1 / 11

PART 2 – CISA Domain 2 – Governance and Management of IT

BSC is a process management evaluation technique that can be applied to the GEIT process in assessing IT functions and processes<br>

infosectrain01
Download Presentation

PART 2 – CISA Domain 2 – Governance and Management of IT

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. www.infosectrain.com PART 2 – CISA Domain 2 – Governance and Management of IT

  2. InfosecTrain About Us InfosecTrain is one of the finest Security and Technology Training and Consulting organization, focusing on a range of IT Security Trainings and Information Security Services. InfosecTrain was established in the year 2016 by a team of experienced and enthusiastic professionals, who have more than 15 years of industry experience. We provide professional training, certification & consulting services related to all areas of Information Technology and Cyber Security.

  3. PART 2 – CISA Domain 2 – Governance and Management of IT ➢ What is IT Balanced Score Card (BSC)? ➢ What are the roles and responsibilities of IT Governing Committee (IT Strategy and Steering committee)? ➢ What are the Maturity and process improvement models? 4.IT Balanced Score Card (BSC): ➢ BSC is a process management evaluation technique that can be applied to the GEIT process in assessing IT functions and processes ➢ BSC is the most effective means to aid the IT strategy committee and management in achieving IT governance through proper IT and business alignment 4 CCISO Certification

  4. Points to remember: ➢ The purpose of IT Balance Score card is to evaluate and monitor performance indicators – Customer satisfaction, internal processes, innovation capacity, etc. ➢ The IT BSC does not measure the financial performance of the enterprise 5.IT Governing committees: ➢ Organizations, broadly have two committees 1. IT Strategy committee 2. IT Steering committee ➢ There should be a clear understanding of both the IT strategy and IT steering committee 5

  5. Role of IT strategy committee: ➢ Advises the board and management on IT strategy ➢ Is delegated by the board to provide input to the strategy and prepare its approval ➢ Focuses on current and future strategic IT issues ➢ Provides insight and advice to the board on topics such as: ➢ The alignment of IT with the business direction ➢ The availability of suitable IT resources, skills and infrastructure to meet the strategic objectives ➢ The achievement of strategic IT objectives Membership of IT Strategy committee: ➢ Board members, and ➢ Specialist non -board members 6

  6. Role of IT Steering committee: ➢ Assists the executive in the delivery of the IT strategy ➢ Oversees day -to-day management of IT ser vice delivery and IT projects ➢ Focuses on implementation ➢ Decides the overall level of IT spending and how costs will be allocated ➢ Approves project plans and budgets, setting priorities and milestones ➢ Communicates strategic goals to project teams ➢ Monitors resource and priority conflict between enterprise divisions and the IT function as well as between projects ➢ Report to the board of directors on IS activities. ➢ Make decisions regarding centralization versus decentralization and assignment of responsibility. Points to remember: The enterprise’s risk appetite is best established by IT Steering committee. 7

  7. Membership of IT Strategy committee: ➢ Sponsoring executive ➢ Business executive (key users) ➢ Chief information officer (CIO) ➢ Key advisors as required (IT, audit, legal, finance) 6.Maturity and Process Improvement Models: ➢ Implementation of IT governance requires ongoing performance measurement of an organization’s resources that contribute to the execution of processes that deliver IT ser vices to the business ➢ Some of the process improvement models are: ➢ The IDEAL model is a software process improvement (SPI) program model in planning and implementing an effective software process improvement program and consists of five phases: 1.Initiating, 2.Diagnosing, 3.Establishing, 4.Acting and 5.Learning 8

  8. ➢ The COBIT Process Assessment Model (PAM), using COBIT 5, ➢ Capability Maturity Model Integration (CMMI) – is a process improvement approach that provides enterprises with the essential elements of effective processes. It is based on ISO/IEC 15504 Information Technology —Process Assessment standard. CMMI have five maturity levels • Level 1 – Initial – This is a riskiest stage an organization can find itself – an unpredictable environment that increases risk and inefficiency. • Level 2 – Managed – Projects are planned and performed, however there are lot of issues to be addressed • Level 3 – Defined – Organizations are proactive at this level, rather than reactive. Processes are tailored for the organization. Organization is aware of their shortcomings, how to address and plans for improvement. • Level 4 – Quantitatively managed – This level is more measured and controlled. The organization is ahead of risks, with more data-driven insight into process deficiencies. • Level 5 – Optimised – At this stage, the processes are stable and flexible. The organization will be in constant state of improving and responding to changes or other opportunities. 9

  9. 10

  10. ABOUT OUR COMPANY OUR CONTACT InfosecTrain welcomes overseas customers to come and attend training sessions in destination cities across the globe and enjoy their learning experience at the same time. https://www.facebook.com/Infosectrain/ 1800-843-7890 sales@infosectrain.co https://www.linkedin.com/company/infosec-train/ m www.infosectrain.com https://www.youtube.com/c/InfosecTrain

More Related