TRENDS. January 5, 2006 COBIT Versus Other Frameworks: A Road Map To Comprehensive IT Governance. by Craig Symons
|
|
- Mercy Welch
- 6 years ago
- Views:
Transcription
1 January 5, 2006 COBIT Versus Other Frameworks: A Road Map To Comprehensive IT Governance by Craig Symons TRENDS Helping Business Thrive On Technology Change
2 TRENDS January 5, 2006 COBIT Versus Other Frameworks: A Road Map To Comprehensive IT Governance by Craig Symons with Laurie M. Orlov, Katherine Brown, and Samuel Bright EXECUTIVE SUMMARY Growing IT visibility has triggered a significant interest in IT governance and improved management of IT. CIOs are expected to align IT and business strategies, demonstrate value, and provide best-in-class service at the lowest price. CIOs that fail to deliver are quickly replaced or the IT function is outsourced. During the past few years a number of frameworks have proliferated to help IT organizations improve overall governance, accountability, and service delivery. Many of these frameworks are not mutually exclusive, and a good understanding of their focus, strengths, and weaknesses is essential for all IT managers. TABLE OF CONTENTS 2 Frameworks Are Great, But Which Ones Fit My Business? Use COBIT For IT Governance And Control Use ITIL For Service Delivery And Support Use ISO For Security 8 No Solution Is Complete On Its Own 8 RECOMMENDATIONS Establish Frameworks To Ease Governance Implementation WHAT IT MEANS 9 Frameworks Help Run IT Like A Business NOTES & RESOURCES Forrester interviewed vendors and user companies for this research. Related Research Documents COBIT Maturity Assessment: Are You Ready? October 3, 2005, Trends The ment Process Alphabet Soup September 1, 2005, Best Practices Revised ISO Boosts Information Security ment Relevance July 1, 2005, Quick Take 2006, Forrester Research, Inc. All rights reserved. Forrester, Forrester Wave, Forrester s Ultimate Consumer Panel, WholeView 2, Technographics, and Total Economic Impact are trademarks of Forrester Research, Inc. All other trademarks are the property of their respective companies. Forrester clients may make one attributed copy or slide of each figure contained herein. Additional reproduction is strictly prohibited. For additional reproduction rights and usage information, go to Information is based on best available resources. Opinions reflect judgment at the time and are subject to change. To purchase reprints of this document, please resourcecenter@forrester.com.
3 2 Trends COBIT Versus Other Frameworks: A Road Map To Comprehensive IT Governance FRAMEWORKS ARE GREAT, BUT WHICH ONES FIT MY BUSINESS? Boards of directors oversight of IT is becoming increasingly common as a result of several factors: the increase in investment in IT (budgets comprise 1.5% to 12% of revenues and more than 50% of a firm s capital budget); the increasingly critical role that IT plays in core business processes, as system downtime means revenue downtime; and the growing impact of regulation and compliance like Sarbanes-Oxley, HIPAA, and Basel II. These factors have created an environment in which: Frameworks are proliferating to help with governance. During the past five years, a number of frameworks, methodologies, and practices have been developed for or adopted by IT to better govern and manage performance. These include control objectives for information and related technologies (COBIT), IT Infrastructure Library (ITIL), International Organization for Standardization (ISO) 17799, CMM, PRINCE, MSP, PMBOK, the Balanced Scorecard, and Six Sigma. It is very easy to get confused by the alphabet soup of alternatives, which can lead to paralysis (when CIOs can t make a decision), or choosing one and then finding out later that it misses the mark. CIOs must educate themselves on frameworks use. Most of these frameworks are not mutually exclusive and are most effective when used in combination with one another. The road to a comprehensive IT governance framework involves understanding the differences among the frameworks and when to apply each framework. 1 To help explain the major frameworks and how they relate to one another, we have mapped the major elements of COBIT, ITIL, and ISO to one another and provide more detailed guidance around their use. Use COBIT For IT Governance And Control Boards of directors, executive management, and IT management all have a vested interest in IT governance their common goal is to maximize the business value derived from IT investments while managing risk. 2 However, implementing IT governance is easier said than done; it often involves a significant change-management exercise while the old culture is replaced with the new. While many effective IT governance frameworks have been developed by organizations from the ground up, adapting an existing framework can make things much easier and deliver tangible results sooner. What is COBIT? The starting point for an IT governance framework should be COBIT, because it is the most comprehensive IT governance framework available today. Originally developed by the Information Systems Audit and Control Association (ISACA) in 1996 and turned over in 1998 to the newly created IT Governance Institute, COBIT is now in its third edition, and an enhanced fourth edition will be published in late Who is the target for COBIT? COBIT is designed for three constituencies: management, users, and auditors. It helps management balance risk and control in their IT investments, while January 5, , Forrester Research, Inc. Reproduction Prohibited
4 Trends COBIT Versus Other Frameworks: A Road Map To Comprehensive IT Governance 3 providing assurance for users that security and controls over IT services exist. For auditors, COBIT substantiates their opinions and assists them in providing advice to management on internal controls. What are the components of COBIT? The COBIT framework consists of a hierarchy of domains, IT processes and corresponding high-level control objectives, and detailed control objectives. There are currently four domains, which include 34 high-level control objectives supported by 318 detailed control objectives (see Figure 1). How does it relate to CMM? The COBIT framework has been further enhanced with a maturity model based on the concept originally developed by the Software Engineering Institute (SEI) and known as the Capability Maturity Model or CMM. Using the maturity model, organizations can map where they stand with respect to the best-in-class offering for each of the 34 defined IT processes. 4 What are COBIT s key strengths? COBIT s strengths lie in its focus on IT management and control and in its breadth with every important IT process included in its coverage. It helps management understand what it is they need to do to ensure that investments in IT are maximized around business value, do not represent unacceptable risks, comply with all required regulatory requirements, and can be audited. COBIT does not, however, tell management how to do these things, which is why COBIT is not a complete management framework for IT and should be augmented with other frameworks. Use ITIL For Service Delivery And Support ITIL is a series of eight books that provide consistent and comprehensive best practices for IT service management and delivery. ITIL provides the foundation for quality IT service management. ITIL was initially developed and published by the British Office of Government Commerce (OGC) to promote efficient and effective use of IT resources within the British government. In 2000, it was revised in conjunction with the British Standards Institute (BSI) and incorporated within BS The eight ITIL books include: Planning To Implement Service ment. This book deals explicitly with the question of where to start with ITIL. It outlines the steps necessary to identify how the organization would benefit from ITIL. It helps identify current strengths and weaknesses and gives practical guidance on evaluating current maturity levels of service management within the organization. The Business Perspective. This book is designed to familiarize business management with the architecture and components of information and communications technology (ICT) infrastructure required to support the business processes. The book helps business leaders better understand the benefits of best practices in IT service management. 2006, Forrester Research, Inc. Reproduction Prohibited January 5, 2006
5 4 Trends COBIT Versus Other Frameworks: A Road Map To Comprehensive IT Governance Figure 1 COBIT Framework s Domains And Objectives COBIT Planning and organizing Acquisition and implementation Delivery and support Monitoring Define an IT strategic plan Identify solutions Define and manage service levels Monitor the processes Define the information architecture Acquire and maintain applications thirdparty services Assess internal control adequacy Define technology direction Acquire and maintain infrastructure performance and capacity Obtain independent assurance Define the IT organization Develop and maintain procedures Ensure continuous service Provide for independent audit the IT investment Install and accredit systems Ensure systems security Communicate aims and direction changes Identify and allocate costs human resources Educate and train users Ensure compliance Assist and advise customers Assess risks the configuration projects problems and incidents quality data facilities operations Source: Forrester Research, Inc. January 5, , Forrester Research, Inc. Reproduction Prohibited
6 Trends COBIT Versus Other Frameworks: A Road Map To Comprehensive IT Governance 5 Software Asset ment. This book encompasses the necessary infrastructure and processes for effective management, control, and protection of the software assets within an organization throughout all stages of their life cycle. Service Support. This book focuses on ensuring that the customer has access to appropriate services to support business functions. It covers configuration management and other support management issues including incident, problem, change, and release management. Service Delivery. This book covers the service the business requires of IT to enable adequate support to the business users. This includes processes for service-level management, availability management, capacity management, financial management for IT services, and continuity management. Security ment. This book looks at security from the service provider perspective, identifying the relationship between security management and the IT security officer, as well as outlining how ITIL provides the level of security necessary for the entire organization. It further focuses on the process of implementing security requirements identified in the IT service-level agreement (SLA). ICT Infrastructure ment. This book covers all aspects of infrastructure management from identification of business requirements to acquiring, testing, installing, and deploying infrastructure components. It includes the design and planning processes, deployment processes, operations processes, and technical support processes. Application ment. This book addresses the complex subject of managing applications from initial business requirements through the application management life cycle, up to and including retirement. A strong emphasis is placed on ensuring that IT projects and strategies are tightly aligned with those of the business throughout the applications life cycle. Once an application is approved and funded, it is tracked throughout its life cycle by the software asset management function of ITIL. While ITIL addresses all of the above areas with its books, its strength lies in service delivery and management, where it is more mature and has been implemented by many organizations. ITIL can be mapped to parts of COBIT; in fact, of the 34 high-level COBIT processes, 22 can be mapped to ITIL best practices with a preponderance in the delivery and support domain (see Figure 2). 2006, Forrester Research, Inc. Reproduction Prohibited January 5, 2006
7 6 Trends COBIT Versus Other Frameworks: A Road Map To Comprehensive IT Governance Figure 2 COBIT Processes Covered By ITIL Planning and organization Acquisition and implementation Delivery support COBIT processes addressed Not addressed by ITIL Addressed by ITIL Monitoring Source: Forrester Research, Inc. Use ISO For Security Unlike COBIT and ITIL, ISO is an international standard first published in 2000 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) under a joint technical committee. 6 The standard provides information for implementing information security within an organization. ISO contains best practices for policies of information security, assignment of responsibility for information security, problem escalation, and business continuity management. This information is organized into 10 sections that contain 36 objectives and 127 controls. These 10 sections and their key elements include: Security policy. An information security policy is defined and receives the commitment and support of senior management. The policy is documented and communicated throughout the organization and is part of the orientation for every new employee. Organizational security. The organizational construct around security is defined. This includes the assignment of responsibility for information security to individuals, establishment of a forum for coordination, a definition of responsibility areas for managers, a definition of an authorization process for IT facilities, a definition of how third-party relationships will be handled, and a provision for third-party security reviews. This would also include comprehensive measures for management of third-party services, including definition of risks and security requirements. January 5, , Forrester Research, Inc. Reproduction Prohibited
8 Trends COBIT Versus Other Frameworks: A Road Map To Comprehensive IT Governance 7 Asset classification and control. Responsibility for asset management must be defined and all assets must be inventoried. Information must be classified following a generally accepted system to ensure that there is an appropriate level of protection available. Personnel security. Each employee s responsibility for security is defined, along with confidentiality agreements and contractual responsibilities. Also, adequate controls for personnel screening are placed, information security education and training is developed, and a reporting process for security incidents, vulnerabilities, and software malfunctions is defined. Physical and environmental security. Equipment is installed in secure areas where adequate access controls are in place and damage prevention efforts are implemented. Equipment is protected against loss, damage, or compromise. Disposal or reuse of information on obsolete or off-premise equipment is defined. Communications and operations management. Operations must follow documented procedures with changes being documented. Procedures for incident management and release management processes for acceptance of new systems are defined. Duties should be segregated to ensure that no individual can both initiate and authorize an event, and development and operational facilities must also be separated. Information must be backed up and the backup process should be tested regularly. Access control. Access to information should be granted in accordance with business and security requirements. User access management should follow a formal process and user responsibilities must be clearly defined, while system access and use is monitored constantly. Systems development and maintenance. Security issues are considered when implementing systems following defined requirements. Security in application systems covers validation of input data, controls over internal processing, message authentication, and validation of output data. Access to system files is controlled. Business continuity management. A comprehensive business continuity management process is defined to prevent interruptions to business processes. This process is not restricted to ITrelated areas but encompasses the end-to-end business processes. Plans are developed as part of an impact analysis, and they are tested, maintained, and reassessed continuously. Compliance. Compliance with security policies is ensured through periodic security audits. ISO addresses all of the above areas to provide a comprehensive approach to security. ISO can be mapped to parts of COBIT; in fact, of the 34 high-level COBIT processes, 25 can be mapped to ISO (see Figure 3). 2006, Forrester Research, Inc. Reproduction Prohibited January 5, 2006
9 8 Trends COBIT Versus Other Frameworks: A Road Map To Comprehensive IT Governance Figure 3 COBIT Processes Covered By ISO COBIT processes addressed Planning and organization Acquisition and implementation Delivery support Not addressed by ISO Addressed by ISO Monitoring Source: Forrester Research, Inc. NO SOLUTION IS COMPLETE ON ITS OWN Unfortunately, there is no silver bullet, no complete framework that IT managers can use to implement a comprehensive framework for IT governance and management. However, several relatively mature frameworks can be used to assemble a more complete and comprehensive governance framework. Only COBIT addresses the full spectrum of IT governance processes, but it does so from a high-level management and business perspective with an emphasis on audit and control. Other frameworks address a subset of processes in more detail, including ITIL for IT service management and delivery, and ISO for IT security. These can be further augmented by use of additional frameworks and methodologies, including Six Sigma for process improvement and the Balanced Scorecard for IT performance management. 7 R E C O M M E N D A T I O N S ESTABLISH FRAMEWORKS TO EASE GOVERNANCE IMPLEMENTATION There are a number of mature frameworks that can be combined to enable organizations to implement quality IT governance and management more quickly. First COBIT for overall governance. Organizations looking to implement effective and comprehensive IT governance should adopt COBIT as the overarching governance framework. COBIT is readily accessible to both business and IT professionals and contains a wealth of supporting documentation and tools that ease and accelerate its adoption. January 5, , Forrester Research, Inc. Reproduction Prohibited
10 Trends COBIT Versus Other Frameworks: A Road Map To Comprehensive IT Governance 9 Then ITIL for IT service delivery and management. Once COBIT has been implemented, IT organizations are urged to adopt ITIL as a best practices framework for IT service delivery and management. Mapping COBIT s IT processes to the corresponding ITIL best practices creates a robust and powerful framework for implementing IT governance and improving IT operational performance. Then ISO for information security. Information security is best managed through the adoption of the ISO standard, which also can be mapped via COBIT IT processes. Balanced Scorecard for measurement and communication. Strongly consider implementing an IT balanced scorecard to measure and communicate IT performance against its strategic goals. The Balanced Scorecard is promoted by the IT Governance Institute as the de factor performance measurement methodology. W H A T I T M E A N S FRAMEWORKS HELP RUN IT LIKE A BUSINESS Ultimately, boards of directors and executive management want more transparency in IT. Transparency is attained with IT governance and IT performance management, which form the foundation of running IT like a business. CIOs who build IT organizations that focus on the customer, deliver high quality and cost-effective IT services, and engage business units to partner in developing and implementing innovative business change will find their future secure. 8 Those who continue to run IT like a black box will not be so lucky. ENDNOTES 1 Pressures to decrease cost, increase reliability, and comply with local regulations conspire to make it harder than ever for IT to deliver business services efficiently. This quest for process improvement is the root cause of a universal interest in best practices and in frameworks such as ITIL, ISO, and COBIT. See the September 1, 2005, Best Practices The ment Process Alphabet Soup. 2 An effective IT governance framework consists of governance structures, processes, and measurement and communication. See the March 29, 2005, Best Practices IT Governance Framework. 3 The IT Governance Institute (ITGI) was created by ISACA to specifically oversee COBIT and other IT governance-related activities. Since its first edition was published in 1996, COBIT has evolved and is about to be published in its fourth edition. Much of COBIT is freely available via ITGI s Web site ( 4 The ITGI has developed a generic maturity model for COBIT, as well as more detailed management guidelines. See the October 3, 2005, Trends COBIT Maturity Assessment: Are You Ready? 2006, Forrester Research, Inc. Reproduction Prohibited January 5, 2006
11 10 Trends COBIT Versus Other Frameworks: A Road Map To Comprehensive IT Governance 5 BS15000 is the first worldwide standard specifically aimed at IT service management. It describes an integrated set of management processes for effective delivery of services to the business and its customers. BS15000 consists of two parts: a formal specification that defines the requirements for an organization to deliver managed services of an acceptable quality for its customers, and a Code of Practice. Source: ISO/IEC has released the second version of (ISO/IEC 17799:2005) the most widely adopted information security management framework. The original standard ISO/IEC 17799:2000 has gained momentum during the past five years. Organizations around the world have used it as the centerpiece for their security programs. However, the original standard had some weak areas, which have been addressed in the second version. ISO/IEC 17799:2005 provides a strong and expanded framework for information security management. However, it is just a framework it gives organizations guidance about scope and breadth, but it does not provide the depth of a strong information security program. Further information is available at or at the International Organization for Standards Web site at See the July 1, 2005, Quick Take Revised ISO Boosts Information Security ment Relevance. 7 ITIL describes best practices for IT service delivery and support processes. IT organizations that are struggling with the overall quality of their IT processes should consider implementing a process improvement methodology. See the June 3, 2005, Best Practices Six Sigma and Process Optimization Improves IT Service Delivery. Measuring and communicating the performance of the IT organization is best done using a methodology such as Norton and Kaplan s Balanced Scorecard, adopted for IT. See the August 20, 2004, Quick Take IT Governance And The Balanced Scorecard. 8 CIOs can assess their organization s degree of maturity in running IT like a business by assessing the maturity of IT s linkage of technology to the firm s strategy, whether IT is mature at running its business operations, and how evolved IT is at managing relationships with business stakeholders. See the June 6, 2005, Best Practices The Economics Of IT. January 5, , Forrester Research, Inc. Reproduction Prohibited
12
13
14 H e l p i n g B u s i n e s s T h r i v e O n T e c h n o l o g y C h a n g e Headquarters Forrester Research, Inc. 400 Technology Square Cambridge, MA USA Tel: / Fax: / forrester@forrester.com Nasdaq symbol: FORR Research and Sales Offices Australia Israel Brazil Japan Canada Korea Denmark The Netherlands France Switzerland Germany United Kingdom Hong Kong United States India For a complete list of worldwide locations, visit For information on hard-copy or electronic reprints, please contact the Client Resource Center at / , / , or resourcecenter@forrester.com. We offer quantity discounts and special pricing for academic and nonprofit institutions. Forrester Research (Nasdaq: FORR) is an independent technology and market research company that provides pragmatic and forwardthinking advice about technology s impact on business and consumers. For 22 years, Forrester has been a thought leader and trusted advisor, helping global clients lead in their markets through its research, consulting, events, and peer-topeer executive programs. For more information, visit
USING QUALYSGUARD TO MEET SOX COMPLIANCE & IT CONTROL OBJECTIVES
WHITE PAPER USING QUALYSGUARD TO MEET SOX COMPLIANCE & IT CONTROL OBJECTIVES Table of Contents I. Overview II. COSO to CobIT III. CobIT / COSO Objectives met by using QualysGuard 2 3 4 Using QualysGuard
More informationCOBIT 5 With COSO 2013
Integrating COBIT 5 With COSO 2013 Stephen Head Senior Manager, IT Risk Advisory Services 1 Our Time This Evening Importance of Governance COBIT 5 Overview COSO Overview Mapping These Frameworks Stakeholder
More informationWhat is ISO/IEC 27001?
An Introduction to the International Information Security Management Standard By President INTERPROM July 2017 Copyright 2017 by InterProm USA. All Rights Reserved www.interpromusa.com Contents INTRODUCTION...
More information"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary
Course Summary Description In this course, you will perform evaluations of organizational policies, procedures, and processes to ensure that an organization's information systems align with overall business
More informationISO/IEC ISO/IEC White Paper
White Paper 2 Contents Foreword from Richard Pharro, CEO, APMG 3 Introduction 4 Overview 5 Benefits 8 Conclusion 10 Further information 10 3 Foreword by Richard Pharro, CEO, APMG The close relationship
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Code of practice for information security management
INTERNATIONAL STANDARD ISO/IEC 17799 Second edition 2005-06-15 Information technology Security techniques Code of practice for information security management Technologies de l'information Techniques de
More informationISO/IEC Information technology Security techniques Code of practice for information security management
This is a preview - click here to buy the full publication INTERNATIONAL STANDARD ISO/IEC 17799 Second edition 2005-06-15 Information technology Security techniques Code of practice for information security
More informationREPORT 2015/186 INTERNAL AUDIT DIVISION
INTERNAL AUDIT DIVISION REPORT 2015/186 Audit of information and communications technology operations in the Secretariat of the United Nations Joint Staff Pension Fund Overall results relating to the effective
More informationInformation technology Security techniques Information security controls for the energy utility industry
INTERNATIONAL STANDARD ISO/IEC 27019 First edition 2017-10 Information technology Security techniques Information security controls for the energy utility industry Technologies de l'information Techniques
More informationStreamlined FISMA Compliance For Hosted Information Systems
Streamlined FISMA Compliance For Hosted Information Systems Faster Certification and Accreditation at a Reduced Cost IT-CNP, INC. WWW.GOVDATAHOSTING.COM WHITEPAPER :: Executive Summary Federal, State and
More informationEffective COBIT Learning Solutions Information package Corporate customers
Effective COBIT Learning Solutions Information package Corporate customers Thank you f o r y o u r interest Thank you for showing interest in COBIT learning solutions from ITpreneurs. This document provides
More informationTECH CHOICES. June 14, 2006 The Forrester Wave : Open Source Databases, Q by Noel Yuhanna. Helping Business Thrive On Technology Change
June 14, 2006 The Forrester Wave : Open Source Databases, Q2 2006 by Noel Yuhanna TECH CHOICES Helping Business Thrive On Technology Change TECH CHOICES Includes a Forrester Wave June 14, 2006 The Forrester
More informationEXIN Expert in IT Service Management based on ISO/IEC Preparation Guide
EXIN Expert in IT Service Management based on ISO/IEC 20000 Preparation Guide Edition June 2016 Copyright 2016 EXIN All rights reserved. No part of this publication may be published, reproduced, copied
More informationCertified Information Security Manager (CISM) Course Overview
Certified Information Security Manager (CISM) Course Overview This course teaches students about information security governance, information risk management, information security program development,
More informationModern Database Architectures Demand Modern Data Security Measures
Forrester Opportunity Snapshot: A Custom Study Commissioned By Imperva January 2018 Modern Database Architectures Demand Modern Data Security Measures GET STARTED Introduction The fast-paced, ever-changing
More informationREPORT 2015/149 INTERNAL AUDIT DIVISION
INTERNAL AUDIT DIVISION REPORT 2015/149 Audit of the information and communications technology operations in the Investment Management Division of the United Nations Joint Staff Pension Fund Overall results
More informationRevisit the Foundations of ITSM SMSG
Revisit the Foundations of ITSM SMSG 10 th October 2013 Ian Connelly Over 15 years experience working in IT, principally in Service Operations for Telcos, ISPs & the Insurance sector Service Management
More informationContents. List of figures. List of tables. 5 Managing people through service transitions 197. Preface. Acknowledgements.
Contents List of figures List of tables Foreword Preface Acknowledgements v vii viii 1 Introduction 1 1.1 Overview 3 1.2 Context 6 1.3 ITIL in relation to other publications in the Best Management Practice
More informationISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006
ISO / IEC 27001:2005 A brief introduction Dimitris Petropoulos Managing Director ENCODE Middle East September 2006 Information Information is an asset which, like other important business assets, has value
More informationCOBIT 5 Implementation
COBIT 5 Implementation Fifalde Consulting Inc. +1-613-699-3005 2017 Fifalde Consulting Inc. COBIT is a registered Trade Mark of ISACA and the IT Governance Institute. 2 1. Course Description: Get a practical
More informationWhat is ISO/IEC 20000?
An Introduction to the International Service Management Standard By President INTERPROM July 2015 Copyright 2015 by InterProm USA. All Rights Reserved www.interpromusa.com Contents INTRODUCTION... 3 SERVICE
More informationSymantec Data Center Transformation
Symantec Data Center Transformation A holistic framework for IT evolution As enterprises become increasingly dependent on information technology, the complexity, cost, and performance of IT environments
More informationROLE DESCRIPTION IT SPECIALIST
ROLE DESCRIPTION IT SPECIALIST JOB IDENTIFICATION Job Title: Job Grade: Department: Location Reporting Line (This structure reports to?) Full-time/Part-time/Contract: IT Specialist D1 Finance INSETA Head
More informationJuly 20, 2006 Oracle Application Express Helps Build Web Applications Quickly by Noel Yuhanna with Megan Daniels
QUICK TAKE Oracle Application Express Helps Build Web Applications Quickly by Noel Yuhanna with Megan Daniels EXECUTIVE SUMMARY A lesser-known but powerful application development tool that comes freely
More informationISO/IEC overview
ISO/IEC 20000 overview Overview 1. What is ISO/IEC 20000? 2. ISO/IEC 20000 and ITIL 2 BS 15000 BS15000 started in UK and first launched on July 1, 2003. Which was replaced by ISO/IEC 20000 after formal
More informationTARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS
Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS
More informationSecurity Policies and Procedures Principles and Practices
Security Policies and Procedures Principles and Practices by Sari Stern Greene Chapter 3: Information Security Framework Objectives Plan the protection of the confidentiality, integrity and availability
More informationAn Overview of ISO/IEC family of Information Security Management System Standards
What is ISO/IEC 27001? The ISO/IEC 27001 standard, published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), is known as Information
More informationIT MANAGER PERMANENT SALARY SCALE: P07 (R ) Ref:AgriS042/2019 Information Technology Manager. Reporting to. Information Technology (IT)
DESIGNATION Reporting to Division Office Location IT MANAGER PERMANENT SALARY SCALE: P07 (R806 593.00) Ref:AgriS042/2019 Information Technology Manager CEO Information Technology (IT) Head office JOB PURPOSE
More informationMastering The Endpoint
Organizations Find Value In Integrated Suites GET STARTED Overview In the face of constantly evolving threat vectors, IT security decision makers struggle to manage endpoint security effectively. More
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Code of practice for information security management
INTERNATIONAL STANDARD ISO/IEC 17799 First edition 2000-12-01 Information technology Code of practice for information security management Technologies de l'information Code de pratique pour la gestion
More informationISACA Cincinnati Chapter March Meeting
ISACA Cincinnati Chapter March Meeting Recent and Proposed Changes to SOC Reports Impacting Service and User Organizations. March 3, 2015 Presenters: Sayontan Basu-Mallick Lori Johnson Agenda SOCR Overview
More informationCOURSE BROCHURE. COBIT5 FOUNDATION Training & Certification
COURSE BROCHURE COBIT5 FOUNDATION Training & Certification What is COBIT5? COBIT 5 (Control Objectives for Information and Related Technology) is an international open standard that defines requirements
More informationIntegrating ITIL and COBIT 5 to optimize IT Process and service delivery. Johan Muliadi Kerta
Integrating ITIL and COBIT 5 to optimize IT Process and service delivery Johan Muliadi Kerta Measurement is the first step that leads to control and eventually to improvement. If you can t measure something,
More information01.0 Policy Responsibilities and Oversight
Number 1.0 Policy Owner Information Security and Technology Policy Policy Responsibility & Oversight Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 1. Policy Responsibilities
More informationCompany Overview. global-lynx. Version: September 30, 2015
Company Overview Version: September 30, 2015 www.globallynx.com global-lynx 1. Why Global Lynx? Most likely your enterprise has made significant investments to enhance or transform your IT organization;
More informationIntroduction to ISO/IEC 27001:2005
Introduction to ISO/IEC 27001:2005 For ISACA Melbourne Chapter Technical Session 18 th of July 2006 AD Prepared by Endre P. Bihari JP of Performance Resources What is ISO/IEC 17799? 2/20 Aim: Creating
More informationISO/IEC TR TECHNICAL REPORT. Information technology Security techniques Information security management guidelines for financial services
TECHNICAL REPORT ISO/IEC TR 27015 First edition 2012-12-01 Information technology Security techniques Information security management guidelines for financial services Technologies de l'information Techniques
More informationSAS 70 Audit Concepts. and Benefits JAYACHANDRAN.B,CISA,CISM. August 2010
JAYACHANDRAN.B,CISA,CISM jb@esecurityaudit.com August 2010 SAS 70 Audit Concepts and Benefits Agenda Compliance requirements Overview Business Environment IT Governance and Compliance Management Vendor
More informationTRENDS. March 14, 2006 Firms Must Take ITIL Beyond IT Operational Goals. by Richard Peynot. Helping Business Thrive On Technology Change
March 14, 2006 Firms Must Take ITIL Beyond IT Operational Goals by Richard Peynot TRENDS Helping Business Thrive On Technology Change TRENDS Includes Forrester user interview data March 14, 2006 Firms
More informationSecurity and Privacy Governance Program Guidelines
Security and Privacy Governance Program Guidelines Effective Security and Privacy Programs start with attention to Governance. Governance refers to the roles and responsibilities that are established by
More informationCertified Information Systems Auditor (CISA)
Certified Information Systems Auditor (CISA) 1. Domain 1 The Process of Auditing Information Systems Provide audit services in accordance with IT audit standards to assist the organization in protecting
More informationThe HITRUST CSF. A Revolutionary Way to Protect Electronic Health Information
The HITRUST CSF A Revolutionary Way to Protect Electronic Health Information June 2015 The HITRUST CSF 2 Organizations in the healthcare industry are under immense pressure to improve quality, reduce complexity,
More informationThe Experience of Generali Group in Implementing COBIT 5. Marco Salvato, CISA, CISM, CGEIT, CRISC Andrea Pontoni, CISA
The Experience of Generali Group in Implementing COBIT 5 Marco Salvato, CISA, CISM, CGEIT, CRISC Andrea Pontoni, CISA Generali Group at a glance Let me introduce myself Marco Salvato CISA, CISM, CGEIT,
More informationISO/IEC INTERNATIONAL STANDARD
INTERNATIONAL STANDARD ISO/IEC 27006 Second edition 2011-12-01 Information technology Security techniques Requirements for bodies providing audit and certification of information security management systems
More informationThree Key Challenges Facing ISPs and Their Enterprise Clients
Three Key Challenges Facing ISPs and Their Enterprise Clients GRC, enterprise services, and ever-evolving hybrid infrastructures are all dynamic and significant challenges to the ISP s enterprise clients.
More informationPredictive Insight, Automation and Expertise Drive Added Value for Managed Services
Sponsored by: Cisco Services Author: Leslie Rosenberg December 2017 Predictive Insight, Automation and Expertise Drive Added Value for Managed Services IDC OPINION Competitive business leaders are challenging
More informationVulnerability Management Trends In APAC
GET STARTED Introduction In the age of the customer, the threat landscape is constantly evolving. Attackers are out to steal your company s data, and the ever-expanding number of devices and technologies
More informationIn 2017, the Auditor General initiated an audit of the City s information technology infrastructure and assets.
REPORT FOR ACTION IT Infrastructure and IT Asset Management Review: Phase 1: Establishing an Information Technology Roadmap to Guide the Way Forward for Infrastructure and Asset Management Date: January
More informationREPORT 2015/010 INTERNAL AUDIT DIVISION
INTERNAL AUDIT DIVISION REPORT 2015/010 Audit of information and communications technology strategic planning, governance and management in the Investment Management Division of the United Nations Joint
More informationISO/IEC TR TECHNICAL REPORT
TECHNICAL REPORT ISO/IEC TR 27019 First edition 2013-07-15 Information technology Security techniques Information security management guidelines based on ISO/IEC 27002 for process control systems specific
More informationCISM Certified Information Security Manager
CISM Certified Information Security Manager Firebrand Custom Designed Courseware Logistics Start Time Breaks End Time Fire escapes Instructor Introductions Introduction to Information Security Management
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Code of practice for information security management
INTERNATIONAL STANDARD ISO/IEC 17799 First edition 2000-12-01 Information technology Code of practice for information security management Technologies de l'information Code de pratique pour la gestion
More informationProtecting your data. EY s approach to data privacy and information security
Protecting your data EY s approach to data privacy and information security Digital networks are a key enabler in the globalization of business. They dramatically enhance our ability to communicate, share
More informationPosition Description IT Auditor
Position Title IT Auditor Position Number Portfolio Performance and IT Audit Location Victoria Supervisor s Title IT Audit Director Travel Required Yes FOR OAG HR USE ONLY: Approved Classification or Leadership
More informationOVERVIEW BROCHURE GRC. When you have to be right
OVERVIEW BROCHURE GRC When you have to be right WoltersKluwerFS.com In response to today s demanding economic and regulatory climate, many financial services firms are transforming operations to enhance
More informationFRAMEWORK MAPPING HITRUST CSF V9 TO ISO 27001/27002:2013. Visit us online at Flank.org to learn more.
FRAMEWORK MAPPING HITRUST CSF V9 TO ISO 27001/27002:2013 Visit us online at Flank.org to learn more. HITRUST CSF v9 Framework ISO 27001/27002:2013 Framework FLANK ISO 27001/27002:2013 Documentation from
More informationSTAFF REPORT. January 26, Audit Committee. Information Security Framework. Purpose:
STAFF REPORT January 26, 2001 To: From: Subject: Audit Committee City Auditor Information Security Framework Purpose: To review the adequacy of the Information Security Framework governing the security
More informationEvolve Your Security Operations Strategy To Account For Cloud
Evolve Your Security Operations Strategy To Account For Cloud GET STARTED The growth of cloud computing and proliferation of complex service delivery models continue to accelerate as companies recognize
More informationIsaca EXAM - CISM. Certified Information Security Manager. Buy Full Product.
Isaca EXAM - CISM Certified Information Security Manager Buy Full Product http://www.examskey.com/cism.html Examskey Isaca CISM exam demo product is here for you to test the quality of the product. This
More informationISO/ IEC (ITSM) Certification Roadmap
ISO/ IEC 20000 (ITSM) Certification Roadmap Rasheed Adegoke June 2013 Outline About First Bank Motivations Definitions ITIL, ISO/IEC 20000 & DIFFERENCES ISO/ IEC 20000 Certification Roadmap First Bank
More informationRed Hat Virtualization Increases Efficiency And Cost Effectiveness Of Virtualization
Forrester Total Economic Impact Study Commissioned by Red Hat January 2017 Red Hat Virtualization Increases Efficiency And Cost Effectiveness Of Virtualization Technology organizations are rapidly seeking
More informationJohn Snare Chair Standards Australia Committee IT/12/4
John Snare Chair Standards Australia Committee IT/12/4 ISO/IEC 27001 ISMS Management perspective Risk Management (ISO 31000) Industry Specific Standards Banking, Health, Transport, Telecommunications ISO/IEC
More informationGlobal Statement of Business Continuity
Business Continuity Management Version 1.0-2017 Date January 25, 2017 Status Author Business Continuity Management (BCM) Table of Contents 1. Credit Suisse Business Continuity Statement 3 2. BCM Program
More informationFDIC InTREx What Documentation Are You Expected to Have?
FDIC InTREx What Documentation Are You Expected to Have? Written by: Jon Waldman, CISA, CRISC Co-founder and Executive Vice President, IS Consulting - SBS CyberSecurity, LLC Since the FDIC rolled-out the
More informationWHO SHOULD ATTEND? ITIL Foundation is suitable for anyone working in IT services requiring more information about the ITIL best practice framework.
Learning Objectives and Course Descriptions: FOUNDATION IN IT SERVICE MANAGEMENT This official ITIL Foundation certification course provides you with a general overview of the IT Service Management Lifecycle
More informationExam Requirements v4.1
COBIT Foundation Exam Exam Requirements v4.1 The purpose of this document is to provide information to those interested in participating in the COBIT Foundation Exam. The document provides information
More informationBuild Your Zero Trust Security Strategy With Microsegmentation
Why Digital Businesses Need A Granular Network Segmentation Approach GET STARTED Overview The idea of a secure network perimeter is dead. As companies rapidly scale their digital capabilities to deliver
More informationFrequently Asked Questions
December 2001 Introduction International Standard ISO/IEC 17799:2000 Information Security Management, Code of Practice for Information Security Management Frequently Asked Questions The National Institute
More informationInformation Technology General Control Review
Information Technology General Control Review David L. Shissler, Senior IT Auditor, CPA, CISA, CISSP Office of Internal Audit and Risk Assessment September 15, 2016 Background Presenter Senior IT Auditor
More informationGlobal Security Consulting Services, compliancy and risk asessment services
Global Security Consulting Services, compliancy and risk asessment services Introduced by Nadine Dereza Presented by Suheil Shahryar Director of Global Security Consulting Today s Business Environment
More informationINFORMATION SECURITY. One line heading. > One line subheading. A briefing on the information security controls at Computershare
INFORMATION SECURITY A briefing on the information security controls at Computershare One line heading > One line subheading INTRODUCTION Information is critical to all of our clients and is therefore
More informationGetting Started with ITIL
Getting Started with ITIL SMSG 17 th June 2013 BCS Nottingham & Derby Branch Overview Service Management has been adopted by many thousands of companies worldwide but what is it? Fundamentally, it s a
More informationAT FIRST VIEW C U R R I C U L U M V I T A E. Diplom-Betriebswirt (FH) Peter Konrad. Executive Partner Senior Consultant
Our Contact Details IT-SCAN GMBH c/o: DOCK3 Hafenstrasse 25-27 68159 Mannheim E: info@it-scan.de W: www.it-scan.de Nationalität Berufserfahrung C U R R I C U L U M V I T A E Diplom-Betriebswirt (FH) Peter
More informationISO/IEC Information technology Security techniques Code of practice for information security controls
INTERNATIONAL STANDARD ISO/IEC 27002 Second edition 2013-10-01 Information technology Security techniques Code of practice for information security controls Technologies de l information Techniques de
More informationISO/IEC INTERNATIONAL STANDARD
INTERNATIONAL STANDARD ISO/IEC 27011 First edition 2008-12-15 Information technology Security techniques Information security management guidelines for telecommunications organizations based on ISO/IEC
More informationReviewed by ADM(RS) in accordance with the Access to Information Act. Information UNCLASSIFIED.
Assistant Deputy Minister (Review Services) Reviewed by in accordance with the Access to Information Act. Information UNCLASSIFIED. Security Audits: Management Action Plan Follow-up December 2015 1850-3-003
More informationISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002
ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION
More informationWhat is ITIL. Contents
What is ITIL Contents What is ITIL and what are its origins?... 1 Services and Service Management... 2 Service Providers... 3 Stakeholders in Service Management... 3 Utility and Warranty... 4 Best Practices
More informationGetting Started with IT Service Management
Getting Started with IT Service Management SMSG 3rd March 2014 BCS Bristol Branch BCS Service Management Specialist Group The Service Management Specialist Group provides an avenue for developing and promoting
More informationIT Service Management: Southeast Area Practice Gary West Solution director Business Service Optimization
IT Service Management: Southeast Area Practice Gary West Solution director Business Service Optimization IT Under Attack IT costs are now more than 50% of the average Fortune 500 company s capital costs
More informationA SERVICE ORGANIZATION S GUIDE SOC 1, 2, & 3 REPORTS
A SERVICE ORGANIZATION S GUIDE SOC 1, 2, & 3 REPORTS Introduction If you re a growing service organization, whether a technology provider, financial services corporation, healthcare company, or professional
More informationSTATE OF NORTH CAROLINA OFFICE OF THE STATE AUDITOR BETH A. WOOD, CPA FAYETTEVILLE STATE UNIVERSITY
STATE OF NORTH CAROLINA OFFICE OF THE STATE AUDITOR BETH A. WOOD, CPA FAYETTEVILLE STATE UNIVERSITY INFORMATION TECHNOLOGY GENERAL CONTROLS INFORMATION SYSTEMS AUDIT JANUARY 2016 EXECUTIVE SUMMARY PURPOSE
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More informationIT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18
Pierce County Classification Description IT SECURITY OFFICER Department: Information Technology Job Class #: 634900 Pay Range: Professional 18 FLSA: Exempt Represented: No Classification descriptions are
More informationAccelerate Your Enterprise Private Cloud Initiative
Cisco Cloud Comprehensive, enterprise cloud enablement services help you realize a secure, agile, and highly automated infrastructure-as-a-service (IaaS) environment for cost-effective, rapid IT service
More informationSOC for cybersecurity
April 2018 SOC for cybersecurity a backgrounder Acknowledgments Special thanks to Francette Bueno, Senior Manager, Advisory Services, Ernst & Young LLP and Chris K. Halterman, Executive Director, Advisory
More informationGOVERNANCE, RISK MANAGEMENT AND COMPLIANCE TRENDS BY FCPAK ERIC KIMANI
GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE TRENDS BY FCPAK ERIC KIMANI CONTENTS Overview Conceptual Definition Implementation of Strategic Risk Governance Success Factors Changing Internal Audit Roles
More information"Charting the Course... ITIL 2011 Managing Across the Lifecycle ( MALC ) Course Summary
Course Summary Description ITIL is a set of best practices guidance that has become a worldwide-adopted framework for IT Service Management by many Public & Private Organizations. Since early 1990, ITIL
More informationRethinking Information Security Risk Management CRM002
Rethinking Information Security Risk Management CRM002 Speakers: Tanya Scott, Senior Manager, Information Risk Management, Lending Club Learning Objectives At the end of this session, you will: Design
More informationApex Information Security Policy
Apex Information Security Policy Table of Contents Sr.No Contents Page No 1. Objective 4 2. Policy 4 3. Scope 4 4. Approval Authority 5 5. Purpose 5 6. General Guidelines 7 7. Sub policies exist for 8
More informationWeighing in on the Benefits of a SAS 70 Audit for Third Party Administrators
Weighing in on the Benefits of a SAS 70 Audit for Third Party Administrators With increasing oversight and growing demands for industry regulations, third party assurance has never been under a keener
More informationIT-CNP, Inc. Capability Statement
Securing America s Infrastructure Security Compliant IT Operations Hosting Cyber Security Information FISMA Cloud Management Hosting Security Compliant IT Logistics Hosting 1 IT-CNP, Inc. is a Government
More informationIso Controls Checklist File Type S
ISO 27002 CONTROLS CHECKLIST FILE TYPE S PDF - Are you looking for iso 27002 controls checklist file type s Books? Now, you will be happy that at this time iso 27002 controls checklist file type s PDF
More informationIT risks and controls
Università degli Studi di Roma "Tor Vergata" Master of Science in Business Administration Business Auditing Course IT risks and controls October 2018 Agenda I IT GOVERNANCE IT evolution, objectives, roles
More informationTable of Contents. Preface xvii PART ONE: FOUNDATIONS OF MODERN INTERNAL AUDITING
Table of Contents Preface xvii PART ONE: FOUNDATIONS OF MODERN INTERNAL AUDITING Chapter 1: Significance of Internal Auditing in Enterprises Today: An Update 3 1.1 Internal Auditing History and Background
More informationIT Governance ISO/IEC 27001:2013 ISMS Implementation. Service description. Protect Comply Thrive
IT Governance ISO/IEC 27001:2013 ISMS Implementation Service description Protect Comply Thrive 100% guaranteed ISO 27001 certification with the global experts With the IT Governance ISO 27001 Implementation
More informationISO A Business Critical Framework For Information Security Management
ISO 27000 A Business Critical Framework For Information Security Management George Spalding Executive Vice President Pink Elephant Pink Elephant Leading The Way In IT Management Best Practices Agenda Framework
More informationPCI Policy Compliance Using Information Security Policies Made Easy. PCI Policy Compliance Information Shield Page 1
PCI Policy Compliance Using Information Security Policies Made Easy PCI Policy Compliance Information Shield Page 1 PCI Policy Compliance Using Information Security Policies Made Easy By David J Lineman
More informationBetter together. KPMG LLP s GRC Advisory Services for IBM OpenPages implementations. kpmg.com
Better together KPMG LLP s GRC Advisory Services for IBM OpenPages implementations kpmg.com KPMG A leader in GRC services KPMG LLP (KPMG) is the U.S. member firm of the KPMG global network of professional
More information