Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Chapter 2 Reference Models, Standards & Frameworks.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Chapter 2 Reference Models, Standards & Frameworks."— Presentation transcript:

1 1 Chapter 2 Reference Models, Standards & Frameworks

2 2 Learning Objectives  IT Governance frameworks  Related industry standards, guideline  Maturity model, reference  การเลือกใช้งาน framework

3 3 ข้อจำกัดของ model, standard, framework  ส่วนใหญ่ ไม่ครบวงจร  ไม่มี How to Process Template Checklist Tools  Too flexible / too rigid

4 4 Integrated IT Governance Framework  Philosophy  Key issue  Legal  Maturity  Culture

5 5 Maturity model

6 6 เนื้อหาสำคัญและจำเป็นใน Framework / Model (from chapter1) 1.Business plan 2.IT plan ที่สัมพันธ์กับ ข้อ 1, investment port folio 3. การนำ IT plan ไปปฏิบัติ, ความเสี่ยง, ภัย 4. ประสิทธิภาพ ตัวควบคุม ตัววัด 5.Vendor & Outsourcing 6.IT People, process improvement

7 7 International Standards & Frameworks: Focus Areas  IT Governance – General  Project management  System/Software development  Quality/Security  IT Operations & Infrastructure More….

8 8 International Standards & Frameworks: Focus Areas cont.  Human Resources  Performance measurement  Regulatory Compliance  Outsourcing & Vendor management  Voice of Customer

9 9 IT Governance -General  ModelName CObit  Author ITGI/ Well & Ross / U of Holland v4.1 2007  Use A framework which links IT process Decision maker  Certification: CISA/ CISM

10 10 IT Governance –General cont.  Model name COSO internal control framework  Author COSO Comittee of Sponsoring Organsations of Tredway Comission, AICPA, AAA  Use Reliability of financial statement

11 COSO  Consists of 5 components Control environment Risk assessment Control activities Information & communications Monitoring 11

12 12 Project Management  Model IT Investment Management (ITIM)  Author General Account Office (GAO) of US Government  Use Evaluate select & prioritize IT investment

13 ITIM Maturity stages 13

14 14 Project Management cont.  Model PMBOK – Project Mamangement Book of Knowledge OPM3 Organizational PM Maturity Model  Author Project Management Institute PMI, 2004  Use 9 Knowledge & 5 Processes areas of PM Tool for self assessment PM maturity  Certification PMP Project Management Professional

15 OPM3 Framework 15

16 16 Project Management cont.  Model PMMM – PM Maturity Model blends PMBOK with CMMI  Author Crawford 2002  Use Map CMMI to PMBOK to provide PM maturity roadmap

17 17 Project Management cont.  Model PRINCE2  Author Central Computer and Telecommunications Agency (CCTA) or Office of Government Commerce (OGC)  Use UK Government application development

18 18 System / Software Development  Model Capability Maturity Model Integration (CMMI)  Author SEI / Carnegie Melon University 2002, 2005  Use 5 stage maturity acquisition / system & software development  Certification Organization: Level of maturity

19 19 Quality /Security cont.  Model ISO 9001  Author Motorola & GE ( ร่วมกันศึกษา )  Use Quality management policy

20 20 8 Quality principle ISO 9001-2000  Customer  Leadership  People  Process approach  System approach (inter-process)  Continuous Improvement  Decision on facts  Supplier management

21 21 Quality /Security  Model Six sigma, Lean, Baldridge Quality Award  Author Motorola & GE  Use Reduce error & defect  Certification: black belt

22 22 Quality /Security cont.  Model ISO 17799 ISO27001 implementation guideline for 17799  Author ISO 2005  Use IT security model  Certification organizational level

23 23 ISO 17799 & 27001  17799 Plan-Do-Check-Act (PDCA model) Plan Do: implement / operated /maintained Check: monitored/measured/ audited/reviewed Act: improved  11 security policy domains

24 24 IT Operation & Infrastructure  Model ISO 20000  Author ITSMF IT Service Management Forum V2 2002  Use 10 processes of IT service management

25 25 ISO 20000  Key Process 1.Service Level Management SLM 2.Service delivery 3.Relationship management (supplier) 4.Resolution management (Problem) 5.Control & release (Config & change)

26 26 IT Operation & Infrastructure  Model ITIL IT Infrastructure Library v2 v3  Author CCTA, APMG Accrediting Professional Management group 2007  Use 10 processes of IT service management

27 27 Human Resource  Model P-CMM people capability maturity model  Author SEI software engineering institute, Carnegie Mellon University  Use Advancing people & competencies

28 28 Performance management  Model Balance Scored Card, Critical success Factor  Author Kaplan & Norton, Cattuci, Rockhart  Use วัดผลของความสำเร็จด้วย กลยุทธ์

29 29 Outsourcing & Vendor Management  Model OPBOK, eSCM (eSourcing Capability Model)  Author Carnegie Mellon University  Use How to outsource IT & how to manage vendor  Certification: COP Certify Outsourcing Personal

30 30 Outsourcing & Vendor Management  eSCM eSCM –SP for service provider eSCM – CL for customer  OPBOK Outsourcing Processional Body of Knowledge

31 31 Customer  Model VOC Voice of Customer  Author Kano  Use Customer requirement

32 32 Regularity Compliance กฎหมาย  Model Sarbanes-Oxley Act SOX 2002  Author US Congress  Use For Board & executive responsibility

33 33 Regularity Compliance กฎหมาย cont. Sarbanes-Oxley Act of 2002  Public Company Accounting Reform and Investor Protection Act of 2002  SOX or Sarbox  Senator Paul Sarbanes (D-MD) and Representative Michael G. OxleyPaul SarbanesDMDMichael G. Oxley  SOX Section 404: Assessment of internal control

34 34 Regularity Compliance กฎหมาย cont. AS 8000 / AS 8015  Model AS8000 for enterprise governance AS8015 for ICT governance  Author Standard Australia 2003

35 35 Regularity Compliance กฎหมาย cont.  Model FDA, FDIC, HIPPA, SEC  Author US government agency  Use Selected industry

36 ค้นคว้าต่อ chapter2 36 http://www.sei.cmu.edu/ The Carnegie Mellon Software Engineering Institute (SEI)http://www.sei.cmu.edu/ http://www.isaca-bangkok.org/ สมาคมผู้ควบคุมและตรวจสอบระบบ สารสนเทศ - ภาคพื้นกรุงเทพฯ http://www.aicpa.org/ The American Institute of Certified Public Accountants (AICPA) http://aaahq.org/ The American Accounting Association http://www.gao.gov/ The General Accounting Office (GAO), created by the Budget and Accounting Act http://www.pmi.org/ Project management Institute http://www.ogc.gov.uk/ The Office of Government Commerce (OGC) http://www.itil-officialsite.com/ is the most widely accepted approach to IT service management http://www.kanomodel.com/ Professor Noriaki Kano

Download ppt "1 Chapter 2 Reference Models, Standards & Frameworks."

Similar presentations

Security Frameworks Robert M. Slade, MSc, CISSP

Security Frameworks Robert M. Slade, MSc, CISSP
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Agenda COBIT 5 Product Family Information Security COBIT 5 content

Agenda COBIT 5 Product Family Information Security COBIT 5 content
©2006 OLC 1 Process Management: The Foundation for Achieving Organizational Excellence Process Management Implementation Worldwide.

©2006 OLC 1 Process Management: The Foundation for Achieving Organizational Excellence Process Management Implementation Worldwide.
Copyright 2005 CMMI and ITIL Alison Adams & Kieran Doyle.

Copyright 2005 CMMI and ITIL Alison Adams & Kieran Doyle.
Sarbanes Oxley & CMMI Mazars / Lamri

Sarbanes Oxley & CMMI Mazars / Lamri
CPIS 357 Software Quality & Testing I.Rehab Bahaaddin Ashary Faculty of Computing and Information Technology Information Systems Department Fall 2010.

CPIS 357 Software Quality & Testing I.Rehab Bahaaddin Ashary Faculty of Computing and Information Technology Information Systems Department Fall 2010.
© The McGraw-Hill Companies, Inc., 2008 McGraw-Hill/Irwin 1-1 Financial Accounting THIRTEENTH EDITION Williams Haka Bettner Carcello.

© The McGraw-Hill Companies, Inc., 2008 McGraw-Hill/Irwin 1-1 Financial Accounting THIRTEENTH EDITION Williams Haka Bettner Carcello.
Organizational Project Management Maturity Organizational Project Management Maturity Model (OPM3) PMI-MN Breakfast sessions Process Management.

Organizational Project Management Maturity Organizational Project Management Maturity Model (OPM3) PMI-MN Breakfast sessions Process Management.
1/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley CMM vs. ISO David S. Craft CIRM, PMP Engineering & Manufactuing Services.

1/ 10 April 2007 / EDS INTERNAL 11 April 2007 CMM vs. ISO, Sarbanes Oxley CMM vs. ISO David S. Craft CIRM, PMP Engineering & Manufactuing Services.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
© The McGraw-Hill Companies, Inc., 2008 McGraw-Hill/Irwin 1-1 Accounting Information for Decision Making Chapter 1.

© The McGraw-Hill Companies, Inc., 2008 McGraw-Hill/Irwin 1-1 Accounting Information for Decision Making Chapter 1.
Glen Knight, PMP, CSP President www.knight-associates.com How Mature Do You Think Your Are? The Project Management Maturity Model.

Glen Knight, PMP, CSP President How Mature Do You Think Your Are? The Project Management Maturity Model.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
Information Security Governance and Risk Chapter 2 Part 1 Pages 21 to 69.

Information Security Governance and Risk Chapter 2 Part 1 Pages 21 to 69.
Capability Maturity Model Integration (CMMI) COMP 587 - Group Assignment #1 Ario Nejad, Davit Stepanyan, Ian Jackman, Sebastian Henneberg, Wan Chi Chio.

Capability Maturity Model Integration (CMMI) COMP Group Assignment #1 Ario Nejad, Davit Stepanyan, Ian Jackman, Sebastian Henneberg, Wan Chi Chio.
Karen Evans, national director of the U.S. Cyber Challenge and former Office of Management and Budget administrator Auditor Responsibility?

Karen Evans, national director of the U.S. Cyber Challenge and former Office of Management and Budget administrator Auditor Responsibility?
Chicagoland IASA Spring Conference

Chicagoland IASA Spring Conference
Project Management Methodology More about Quality Control.

Project Management Methodology More about Quality Control.
A NASSCOM ® Initiative Security and Quality Kamlesh Bajaj CEO, DSCI May 23, 2009 NASSCOM Quality Summit Hyderabad 1.

A NASSCOM ® Initiative Security and Quality Kamlesh Bajaj CEO, DSCI May 23, 2009 NASSCOM Quality Summit Hyderabad 1.

Similar presentations

Ads by Google