![Page 1: “Understanding COBIT 5” based on ISACA© Materials www ...sfisaca.org/images/Mar2013EventSlides.pdfInformation Security ! Business value focused IT Process Framework ! ITIL, CMMI](https://reader033.vdocuments.us/reader033/viewer/2022050205/5f5840dbd0f0d12e0337a695/html5/thumbnails/1.jpg)
“Understanding COBIT 5”
based on ISACA© Materials www.isaca.org/cobit
Prepared by: Deb Mallette, CGEIT, CISA, CSSBB, IMG BSMS EPDM, Process Consultant
Date: Thursday, March 7, 2013 1 ISACA Silicon Valley Chapter Spring 2013 Conference
![Page 2: “Understanding COBIT 5” based on ISACA© Materials www ...sfisaca.org/images/Mar2013EventSlides.pdfInformation Security ! Business value focused IT Process Framework ! ITIL, CMMI](https://reader033.vdocuments.us/reader033/viewer/2022050205/5f5840dbd0f0d12e0337a695/html5/thumbnails/2.jpg)
Session Objectives o Why COBIT is important o What COBIT 5 is
n Framework n Implementation Life Cycle n Process Reference Model n Process Assessment Method
o How to use COBIT o What is different about COBIT 5 vs. COBIT 4.1
Date: Thursday, March 7, 2013
ISACA Silicon Valley Chapter Spring 2013 Conference
2
![Page 3: “Understanding COBIT 5” based on ISACA© Materials www ...sfisaca.org/images/Mar2013EventSlides.pdfInformation Security ! Business value focused IT Process Framework ! ITIL, CMMI](https://reader033.vdocuments.us/reader033/viewer/2022050205/5f5840dbd0f0d12e0337a695/html5/thumbnails/3.jpg)
Date: Thursday, March 7, 2013
3 ISACA Silicon Valley Chapter Spring 2013 Conference
![Page 4: “Understanding COBIT 5” based on ISACA© Materials www ...sfisaca.org/images/Mar2013EventSlides.pdfInformation Security ! Business value focused IT Process Framework ! ITIL, CMMI](https://reader033.vdocuments.us/reader033/viewer/2022050205/5f5840dbd0f0d12e0337a695/html5/thumbnails/4.jpg)
Why is COBIT important to Your Enterprise?
o IT audit and assurance de-facto standard o Governance, Risk and Compliance o Information Security o Business value focused IT Process Framework o ITIL, CMMI and PMBOK synergies o Governance and Management processes o “How to” monitor, evaluate, assess and
improve business process performance
Date: Thursday, March 7, 2013
4 ISACA Silicon Valley Chapter Spring 2013 Conference
![Page 5: “Understanding COBIT 5” based on ISACA© Materials www ...sfisaca.org/images/Mar2013EventSlides.pdfInformation Security ! Business value focused IT Process Framework ! ITIL, CMMI](https://reader033.vdocuments.us/reader033/viewer/2022050205/5f5840dbd0f0d12e0337a695/html5/thumbnails/5.jpg)
COBIT Framework to Achieve Business Goals
Date: Thursday, March 7, 2013
ISACA Silicon Valley Chapter Spring 2013 Conference
5
Information Technology
Make Quality Business Decisions
Generate Business Value Achieve
Operational Excellence
Maintain acceptable level
of IT-related risk
Optimize Costs
![Page 6: “Understanding COBIT 5” based on ISACA© Materials www ...sfisaca.org/images/Mar2013EventSlides.pdfInformation Security ! Business value focused IT Process Framework ! ITIL, CMMI](https://reader033.vdocuments.us/reader033/viewer/2022050205/5f5840dbd0f0d12e0337a695/html5/thumbnails/6.jpg)
A Business Framework for the Governance and Management of Enterprise IT
• Five Principles • Seven Enablers • Governance and Management • Implementation Lifecycle • Assessment Approach
Date: Thursday, March 7, 2013
Page:6 ISACA Silicon Valley Chapter Spring 2013 Conference
![Page 7: “Understanding COBIT 5” based on ISACA© Materials www ...sfisaca.org/images/Mar2013EventSlides.pdfInformation Security ! Business value focused IT Process Framework ! ITIL, CMMI](https://reader033.vdocuments.us/reader033/viewer/2022050205/5f5840dbd0f0d12e0337a695/html5/thumbnails/7.jpg)
Now a Complete Framework!
Governance of Enterprise IT
IT Governance
Management
Control
Audit
1996 1998 2000 2005/7 2012
Evol
utio
n of
scop
e
COBIT 1 COBIT
2 COBIT
3 COBIT 4.0/4.1 COBIT 5
Val IT 2.0 (2008)
Risk IT (2009)
ww.isaca.org/cobit Date: Thursday, March 7, 2013
Page:7 ISACA Silicon Valley Chapter Spring 2013 Conference
![Page 8: “Understanding COBIT 5” based on ISACA© Materials www ...sfisaca.org/images/Mar2013EventSlides.pdfInformation Security ! Business value focused IT Process Framework ! ITIL, CMMI](https://reader033.vdocuments.us/reader033/viewer/2022050205/5f5840dbd0f0d12e0337a695/html5/thumbnails/8.jpg)
COBIT 5 – Five Principles
COBIT 5 Principles
1. Meeting Stakeholder
Needs
2. Covering the Enterprise
End-to-End
3. Applying a Single
Integrated Framework
4. Enabling a Holistic
Approach
5. Separating Governance
From Management
Date: Thursday, March 7, 2013
8 ISACA Silicon Valley Chapter Spring 2013 Conference
![Page 9: “Understanding COBIT 5” based on ISACA© Materials www ...sfisaca.org/images/Mar2013EventSlides.pdfInformation Security ! Business value focused IT Process Framework ! ITIL, CMMI](https://reader033.vdocuments.us/reader033/viewer/2022050205/5f5840dbd0f0d12e0337a695/html5/thumbnails/9.jpg)
Principle 1. Meeting Stakeholder Needs
Stakeholder Needs
Drive
Benefits Realization
Risk Optimization
Resource Optimization
Governance Objective: Create Value
Date: Thursday, March 7, 2013
9 ISACA Silicon Valley Chapter Spring 2013 Conference
![Page 10: “Understanding COBIT 5” based on ISACA© Materials www ...sfisaca.org/images/Mar2013EventSlides.pdfInformation Security ! Business value focused IT Process Framework ! ITIL, CMMI](https://reader033.vdocuments.us/reader033/viewer/2022050205/5f5840dbd0f0d12e0337a695/html5/thumbnails/10.jpg)
Stakeholder Needs Drive
Benefits Realization
Risk Optimization
Resource Optimization
Governance Objective: Create Value
Enterprise Goals
IT Related Goals
Enabler Goals
Cascades to
Cascades to
Influences
Date: Thursday, March 7, 2013
10 ISACA Silicon Valley Chapter Spring 2013 Conference
![Page 11: “Understanding COBIT 5” based on ISACA© Materials www ...sfisaca.org/images/Mar2013EventSlides.pdfInformation Security ! Business value focused IT Process Framework ! ITIL, CMMI](https://reader033.vdocuments.us/reader033/viewer/2022050205/5f5840dbd0f0d12e0337a695/html5/thumbnails/11.jpg)
Principle 2. Covering the Enterprise End-to-End
Benefits Realization
Risk Optimization
Resource Optimization
Governance Objective: Create Value
Governance Enablers
Roles, Activities and Relationships
Governance Scope
Date: Thursday, March 7, 2013
11 ISACA Silicon Valley Chapter Spring 2013 Conference
![Page 12: “Understanding COBIT 5” based on ISACA© Materials www ...sfisaca.org/images/Mar2013EventSlides.pdfInformation Security ! Business value focused IT Process Framework ! ITIL, CMMI](https://reader033.vdocuments.us/reader033/viewer/2022050205/5f5840dbd0f0d12e0337a695/html5/thumbnails/12.jpg)
Principle 2: Roles, Activities
and Relationships Owners and Stakeholders
Governing Body
Delegate
Accountable
Monitor Management
Set Direction
Operations and
Execution
Instruct and Align
Report Date: Thursday, March 7, 2013
12 ISACA Silicon Valley Chapter Spring 2013 Conference
![Page 13: “Understanding COBIT 5” based on ISACA© Materials www ...sfisaca.org/images/Mar2013EventSlides.pdfInformation Security ! Business value focused IT Process Framework ! ITIL, CMMI](https://reader033.vdocuments.us/reader033/viewer/2022050205/5f5840dbd0f0d12e0337a695/html5/thumbnails/13.jpg)
Principle 3: Applying a Single Integrated Framework
Diagram excerpt from COBIT 5 Essential Facts - Fact 4: “COBIT 5 brings order to complex standards, regulations and frameworks” Date: Thursday, March 7, 2013
13 ISACA Silicon Valley Chapter Spring 2013 Conference
![Page 14: “Understanding COBIT 5” based on ISACA© Materials www ...sfisaca.org/images/Mar2013EventSlides.pdfInformation Security ! Business value focused IT Process Framework ! ITIL, CMMI](https://reader033.vdocuments.us/reader033/viewer/2022050205/5f5840dbd0f0d12e0337a695/html5/thumbnails/14.jpg)
Principle 4. Enabling a Holistic Approach
Principles, Policies and Frameworks
Information
Organizational Structures
Culture, Ethics and Behavior Processes
Services Infrastructure Applications
People, Skills and
Competencies RESOURCES
Date: Thursday, March 7, 2013
14 ISACA Silicon Valley Chapter Spring 2013 Conference
![Page 15: “Understanding COBIT 5” based on ISACA© Materials www ...sfisaca.org/images/Mar2013EventSlides.pdfInformation Security ! Business value focused IT Process Framework ! ITIL, CMMI](https://reader033.vdocuments.us/reader033/viewer/2022050205/5f5840dbd0f0d12e0337a695/html5/thumbnails/15.jpg)
Enablers and Performance
Stake-holders
• Internal • External
Goals
• Intrinsic • Context • Accessibility and Security
Life Cycle • Plan • Design • Build • Use • Evaluate • Dispose
Good Practices
• Practices • Work Products
• Addressed? • Managed? • Achieved? • Applied?
Goal Indicator Metrics Practice Indicator Metrics Date: Thursday, March 7, 2013
15 ISACA Silicon Valley Chapter Spring 2013 Conference
![Page 16: “Understanding COBIT 5” based on ISACA© Materials www ...sfisaca.org/images/Mar2013EventSlides.pdfInformation Security ! Business value focused IT Process Framework ! ITIL, CMMI](https://reader033.vdocuments.us/reader033/viewer/2022050205/5f5840dbd0f0d12e0337a695/html5/thumbnails/16.jpg)
Principle 5:
Governance Evaluate
Management
Plan (Align, Plan,
Organize)
Build (Build,
Acquire Implement)
Run (Deliver, Service, Support)
Monitor (Monitor, Evaluate, Assess)
Direct Monitor Management Feedback
Business Needs
Date: Thursday, March 7, 2013
16 ISACA Silicon Valley Chapter Spring 2013 Conference
![Page 17: “Understanding COBIT 5” based on ISACA© Materials www ...sfisaca.org/images/Mar2013EventSlides.pdfInformation Security ! Business value focused IT Process Framework ! ITIL, CMMI](https://reader033.vdocuments.us/reader033/viewer/2022050205/5f5840dbd0f0d12e0337a695/html5/thumbnails/17.jpg)
Implementation Lifecycle
Date: Thursday, March 7, 2013
Page:17 ISACA Silicon Valley Chapter Spring 2013 Conference
![Page 18: “Understanding COBIT 5” based on ISACA© Materials www ...sfisaca.org/images/Mar2013EventSlides.pdfInformation Security ! Business value focused IT Process Framework ! ITIL, CMMI](https://reader033.vdocuments.us/reader033/viewer/2022050205/5f5840dbd0f0d12e0337a695/html5/thumbnails/18.jpg)
Process Capability Assessment Approach
o Detailed guidance for COBIT 5 o ISO/IEC 15504 Compliant method o COBIT 5 Enabling Processes are defined
as ISO/IEC 15504 compliant process reference model
o Raises bar – incomplete process if there is not evidence (metrics and work products) that purpose/goals are largely achieved
o Aligns with ITIL TIPA Assessment method Date: Thursday, March 7, 2013
18 ISACA Silicon Valley Chapter Spring 2013 Conference
![Page 19: “Understanding COBIT 5” based on ISACA© Materials www ...sfisaca.org/images/Mar2013EventSlides.pdfInformation Security ! Business value focused IT Process Framework ! ITIL, CMMI](https://reader033.vdocuments.us/reader033/viewer/2022050205/5f5840dbd0f0d12e0337a695/html5/thumbnails/19.jpg)
COBIT 5 PAM
Incomplete
Performed
Managed
Established
Predictable
Optimizing Capability Measurement System
PRM • Purpose • Outcomes • Base Practices • Work Products
![Page 20: “Understanding COBIT 5” based on ISACA© Materials www ...sfisaca.org/images/Mar2013EventSlides.pdfInformation Security ! Business value focused IT Process Framework ! ITIL, CMMI](https://reader033.vdocuments.us/reader033/viewer/2022050205/5f5840dbd0f0d12e0337a695/html5/thumbnails/20.jpg)
COBIT 5 Enabling Processes
o Goals Cascade o Process model
explanation o Diagram of Model o Details for 37
Processes: n Purpose n Practices n Goals & Metrics n Activities & RACI n Work Products
Date: Thursday, March 7, 2013
Page:20 ISACA Silicon Valley Chapter Spring 2013 Conference
![Page 21: “Understanding COBIT 5” based on ISACA© Materials www ...sfisaca.org/images/Mar2013EventSlides.pdfInformation Security ! Business value focused IT Process Framework ! ITIL, CMMI](https://reader033.vdocuments.us/reader033/viewer/2022050205/5f5840dbd0f0d12e0337a695/html5/thumbnails/21.jpg)
COBIT 5 Domains and Processes
Date: Thursday, March 7, 2013
21 ISACA Silicon Valley Chapter Spring 2013 Conference
![Page 22: “Understanding COBIT 5” based on ISACA© Materials www ...sfisaca.org/images/Mar2013EventSlides.pdfInformation Security ! Business value focused IT Process Framework ! ITIL, CMMI](https://reader033.vdocuments.us/reader033/viewer/2022050205/5f5840dbd0f0d12e0337a695/html5/thumbnails/22.jpg)
Slide 22
COBIT4.1 Framework
![Page 23: “Understanding COBIT 5” based on ISACA© Materials www ...sfisaca.org/images/Mar2013EventSlides.pdfInformation Security ! Business value focused IT Process Framework ! ITIL, CMMI](https://reader033.vdocuments.us/reader033/viewer/2022050205/5f5840dbd0f0d12e0337a695/html5/thumbnails/23.jpg)
COBIT 4.1 v.s COBIT 5 COBIT 4.1 o Governance
embedded o No Val IT and Risk IT o IT Management and
Audit focus
COBIT 5.0 o 5 Principles o “Principle-driven”
approach o Bridge from COBIT
4.1 o Enablers developed
as “Pulled”
Date: Thursday, March 7, 2013
ISACA Silicon Valley Chapter Spring 2013 Conference
23
![Page 24: “Understanding COBIT 5” based on ISACA© Materials www ...sfisaca.org/images/Mar2013EventSlides.pdfInformation Security ! Business value focused IT Process Framework ! ITIL, CMMI](https://reader033.vdocuments.us/reader033/viewer/2022050205/5f5840dbd0f0d12e0337a695/html5/thumbnails/24.jpg)
Summary
Date: Thursday, March 7, 2013
24 ISACA Silicon Valley Chapter Spring 2013 Conference
![Page 25: “Understanding COBIT 5” based on ISACA© Materials www ...sfisaca.org/images/Mar2013EventSlides.pdfInformation Security ! Business value focused IT Process Framework ! ITIL, CMMI](https://reader033.vdocuments.us/reader033/viewer/2022050205/5f5840dbd0f0d12e0337a695/html5/thumbnails/25.jpg)
Date: Thursday, March 7, 2013
Page:25 ISACA Silicon Valley Chapter Spring 2013 Conference
![Page 26: “Understanding COBIT 5” based on ISACA© Materials www ...sfisaca.org/images/Mar2013EventSlides.pdfInformation Security ! Business value focused IT Process Framework ! ITIL, CMMI](https://reader033.vdocuments.us/reader033/viewer/2022050205/5f5840dbd0f0d12e0337a695/html5/thumbnails/26.jpg)
Thanks!
Great ideas need landing gear as well as wings.
~C.D. Jackson
Date: Thursday, March 7, 2013
Page:26 ISACA Silicon Valley Chapter Spring 2013 Conference