Download
1 / 22

ITG using COBIT - PowerPoint PPT Presentation


  • 58 Views
  • Uploaded on

BISNIS. TI. &. ITG using COBIT.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' ITG using COBIT' - kaz


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Itg using cobit

BISNIS

TI

&

ITG using COBIT

Successful organisations require an appreciation for and a basic understanding of the risks and constraints of IT at all levels within the enterprise in order to achieve effective direction and adequate controls. COBIT provides such a control and security framework for IT.

http://blog.stikom.edu/erwin

[email protected] | [email protected]

erwin.sutomo


Forces driving it governance
Forces Driving IT Governance

Business/ITAlignment ROI

Compliance

ProjectExecution

Security


It governance needs a management framework
IT Governance Needs a Management Framework

Driving ForcesMap Onto theIT GovernanceDomains


C obi t 4 1 the it governance framework
COBIT 4.1—The IT Governance Framework

  • Internationally accepted good practices

  • Management-oriented

  • Supported by tools and training

  • Freely available at www.itgi.org

  • Sharing knowledge and leveraging expert volunteers

  • Continually evolving

  • Maintained by reputable not- for-profit organisation

  • Maps strongly to all major related standards

CobiT

COBIT

CobiT

best practices

best practices

repository for

repository for

IT Processes

IT Processes

IT Processes

IT Processes

IT Management Processes

IT Management Processes

IT Management Processes

IT Management Processes

IT Governance Processes

IT Governance Processes

IT Governance Processes

IT Governance Processes

The only IT management and control framework that covers the end-to-end IT life cycle


C obi t 4 1 the it governance framework1
COBIT 4.1—The IT Governance Framework

  • Is a reference, set of best practices, not an ‘off-the-shelf’ cure

  • Enterprises still to need to analyse their control requirements and customise based on:

    • Value drivers

    • Risk profile

    • IT infrastructure, organisation and project portfolio

CobiT

COBIT

CobiT

best practices

best practices

repository for

repository for

IT Processes

IT Processes

IT Processes

IT Processes

IT Management Processes

IT Management Processes

IT Management Processes

IT Management Processes

IT Governance Processes

IT Governance Processes

IT Governance Processes

IT Governance Processes

The only IT management and control framework that covers the end-to-end IT life cycle


Where c obi t typically sits
Where COBIT Typically Sits

COSO

GovernanceLayer

COBIT

27001

IT

GovernanceLayer

ITIL

17799

IT

Management

Layer

CMM



Cobit framework specifics
COBIT FRAMEWORK SPECIFICS

  • “Control” is defined as the policies, procedures, practices and organisational structures designed to provide reasonable assurance that business objectives will be achieved and undesired events will be prevented or detected and corrected.

  • “IT control objective” is defined as a statement of the desired result or purpose to be achieved by implementing control procedures in a particular IT activity.



Key driving forces for c obi t
Key Driving Forces for COBIT

How IT is organised to respond to the requirements

The resources made available to—and built up by—IT

What the stakeholders expect from IT

  • Data

  • Application systems

  • Technology

  • Facilities

  • People

  • Plan and Organise

  • Aquire and Implement

  • Deliver and Support

  • Monitor and Evaluate

  • Effectiveness

  • Efficiency

  • Confidentiality

  • Integrity

  • Availability

  • Compliance

  • Information reliability

IT

Resources

Business

Requirements

IT Processes


How does c obi t link to itg
How Does COBIT Link to ITG?

Direction and Resourcing

Requirements

Goals

Control

Objectives

Responsibilities

Governance

IT

Business

Information executives and board need to exercise their responsibilities

Information the business needs to achieve its objectives

IT Governance


Process orientation

Natural grouping of processes, often matching an organisational domain of responsibility

Domains

A series of joined activities with natural control breaks

Processes

Actions needed to achieve a measurable result—activities have a life cycle, whereas tasks are discrete

Activities

or Tasks

Process Orientation


Process orientation1
Process Orientation organisational domain of responsibility

  • IT Domains

  • Plan and

  • Organise

  • Acquire and Implement

  • Deliver and Support

  • Monitor and Evaluate

  • IT Processes

  • IT strategy

  • Computer operations

  • Incident handling

  • Acceptance testing

  • Change management

  • Contingency planning

  • Problem management

  • Activities

  • Record new problem.

  • Analyse.

  • Propose solution.

  • Monitor solution.

  • Record known problem.

  • Etc. …

Natural grouping of processes, often matching an organisational domain of responsibility

A series of joined activities with natural (control) breaks

Actions needed to achieve a measurable result—activities have a life cycle, whereas tasks are discrete


Process orientation plan and organise
Process organisational domain of responsibilityOrientation Plan and Organise

  • Description

    • This domain covers strategy and tactics, and concerns the identification of the way IT can best contribute to the achievement of the business objectives. The realisation of the strategic vision needs to be planned, communicated and managed for different perspectives. Proper organisation and technological infrastructure must be put in place.

  • Topics

    • Strategy and tactics

    • Vision planned

    • Organisation and infrastructure

  • Questions

    • Are IT and the business strategy aligned?

    • Is the enterprise achieving optimum use of its resources?

    • Does everyone in the organisation understand the IT objectives?

    • Are IT risks understood and being managed?

    • Is the quality of IT systems appropriate for business needs?

Domains


Waterfall model
Waterfall Model organisational domain of responsibility

The control of

IT Processes

that satisfy

Business

Requirements

is enabled by

Control

Statements

considering

Control

Practices

4 Domains - 34 Processes - 210 Control Objectives


Cobit 4 1
Cobit 4.1 organisational domain of responsibility


C obi t processes

PO1 organisational domain of responsibility

Define an IT strategic plan.

PO2

Define the information architecture.

PO3

Determine technological direction.

PO4

Define the IT processes, organisation and relationships.

PO5

Manage the IT investment.

PO6

Communicate management aims and direction.

PO7

Manage IT human resources.

PO8

Manage quality.

PO9

Assess and manage IT risks.

PO10

Manage projects.

AI1

Identify automated solutions.

AI2

Acquire and maintain application software.

AI3

Acquire and maintain technology infrastructure.

AI4

Enable operation and use.

AI5

Procure IT resources.

AI6

Manage changes.

AI7

Install and accredit solutions and changes.

COBIT Processes

Plan andOrganise

Acquire andImplement


C obi t processes1

DS1 organisational domain of responsibility

Define and manage service levels.

DS2

Manage third-party services.

DS3

Manage performance and capacity.

DS4

Ensure continuous service.

DS5

Ensure systems security.

DS6

Identify and allocate costs.

DS7

Educate and train users.

DS8

Manage service desk and incidents.

DS9

Manage the configuration.

DS10

Manage problems.

DS11

Manage data.

DS12

Manage the physical environment.

DS13

Manage operations.

ME1

Monitor and evaluate IT performance.

ME2

Monitor and evaluate internal control.

Ensure compliance with external requirements.

ME3

ME4

Provide IT governance.

COBIT Processes

Deliver andSupport

Monitor andEvaluate


Cobit 5
COBIT 5 organisational domain of responsibility


Cobit 51
COBIT 5 organisational domain of responsibility


Itg framework
ITG Framework organisational domain of responsibility

  • Cobit

    • IT control objectives

  • ITIL

    • IT infrastructure, service and operation management

  • ISO 27001

    • Information security management

  • PMBoK

    • Program and project management


ad