COBIT - IT Governance

IT governance is an integrated part of the organization and main resistibility of Executive and senior management. :

With vast dependence on technology devices and to achieve the above objective. Organization are in need to introduce an It governance in place;• Organization need a clear structure policy or set or responsibilities for all

organization IT users• Mitigating any possible riks that can interrupt the smooth of operational

activities.• Verification of different employees access levels and identity.

Smooth running of the system

MaintainSecurity

Cost EffectiveTurnover

NetworkPlatform

Meet Organization

Mission

Ongoing Compliance

IT Governance Measures

Value Added

It ensure the integration between business objectives to meet with different IT plans that do interrupt the smooth of operations

Enhance IT outputs with promising costs that can added value to the main organization strategy i.e. ensure the value of IT.

Here resources are not only the operators that use the system, but a proper management of different resources times , IT resources, applications, integration and speed i.e. knowledge and interfaces

Highlight the different risks that may occur on different operational activities. Raise the awareness of such risks, giving an opportunity to analyse and mitigate them. Dedicate different responsibilities that can manage, monitor and identify any risks as soon as it occurs or a chance of its occurrence.

Plan, act, check (track) and monitor different project phases for a successful completion. Managing of resource, process performance measures i.e. maintain value added activities with the process, ensure completion of the service on time and as required to meet the market demand and organization strategy

Performance Efficiency

Risk management

Better Resource Utilization

Vision/Mission

4

IT Governance Principles

– Ensuring Confidentiality – Allowing authorized

user to modify/ access to information

– Preventing unauthorized users to access information

– Ensuring that information and resources are accessible when needed

– Preventing information and resources from being inaccessible when needed

Functional Policies

Procedures Standards Guidelines Baselines

Laws, Regulations, Requirements, Organizational Goals, Objectives

General Organizational Policies

5

Policies and Procedures

• Policies– are statements of management intentions and goals– Backup Stakeholders and senior management support – Meet organization mission– Clear instruction for the use of internet, log on and different

internet information• Procedures

– Clear steps to perform different activities – Detailed of the identify organization– Detailed user accounts setting up, passwords , access level– Identify roles and responsibilities

6

Standards and Guidelines• Standards

– formalize the use of technology in a structured manner– Identify the use of different platforms settings and configuration,

applications and tools• Guidelines

– are recommended methods for performing a task– Recommended, but not required– Malware cleanup, spyware removal, data conversion, sanitization,

etc• Baselines

– Applying different technologies and versions from different vendors– Install network server baselines

• COBIT - Control Objectives for Information and Related Technology :

• Starts from mapping business requirements

• Leverage resource required for IT process-orientation and activities into an effective model

• Defines the stakeholders and management policy

• Monitor, control and sustain different objectives to be met on time.

• Incorporates major international standards

COBIT is a framework that mitigate the gaps between business process control needs, control needs and technical problem i.e. standardisation of good practices

COBIT Framework

COBIT Framework Characteristics

• It recognizes globally as IT standard practice and audit

• Defines IT goals to meet with the business ones and vice versa• User friendly and can be understood by different operators level• Maintain security of different devices that be used through network

nodes.• Clear identification of ownership and responsibilities • General acceptability with third parties and regulators• Shared understanding amongst all stakeholders, based on a common

language• Meet COSO IT control requirements

COBIT Framework

COBIT Framework Characteristics

COBIT: Framework Advantages• It can be work in parallel with our IT techniques and framework,

• Provide a well structure and flexible working environment

• Provides a well maintained control environment

• Update its owns interference according to different safety regulatory

• Recent corporate scandals have increased regulatory pressures on boards of directors to report their status and ensure that internal controls are appropriate. This pressure covers IT controls as well

• It is a proven to be globally accepted standard to enhance the use of IT for organizational success.

• Implement Global IT professionals ideas to improve its activities and to keep in pace with good practice and market needs

• It direct and improves IT governance procedures in organizations.

IT Governance – COBIT

Business Requirements

• Aligning business objectives with IT ones

• Ensure the implementation and meeting business strategy.

• Supported business measures metrics, can ensure to the value delivery and not looking only at the technical aspects.

• When organizations implement COBIT, their focus is more process-oriented.

• Incidents and problems no longer divert attention from processes.

• Exceptions can be clearly defined as part of standard processes.

IT Governance – COBIT

• With process ownership defined, assigned and accepted, the organization is better able to maintain control through periods of rapid change or organizational crisis.

• COBIT maintains the IT life cycle in four categories:

Plan and Organize

Organization policy an procedures

Acquire and Implement

Access level

Deliver and Support

Meet business mission and goals

Monitor and Evaluate

Control and Sustain

COBIT Cube: Information Criteria (Cont.)

EffectivenessMaintain and availability of relevant information in a timely, correct and useful manner when and where it is needed

EfficiencyEnhance the synchronization of tasks and activities to improve operational efficiency

ConfidentialityProtect the sensitivity of information

IntegrityMaintain the accuracy and completeness of different information access to meet with business mission and objectives

AvailabilityAvailability of information when and where is needed, hence securing different network platform e.g. mobility and cloud systems

Compliance Adherence to laws, policies, regulations along with internal and external policies.

ReliabilityManagement approval for different IT governance and regulation to meet with economic , market and social needs

Fiduciary Requirements

Security Requirements

Quality Requirements

Information Criteria

IT ResourcesIT Processes

References • http://www.rsd.com/en/products/rsd-glass RSD information governance defin

ition• [Kooper, M., Maes, R., and Roos Lindgreen, E. (2011). On the governance of

information: Introducing a new concept of governance to support the management of information. International Journal of Information Management, 31(3), 195-200]

• http://www.arma.org/pdf/WhatIsRIM.pdf• https://www.igt.hscic.gov.uk/• http://www.arma.org/principles• http://www.arma.org/principles/metrics.cfm• White Paper (2011). Ledergerber, Marcus, ed.

How the Information Governance Reference Model (IGRM)Complements ARMA International’s Generally Accepted Recordkeeping Principles). EDRM and ARMA International. p. 15.

• RSD. "RSD". http://en.wikipedia.org/wiki/RSD_(company).• http://www.irs.gov/businesses/corporations/article/0,,id=236667,00.html• https://www.pcisecuritystandards.org/