Download

COBIT Framework






Advertisement
Download Presentation
Comments
barney
From:
|  
(779) |   (0) |   (0)
Views: 86 | Added: 05-11-2012
Rate Presentation: 0 0
Description:

COBIT Framework

An Image/Link below is provided (as is) to

Download Policy: Content on the Website is provided to you AS IS for your information and personal use only and may not be sold or licensed nor shared on other sites. SlideServe reserves the right to change this policy at anytime. While downloading, If for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.











- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -




1. ????? COBIT Framework ?????????????????????????????? ????????????????? Worapat Paireekreng

2. ?????? ???? ?????????????????????????????????????? ????????????????? ???????????????????????????????????????????????????????? ????????????????? AI3 ????

3. 1. ???? ??????? IT ???????????????????? ???????????????????????????????????????????? ????????????????????????????????????? IT ???????????????? ??????????????????????????????? ????????????? IT Governance ?????????????????????? IT ???????????

4. 2. ?????????????????????????????????????? ????????????????? ????????????????????????????? ???? Sarbanes-Oxley Act (SOX) COSO ?????????????????????????? ????????????????? ???????????????????????????????????? ??????????????????? ???????????? ?????????? 5 ???? ??? Control environment Risk assessment Control activities Information and communication Monitoring

5. 2. ?????????????????????????????????????? ????????????????? ITIL ?????????????? ?????????????????????????????????????? ????????????????? ????????????????????????????? ????????? ???????????? ?????????????? ???????????????????? ???????????????????????????????????? ??????????????????? ?????????????????????????????????????????????????????????????? ??????????????? ???????????????????????? ??????????????????????????????????

6. 2. ?????????????????????????????????????? ????????????????? ISO 17799:2005 ????????????????????????????????????????????????????????????????? 2005 ?????????????????????????????????????????????????????? ????????????????????????????????????????????????????????????? ???????????????????????????????????????????????????

7. 2. ?????????????????????????????????????? ????????????????? ??????????????????????????????????? (Capability Maturity Model Integration) ???????????????????????????????????????????????????????????????????? ??????????? 5 ????? ??? ???????? 1 ???????? ???????? (Initial) ???????? 2 ???????? ??????????? (Managed) ???????? 3 ???????? ?????????? (Defined) ???????? 4 ???????? ???????????????????? (Quantitatively Managed) ???????? 5 ???????? ????????????? (Optimizing)

8. 2. ?????????????????????????????????????? ????????????????? COBIT ?????????????????????????????????????????????????????????????????? ?????? COBIT ??????????????????????????????????????????????????? ?????????????????????????????????????????????????????????????????????????????????? ?????????????????????????? ????????????????????????????????????????????????????????? COBIT ???????? ????????????????????????????????????????????????????????? IT

9. 2. ?????????????????????????????????????? ????????????????? COBIT ????? IT Governance ?????????? 5 ???? ??? ???????????????? (Strategic Alignment) ??????????????? (Value Delivery) ????????????????? (Resource Management) ??????????????????? (Risk Management) ???????????????????? (Performance Measurement)

10. 2. ?????????????????????????????????????? ????????????????? COBIT ???????????????????? 4 ??????????????? ??? ???????????????????????? (Planning and Organization : PO) ?????????????????? (Acquisition and Implementation : AI) ??????????????????? (Delivery and Support : DS) ?????????????????????? (Monitoring and Evaluation : ME) ????????????????????????????????????????????? ??????????????????????????? 34 ?????????

11. 2. ?????????????????????????????????????? ????????????????? COBIT ????????????? ??????????????????????? ????????????????? ??????????????????????????????????????????????????????? ??????????????????????????????????? ????????????????????????????? ????????????????????????????????????????????? ?????????????????????? ????????????????????? 7 ?????????? ??? ??????????? (effectiveness) , ?????????? (efficiency), ?????????????? (confidentiality) , ??????????? (integrity), ????????? (availability) , ????????????? (compliance) ??? ??????????????? (reliability) ??????????????? ????????????????? ?????? ?? (people) , ??????????????? (applications), ????????? (technology) , ?????????????????? (facilities) ??? ?????? (data)

12. 3. ???????????????????????????????????????????????????????? 3.1 ?????????????????????? Level 0 : ??????????? Level 1 : ??????????? Level 2 : ?????????????? Level 3 : ???????????????

13. 3. ???????????????????????????????????????????????????????? 3.1 ??????????????????????

14. 3. ???????????????????????????????????????????????????????? 3.2 ????????????????? COBIT ???????????????? ??????????????? COBIT ??????????????????????????????? ??????????????????????? ???????????? ?????????????????????????????????????????????????????????????????????????????????????????????? COBIT ??????????????????????? IT Governance ???????????? ????????? COBIT ??????????????????????????????????????????????????????????? ?????????????????????? ??????????????????? ????????????????????????? ??????????????????????????????????????????

15. 3. ???????????????????????????????????????????????????????? 3.2 ????????????????? COBIT ???????????????? ???????? ???????????????????????????????????????????????????????????????? ?????????????????????????????????????????????????????????????????????????????? ??????????? KPIs (Key Performance Indicators) ???????????????????????? ?????? KGI (Key Goal Indicators) ?????????????????????????????? ??????????????????????????? ??????????????? (????? 0 ? 5 ) ???????????????? COBIT ?????????? ????????????????????????????????????????

16. 3. ???????????????????????????????????????????????????????? 3.2 ????????????????? COBIT ????????????????

17. 3. ???????????????????????????????????????????????????????? 3.2 ????????????????? COBIT ???????????????? ???????????????????????? ??? ??????????????????????????????????????????? ????????????? ???????? ?????????????????????? ????????????????? ??????????????????????????????????????????????????? ????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????????? 4 ????????????????? ??? ??????????????? ?????????????? ???????????????? ????? ????????????????????????? ?? KPIs ??????????????????????????????

18. 3. ???????????????????????????????????????????????????????? 3.2 ????????????????? COBIT ????????????????

19. 3. ???????????????????????????????????????????????????????? 3.2 ????????????????? COBIT ???????????????? ??????????? COBIT ???????????????????????????????????????? 7 ???? ????? ?????????? ??????????? ?????????????? ??????????? ??????????? ??????????????? ?????????????????? ??????????????????????? IT ???????????????????????????????????????? ??? IT ?????????????????????????????????????????? ????????????? 7 ????????????????? ???????????????? IT ??????????????????????????? ?????????????? ???????????????????? ???????????????????????????? ??????? ?????????????????????????????????????????????????????????????????????????????

20. 3. ???????????????????????????????????????????????????????? 3.2 ????????????????? COBIT ????????????????

21. 3. ???????????????????????????????????????????????????????? 3.3 ?????????? ????????????? IT Governance ?????????????????????????????? ?????????????????????????????? ??? COSO ????????????????????????????????????????? 5 ???? ??????????????????????????????? ???????????? COBIT ???????????????????????????????????????????????? ?????????????????? ????????????????? ???????????????????????????????????????? ?????????????????????????????????????????????????????????????????

22. 3. ???????????????????????????????????????????????????????? 3.3 ??????????

23. 3. ???????????????????????????????????????????????????????? 3.3 ?????????? ????????????????????????????? ?????????????????????????????????? ??????????????????????????????????????????????????????? ???????????? ????????????????????????????????????????????? ????????????????????????????? ?????????????????????????????????????? ??????????????????????? ?????????????????????????

24. 3. ???????????????????????????????????????????????????????? 3.3 ?????????? ??????? ?????????????????????????????????????? ??????????????????????? ??????????????? IT Governance ???????????????????? ??? ??? COBIT ????????????? ?????????????????????????????????????????? ??????????????????? 5 ???? ???????????????? ?????????????????? ?????????????????????????

25. 3. ???????????????????????????????????????????????????????? 3.3 ??????????

26. 4. ????????????????? AI3 : Acquire and Maintain Technology Infrastructure

27. 1. High-level Control Objectives Objectives Organisations should have processes for the acquisition, implementation and upgrade of the technology infrastructure. This requires a planned approach to acquisition, maintainance and protection of infrastructure in line with with agreed technology strategies and the provision of development and test environments. This ensures that there is ongoing technological support for business applications.

28. 1. High-level Control Objectives

29. 1. High-level Control Objectives Control over the IT process of Acquire and maintain technology infrastructure that satisfies the business requirement for IT of acquiring and maintaining an integrated and standardised IT infrastructure by focusing on providing appropriate platforms for the business applications in line with the defined IT architecture and technology standards

30. 1. High-level Control Objectives is achieved by Producing a technology acquisition plan that aligns to the technology infrastructure plan Planning infrastructure maintenance Implementing internal control, security and auditability measures and is measured by Percent of platforms that are not in line with the defined IT architecture and technology standards Number of critical business processes supported by obsolete (or soon to be) infrastructure Number of infrastructure components that are no longer supportable (or will not be in the near future)

31. 2. Detailed Control Objectives AI3.1 Technological Infrastructure Acquisition Plan AI3.2 Infrastructure Resource Protection and Availability AI3.3 Infrastructure Maintenance AI3.4 Feasibility Test Environment

32. 2. Detailed Control Objectives AI3.1 Technological Infrastructure Acquisition Plan Produce a plan for the acquisition, implementation and maintenance of the technological infrastructure that meets established business functional and technical requirements and is in accord with the organisation?s technology direction. The plan should consider future flexibility for capacity additions, transition costs, technical risks and the lifetime of the investment for technology upgrades. Assess the complexity costs and the commercial viability of the vendor and product when adding new technical capability.

33. 2. Detailed Control Objectives AI3.2 Infrastructure Resource Protection and Availability Implement internal control, security and auditability measures during configuration, integration and maintenance of hardware and infrastructural software to protect resources and ensure availability and integrity. Responsibilities for using sensitive infrastructure components should be clearly defined and understood by those who develop and integrate infrastructure components. Their use should be monitored and evaluated.

34. 2. Detailed Control Objectives AI3.3 Infrastructure Maintenance Develop a strategy and plan for infrastructure maintenance and ensure that changes are controlled in line with the organisation?s change management procedure. Include periodic review against business needs, patch management and upgrade strategies, risks, vulnerabilities assessment and security requirements. AI3.4 Feasibility Test Environment Establish development and test environments to support effective and efficient feasibility and integration testing of applications and infrastructure in the early stages of the acquisition and development process. Consider functionality, hardware and software configuration, integration and performance testing, migration between environments, version control, test data and tools, and security.

35. 3. Management Guidelines

36. 3. Management Guidelines

37. 3. Management Guidelines

38. 3. Management Guidelines

39. 3. Management Guidelines

40. 3. Management Guidelines

41. 4. Maturity Model

42. 4. Maturity Model 0 Non-existent when Managing the technology infrastructure is not recognised as a sufficiently important topic to be addressed.

43. 4. Maturity Model 1 Initial/ Ad Hoc when There are changes made to infrastructure for every new application, without any overall plan. Although there is an awareness that the IT infrastructure is important, there is no consistent overall approach. Maintenance activity reacts to short-term needs. The production environment is the test environment.

44. 4. Maturity Model 2 Repeatable but Intuitive when There is a consistency among tactical approaches when acquiring and maintaining the IT infrastructure. Acquisition and maintenance of IT infrastructure is not based on any defined strategy and does not consider the needs of the business applications that must be supported. There is an understanding that the IT infrastructure is important, supported by some formal practices. Some maintenance is scheduled, but it is not fully scheduled and co-ordinated. For some environments, a separate test environment exists.

45. 4. Maturity Model 3 Defined Process when A clear, defined and generally understood process exists for acquiring and maintaining IT infrastructure. The process supports the needs of critical business applications and is aligned to IT and business strategy but it is not consistently applied. Maintenance is planned, scheduled and co-ordinated. There are separate environments for test and production.

46. 4. Maturity Model 4 Managed and Measurable when The acquisition and maintenance process for technology infrastructure has developed to the point where it works well for most situations, is followed consistently and is focused on reusability. The IT infrastructure adequately supports the business applications. The process is well organised and proactive. The cost and lead time to achieve the expected level of scalability, flexibility and integration are partially optimised.

47. 4. Maturity Model 5 Optimised when The acquisition and maintenance process for technology infrastructure is proactive and closely aligned with critical business applications and the technology architecture. Good practices regarding technology solutions are followed and the organisation is aware of the latest platform developments and management tools. Costs are reduced by rationalising and standardising infrastructure components and by using automation. A high level of technical awareness can identify optimum ways to proactively improve performance, including consideration of outsourcing options. The IT infrastructure is seen as the key enabler to leveraging the use of IT.

48. 4. Maturity Model

49. 5. Link to Business

50. 5. ???? COBIT ???????????????????????????????????????????????????????????????? ????????????????? ???????????????????? ??????????????????????????????????????? ?????????????????? ????????????????? ???????????????????????????????? ????????????????????????????????????????????????????? ???????????????????????????????????????????????????????????? ????????????????????????????? ????????????????? ????????????????????????????????????????? ???????????????????????????????????????????????????????????????????????????????????????


Other Related Presentations

Copyright © 2014 SlideServe. All rights reserved | Powered By DigitalOfficePro