2/17/2012 COBIT 4.1 and 5 Mapping the Changes to the Process Framework February 17, 2012 COBIT 5 Day! Timothy P. McAliley, CISA, CISM, CISSP, PMP, ITIL-F Good Lunch? ZZZZZ? 1 2/17/2012 Side Bar/Disclaimer • This presentation is based on materials that are not finalized and is subject to change on final release. Speaker Introduction: 12+ years in IT Currently work for Symantec and some Contract Consulting/Training Worked for: – Football Fanatics (Jacksonville, FL) (High Volume e-Commerce) – ASM Research, Inc. (Fairfax, VA) (Defense Contractor) Designed/Implemented: – Change/Configuration Management Processes/Policies – Business Continuity/Disaster Recovery Processes/Policies – Release Management Processes/Policies – Service Desk Operations (Incident/Problem Management) Production/Operations Systems Administrator/DBA for 9 years Information Assurance Manager for Pentagon-based System Florida State University Political Science Major Former USMC Enlisted/Former U.S. Army Commissioned Officer 2 2/17/2012 Speaker Introduction: • Framework Experience – MOF – MSF – Agile/SCRUM – ITIL • V2 • V3 – PMBOK – COBIT Why Frameworks? 3 2/17/2012 Align Business Strategy and Goals with IT Governance and Management of Enterprise IT 4 2/17/2012 Maximizing the Value and ROI of IT Agenda COBIT Overview COBIT 4.1 Drill Down COBIT 5 Drill Down Map and Compare COBIT 4.1 with COBIT 5 Getting Started/Training References for more information Summary Q&A 5 2/17/2012 COBIT Overview What is COBIT 4.1? What is COBIT 5? COBIT Overview What is COBIT 4.1? COBIT 4.1 defines a set of principles, called domains, that are used to guide governance of information and related software management systems. COBIT 4.1 consists of 34 processes, and 210 Control Objectives across the following four domains: Plan and Organize Acquire and Implement Deliver and Support Monitor and Evaluate 6 2/17/2012 COBIT Overview What is COBIT 5? COBIT 5 transcends concept of a substantial “upgrade” – integrates all aspects of the management and governance of enterprise IT and also incorporates several IT frameworks (Val IT, COBIT 4.1, Risk IT, etc). COBIT 5 consists of 36 processes across the following five domains: Evaluate, Direct and Monitor (EDM)* Align, Plan and Organize (APO) Build, Acquire and Implement (BAI) Deliver , Service and Support (DSS) Monitor, Evaluate and Assess (MEA) COBIT 4.1 Drill Down 7 2/17/2012 COBIT 4.1 Drill Down Plan and Organize (PO) Acquire and Implement (AI) Deliver and Support (DS) Monitor and Evaluate (ME) COBIT 4.1 Drill Down Domain > Processes > Control Objectives RACI Chart Responsible, Accountable, Consulted Individuals Inputs/Outputs Goals and Metrics Process Maturity Assessment Model 8 2/17/2012 COBIT 4.1 Drill Down Plan and Organize (PO) PO1 – Define a Strategic IT Plan PO2 – Define the Information Architecture PO3 – Determine the Technological Direction PO4 - Define the IT Processes, Organization and Relationships PO5 - Manage the IT Investment COBIT 4.1 Drill Down Plan and Organize (PO) PO6 – Communicate Management Aims and Directions PO7 – Manage IT Human Resources PO8 – Manage Quality PO9 – Assess and Manage IT Risks PO10 – Manage Projects 9 2/17/2012 COBIT 4.1 Drill Down Acquire and Implement (AI) AI1 – Identity Automated Solutions AI2 – Acquire and Maintain Application Software AI3 – Acquire and Maintain Technology Infrastructure AI4 - Enable Operation and Use AI5 – Procure IT Resources AI6 – Manage Changes AI7 – Install and Accredit Solutions and Changes COBIT 4.1 Drill Down Deliver and Support (DS) DS1 – Define and Manage Service Levels DS2 – Manage Third-party Services DS3 - Manage Performance and Capacity DS4 - Ensure Continuous Service DS5 - Ensure Systems Security DS6 - Identify and Allocate Costs DS7 - Educate and Train Users 10 2/17/2012 COBIT 4.1 Drill Down Deliver and Support (DS) DS8 – Manage Service Desk and Incidents DS9 - Manage the Configuration DS10 – Manage Problems DS11 - Manage Data DS12 - Manage the Physical Environment DS13 - Manage Operations COBIT 4.1 Drill Down Monitor and Evaluate (ME) ME1 – Monitor and Evaluate IT Performance ME2 - Monitor and Evaluate Internal Control ME3 - Ensure Compliance with External Requirements ME4 - Provide IT Governance 11 2/17/2012 COBIT 5 Drill Down COBIT 5 Drill Down 12 2/17/2012 COBIT 5 Drill Down Evaluate, Direct and Monitor (EDM) Align, Plan and Organize (APO) Build, Acquire and Implement (BAI) Deliver , Service and Support (DSS) Monitor, Evaluate and Assess (MEA) COBIT 5 Drill Down Domain > Processes > Control Objectives RACI Chart Responsible, Accountable, Consulted Individuals Inputs/Outputs Process Goals and Metrics Process Activities Process Capability Assessment Model 13 2/17/2012 COBIT 5 Drill Down Evaluate, Direct and Monitor (EDM) EDM1 – Set and Maintain the Governance Framework EDM2 – Ensure Value Optimization EDM3 – Ensure Risk Optimization EDM4 - Ensure Resource Optimization EDM5 - Ensure Stakeholder Transparency COBIT 5 Drill Down Align, Plan and Organize (APO) APO1 – Define the Management Framework for IT APO2 – Define Strategy APO3 – Manage Enterprise Architecture APO4 – Manage Innovation APO5 – Manage Portfolio APO6 - Manage Budget & Costs 14 2/17/2012 COBIT 5 Drill Down Align, Plan and Organize (APO) APO7 – Manage Human Resources APO8 - Manage Relationships APO9 – Manage Service Agreements APO10 – Manage Supplier APO11 - Manage Quality APO12 - Manage Risks COBIT 5 Drill Down Build, Acquire and Implement (BAI) BAI1 – Manage Programs and Projects BAI2 - Define Requirements BAI3 – Identify & Build Solutions BAI4 – Manage Availability and Capacity 15 2/17/2012 COBIT 5 Drill Down Build, Acquire and Implement (BAI) BAI5 – Enable Organizational Change BAI6 - Manage Changes BAI7 - Accept & Transition Changes BAI8 - Knowledge Management COBIT 5 Drill Down Deliver , Service and Support (DSS) DSS1 – Manage Operations DSS2 – Manage Assets DSS3 – Manage Configuration DSS4 – Manage Service Requests & Incidents 16 2/17/2012 COBIT 5 Drill Down Deliver , Service and Support (DSS) DSS5 - Manage Problems DSS6 – Manage Continuity DSS7 - Manage Security DSS8 – Manage Business Process Controls COBIT 5 Drill Down Monitor, Evaluate & Assess (MEA) MEA1 – Monitor & Evaluate Performance & Control MEA2 – Monitor System of Internal Control MEA3 – Monitor & Assess Compliance with External Requirements 17 2/17/2012 Map and Compare COBIT 4.1 with COBIT 5 Compare Merged Processes Re-assigned/Re-located Processes New Processes in COBIT5 Maturity Models Map and Compare COBIT 4.1 with COBIT 5 Domain Comparison COBIT 4.1 COBIT 5 Plan & Organize (PO) Align, Plan & Organize (APO) Acquire & Implement (AI) Build, Acquire & Implement (BAI) Deliver & Support (DS) Deliver, Service & Support (DSS) Monitor & Evaluate (ME) Monitor, Evaluate & Assess Evaluate, Direct & Monitor 18 2/17/2012 Map and Compare COBIT 4.1 with COBIT 5 COBIT 5 Process Area of Activity Process Area COBIT 5 Management of Enterprise IT Align, Plan & Organize (APO) Management of Enterprise IT Build, Acquire & Implement (BAI) Management of Enterprise IT Deliver, Service & Support (DSS) Management of Enterprise IT Monitor, Evaluate & Assess Governance of Enterprise IT Evaluate, Direct & Monitor Map and Compare COBIT 4.1 with COBIT 5 Merged Processes DS7 is merged with PO7 PO6 is merged with PO1 PO2 is merged with PO3 AI2 is merged with AI3 DS12 is merged with DS5 19 2/17/2012 Map and Compare COBIT 4.1 with COBIT 5 Re-assigned/Re-located Processes ME4 to EDM1, 2, 3, 4, 5 PO1 to AP02 PO4 to APO1 Map and Compare COBIT 4.1 with COBIT 5 New Domain - EDM New Processes in COBIT5 EDM1 – Set and Maintain Governance Framework APO1 Define the Management Framework APO4 Manage Innovation APO8 Relationships BAI Knowledge Management DSS2 Manage Assets DSS8 Manage Business Process Controls 20 2/17/2012 COBIT 4.1 Process Maturity Model COBIT 5 Process Capability Model 21 2/17/2012 Maturity Levels – Process Capability Levels COBIT 4.1 Maturity Model Levels COBIT 5 ISO/IEC 15504based Compatibility Levels Meaning of COBIT 5 ISO/IEC 15504-based Compatibility Levels 5. Optimized 5 Optimized Continuously improved to meet relevant current and projected enterprise goals 4. Managed and Measurable 4. Predictable Operates within defined limits to achieve its process outcomes 3. Defined 3.Established Implemented using a defined process that is capable of achieving its process outcomes N/A 2.Managed Implemented in a managed fashion and its work products are appropriately established, controlled and maintained N/A 1. Performed Process achieves its purpose 2. Predictable 1. Ad Hoc 0.Non-existant 0.Incomplete Not implemented or little or no evidence of any systematic achievement of the process purpose Context Enterprise View / Corporate Knowledge Instance View / Individual Knowledge Maturity Levels – Process Capability Levels Side note ISO/IEC 15504 is a process assessment know as SPICE (Software Process Improvement and Capability Determination) 22 2/17/2012 Attribute Comparison – Maturity/Process Capability Benefits of the New COBIT 5 Process Capability Model Improved focus on the process Simplification/Removal of Duplication Improved Reliability Compliance with generally accepted process standard/community acceptance of the process assessment approach Increased usability of results 23 2/17/2012 Getting Started/Training (Best Place to Start – The ISACA Website) References for more information ISACA Website – COBIT Portal http://www.isaca.org/Knowledge-Center/COBIT/Pages/Overview.aspx ISACA COBIT 5 Portal http://www.isaca.org/COBIT5 COBIT 5: The Framework (Exposure Draft) http://www.isaca.org/Knowledge-Center/Research/Documents/COBIT5Framework-ED-27June2011.pdf COBIT 5: Process Reference Guide (Exposure Draft) http://www.isaca.org/Knowledge-Center/Research/Documents/COBIT5-ProcessRef-Guide-ED-27June2011.pdf COBIT 4.1: Framework, Control Objectives, Management Guidelines, Maturity Models http://www.isaca.org/Knowledge-Center/cobit/Pages/Downloads.aspx 24 2/17/2012 Summary COBIT Overview COBIT 4.1 Drill Down COBIT 5 Drill Down Map and Compare COBIT 4.1 with COBIT 5 Getting Started/Training References for more information Do You Know More Than You Did an Hour Ago? 25 2/17/2012 Q&A? 26
© Copyright 2024 Paperzz