mm CGEIT Best Practices and Concepts
•
2 recomendaciones•737 vistas
CGEIT: Best Practices and Concepts
Recomendados
Recomendados
Más contenido relacionado
Destacado
Destacado (17)
Similar a mm CGEIT Best Practices and Concepts
Similar a mm CGEIT Best Practices and Concepts (20)
Más de Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
Más de Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001 (20)
Último
Último (20)
mm CGEIT Best Practices and Concepts
- 1. CGEIT Best Practices and Concepts http://80na20.blogspot.com Strategy Boston Consulting Group (BSG) Matrix Balanced Scorecard (BSC) Key Concepts SWOT analysis Gap Analysis Porter five forces analysis Ansoff Matrix Jo-Hari Window Continuous Improvement Cycles DMAIC Cycle DMADV Cycle PDCA Cycle 7 phases of the Implementation Life Cycle Boyd Cycle (OODA) Agility Loops Governance COBIT 5 ISO 38500 ISO/IEC 38500:2015 Information technology -- Governance of IT for the organization ISO/IEC TR 38502:2014 Information technology -- Governance of IT -- Framework and model ISO 27014:2013 Information technology -- Security techniques -- Governance of information security ISO 17998:2012 Information technology -- SOA Governance Framework SOA - service-oriented architecture Strategic alignment model (SAM) Key Concepts Stakeholders RACI charts Project Management PMBoK PRINCE2 Managing Successful Programmes (MSP) Key Concepts Project, Program, & Portfolio Management PERT charts SOW – statement of work Gantt chart Risk Management ISO 31000 ISO 31000:2009, Risk management – Principles and guidelines, provides principles, framework and a process for managing risk. COSO Framework ERM ISO 27005 ISO/IEC 27005:2011 Information technology -- Security techniques -- Information security risk management RISK IT Management of Risk (M_o_R) COBIT5 for Risk OCTAVE NIST 800-37 rev.1 Guide for Applying the Risk Management Framework to Federal Information Systems: a Security Life Cycle Approach NIST 800-39 Managing Information Security Risk: Organization, Mission, and Information System View Key Concepts Business Impact Key Risk Indicators (KRIs) Types of risk – quantitative and qualitative Root cause analysis Delphi technique Monte Carlo simulation Risk Treatments Avoidance (eliminate, withdraw from or not become involved) Reduction (optimize – mitigate) Sharing (transfer – outsource or insure) Retention (accept and budget) ... Benefits realization, Resource Optimization Val IT COBIT5 for Business Benefits Realization Key Concepts The Business Case Cost-benefit analysis (CBA) Internal rate of return (IRR) Net present value (NPV) Payback period Retorn on investment (ROI) Total Cost of Ownership (TCO) Benchmarking SMART Metrics, KPI, KGI, CSF ITSM + Enterprise Architecture (EA) ITIL v3 ITIL Service Strategy ITIL Service Design ITIL Service Transition ITIL Service Operation ITIL Continual Service Improvement (CSI) ISO 20000 ISO/IEC 20000-1:2011 Information technology -- Service management -- Part 1: Service management system requirements ISO/IEC 20000-2:2012 Information technology -- Service management -- Part 2: Guidance on the application of service management systems ISO/IEC TR 20000-4:2010 Information technology -- Service management -- Part 4: Process reference model ... The Open Group Architecture Framework (TOGAF) COBIT5 Implementation Zachman Framework Quality Management Six Sigma ISO 9001ISO 9001:2015 Quality management systems -- Requirements Total Quality Management (TQM) EFQM - European Foundation for Quality Management Information Security ISO 27001 ISO/IEC 27001:2013 Information technology -- Security techniques -- Information security management systems -- Requirements ISO/IEC 27002:2013 Information technology -- Security techniques -- Code of practice for information security controls ISO/IEC 27013:2015 Information technology -- Security techniques -- Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1 ... COBIT5 for Information Security Business Model for Information Security (BMIS) NIST 800-100 Information Security Handbook: A Guide for Managers SABSA (Sherwood Applied Business Security Architecture http://sabsa.org/ NIST 800-53 rev.4 Security and Privacy Controls for Federal Information Systems and Organizations Business Continuity ISO 22301 ISO 22301:2012 Societal security -- Business continuity management systems --- Requirements ISO 22313:2012 Societal security -- Business continuity management systems -- Guidance ISO/IEC 27031:2011 Information technology -- Security techniques -- Guidelines for information and communication technology readiness for business continuity BS 25999 ANSI/ASIS/BSI BCM.01.2010 Business Continuity Management Systems: Requirements with Guidance for Use NIST SP 800-34 rev.1 Contingency Planning Guide for Federal Information Systems CMMI and etc Capability Maturity Model Integration (CMMI) ISO 15504 ISO/IEC TR 20000-4:2010 Information technology -- Service management -- Part 4: Process reference model ISO/IEC 15504-3:2004 Information technology -- Process assessment -- Part 3: Guidance on performing an assessment COBIT 5 Assessment Programme Outsoursing ISO 37500-2014 Guidance on outsourcing Outsourcing Professional Body of Knowledge - OPBOK Version 10 NOA Outsourcing Life Cycle NIST 800-35 Guide to Information Technology Security Services Information Management COBIT 5 Enabling Information Key Concepts DIKW Other ASL - Application Services Library BiSL - Business Information Services Library eTOM - Enhanced Telecom Operations Map eSCM - eSourcing Capability Model ISPL - Information Services Procurement Library ... Domains Domain 1: Framework for the Governance of Enterprise IT (25%) Domain 2: Strategic Management (20%) Domain 3: Benefits Realization (16%) Domain 4: Risk Optimization (24%) Domain 5: Resource Optimization (15%) mm CGEIT draft.mmap - 16.10.2016 - Mindjet