Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid
Ramiro Cid | @ramirocid
IT Governance & ISO 38500
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid
2
Index
1. First approach to IT Governance Slide 3
2. Problems with...
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid
IT Governance or Corporate governance of information technology is ...
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid
IT governance is often confused with IT management, compliance and ...
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid
 AS8015-2005: Australian Standard for Corporate Governance of Info...
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid
 COBIT: Is regarded as the world's leading IT governance and contr...
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid
4. IT Governance: Lifecycle
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid
IT Governance has an ISO, it is the ISO/IEC 38500:2008 called “Corp...
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid
In essence, all that this proposed rule can be summarized into thre...
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid
1. The establishment of responsibilities to competent people for de...
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid
 Compliance with the legal environment is a growing need in the co...
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid
 IT Governance Definition and Solutions | cio.com
URL: http://www....
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid
Questions?
Many thanks !
Ramiro Cid
CISM, CGEIT, ISO 27001 LA, ISO ...
Próxima SlideShare
Cargando en…5
×

IT Governance & ISO 38500

2.420 visualizaciones

Publicado el

IT Governance or Corporate governance of information technology is a subset discipline of corporate
governance, focused on information and technology (IT) and its performance and risk management.
The interest in IT Governance is due to the ongoing need within organizations to focus value creation efforts
on an organization's strategic objectives and to better manage the performance of those responsible for creating this value in the best interest of all stakeholders.

IT Governance & ISO 38500

  1. 1. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid Ramiro Cid | @ramirocid IT Governance & ISO 38500
  2. 2. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid 2 Index 1. First approach to IT Governance Slide 3 2. Problems with IT Governance Slide 4 3. IT Governance: Frameworks Slide 5 4. IT Governance: Lifecycle Slide 7 5. ISO/IEC 38500:2008 - Main topics Slide 8 6. ISO/IEC 38500:2008 - Main purposes Slide 9 7. ISO/IEC 38500:2008 - 6 Basic principles Slide 10 8. ISO/IEC 38500:2008 - Remarking 2 Basic principles Slide 11 9. Sources used to expand knowledge Slide 12
  3. 3. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid IT Governance or Corporate governance of information technology is a subset discipline of corporate governance, focused on information and technology (IT) and its performance and risk management. The interest in IT governance is due to the ongoing need within organizations to focus value creation efforts on an organization's strategic objectives and to better manage the performance of those responsible for creating this value in the best interest of all stakeholders. It is also very important to have an alignment of IT strategy with the business strategy. It has evolved from The Principles of Scientific Management, Total Quality Management and ISO 9001 Quality management system. An IT Governance framework is used to identify, establish and link the mechanisms to oversee the use of information and related technology to create value and manage the risks associated with using information and technology. 1. First approach to IT Governance
  4. 4. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid IT governance is often confused with IT management, compliance and IT controls. The problem is increased by terms such as "governance, risk and compliance (GRC)" that establish a link between governance and compliance. The primary focus of IT governance is the stewardship of IT resources on behalf of various stakeholders whose ranking is established by the organization's governing body. A simple way to explain IT governance is: what is to be achieved from the leveraging of IT resources. While IT management is about "planning, organizing, directing and controlling the use of IT resources" (that is, the how), IT governance is about creating value for the stakeholders based on the direction given by those who govern. ISO 38500 has helped clarify IT governance by describing a model to be used by company directors. While directors are responsible for this stewardship it is not unusual that will delegate this responsibility to management (business and IT) who are expected to develop the necessary capability to deliver the performance expected. Whilst managing risk and ensuring compliance are essential components of good governance, the primary focus is on delivering value and managing performance (i.e. "Governance, Value delivery and Performance management" (GVP)). 2. Problems with IT Governance
  5. 5. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid  AS8015-2005: Australian Standard for Corporate Governance of Information and Communication Technology. AS8015 was adopted as ISO/IEC 38500 in May 2008.  ISO/IEC 38500:2008: Corporate governance of information technology (very closely based on AS8015- 2005) provides a framework for effective governance of IT to assist those at the highest level of organizations to understand and fulfill their legal, regulatory, and ethical obligations in respect of their organizations’ use of IT. ISO/IEC 38500 is applicable to organizations from all sizes, including public and private companies, government entities, and not-for-profit organizations. 3. IT Governance: Frameworks
  6. 6. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid  COBIT: Is regarded as the world's leading IT governance and control framework. COBIT provides a reference model of 37 IT processes typically found in an organization. Each process is defined together with process inputs and outputs, key process activities, process objectives, performance measures and an elementary maturity model. ISACA published COBIT 5 in April 2012 as a "business framework for the governance and management of enterprise IT". COBIT 5 consolidates COBIT4.1, Val IT and Risk IT into a single framework acting as an enterprise framework aligned and interoperable with TOGAF and ITIL. Last version is COBIT 5. 3. IT Governance: Frameworks
  7. 7. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid 4. IT Governance: Lifecycle
  8. 8. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid IT Governance has an ISO, it is the ISO/IEC 38500:2008 called “Corporate governance of information technology”. This presentation will focus in this IT Governance framework. This standard was published in June 2008 and complements the set of ISO standards that affect the systems and information technologies (such as ISO/IEC 27001, ISO/IEC 20000, etc.). This rule sets standards for good management of business processes and decisions related to information and communication services that are usually managed by specialists in IS / internal or within other business units of the IT organization, such as suppliers external service. 5. ISO/IEC 38500:2008 - Main topics
  9. 9. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid In essence, all that this proposed rule can be summarized into three main purposes: a) Ensure that, if the rule is followed properly, the stakeholders (managers, consultants, engineers, hardware vendors, auditors, etc.), can rely on the corporate governance of IT. b) Provide information and guidance to managers that control the use of IS/IT in your organization/company. c) Provide a basis for objective evaluation by top management of IT management. IT governance framework Likewise, the rule encourages adopt a minimum set of measures for the organization to get your IT goals. 6. ISO/IEC 38500:2008 - Main purposes
  10. 10. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid 1. The establishment of responsibilities to competent people for decision making 2. Alignment of IT with the strategic objectives of the organization (a good planning support to the improvement of the organization) 3. The investment in IT goods suitable 4. Quality in the operation of IT systems 5. Ensuring legal compliance or regulatory IT systems 6. The involvement of the human factor and respect at the same 7. ISO/IEC 38500:2008 - 6 Basic principles
  11. 11. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid  Compliance with the legal environment is a growing need in the context of IS/IT organizations of any size, as there is a lot of legislation regulating the use of information, communications, etc. forming a binding legal framework that can not be ignored.  The human factor is often treated very tangentially in many business strategies and, above all, IS/IT. Fortunately, this standard (as ISO 27001 for example in his domain “8. Security linked to Human Resources”), incorporated as a fundamental pillar more. 8. ISO/IEC 38500:2008 - Remarking 2 Basic principles
  12. 12. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid  IT Governance Definition and Solutions | cio.com URL: http://www.cio.com/article/2438931/governance/it-governance-definition-and-solutions.html  “Corporate governance of information technology” definition | Wikipedia URL: https://en.wikipedia.org/wiki/Corporate_governance_of_information_technology  IT Governance Defined | ITGovernance URL: http://www.itgovernance.co.uk/it_governance.aspx  “IT Governance Developing a successful governance strategy” | National Computing Centre (published on Isaca.org website) URL: https://www.isaca.org/Certification/CGEIT-Certified-in-the-Governance-of-Enterprise-IT/Prepare-for-the-Exam/Study- Materials/Documents/Developing-a-Successful-Governance-Strategy.pdf 9. Sources used to expand knowledge
  13. 13. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid Questions? Many thanks ! Ramiro Cid CISM, CGEIT, ISO 27001 LA, ISO 22301 LA, ITIL ramiro@ramirocid.com @ramirocid http://www.linkedin.com/in/ramirocid http://ramirocid.com http://es.slideshare.net/ramirocid http://www.youtube.com/user/cidramiro

×