C Awareness and Communication PSP Policies, Standards and Procedures T&A Tools and Automation S&E Skills and Expertise R&A Responsibility and Accountability GSM Goal Setting and Measurement Are we doing the right things ? Are we doing them the right way? Are we getting them done well? Are we getting the benefits? 31

32 www.isaca-malta.org ? Realism ? Relevance ? Results Look Act Speak Think The Way Forward Our journey continues..... Thank you rsouthgate@isaca-london.org Tel: +44(0)2392 259720 Mob: +44(0)7714 769617 All ISACA publications are available from www.isaca.org www.isaca.org 32


Download ppt "Www.isaca-malta.org Roger Southgate Past President of ISACA London Chapter Member of the BSI Committees for Service Management and IT Governance Leader."

Similar presentations


Ads by Google