SlideShare una empresa de Scribd logo
1 de 18
Descargar para leer sin conexión
- Alex Rajan
Understanding co bit 4.1
Understanding co bit 4.1
Strategic         Focuses on ensuring the linkage of business and IT plans;
                  on defining, maintaining and validating the IT value proposition;
alignment         and on aligning IT operations with enterprise operations
                  Is about executing the value proposition throughout the delivery cycle,
Value delivery    ensuring that IT delivers the promised benefits against the strategy,
                  concentrating on optimising costs and proving the intrinsic value of IT

                  Is about the optimal investment in, and the proper management of,
Resource          critical IT resources: applications, information, infrastructure and
                  people. Key issues relate to the optimisation of knowledge and
management        infrastructure.
                  Requires risk awareness by senior corporate officers, a clear
Risk management   understanding of the enterprise’s appetite for risk, understanding of
                  compliance requirements, transparency about the significant risks to
                  the enterprise, and embedding of risk management responsibilities in
                  the organisation

                  Tracks and monitors strategy implementation, project completion,
Performance       resource usage, process performance and service delivery, using, for
measurement       example, balanced scorecards that translate strategy into action to
                  achieve goals measurable beyond conventional accounting
Board and             Set direction for IT, monitor results and insist on corrective
                      measures
executive
                      Defines business requirements for IT and ensures that value
Business management   is delivered and risks are managed


                      Delivers and improves IT services as required by the
IT management         business


                      Provides independent assurance to demonstrate that IT
IT audit              delivers what is needed


Risk and              Measures compliance with policies and focuses on alerts to
compliance            new risks
►The   COBIT framework was created with the main characteristics:
   Business-focused
   Process-oriented
   Controls-based
   Measurement-driven
Understanding co bit 4.1
The COBIT framework helps align IT with the business by focusing on business
information requirements and organising IT resources. COBIT provides the
framework and guidance to implement IT governance
Understanding co bit 4.1
COBIT describes the IT life cycle with the help of four domains:
      Plan and Organise
      Acquire and Implement
      Deliver and Support
      Monitor and Evaluate



Processes are series of activities . There are 34 processes across the four
domains.


Activities are actions that are required to achieve measurable results.
Moreover, activities have life cycles and include many discrete tasks.
►Objectives:
    Formulating strategy and tactics
    Identifying how IT can best contribute to achieving business objectives
    Planning, communicating and managing the realisation of the strategic vision
    Implementing organisational and technological infrastructure
►Scope:
    Are IT and the business strategically aligned?
    Is the enterprise achieving optimum use of its resources?
    Does everyone in the organisation understand the IT objectives?
    Are IT risks understood and being managed?
    Is the quality of IT systems appropriate for business needs?
Acquire and Implement (AI)
     ►Objectives:

          Identifying, developing or acquiring, implementing, and integrating IT solutions
          Changes in and maintenance of existing systems
     ►Scope:

          Are new projects likely to deliver solutions that meet business needs?
          Are new projects likely to be delivered on time and within budget?
          Will the new systems work properly when implemented?
          Will changes be made without upsetting current business operations?
►   Objectives:
       The actual delivery of required services, including service delivery
       The management of security, continuity, data and operational facilities
       Service support for users
►   Scope:
       Are IT services being delivered in line with business priorities?
       Are IT costs optimised?
       Is the workforce able to use IT systems productively and safely?
       Are adequate confidentiality, integrity and availability in place?
►   Objectives:
       Performance management
       Monitoring of internal control
       Regulatory compliance
       Governance
►   Scope:
       Is IT’s performance measured to detect problems before it is too late?
       Does management ensure that internal controls are effective and efficient?
       Can IT performance be linked to business goals?
       Are risk, control, compliance and performance measured and reported?
Information criteria are based on the following requirements:
      Quality
      Fiduciary
      Security
►   The IT resources identified in COBIT are defined as:
       Applications are automated user systems and manual procedures that process information.
       Information is data that are input, processed and output by information systems, in
        whatever form used by the business.
       Infrastructure includes the technology and facilities, such as hardware, operating systems
        and networking, that enable the processing of applications.
       People are the personnel required to plan, organise, acquire, implement, deliver, support,
        monitor and evaluate information systems and services. They may be internal, outsourced
        or contracted, as required.
Understanding co bit 4.1
Understanding co bit 4.1

Más contenido relacionado

La actualidad más candente

IT Governance – The missing compass in a technology changing world
 IT Governance – The missing compass in a technology changing world IT Governance – The missing compass in a technology changing world
IT Governance – The missing compass in a technology changing worldPECB
 
IT Governance Vs IT Management Presentation V0.1
IT Governance Vs IT Management   Presentation V0.1IT Governance Vs IT Management   Presentation V0.1
IT Governance Vs IT Management Presentation V0.1Richard Willis
 
Understanding IT Strategy, Sourcing and Vendor Relationships
Understanding IT Strategy, Sourcing and Vendor RelationshipsUnderstanding IT Strategy, Sourcing and Vendor Relationships
Understanding IT Strategy, Sourcing and Vendor RelationshipsGoutama Bachtiar
 
IT Governance Framework
IT Governance FrameworkIT Governance Framework
IT Governance FrameworkSherri Booher
 
ISO 27001 Implementation using Force Field Analysis
ISO 27001 Implementation using Force Field AnalysisISO 27001 Implementation using Force Field Analysis
ISO 27001 Implementation using Force Field AnalysisPECB
 
Comprehending Information Technology Governance
Comprehending Information Technology GovernanceComprehending Information Technology Governance
Comprehending Information Technology GovernanceGoutama Bachtiar
 
IT Governance Presentation
IT Governance PresentationIT Governance Presentation
IT Governance Presentationjmcarden
 
IT Governance Introduction
IT Governance  IntroductionIT Governance  Introduction
IT Governance IntroductionKeith Rackley
 
Executive's Handbook on IT Strategy and Governance
Executive's Handbook on IT Strategy and GovernanceExecutive's Handbook on IT Strategy and Governance
Executive's Handbook on IT Strategy and GovernanceKuda Musundire CA (Z), RPA
 
Business Continuity Management: How to get started
Business Continuity Management: How to get startedBusiness Continuity Management: How to get started
Business Continuity Management: How to get startedIT Governance Ltd
 
IT Governance Made Easy
IT Governance Made EasyIT Governance Made Easy
IT Governance Made EasyJerry Bishop
 
IT Governance - Governing IT: Do or Die?
IT Governance - Governing IT: Do or Die?IT Governance - Governing IT: Do or Die?
IT Governance - Governing IT: Do or Die?Eryk Budi Pratama
 
IT Governance Concept
IT Governance ConceptIT Governance Concept
IT Governance Conceptitgproduct
 
Managing human resources at data centers 1.0
Managing human resources at data centers 1.0Managing human resources at data centers 1.0
Managing human resources at data centers 1.0aqel aqel
 
IT Governance & ISO 38500
IT Governance & ISO 38500IT Governance & ISO 38500
IT Governance & ISO 38500Ramiro Cid
 

La actualidad más candente (20)

IT Governance – The missing compass in a technology changing world
 IT Governance – The missing compass in a technology changing world IT Governance – The missing compass in a technology changing world
IT Governance – The missing compass in a technology changing world
 
IT Governance Vs IT Management Presentation V0.1
IT Governance Vs IT Management   Presentation V0.1IT Governance Vs IT Management   Presentation V0.1
IT Governance Vs IT Management Presentation V0.1
 
Understanding IT Strategy, Sourcing and Vendor Relationships
Understanding IT Strategy, Sourcing and Vendor RelationshipsUnderstanding IT Strategy, Sourcing and Vendor Relationships
Understanding IT Strategy, Sourcing and Vendor Relationships
 
IT Governance Framework
IT Governance FrameworkIT Governance Framework
IT Governance Framework
 
ISO 27001 Implementation using Force Field Analysis
ISO 27001 Implementation using Force Field AnalysisISO 27001 Implementation using Force Field Analysis
ISO 27001 Implementation using Force Field Analysis
 
Comprehending Information Technology Governance
Comprehending Information Technology GovernanceComprehending Information Technology Governance
Comprehending Information Technology Governance
 
IT Governance - COBIT Perspective
IT Governance - COBIT PerspectiveIT Governance - COBIT Perspective
IT Governance - COBIT Perspective
 
IT Governance Presentation
IT Governance PresentationIT Governance Presentation
IT Governance Presentation
 
What is IT Governance?
What is IT Governance?What is IT Governance?
What is IT Governance?
 
IT Governance Introduction
IT Governance  IntroductionIT Governance  Introduction
IT Governance Introduction
 
IT Governance
IT GovernanceIT Governance
IT Governance
 
Executive's Handbook on IT Strategy and Governance
Executive's Handbook on IT Strategy and GovernanceExecutive's Handbook on IT Strategy and Governance
Executive's Handbook on IT Strategy and Governance
 
Business Continuity Management: How to get started
Business Continuity Management: How to get startedBusiness Continuity Management: How to get started
Business Continuity Management: How to get started
 
IT Governance Made Easy
IT Governance Made EasyIT Governance Made Easy
IT Governance Made Easy
 
IT Governances
IT GovernancesIT Governances
IT Governances
 
IT Governance - Governing IT: Do or Die?
IT Governance - Governing IT: Do or Die?IT Governance - Governing IT: Do or Die?
IT Governance - Governing IT: Do or Die?
 
IT Governance Concept
IT Governance ConceptIT Governance Concept
IT Governance Concept
 
Belgina ism-v3 3
Belgina ism-v3 3Belgina ism-v3 3
Belgina ism-v3 3
 
Managing human resources at data centers 1.0
Managing human resources at data centers 1.0Managing human resources at data centers 1.0
Managing human resources at data centers 1.0
 
IT Governance & ISO 38500
IT Governance & ISO 38500IT Governance & ISO 38500
IT Governance & ISO 38500
 

Destacado (9)

mi
mimi
mi
 
Isaca presentation
Isaca presentationIsaca presentation
Isaca presentation
 
PANDUAN PROGRAM BANTUAN PENULISAN BUKU 2013
PANDUAN PROGRAM BANTUAN PENULISAN BUKU 2013PANDUAN PROGRAM BANTUAN PENULISAN BUKU 2013
PANDUAN PROGRAM BANTUAN PENULISAN BUKU 2013
 
Workshop pembuatan buku upn
Workshop pembuatan buku upnWorkshop pembuatan buku upn
Workshop pembuatan buku upn
 
CobiT 4.1 Po3
CobiT 4.1  Po3 CobiT 4.1  Po3
CobiT 4.1 Po3
 
APA DAN BAGAIMANA LANGKAH PENULISAN BUKU TEKS
APA DAN BAGAIMANA LANGKAH PENULISAN BUKU TEKSAPA DAN BAGAIMANA LANGKAH PENULISAN BUKU TEKS
APA DAN BAGAIMANA LANGKAH PENULISAN BUKU TEKS
 
Cobit 4.1 Highlights
Cobit 4.1 HighlightsCobit 4.1 Highlights
Cobit 4.1 Highlights
 
Spring Framework 4.1
Spring Framework 4.1Spring Framework 4.1
Spring Framework 4.1
 
COBIT 5 & 4.1 Comparison
COBIT 5 & 4.1 ComparisonCOBIT 5 & 4.1 Comparison
COBIT 5 & 4.1 Comparison
 

Similar a Understanding co bit 4.1

MAKING SENSE OF IT GOVERNANCE
MAKING SENSE OF IT GOVERNANCEMAKING SENSE OF IT GOVERNANCE
MAKING SENSE OF IT GOVERNANCERudy Shoushany
 
Cobit Training course
Cobit Training courseCobit Training course
Cobit Training courseIman Baradari
 
Ea As A Strategy M Veeraragaloo Approach
Ea As A Strategy   M Veeraragaloo ApproachEa As A Strategy   M Veeraragaloo Approach
Ea As A Strategy M Veeraragaloo ApproachMaganathin Veeraragaloo
 
IT Governance with Digité Enterprise
IT Governance with Digité EnterpriseIT Governance with Digité Enterprise
IT Governance with Digité EnterpriseDigite Inc
 
Ict Vision And Strategy Development
Ict Vision And Strategy DevelopmentIct Vision And Strategy Development
Ict Vision And Strategy DevelopmentAlan McSweeney
 
It governance in_higher_education_by_james_yung
It governance in_higher_education_by_james_yungIt governance in_higher_education_by_james_yung
It governance in_higher_education_by_james_yungnorsaidatul_akmar
 
Maximizing Business Value Through Effective IT Governance
Maximizing Business Value Through Effective IT GovernanceMaximizing Business Value Through Effective IT Governance
Maximizing Business Value Through Effective IT GovernanceCognizant
 
CoBIT 5 (A brief Description)
CoBIT 5 (A brief Description)CoBIT 5 (A brief Description)
CoBIT 5 (A brief Description)Sam Mandebvu
 
Lecture 06 - CoBit - Control Objectives for Information and Related Technolog...
Lecture 06 - CoBit - Control Objectives for Information and Related Technolog...Lecture 06 - CoBit - Control Objectives for Information and Related Technolog...
Lecture 06 - CoBit - Control Objectives for Information and Related Technolog...TRANANHQUAN4
 
COBIT 4.0
COBIT 4.0COBIT 4.0
COBIT 4.0bluekiu
 
Managing Service Operations and why ITSM Matters
Managing Service Operations and why ITSM Matters Managing Service Operations and why ITSM Matters
Managing Service Operations and why ITSM Matters Invensis Learning
 
AGILENSITE CAPABILITES
AGILENSITE CAPABILITESAGILENSITE CAPABILITES
AGILENSITE CAPABILITESMJFailor
 
Research Paper on "Project Management and IT Governance"
Research Paper on "Project Management and IT Governance"Research Paper on "Project Management and IT Governance"
Research Paper on "Project Management and IT Governance"guest1c7740
 
Research Paper on Project Management and IT Governance
Research Paper on Project Management and IT GovernanceResearch Paper on Project Management and IT Governance
Research Paper on Project Management and IT Governanceguest7db01d
 
CISA DOMAIN 2 Governance & Management of IT
CISA DOMAIN 2 Governance & Management of ITCISA DOMAIN 2 Governance & Management of IT
CISA DOMAIN 2 Governance & Management of ITShivamSharma909
 

Similar a Understanding co bit 4.1 (20)

It governance & cobit 5
It governance & cobit 5It governance & cobit 5
It governance & cobit 5
 
MAKING SENSE OF IT GOVERNANCE
MAKING SENSE OF IT GOVERNANCEMAKING SENSE OF IT GOVERNANCE
MAKING SENSE OF IT GOVERNANCE
 
Cobit Training course
Cobit Training courseCobit Training course
Cobit Training course
 
CObIT
CObITCObIT
CObIT
 
Ea As A Strategy M Veeraragaloo Approach
Ea As A Strategy   M Veeraragaloo ApproachEa As A Strategy   M Veeraragaloo Approach
Ea As A Strategy M Veeraragaloo Approach
 
IT Governance with Digité Enterprise
IT Governance with Digité EnterpriseIT Governance with Digité Enterprise
IT Governance with Digité Enterprise
 
09.consulting collaboration innovation imc thailand_dr_montri_v
09.consulting collaboration innovation imc thailand_dr_montri_v09.consulting collaboration innovation imc thailand_dr_montri_v
09.consulting collaboration innovation imc thailand_dr_montri_v
 
Ict Vision And Strategy Development
Ict Vision And Strategy DevelopmentIct Vision And Strategy Development
Ict Vision And Strategy Development
 
It governance in_higher_education_by_james_yung
It governance in_higher_education_by_james_yungIt governance in_higher_education_by_james_yung
It governance in_higher_education_by_james_yung
 
Maximizing Business Value Through Effective IT Governance
Maximizing Business Value Through Effective IT GovernanceMaximizing Business Value Through Effective IT Governance
Maximizing Business Value Through Effective IT Governance
 
CoBIT 5 (A brief Description)
CoBIT 5 (A brief Description)CoBIT 5 (A brief Description)
CoBIT 5 (A brief Description)
 
Lecture 06 - CoBit - Control Objectives for Information and Related Technolog...
Lecture 06 - CoBit - Control Objectives for Information and Related Technolog...Lecture 06 - CoBit - Control Objectives for Information and Related Technolog...
Lecture 06 - CoBit - Control Objectives for Information and Related Technolog...
 
COBIT 4.0
COBIT 4.0COBIT 4.0
COBIT 4.0
 
Managing Service Operations and why ITSM Matters
Managing Service Operations and why ITSM Matters Managing Service Operations and why ITSM Matters
Managing Service Operations and why ITSM Matters
 
AGILENSITE CAPABILITES
AGILENSITE CAPABILITESAGILENSITE CAPABILITES
AGILENSITE CAPABILITES
 
Research Paper on "Project Management and IT Governance"
Research Paper on "Project Management and IT Governance"Research Paper on "Project Management and IT Governance"
Research Paper on "Project Management and IT Governance"
 
Research Paper on Project Management and IT Governance
Research Paper on Project Management and IT GovernanceResearch Paper on Project Management and IT Governance
Research Paper on Project Management and IT Governance
 
IT_Governance iia uganda_presentation_ruyooka_2011
IT_Governance iia uganda_presentation_ruyooka_2011IT_Governance iia uganda_presentation_ruyooka_2011
IT_Governance iia uganda_presentation_ruyooka_2011
 
CISA DOMAIN 2 Governance & Management of IT
CISA DOMAIN 2 Governance & Management of ITCISA DOMAIN 2 Governance & Management of IT
CISA DOMAIN 2 Governance & Management of IT
 
Accountability Corbit Overview 06262007
Accountability Corbit Overview 06262007Accountability Corbit Overview 06262007
Accountability Corbit Overview 06262007
 

Más de n|u - The Open Security Community

Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...n|u - The Open Security Community
 

Más de n|u - The Open Security Community (20)

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
Osint primer
Osint primerOsint primer
Osint primer
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
Cloud security
Cloud security Cloud security
Cloud security
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 

Understanding co bit 4.1

  • 4. Strategic Focuses on ensuring the linkage of business and IT plans; on defining, maintaining and validating the IT value proposition; alignment and on aligning IT operations with enterprise operations Is about executing the value proposition throughout the delivery cycle, Value delivery ensuring that IT delivers the promised benefits against the strategy, concentrating on optimising costs and proving the intrinsic value of IT Is about the optimal investment in, and the proper management of, Resource critical IT resources: applications, information, infrastructure and people. Key issues relate to the optimisation of knowledge and management infrastructure. Requires risk awareness by senior corporate officers, a clear Risk management understanding of the enterprise’s appetite for risk, understanding of compliance requirements, transparency about the significant risks to the enterprise, and embedding of risk management responsibilities in the organisation Tracks and monitors strategy implementation, project completion, Performance resource usage, process performance and service delivery, using, for measurement example, balanced scorecards that translate strategy into action to achieve goals measurable beyond conventional accounting
  • 5. Board and Set direction for IT, monitor results and insist on corrective measures executive Defines business requirements for IT and ensures that value Business management is delivered and risks are managed Delivers and improves IT services as required by the IT management business Provides independent assurance to demonstrate that IT IT audit delivers what is needed Risk and Measures compliance with policies and focuses on alerts to compliance new risks
  • 6. ►The COBIT framework was created with the main characteristics: Business-focused Process-oriented Controls-based Measurement-driven
  • 8. The COBIT framework helps align IT with the business by focusing on business information requirements and organising IT resources. COBIT provides the framework and guidance to implement IT governance
  • 10. COBIT describes the IT life cycle with the help of four domains:  Plan and Organise  Acquire and Implement  Deliver and Support  Monitor and Evaluate Processes are series of activities . There are 34 processes across the four domains. Activities are actions that are required to achieve measurable results. Moreover, activities have life cycles and include many discrete tasks.
  • 11. ►Objectives: Formulating strategy and tactics Identifying how IT can best contribute to achieving business objectives Planning, communicating and managing the realisation of the strategic vision Implementing organisational and technological infrastructure ►Scope: Are IT and the business strategically aligned? Is the enterprise achieving optimum use of its resources? Does everyone in the organisation understand the IT objectives? Are IT risks understood and being managed? Is the quality of IT systems appropriate for business needs?
  • 12. Acquire and Implement (AI) ►Objectives: Identifying, developing or acquiring, implementing, and integrating IT solutions Changes in and maintenance of existing systems ►Scope: Are new projects likely to deliver solutions that meet business needs? Are new projects likely to be delivered on time and within budget? Will the new systems work properly when implemented? Will changes be made without upsetting current business operations?
  • 13. Objectives:  The actual delivery of required services, including service delivery  The management of security, continuity, data and operational facilities  Service support for users ► Scope:  Are IT services being delivered in line with business priorities?  Are IT costs optimised?  Is the workforce able to use IT systems productively and safely?  Are adequate confidentiality, integrity and availability in place?
  • 14. Objectives:  Performance management  Monitoring of internal control  Regulatory compliance  Governance ► Scope:  Is IT’s performance measured to detect problems before it is too late?  Does management ensure that internal controls are effective and efficient?  Can IT performance be linked to business goals?  Are risk, control, compliance and performance measured and reported?
  • 15. Information criteria are based on the following requirements:  Quality  Fiduciary  Security
  • 16. The IT resources identified in COBIT are defined as:  Applications are automated user systems and manual procedures that process information.  Information is data that are input, processed and output by information systems, in whatever form used by the business.  Infrastructure includes the technology and facilities, such as hardware, operating systems and networking, that enable the processing of applications.  People are the personnel required to plan, organise, acquire, implement, deliver, support, monitor and evaluate information systems and services. They may be internal, outsourced or contracted, as required.