COBIT 5 Foundation
8
COBIT 5 Foundation Overview: This course provides an overview the main concepts of IT Governance according to COBIT 5, ISACA ’s latest governance framework, and how they can be applied. Who Should Attend: Business Management, IT /IS Auditors, Internal Auditors, Information Security and IT Practitioners; Consultants, IT/IS Management looking to gain an insight into the Enterprise Governance of IT and looking to be certified as a COBIT Implementer or Assessor. Duration: Classroom Learning - 3 Day(s) Lesson 1: The key features of COBIT 5 The Reasons for the Development of COBIT 5 The History of COBIT The Drivers for developing a Framework The Benefits of using COBIT 5 The COBIT 5 Format & product Architecture COBIT 5 and Other Frameworks Lesson 2: The COBIT 5 principles Enabler Focus Control Objectives to Management Practices From COBIT®4.1 Management Guidelines to COBIT®5: Enabling Processes Guidelines Lesson 3: The COBIT 5 enablers Enabler 1 – Principles, Policies and frameworks Enabler 2 – Processes Enabler 3 – Organisational Structures Enabler 4 – Culture, Ethics, and Behaviour Enabler 5 – Information Enabler 6 – Services, Infrastructure and Applications Enabler 7 – People, Skills and Competencies Walk Through on using Goals cascade to scope Processes
description
COBIT 5 Foundation
Transcript of COBIT 5 Foundation
COBIT 5 Foundation
Overview:
This course provides an overview the main concepts of IT Governance according to COBIT 5, ISACA ’s latest governance framework, and how they can be applied.
Who Should Attend:
Business Management, IT /IS Auditors, Internal Auditors, Information Security and IT Practitioners; Consultants, IT/IS Management looking to gain an insight into the Enterprise Governance of IT and looking to be certified as a COBIT Implementer or Assessor.
Duration:
Classroom Learning - 3 Day(s)
Lesson 1: The key features of COBIT 5
The Reasons for the Development of COBIT 5
The History of COBIT
The Drivers for developing a Framework
The Benefits of using COBIT 5
The COBIT 5 Format & product Architecture
COBIT 5 and Other Frameworks
Lesson 2: The COBIT 5 principles
Enabler Focus
Control Objectives to Management Practices
From COBIT®4.1 Management Guidelines to COBIT®5: Enabling Processes Guidelines
Lesson 3: The COBIT 5 enablers
Enabler 1 – Principles, Policies and frameworks
Enabler 2 – Processes
Enabler 3 – Organisational Structures
Enabler 4 – Culture, Ethics, and Behaviour
Enabler 5 – Information
Enabler 6 – Services, Infrastructure and Applications
Enabler 7 – People, Skills and Competencies
Walk Through on using Goals cascade to scope Processes
Lesson 4: Introduction to COBIT 5 implementation
The Life cycle Approach
Inter related components of the life cycle
Understanding the enterprise internal and external factors
Key success factors for implementation
The seven phases of the Life Cycle model explained
The seven Change Enablement characteristics used in the life cycle.
Change Enablement relationships to the Continual Improvement Life Cycle
Making the Business case
The differences between COBIT 4.1 and COBIT 5
Lesson 5: Process capability assessment model
What is a process assessment
What is the COBIT Assessment Programme
The differences between a capability and maturity assessment
Differences to the COBIT 4.1 CMM
Overview of the COBIT Capability Model & Assessments
The Process Reference Model (PRM)
The Process Assessment Model (PAM)
The Measurement Framework
Introduction to the Assessor Training Steps
Lesson 6: Exam
preparation for the exam
taking the exam
COBIT® 5 Qualifications
COBIT 5 is ideal for assurance, security, risk, privacy and compliance professionals or business leaders and stakeholders who are involved in or affected by governance and management of information and information systems.
For additional COBIT resources or to learn more about how ISACA’s new evolutionary framework can help your enterprise establish a renewed trust in and value from your information systems, visit the COBIT 5 website.
APMG-International will be responsible for the accreditation of training providers and the development of the qualification scheme. There will be three separate qualifications:
Foundation
Implementation level
Assessment level.
Benefits for Individuals Understand levels of IT-related risk and make informed decisions to reduce information security
incidents. Deliver this understanding and risk awareness to improve prevention, detection and recovery within an organization.
Provide tools for organizations to maintain high quality information to support business decisions.
Help an organization to meet with regulatory and statutory or government requirements. Understand COBIT approach to governance and its relationship with other IT best practices.
Benefits for Organizations Achieve strategic goals and realise business benefits through the effective and innovative use of IT. Support compliance with relevant laws, regulations, contractual agreements and policies and gain
competitive edge over other organizations. Reduce complexity and increase cost-effectiveness due to improved and easier integration of
information security standards, good practices and/or sector-specific guidelines resulting in operational excellence through reliable, efficient application of technology.
Improved integration of information security in the enterprise, resulting in increased user satisfaction with information security arrangements and outcomes.
Foundation LevelObtaining the Foundation qualification will show that you have sufficient knowledge and understanding of
the COBIT 5 guidance to be able to:
Understand the governance and management of enterprise IT Create awareness with your business executives and senior IT management Assess the current state of enterprise IT in your department or organization Scope which aspects of COBIT 5 would be appropriate to implement.
Exam Format
Multiple Choice format 50 questions per paper 25 mark or more required to pass (out of 50 available) - 50% 40 minute duration Closed book.
Implementation LevelGet a practical understanding of how to apply COBIT 5 to specific business problems, pain points, trigger
events and risk scenarios within the organization. Learn how to effectively implement and apply COBIT 5
into your enterprise or how you can integrate components into client initiatives. Attendees will walk away
with an appreciation of how to effectively use COBIT 5 for different organizational and or client scenarios.
Following completion of the COBIT 5 Implementation course and examination, you will understand:
How to analyze enterprise drivers Implementation challenges, root causes and success factors How to determine and assess current process capability How to scope and plan improvements Potential implementation pitfalls The latest good practices.
Exam Format
Objective testing 4 questions per paper with 20 marks available per question 40 marks or more required to pass (out of 80 available) - 50% 2 ½ hours duration Open book (‘COBIT 5 Implementation’ book only).
Assessor LevelThe Assessor course provides methods to help guide implementation activities and is supported by
several case studies. You will learn how to perform a process assessment and how to analyze the results
to provide a clear determination of process capability. You will also learn how these results can be used
for process improvement, measuring the achievement of current or projected business goals,
benchmarking, consistent reporting and organizational compliance ultimately driving value to the
business.
Following completion of the COBIT 5 Assessor course and examination, you will understand:
How to perform a process capability assessment using the Assessor Guide: using COBIT 5. How to apply the Process Assessment Model (the PAM) in performing a process capability
assessment. Specifically:o To use the Process Reference Model, in particular to be able to use the 37 processes outlined in
the PRM.o To apply and analyse the measurement model in assessing process capability levels.o To apply and analyse the capability dimension using generic criteria outlined in the PAM.
How to identify and assess the roles and responsibilities in the process capability assessment process.
How to perform and assess the 7 steps outlined in the Assessor Guide. Specifically:o Initiate a process assessmento Scope an assessment, using the tools provided and the PAM for the selection of the appropriate
processeso Plan & Brief the teamso Collect & Validate the datao Do a process attribute ratingo Report the findings of the assessment.
How to use the self-assessment guide.
Exam Format
Objective testing 8 questions per paper with 10 marks available per question 40 marks or more required to pass (out of 80 available) - 50% 2 ½ hours duration Open book (‘COBIT 5 Assessor Guide: Using COBIT 5’ and ‘COBIT Process Assessment Model
(PAM): Using COBIT 5’ books only).
Please Note: The availability of the Implementation and Assessor courses will be announced soon.
The COBIT framework allows enterprises to achieve their governance andmanagement objectives, i.e., to create optimal value from information andtechnology by maintaining a balance amongst realizing benefits, managing riskand balancing resources. Further benefits include but are not limited to:• Maintain high-quality information to support business decisions• Achieve strategic goals and realize business benefits through the effective andinnovative use of IT• Achieve operational excellence through reliable, efficient application oftechnology• Maintain IT-related risk at an acceptable level• Optimize the cost of IT services and technology• Support compliance with relevant laws, regulations, contractual agreementsand policies
COBIT 5 provides an end-to-end business view of the governance of enterpriseIT that reflects the central role of information and technology in creating valuefor enterprises.
five areas of focus:1. Strategic alignmentThis covers the alignment of the enterprise’s and IT’s perspective, position,plans, and patterns.2. Value deliveryFrom a customer perspective, value is expressed in terms of the desired businessoutcomes, their preferences, and their perceptions in regards to the product orservice.3. Resource managementIt is important to include the following elements as resources: funding,applications/software, infrastructure/hardware, information/data, and ofcourse people. In order to properly manage their resources, enterprises mustdevelop and maintain the following capabilities: management, enterprise,processes, knowledge, and people.4. Risk managementA risk may be defined as the uncertainty of an outcome whether positive ornegative. The management of the risk includes the identification of the tangibleand intangible items to be protected, the various (real or potential) threatsfacing those items and the level of vulnerability of the items in regards to aspecific threat. The enterprise must then decide an appropriate means ofmitigating the risk; this may range from doing nothing to attempting to fullyprotect the item from the threat.5. Performance measuresBefore establishing any measure an enterprise needs to identify the reason forthe measure. There are four basic reasons for measuring: they are to direct,to validate, to justify, and to intervene. The enterprise needs to identify many other criteria for the measures. These criteria include, but are not limited to,compliance, performance, quality, and value. Furthermore, the measures can
be quantitative (objective) or qualitative (subjective). All the measures mustalso adhere to the SMART principle whereS = SpecificM = MeasurableA = AchievableR = RealisticT = Timely or time bounded
It is a set of guidelines and supporting toolset forgovernance of enterprise IT that is accepted worldwide. Auditors and enterprises useit as a mechanism to integrate technology in implementing controls and meet specificbusiness objectives. COBIT is well suited to enterprises focused on risk management andmitigation.
The framework integrates all knowledge previously dispersed over differentISACA frameworks13 such as COBIT, Val IT, Risk IT, and the Business Model forInformation Security (BMIS) and the IT Assurance Framework (ITAF).
