cobit 5 used in an information security review
DESCRIPTION
COBIT5, inofsec, cyber security, information security, frameworks, security assessmentsTRANSCRIPT
![Page 1: Cobit 5 used in an information security review](https://reader036.vdocument.in/reader036/viewer/2022062303/55890648d8b42ae84c8b46a2/html5/thumbnails/1.jpg)
1
COBIT 5 Used in a Security Review
John Kenneth Barchie
CISM, CRISC, CISSP
www.barchieconsulting.com
![Page 2: Cobit 5 used in an information security review](https://reader036.vdocument.in/reader036/viewer/2022062303/55890648d8b42ae84c8b46a2/html5/thumbnails/2.jpg)
2
COBIT 5 Tools of the Framework
Governance Enablers Principles BMIS Replaces/Augments COSO for SOX PCA replaces CMM
– N,P,L,F
![Page 3: Cobit 5 used in an information security review](https://reader036.vdocument.in/reader036/viewer/2022062303/55890648d8b42ae84c8b46a2/html5/thumbnails/3.jpg)
3
COBIT 5 Governance
Love this graphic
![Page 4: Cobit 5 used in an information security review](https://reader036.vdocument.in/reader036/viewer/2022062303/55890648d8b42ae84c8b46a2/html5/thumbnails/4.jpg)
4
COBIT 5 Difference between Governance and Management
Evaluate Direct Monitor (EDM processes)
![Page 5: Cobit 5 used in an information security review](https://reader036.vdocument.in/reader036/viewer/2022062303/55890648d8b42ae84c8b46a2/html5/thumbnails/5.jpg)
5
COBIT 5 Principles
![Page 6: Cobit 5 used in an information security review](https://reader036.vdocument.in/reader036/viewer/2022062303/55890648d8b42ae84c8b46a2/html5/thumbnails/6.jpg)
6
COBIT 5 Product Family
![Page 7: Cobit 5 used in an information security review](https://reader036.vdocument.in/reader036/viewer/2022062303/55890648d8b42ae84c8b46a2/html5/thumbnails/7.jpg)
7
COBIT 5 Enablers
![Page 8: Cobit 5 used in an information security review](https://reader036.vdocument.in/reader036/viewer/2022062303/55890648d8b42ae84c8b46a2/html5/thumbnails/8.jpg)
8
COBIT 5 and BMIS
![Page 9: Cobit 5 used in an information security review](https://reader036.vdocument.in/reader036/viewer/2022062303/55890648d8b42ae84c8b46a2/html5/thumbnails/9.jpg)
9
COBIT 5 Goals Cascade
![Page 10: Cobit 5 used in an information security review](https://reader036.vdocument.in/reader036/viewer/2022062303/55890648d8b42ae84c8b46a2/html5/thumbnails/10.jpg)
10
COBIT 5 Generic Enabler Model
![Page 11: Cobit 5 used in an information security review](https://reader036.vdocument.in/reader036/viewer/2022062303/55890648d8b42ae84c8b46a2/html5/thumbnails/11.jpg)
11
COBIT 5 Information Enabler Model
![Page 12: Cobit 5 used in an information security review](https://reader036.vdocument.in/reader036/viewer/2022062303/55890648d8b42ae84c8b46a2/html5/thumbnails/12.jpg)
12
COBIT 5 Goodbye CMM
Process Performance – Be Careful with Ad Hoc -jkb
Work Product Management Performance Management
Process Optimization and innovation Process Control and Management
Process Deployment Process Definition
Process Capability Attribute
![Page 13: Cobit 5 used in an information security review](https://reader036.vdocument.in/reader036/viewer/2022062303/55890648d8b42ae84c8b46a2/html5/thumbnails/13.jpg)
13
COBIT 5 Other tools not used in this report
RACI charts Mapping of Goals to Processes Mapping of Stakeholder needs Val IT Direction Diagram Metrics
![Page 14: Cobit 5 used in an information security review](https://reader036.vdocument.in/reader036/viewer/2022062303/55890648d8b42ae84c8b46a2/html5/thumbnails/14.jpg)
14
Actually used in supplement
![Page 15: Cobit 5 used in an information security review](https://reader036.vdocument.in/reader036/viewer/2022062303/55890648d8b42ae84c8b46a2/html5/thumbnails/15.jpg)
15
Use of the Metrics
![Page 16: Cobit 5 used in an information security review](https://reader036.vdocument.in/reader036/viewer/2022062303/55890648d8b42ae84c8b46a2/html5/thumbnails/16.jpg)
16
RACI Chart
![Page 17: Cobit 5 used in an information security review](https://reader036.vdocument.in/reader036/viewer/2022062303/55890648d8b42ae84c8b46a2/html5/thumbnails/17.jpg)
17
Set up a table to show activities
COBIT 5 Reference PCI DSS Reference COBIT 5 recommended activity
EDM01.01 12.1 Determine the significance of IT and its role with respect to the business.
EDM01.01 12.1.1 Consider external regulations, laws and contractual obligations and determine how they should be applied within the governance of enterprise IT.
EDM03.01 12.1.2 Proactively evaluate IT risk factors in advance of pending strategic enterprise decisions and ensure that risk-aware enterprise decisions are made.
EDM03.01 12.1.2 Determine that IT use is subject to appropriate risk assessment and evaluation, as described in relevant international and national standards
EDM03.02 12.1.2 Direct the integration of the IT risk strategy and operations with the enterprise strategic risk decisions and operations.
![Page 18: Cobit 5 used in an information security review](https://reader036.vdocument.in/reader036/viewer/2022062303/55890648d8b42ae84c8b46a2/html5/thumbnails/18.jpg)
18
COBIT 5 Report Tools UsedSetting the Scope
![Page 19: Cobit 5 used in an information security review](https://reader036.vdocument.in/reader036/viewer/2022062303/55890648d8b42ae84c8b46a2/html5/thumbnails/19.jpg)
19
COBIT 5 Providing the Process Capabilities Assessment
![Page 20: Cobit 5 used in an information security review](https://reader036.vdocument.in/reader036/viewer/2022062303/55890648d8b42ae84c8b46a2/html5/thumbnails/20.jpg)
20
COBIT 5 Documenting the Enablers
Network Diagrams– Iterative descriptions
Risk Assessments– Provided Training
![Page 21: Cobit 5 used in an information security review](https://reader036.vdocument.in/reader036/viewer/2022062303/55890648d8b42ae84c8b46a2/html5/thumbnails/21.jpg)
21
COBIT 5 Stakeholder Needs
Understand the risk Understand the cost of doing business Direct and Monitor Management
![Page 22: Cobit 5 used in an information security review](https://reader036.vdocument.in/reader036/viewer/2022062303/55890648d8b42ae84c8b46a2/html5/thumbnails/22.jpg)
22
COBIT 5 Advantages Page 17
The starting point of governance and managementactivities are the stakeholder needs related to enterprise IT.
• Creates a more holistic, integrated and complete viewof enterprise governance and management of IT that: - Is consistent - Provides an end‐to‐end view on all IT‐related matters - Provides a systemic view
• Creates a common language between IT and business for the enterprise governance and management of IT
![Page 23: Cobit 5 used in an information security review](https://reader036.vdocument.in/reader036/viewer/2022062303/55890648d8b42ae84c8b46a2/html5/thumbnails/23.jpg)
23
Thank you for your time, Questions?
John Kenneth Barchie, CISM, CRISC etc…– Sr. Security Consultant for IPI International
– President of Barchie Consulting [email protected] 408-425-3899 www.barchieconsulting.com
– President of (ISC)2 Silicon Valley Chapter [email protected]
– God Bless!