Was muss ein Unternehmen im Griff haben, wenn es IT einsetzt? Jimmy Heschl COBIT® is a registered trademark of the Information Systems Audit and Control Association® (ISACA®). This product includes COBIT® 5, used by permission of ISACA®. 2013 © ISACA ®. All rights reserved. Some Personal Information •!bwin.party: Process Analytics and Control •!Homeopathic Consultant •!Previous (KPMG / Ernst & Young) •! Implementation of IT processes, based on COSO, COBIT, ITIL, 27002, …) •! IT Assurance work •!ISACA / ITGI –! Board member of ISACA Austria –! Member of Framework Committee, COL Task Force –! Involved in developing COBIT as member of the COBIT Steering Committee and COBIT 5.0 Task Forces –! Responsible for COBIT Mapping Programme –! ISACA accredited COBIT Trainer •!Author of (excerpt) –! Book: IT Governance (German language) –! COBIT 4.0, 4.1 and 5 (co-author and German translations) –! Aligning COBIT, ITIL and 27002 for Business Benefit (co-author) –! COBIT for Service Management (co-author) –! COBIT Mappings: Overview, ISO/IEC 17799:2000/5, ITIL v2, ITIL v3, TOGAF, … •!CISA, CISM, CGEIT, ITIL Expert, ... Jimmy Heschl Any reproduction of this courseware, either by electronic or by other means or parts of it is prohibited. ~ Parts © ISACA 2012. All rights reserved. 2 Why Develop COBIT 5? COBIT 5: •! ISACA Board of Directors directive: “Tie together and reinforce all ISACA knowledge assets with COBIT.” •! Provide a renewed and authoritative governance and management framework for enterprise information and related technology. •! Integrate all other major ISACA frameworks and guidance. •! Align with other major frameworks and standards. Jimmy Heschl Any reproduction of this courseware, either by electronic or by other means or parts of it is prohibited. ~ Parts © ISACA 2012. All rights reserved. 3 COBIT 5 - Development •! Units •! •! •! •! •! Task Force „Future Framework“ (2008 – 2009) COBIT 5 Task Force 2010 – 2011 Core Development Team Professional Support Team (PwC) Researcher •! Approach •! •! •! •! •! •! •! Jimmy Heschl Design by Task Force Documentation by development team Development Workshops Public Exposure Drafts Stress Tests SME Reviews Publication Any reproduction of this courseware, either by electronic or by other means or parts of it is prohibited. ~ Parts © ISACA 2012. All rights reserved. 4 Was muss ich im Griff haben? COBIT 5 Enablers Processes Organisational Structures Culture, Ethics & Behaviour Frameworks, Policies and Procedures Information Services Infrastructure Applications People, Skills & Competences Resources Jimmy Heschl Any reproduction of this courseware, either by electronic or by other means or parts of it is prohibited. ~ Parts © ISACA 2012. All rights reserved. 22 Contact: [email protected] LinkedIn, Xing, … Jimmy Heschl Any reproduction of this courseware, either by electronic or by other means or parts of it is prohibited. ~ Parts © ISACA 2012. All rights reserved. 24 Prozesse für die Chefs Behaupten, bestimmen, motzen (Evaluate, Direct & Monitor) Wohin, sog I. Aufpassen! Wos bringts? (EDM1 - Set and Maintain the Governance Framework) (EDM3 - Ensure Risk Optimisation) (EDM2 - Ensure Benefits Delivery) Des geht mit weniger! Vastehst? (EDM5 - Ensure Stakeholder Transparency) (EDM4 - Ensure Resource Optimisation) Prozesse für die Hackler Hinbiegen, raunzen und amoi schau’n (Align, Plan & Organise) Grafik: Jimmy Hesch l h Wia, sog I. (APO1 - Define the Management Framework for IT) Heats zua. (APO2 - Manage Strategy) Wos, des ois? (APO3 - Manage Enterprise Architecture) De scho wieder! So weit und mehr ned. Mehr G’frasta. (APO8 - Manage Relationships) (APO9 - Manage Service Agreements) (APO10 - Manage Suppliers) Wos neigs. (APO4 - Manage Innovation) Bla Bla. (APO11 - Manage Quality) So vü arbeit! (APO5 - Manage Portfolio) Feig! (APO12 - Manage Risks) Vü z’teia ! G’frasta. (APO6 - Manage Budget & Costs) (APO7 - Manage Human Resources) Motzen, raunzen, g’scheit reden (Monitor, Evaluate & Assess) Passt scho. Finger weg! (MEA1 - Monitor & Evaluate Performance and Conformance) (APO13 - Manage Security) Probieren, erschleichen, hinstell’n (Build, Acquire & Implement) Wo fang ma an? (BAI1 - Manage Programmes and Projects) Sog I da ned! (BAI8 - Manage Knowledge) Wos woits? (BAI2 - Define Requirements) Meins! (BAI9 - Manage Assets) Schau ma moi! (BAI3 - Identify & Build Solutions) Wie vü denn no? (BAI4 - Manage Availability & Capacity) A Meins! Tats ihr amoi wos! (BAI5 - Enable organisational Change) Fang’ ma uns net an! Fang! (BAI6 - Manage Changes) (BAI7 - Accept & Transition Changes) Na geh! (MEA2 - Monitor System of Internal Control) h-Ausgabe rreic COBIT 5 - Öste (BAI10 - Manage Configuration) Jimmy Heschl Gleich selber machen, helf’n und wurscht’ln (Deliver, Service & Support) Auf geht’s. (DSS1 - Manage Operations) Jimmy Heschl Gschamster Diener. Ned scho wieder. (DSS2 - Manage Service Requests & Incidents) (DSS3 - Manage Problems) Oha! (DSS4 - Manage Continuity) Finger weg, wirkli! (DSS5 - Manage Security Administration) ‘s Eingmochte. (DSS6 - Manage Business Process Controls) Jo eh! (MEA3 - Monitor and Assess Compliance with External Requirements) 25 Any reproduction of this courseware, either by electronic or by other means or parts of it is prohibited. ~ Parts © ISACA 2012. All rights reserved. 25
© Copyright 2024 ExpyDoc
