Bilgi Teknolojileri Yönetişim ve Denetim Konferansı BTYD 2010

Similar documents
Table of Contents. Preface xiii PART I: IT GOVERNANCE CONCEPTS. Chapter 1: Importance of IT Governance for All Enterprises 3

USING QUALYSGUARD TO MEET SOX COMPLIANCE & IT CONTROL OBJECTIVES

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld

Implementing IT Governance

Information Security Risk Strategies. By

Security Awareness Compliance Requirements. Updated: 11 October, 2017

Certified Information Security Manager (CISM) Course Overview

COPYRIGHTED MATERIAL. Index

Altius IT Policy Collection Compliance and Standards Matrix

Assurance through the ISO27002 Standard and the US NIST Cybersecurity Framework. Keith Price Principal Consultant

The Experience of Generali Group in Implementing COBIT 5. Marco Salvato, CISA, CISM, CGEIT, CRISC Andrea Pontoni, CISA

Altius IT Policy Collection Compliance and Standards Matrix

COBIT 5 With COSO 2013

ISO/IEC overview

PROFESSIONAL SERVICES (Solution Brief)

Frameworks and Standards

HISTORY: ADMINISTRATION AND COST CONTROL:

ITT Technical Institute. IT360 Networking Security I Onsite Course SYLLABUS

IT Audit Process Prof. Liang Yao Week Two IT Audit Function

Risk Assessment: Key to a successful risk management program

IS305 Managing Risk in Information Systems [Onsite and Online]

Table of Contents. Preface xvii PART ONE: FOUNDATIONS OF MODERN INTERNAL AUDITING

No IT Audit Staff? How to Hack an IT Audit. Presenters. Mark Bednarz, Partner-In-Charge, Risk Advisory PKF O Connor Davies, LLP

Effective Strategies for Managing Cybersecurity Risks

CCISO Blueprint v1. EC-Council

What Auditors Want. John Mitchell. PhD, MBA, CEng, CITP, FBCS, MBCS, FIIA, MIIA, CISA, QiCA, CFE

Cyber Security in M&A. Joshua Stone, CIA, CFE, CISA

Integrating ITIL and COBIT 5 to optimize IT Process and service delivery. Johan Muliadi Kerta

Exam Requirements v4.1

Sizing and Implementing ISO/IEC in Controlled Environments

GOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001

HCL GRC IT AUDIT & ASSURANCE SERVICES

Real-Time Compliance Monitoring

HITRUST CSF Assurance Program HITRUST, Frisco, TX. All Rights Reserved.

Balancing Between Risk and Compliance

THE ISACA CURACAO CHAPTER IS ORGANIZING FOLLOWING INFORMATION SECURITY AND TECHNOLOGY SESSIONS ON MAY 15-MAY :

Company Overview. global-lynx. Version: September 30, 2015

Establishing a Common Controls Framework

Considerations and Solutions: Juniper Networks and Compliance with Standards and Regulations

Mapping PCI DSS v2.0 With COBIT 4.1 By Pritam Bankar, CISA, CISM, and Sharad Verma

Risk Management in Electronic Banking: Concepts and Best Practices

Exploring Emerging Cyber Attest Requirements

Performing a Vendor Security Review TCTC 2017 FALL EVENT PRESENTER: KATIE MCINTOSH

*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

Mark Hofman SANS Institute/Shearwater Solutions

The HITRUST CSF. A Revolutionary Way to Protect Electronic Health Information

PCI Policy Compliance Using Information Security Policies Made Easy. PCI Policy Compliance Information Shield Page 1

Will your application be secure enough when Robots produce code for you?

INFORMATION SECURITY GOVERNANCE, RISK & COMPLIANCE CLOUD CONSULTING SERVICES CIO & CISO SERVICES. forebrook

CYBERSECURITY: E-COMMERCE, GOVERNANCE AND APPLIED CERTIFICATIONS A ROUNDTABLE DISCUSSION 15 DECEMBER 2015

Program Review for Information Security Management Assistance. Keith Watson, CISSP- ISSAP, CISA IA Research Engineer, CERIAS

Data Security Standards

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

TRENDS. January 5, 2006 COBIT Versus Other Frameworks: A Road Map To Comprehensive IT Governance. by Craig Symons

Four Deadly Traps of Using Frameworks NIST Examples

354 & Index Board of Directors Responsibilities Audit Committee and Risk Committee Coordination, 244 Audit Committee Functions and Responsibilities, 2

Cybersecurity Conference Presentation North Bay Business Journal. September 27, 2016

What is IT Governance and Why is it Important?

COBIT for IT Risk Management in a Bank A Case Study By Jitendra Barve, CISA, FCA

IBM Internet Security Systems October Market Intelligence Brief

Contracting for an IT General Controls Audit

ON-DEMAND TRAINING FOR PROFESSIONALS

Weighing in on the Benefits of a SAS 70 Audit for Third Party Administrators

Policies and Procedures Date: February 28, 2012

Does a SAS 70 Audit Leave you at Risk of a Security Exposure or Failure to Comply with FISMA?

A Holistic Approach to Protecting and Securing Enterprise Information

Overview: Compliance and Security Management PCI-DSS Control Compliance Suite Overview

Predstavenie štandardu ISO/IEC 27005

Advancing data governance to create improved data quality frameworks. Presented by: Micheal Axelsen Director Applied Insight Pty Ltd

Key Attributes of Best Practices in Information Assurance suggest they are:

locuz.com SOC Services

Bar The Gates: Cyber Threat. Wednesday, August 12, 2015: ISACA Geek Week

CYBER SECURITY. Defending Your Valuable Information

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

Tokenisation: Reducing Data Security Risk

ITIL 2 or ITIL 3? Barry Corless

EVERYONE SHOULD HAVE AN IT COMPLIANCE OFFICER OR SUFFER THE CONSEQUENCES. About Ralph Villanueva. Objectives

COSO ERM. To improve organizational performance & Governance COSO ERM. COSO Internal Control. COSO ERM_prepared by Nattapan T. 2

Business Assurance for the 21st Century

Altius IT Policy Collection

Sirius Security Overview

Aligning IT, Security and Risk Management Programs. Ahmed Qurram Baig, CISSP, CBCP, CRISC, CISM Information Security & GRC Expert

COURSE BROCHURE CISA TRAINING

Top Reasons To Audit An IAM Program. Bryan Cook Focal Point Data Risk

Manchester Metropolitan University Information Security Strategy

Introduction. Angela Holzworth, RHIA, CISA, GSEC. Kimberly Gray, Esq., CIPP/US. Sr. IT Infrastructure Analyst

Best Practices & Lesson Learned from 100+ ITGRC Implementations

SQL Compliance Whitepaper HOW COMPLIANCE IMPACTS BACKUP STRATEGY

Aligning Your Organization s Business Units to Achieve a Cohesive Cybersecurity Strategy

CYBER SECURITY WORKSHOP NOVEMBER 2, Anurag Sharma [CISA, CISSP, CRISC] Principal Cyber & Information Security Services

The Universe of Identity Management

Using Metrics to Gain Management Support for Cyber Security Initiatives

The New COSO Framework, PII and Data Security. October 30, 2014

University of Pittsburgh Security Assessment Questionnaire (v1.7)

COBIT 5: Enabling Information Progress Report By Steven De Haes, Ph.D.

01.0 Policy Responsibilities and Oversight

CyberUSA Government Cyber Opportunities for your Region: The Federal Agenda - Federal, Grants & Resources Available to Support Community Cyber

Compliance and Controls Frameworks. Vishal Gupta

User Security and Governance Models. A review and primer presented for. ISACA - Phoenix

IBM Fundamentals of Applying Tivoli Security and Compliance Management Solutions V2.

Transcription:

Bilgi Teknolojileri Yönetişim ve Denetim Konferansı

COBIT ve Diğer Standartlar ile Karşılaştırılması Mete Türkyılmaz, MBA, CGEIT, CFE, CISA, MCP Anadolu Endüstri Holding A.Ş. Denetim Koordinatör Yardımcısı

COBIT ve Diğer Standartlar ile Karşılaştırması COBIT nedir? COBIT Alanları (Domain) COBIT ve Diğer Standartlar ile Karşılaştırılması\Eşleştirilmesi (Mapping)

COBIT COBIT 4.1-The Control Objectives for Information and related Technology (Bilgi ve İlgili Teknolojiler İçin Kontrol Hedefleri) COBIT Framework for IT Governance and Control (BT Yönetişim ve Kontrolleri için COBIT Çerçevesi)

COBIT IT Governance Resource Management

COBIT

COBIT ALANLARI (DOMAINS)

PO-Plan and Organise IT Assurance Guide: Using COBIT COBIT Control Practices, 2nd Edition A P P E N D I X I I P L A N A N D O R G A N I S E ( P O ) PO1 Define a Strategic IT Plan PO2 Define the Information Architecture PO3 Determine Technological Direction PO4 Define the IT Processes, Organisation and Relationships PO5 Manage the IT Investment PO6 Communicate Management Aims and Direction PO7 Manage IT Human Resources PO8 Manage Quality PO9 Assess and Manage IT Risks PO10 Manage Projects See worksheet tabs below to access each section 2007 IT Governance Institute. All rights reserved. www.itgi.org

AI-Acquire and Implement IT Assurance Guide: Using COBIT COBIT Control Practices, 2nd Edition A P P E N D I X I I I A C Q U I R E A N D I M P L E M E N T ( A I ) AI1 Identify Automated Solutions AI2 Acquire and Maintain Application Software AI3 Acquire and Maintain Technology Infrastructure AI4 Enable Operation and Use AI5 Procure IT Resources AI6 Manage Changes AI7 Install and Accredit Solutions and Changes See worksheet tabs below to access each section 2007 IT Governance Institute. All rights reserved. www.itgi.org

DS-Deliver and Support IT Assurance Guide: Using COBIT COBIT Control Practices, 2nd Edition A P P E N D I X I V D E L I V E R A N D S U P P O R T ( D S ) DS1 Define and Manage Service Levels DS2 Manage Third-party Services DS3 Manage Performance and Capacity DS4 Ensure Continuous Service DS5 Ensure Systems Security DS6 Identify and Allocate Costs DS7 Educate and Train Users DS8 Manage Service Desk and Incidents DS9 Manage the Configuration DS10 Manage Problems DS11 Manage Data DS12 Manage the Physical Environment DS13 Manage Operations See worksheet tabs below to access each section 2007 IT Governance Institute. All rights reserved. www.itgi.org

ME-Monitor and Evaluate IT Assurance Guide: Using COBIT COBIT Control Practices, 2nd Edition A P P E N D I X V M O N I T O R A N D E VA L U A T E ( M E ) ME1 Monitor and Evaluate IT Performance ME2 Monitor and Evaluate Internal Control ME3 Ensure Compliance With External Requirements ME4 Provide IT Governance See worksheet tabs below to access each section 2007 IT Governance Institute. All rights reserved. www.itgi.org

- ISACA-Diğer Standart ve Çerçeveler - IT Framework for Business Technology Management - Framework for Management of IT Related Business Risks - Information Technology Assurance Framework (BMIS) - Business Model for Information Security

Diğer Çerçeve ve Standartlar ITIL v3 TOGAF 8.1-9.0 ISO\IEC 27002-ISO\IEC 27001 (ex. ISO\IEC 17799) NIST SP800-53-Recommended Security Controls for Federal Information Systems CMMI COSO

Diğer Çerçeve ve Standartlar PMI-PMBOK PRINCE2 MPMM NSA-INFOSEC, ISF-The Standard of Good Practice for Information Security theiia-gtag (GAIT Methodology-a risk-based approach to assessing the scope of IT general controls)

ISO\IEC 27002-ISO\IEC 27001

ITILv3

COSO

NIST SP800-53

TOGAF 8.1-9.0

CMMI

PMBOK-PRINCE2-MPMM

theiia-global Technology Audit Guides (GTAG) PG GTAG-15: Information Security Governance PG GTAG-14: Auditing User-developed Applications PG GTAG-13: Fraud Prevention and Detection in an Automated World PG GTAG-12: Auditing IT Projects PG GTAG-11: Developing the IT Audit Plan PG GTAG-10: Business Continuity Management PG GTAG-9: Identity and Access Management PG GTAG-8: Auditing Application Controls PG GTAG-7: Information Technology Outsourcing PG GTAG-6: Managing and Auditing IT Vulnerabilities PG GTAG-5: Managing and Auditing Privacy Risks PG GTAG-4: Management of IT Auditing PG GTAG-3: Continuous Auditing: Implications for Assurance, Monitoring, and Risk Assessment PG GTAG-2: Change and Patch Management Controls: Critical for Organizational Success PG GTAG-1: Information Technology Controls

Regülasyonlar The Sarbanes Oxley Act (Sarbox\SOX) The Gramm Leach Bliley Act (GLB) PCI Data Security Standard (PCI DSS) The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules BASEL II-III

Teşekkürler :-)

www.btyd.org

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback