Cobit 5 Overview.pdfCobit 5 Overview.pdfCobit 5 Overview.pdf
macraaiclass
0 views
28 slides
Oct 13, 2025
Slide 1 of 28
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
About This Presentation
Cobit 5 Overview.pdfCobit 5 Overview.pdfCobit 5 Overview.pdf
Slide Content
Introduction to Introduction to Introduction to Introduction to
Education is the best provision for the
journey to old age.
Aristotle
Introduction to Introduction to
COBIT COBIT 5 5
Introduction to Introduction to
COBIT COBIT 5 5
Presented by
Dr. Derek Oliver
Ravenswood Consultants Ltd.
Education is the best provision for the
journey to old age.
Aristotle
Introduction to Introduction to
COBIT COBIT 5 5
Introduction to Introduction to
COBIT COBIT 5 5
Presented by
Dr. Derek Oliver
Ravenswood Consultants Ltd.
∗
Derek J. Oliver ∗
Certified Information Systems Auditor
∗
Certified Information Security Manager
∗
Certified in Risk & Information Systems Control
∗
Certified Health Informatics Practitioner
∗
Chartered Fellow of the British Computer Society
∗
Fellow of the Institute of IT Service Management
Presented by . . . . .
∗
Fellow of the Institute of IT Service Management
∗
Member of the Institute of Information Security Pro fessionals
∗
29+ years in the Profession [ . . . . . with a PhD and DBA to follow an MSc]
∗
Past President, ISACA London Chapter
∗
Past Member, CISA Certification Board
∗
Past Member, CISA Test Enhancement Committee
∗
Founding Chair, CISM Test Enhancement Committee
∗
Former Chair, BMIS Development Committee
∗
Former Co-Chair, COBIT 5 Task Force
∗
Member, ISACA Framework Committee
∗
Member, Cloud II Task Force
Derek J. Oliver ∗
Certified Information Systems Auditor
∗
Certified Information Security Manager
∗
Certified in Risk & Information Systems Control
∗
Certified Health Informatics Practitioner
∗
Chartered Fellow of the British Computer Society
∗
Fellow of the Institute of IT Service Management
Presented by . . . . .
∗
Fellow of the Institute of IT Service Management
∗
Member of the Institute of Information Security Pro fessionals
∗
29+ years in the Profession [ . . . . . with a PhD and DBA to follow an MSc]
∗
Past President, ISACA London Chapter
∗
Past Member, CISA Certification Board
∗
Past Member, CISA Test Enhancement Committee
∗
Founding Chair, CISM Test Enhancement Committee
∗
Former Chair, BMIS Development Committee
∗
Former Co-Chair, COBIT 5 Task Force
∗
Member, ISACA Framework Committee
∗
Member, Cloud II Task Force
∗
ISACA Board of Directors: ∗
“Tie together and reinforce all ISACA knowledge asse ts with
COBIT.” ∗
Provide a renewed and authoritative
governance and
management
framework for enterprise information and related COBIT 5 Objectives
∗
Provide a renewed and authoritative
governance and
management
framework for enterprise information and related
technology, linking together and reinforcing all ot her major
ISACA frameworks and guidance including:
Val IT Risk IT BMIS
ITAF
Board Briefing Taking Governance Forward
∗
Connect to other major frameworks and standards in the
marketplace (ITIL, ISO standards, etc.)
© 2010 ISACA.All rights reserved.3
ISACA Board of Directors: ∗
“Tie together and reinforce all ISACA knowledge asse ts with
COBIT.” ∗
Provide a renewed and authoritative
governance and
management
framework for enterprise information and related COBIT 5 Objectives
∗
Provide a renewed and authoritative
governance and
management
framework for enterprise information and related
technology, linking together and reinforcing all ot her major
ISACA frameworks and guidance including:
Val IT Risk IT BMIS
ITAF
Board Briefing Taking Governance Forward
∗
Connect to other major frameworks and standards in the
marketplace (ITIL, ISO standards, etc.)
© 2010 ISACA.All rights reserved.3
Governance of Enterprise IT
IT Governance
The Evolution of COBIT
Evolution
BMIS
(2010)
COBIT 5
COBIT4.0/4.1
Management
COBIT3
Control
COBIT2
Audit COBIT1
2005/7 2000 1998
Evolution
19962012
Val IT 2.0
(2008)
Risk IT
(2009)
4
IT Governance
The Evolution of COBIT
Evolution
BMIS
(2010)
COBIT 5
COBIT4.0/4.1
Management
COBIT3
Control
COBIT2
Audit COBIT1
2005/7 2000 1998
Evolution
19962012
Val IT 2.0
(2008)
Risk IT
(2009)
4
Business Benefits of
"Always bear in mind that your own
resolution to success is more
important than any other one thing.”
Abraham Lincoln
Business Benefits of
COBIT 5
"Always bear in mind that your own
resolution to success is more
important than any other one thing.”
Abraham Lincoln
Business Benefits of
COBIT 5
∗
Information is the Business Currency of the 21
st
Century ∗
Information has a “Life Cycle”: it is created, used ,
retained, disclosed and destroyed. ∗
Technology plays a key role in these actions.
It’s all about Information!
∗
Technology plays a key role in these actions.
∗
Technology is becoming pervasive in all aspects of
business and personal life. ∗
Every form of Enterprise needs to be able to rely o n
quality information to support quality executive
decisions!
Information is the Business Currency of the 21
st
Century ∗
Information has a “Life Cycle”: it is created, used ,
retained, disclosed and destroyed. ∗
Technology plays a key role in these actions.
It’s all about Information!
∗
Technology plays a key role in these actions.
∗
Technology is becoming pervasive in all aspects of
business and personal life. ∗
Every form of Enterprise needs to be able to rely o n
quality information to support quality executive
decisions!
∗
Not simply IT; not only for big business! ∗
COBIT 5 is about
Governing
&
Managing
Information
∗
Whatever medium is used
∗
End to end throughout the
organisation
COBIT 5 Scope
∗
End to end throughout the
organisation
∗
Information is equallyimportant to: ∗
Global, Multinational Business
∗
National & Local Government
∗
Charities & ‘Not For Profit’ Organizations
∗
Small to Medium Enterprises and
∗
Clubs & Associations
Not simply IT; not only for big business! ∗
COBIT 5 is about
Governing
&
Managing
Information
∗
Whatever medium is used
∗
End to end throughout the
organisation
COBIT 5 Scope
∗
End to end throughout the
organisation
∗
Information is equallyimportant to: ∗
Global, Multinational Business
∗
National & Local Government
∗
Charities & ‘Not For Profit’ Organizations
∗
Small to Medium Enterprises and
∗
Clubs & Associations
∗
Enterprises are under constant pressure to: ∗
Increase benefits realisation through effective and innovative use of
enterprise IT, i.e.:
∗
Generate business value from new enterprise investm ents with a supporting IT investment
Business Needs
investment
∗
Achieve operational excellence through application of technology
∗
Maintain IT related risk at an acceptable level
∗
Contain Cost of IT services and technology
∗
Ensure business and IT collaboration, leading to bu siness user
satisfaction with IT engagement and services ∗
Comply with ever increasing relevant laws, regulati ons and policies
Enterprises are under constant pressure to: ∗
Increase benefits realisation through effective and innovative use of
enterprise IT, i.e.:
∗
Generate business value from new enterprise investm ents with a supporting IT investment
Business Needs
investment
∗
Achieve operational excellence through application of technology
∗
Maintain IT related risk at an acceptable level
∗
Contain Cost of IT services and technology
∗
Ensure business and IT collaboration, leading to bu siness user
satisfaction with IT engagement and services ∗
Comply with ever increasing relevant laws, regulati ons and policies
Anyone can dabble, but once you've made
that commitment, your blood has that
particular thing in it, and it's very hard for
people to stop you.
Bill Cosby
The Format of COBIT 5
that commitment, your blood has that
particular thing in it, and it's very hard for
people to stop you.
Bill Cosby
The Format of COBIT 5
∗
Simplified ∗
COBIT 5 directly addresses the needs of the “viewer” using a
“lens” concept ∗
Development
continues with specific “Practitioner” guides
The COBIT 5 Format
∗
Development
continues with specific “Practitioner” guides
∗
COBIT 5 is initially in 3 volumes:
1.
The Framework –
Free Download
2.
Process Reference Guide –
Free to Members
3.
Implementation Guide -
Free to Members
∗
COBIT 5 is based on:
∗
5 Principles and
∗
7 Enablers
Simplified ∗
COBIT 5 directly addresses the needs of the “viewer” using a
“lens” concept ∗
Development
continues with specific “Practitioner” guides
The COBIT 5 Format
∗
Development
continues with specific “Practitioner” guides
∗
COBIT 5 is initially in 3 volumes:
1.
The Framework –
Free Download
2.
Process Reference Guide –
Free to Members
3.
Implementation Guide -
Free to Members
∗
COBIT 5 is based on:
∗
5 Principles and
∗
7 Enablers
The Lens Concept
11
The Eye of the Beholder: what are you looking for?
COBIT 5 Framework
COBIT 5
Enabling
. . .
.(e.g. Process)
Implementation
Guide
COBIT 5
For ?
COBIT 5
For ?
COBIT 5
For ?
COBIT 5
For ?
Links to other Standards,
Frameworks, Guidelines etc
e.g. ISO, ITIL, National Standards.
COBIT 5
For ?
COBIT 5
Enabling
. . .
.(e.g. Process)
Practitioner
Guides
11
The Eye of the Beholder: what are you looking for?
COBIT 5 Framework
COBIT 5
Enabling
. . .
.(e.g. Process)
Implementation
Guide
COBIT 5
For ?
COBIT 5
For ?
COBIT 5
For ?
COBIT 5
For ?
Links to other Standards,
Frameworks, Guidelines etc
e.g. ISO, ITIL, National Standards.
COBIT 5
For ?
COBIT 5
Enabling
. . .
.(e.g. Process)
Practitioner
Guides
"Change is the law of life and those
who look only to the past or present
are certain to miss the future."
John F. Kennedy
CobiT4.1 to COBIT 5
-The Differences
who look only to the past or present
are certain to miss the future."
John F. Kennedy
CobiT4.1 to COBIT 5
-The Differences
∗
The major changes in COBIT 5 content and how they
may impact GEIT* implementation/improvement are:
1.
New GEIT
Principles –Introduced in detail later
2.
Increased Focus on
Enablers
-
Ditto
Areas of Change
2.
Increased Focus on
Enablers
-
Ditto
3.
New and Modified
Processes
4.
Separated Governance & Management Practices and Activities
5.
Revised & expanded Goals and Metrics
6.
Defined Inputs and Outputs
7.
More detailed RACI Charts
8.
Process Capability Maturity Models and Assessments
(* Governance of Enterprise Information Technology)
© 2010 ISACA.All rights reserved.13
The major changes in COBIT 5 content and how they
may impact GEIT* implementation/improvement are:
1.
New GEIT
Principles –Introduced in detail later
2.
Increased Focus on
Enablers
-
Ditto
Areas of Change
2.
Increased Focus on
Enablers
-
Ditto
3.
New and Modified
Processes
4.
Separated Governance & Management Practices and Activities
5.
Revised & expanded Goals and Metrics
6.
Defined Inputs and Outputs
7.
More detailed RACI Charts
8.
Process Capability Maturity Models and Assessments
(* Governance of Enterprise Information Technology)
© 2010 ISACA.All rights reserved.13
The COBIT 5 Principles
COBIT 5 will be used to
address specific needs
COBIT 5 integrates
governance of
The COBIT 5
framework makes
a clear distinction
between
governance and
enterprise IT into
enterprise governance
COBIT 5 integrates all
existing frameworks,
standards etc
COBIT 5 supports a
comprehensive
governance and
management system
for enterprise IT and
Information
governance and management
COBIT 5 will be used to
address specific needs
COBIT 5 integrates
governance of
The COBIT 5
framework makes
a clear distinction
between
governance and
enterprise IT into
enterprise governance
COBIT 5 integrates all
existing frameworks,
standards etc
COBIT 5 supports a
comprehensive
governance and
management system
for enterprise IT and
Information
governance and management
∗
Stakeholder needs have to be
transformed into an enterprises’
actionable strategy.
The COBIT 5 Principle 1
∗
The COBIT 5
goals cascade
translates stakeholder needs into
specific, actionable and
customised goals within the
context of the enterprise, IT-
related goals and enabler goals.
Stakeholder needs have to be
transformed into an enterprises’
actionable strategy.
The COBIT 5 Principle 1
∗
The COBIT 5
goals cascade
translates stakeholder needs into
specific, actionable and
customised goals within the
context of the enterprise, IT-
related goals and enabler goals.
∗
COBIT 5 integrates governance of enterprise IT into
enterprise governance by:
∗
Covering
all functions and processes
within the
The COBIT 5 Principle 2
∗
Covering
all functions and processes
within the
enterprise ∗
COBIT 5 does not focus on
only
the ‘IT function’, but instead treats
information and related technologies
as assets
∗
Considering all IT-related governance and managemen t
enablers to be enterprise-wide and end-to-end
COBIT 5 integrates governance of enterprise IT into
enterprise governance by:
∗
Covering
all functions and processes
within the
The COBIT 5 Principle 2
∗
Covering
all functions and processes
within the
enterprise ∗
COBIT 5 does not focus on
only
the ‘IT function’, but instead treats
information and related technologies
as assets
∗
Considering all IT-related governance and managemen t
enablers to be enterprise-wide and end-to-end
∗
COBIT 5 ∗
integrates all other frameworks, standards etc.
∗
COMPLIMENTARY not in COMPETITION
∗
is complete in enterprise coverage, providing a bas is to integrate other
related
frameworks, standards and practices
∗
is
a single
integrated
framework
which:
The COBIT 5 Principle 3
is
a single
integrated
framework
which:
∗
serves as a consistent and integrated source of gui dance in a common
language. ∗
aligns with other relevant standards and frameworks .
∗
brings together knowledge previously dispersed over different ISACA
frameworks and models with guidance from other majo r information-
related standards
∗
COBIT, BMIS, Risk IT, Val IT etc.
∗
for example the ISO/IEC 27000 series, the ISF Stand ard of Good Practice for
Information Security, and NIST SP800-53A, ITIL etc. .
COBIT 5 ∗
integrates all other frameworks, standards etc.
∗
COMPLIMENTARY not in COMPETITION
∗
is complete in enterprise coverage, providing a bas is to integrate other
related
frameworks, standards and practices
∗
is
a single
integrated
framework
which:
The COBIT 5 Principle 3
is
a single
integrated
framework
which:
∗
serves as a consistent and integrated source of gui dance in a common
language. ∗
aligns with other relevant standards and frameworks .
∗
brings together knowledge previously dispersed over different ISACA
frameworks and models with guidance from other majo r information-
related standards
∗
COBIT, BMIS, Risk IT, Val IT etc.
∗
for example the ISO/IEC 27000 series, the ISF Stand ard of Good Practice for
Information Security, and NIST SP800-53A, ITIL etc. .
∗
COBIT 5 defines a set of
enablers
to support the
implementation of a comprehensive governance and
management system for enterprise IT and
COBIT 5 Principle 4
management system for enterprise IT and Information. ∗
Enablers are factors that, individually and collect ively,
influence whether something will work ∗
This will mean the governance and management over b oth
technical and operational processes and, related to that,
information governance.
∗
The COBIT 5 framework defines seven categories of e nablers
COBIT 5 defines a set of
enablers
to support the
implementation of a comprehensive governance and
management system for enterprise IT and
COBIT 5 Principle 4
management system for enterprise IT and Information. ∗
Enablers are factors that, individually and collect ively,
influence whether something will work ∗
This will mean the governance and management over b oth
technical and operational processes and, related to that,
information governance.
∗
The COBIT 5 framework defines seven categories of e nablers
∗
The 7 enablers defined in COBIT 5 have a set of com mon
dimensions which:
∗
Provide a simple and structured way to deal with en ablers
∗
Allow management of their complex interactions
∗
Facilitate
their successful
outcome
Using the COBIT 5 Enablers
∗
Facilitate
their successful
outcome
The 7 enablers defined in COBIT 5 have a set of com mon
dimensions which:
∗
Provide a simple and structured way to deal with en ablers
∗
Allow management of their complex interactions
∗
Facilitate
their successful
outcome
Using the COBIT 5 Enablers
∗
Facilitate
their successful
outcome
1.
Principles, policies and frameworks—Are the vehicle to translate the desired
behaviour into practical guidance for day-to-day ma nagement 2.
Processes
—Describe an organised set of practices and activiti es to achieve certain
objectives and produce a set of outputs in support of achieving overall IT related goals
3.
Organisational structures—Are the key decision-making entities in an organis ation
4.
Culture, ethics and behaviour—Of individuals and of the organisation; very often underestimated as a success factor in governance and management activities
The COBIT 5 Enablers . . .
underestimated as a success factor in governance and management activities
5.
Information—Is pervasive throughout any organisation, i.e., dea ls with all information
produced and used by the enterprise. Information is required for keeping the
organisation running and well governed, but at the operational level, information is
very often the key product of the enterprise itself .
6.
Services, infrastructure and applications—Include the infrastructure, technology
and applications that provide the enterprise with i nformation technology processing
and services
7.
People, skills and competences—Are linked to people and are required for
successful completion of all activities and for mak ing correct decisions and taking
corrective actions
© 2012 ISACA.All rights reserved.20
Principles, policies and frameworks—Are the vehicle to translate the desired
behaviour into practical guidance for day-to-day ma nagement 2.
Processes
—Describe an organised set of practices and activiti es to achieve certain
objectives and produce a set of outputs in support of achieving overall IT related goals
3.
Organisational structures—Are the key decision-making entities in an organis ation
4.
Culture, ethics and behaviour—Of individuals and of the organisation; very often underestimated as a success factor in governance and management activities
The COBIT 5 Enablers . . .
underestimated as a success factor in governance and management activities
5.
Information—Is pervasive throughout any organisation, i.e., dea ls with all information
produced and used by the enterprise. Information is required for keeping the
organisation running and well governed, but at the operational level, information is
very often the key product of the enterprise itself .
6.
Services, infrastructure and applications—Include the infrastructure, technology
and applications that provide the enterprise with i nformation technology processing
and services
7.
People, skills and competences—Are linked to people and are required for
successful completion of all activities and for mak ing correct decisions and taking
corrective actions
© 2012 ISACA.All rights reserved.20
∗
The COBIT 5 framework makes a clear distinction bet ween governance
and
management
.
∗
Governance ensures that stakeholder needs, conditio ns and options are evaluated to determine balanced, agreed
-
on enterprise objectives to be
The COBIT 5 Principle 5
evaluated to determine balanced, agreed
-
on enterprise objectives to be
achieved; setting direction through prioritisation and decision making; and
monitoring performance and compliance against agreed-on direction and
objectives.
∗
In most enterprises, governance is the responsibilit y of the board of directors under the
leadership of the chairperson.
∗
Management plans, builds, runs and monitors activit ies in alignment with
the direction set by the governance body to achieve the enterprise
objectives.
∗
In most enterprises, management is the responsibility of the executive management under the
leadership of the CEO.
The COBIT 5 framework makes a clear distinction bet ween governance
and
management
.
∗
Governance ensures that stakeholder needs, conditio ns and options are evaluated to determine balanced, agreed
-
on enterprise objectives to be
The COBIT 5 Principle 5
evaluated to determine balanced, agreed
-
on enterprise objectives to be
achieved; setting direction through prioritisation and decision making; and
monitoring performance and compliance against agreed-on direction and
objectives.
∗
In most enterprises, governance is the responsibilit y of the board of directors under the
leadership of the chairperson.
∗
Management plans, builds, runs and monitors activit ies in alignment with
the direction set by the governance body to achieve the enterprise
objectives.
∗
In most enterprises, management is the responsibility of the executive management under the
leadership of the CEO.
Enabler: Process
For example: APO13 . . .
Which continues:
The information
security-specific
processes will be
detailed in COBIT 5 for
Information Security –
and similar for Risk,
*Responsible, Accountable, Consulted, Informed.
and similar for Risk, Assurance etc.
The information
security-specific
processes will be
detailed in COBIT 5 for
Information Security –
and similar for Risk,
*Responsible, Accountable, Consulted, Informed.
and similar for Risk, Assurance etc.
∗
Looks at Information:
∗
Quality ∗
Intrinsic
quality, which considers quality as an intrinsic proper ty of information,
Contextual
quality,
which recognizes that information quality may depend on a context of use (i.e., the task to be
performed by the information user), and
Representational
and
Accessibility
quality, which consider the
quality of information in relation to the information t echnologies that are used
Enabler: Information (Q3 2012)
quality of information in relation to the information t echnologies that are used
∗
Value/Cost ∗
R
elates to information being economical and efficient.
∗
Lifecycle Phases ∗
Plan; Obtain, Store; Share; Use; Maintain; Dispose
∗
Attributes ∗
A framework which considers six different levels or layers to talk or reason about properties of
information
∗
Stakeholders ∗
Apart from identifying the stakeholders, their stakes need to be identified, i.e., why do they care or are
they interested in the information.
Looks at Information:
∗
Quality ∗
Intrinsic
quality, which considers quality as an intrinsic proper ty of information,
Contextual
quality,
which recognizes that information quality may depend on a context of use (i.e., the task to be
performed by the information user), and
Representational
and
Accessibility
quality, which consider the
quality of information in relation to the information t echnologies that are used
Enabler: Information (Q3 2012)
quality of information in relation to the information t echnologies that are used
∗
Value/Cost ∗
R
elates to information being economical and efficient.
∗
Lifecycle Phases ∗
Plan; Obtain, Store; Share; Use; Maintain; Dispose
∗
Attributes ∗
A framework which considers six different levels or layers to talk or reason about properties of
information
∗
Stakeholders ∗
Apart from identifying the stakeholders, their stakes need to be identified, i.e., why do they care or are
they interested in the information.
∗
COBIT 5: ∗
encourages and assists in meeting Stakeholder Needs
for Information Security
∗
has adopted the BMIS concepts of taking the Holistic view of an
organisation
Summary & Conclusions
view of an
organisation
∗
focuses on the business use of Information in any f orm
or medium
∗
separates information governance from management
activity
∗
relates to all frameworks, standards etc, e.g. ITIL ;
ISO2700x; ISF etc
COBIT 5: ∗
encourages and assists in meeting Stakeholder Needs
for Information Security
∗
has adopted the BMIS concepts of taking the Holistic view of an
organisation
Summary & Conclusions
view of an
organisation
∗
focuses on the business use of Information in any f orm
or medium
∗
separates information governance from management
activity
∗
relates to all frameworks, standards etc, e.g. ITIL ;
ISO2700x; ISF etc
COBIT 5 In Progress
✔
✔
3
rd
Quarter 2012
A Work In Progress
✔
✔
3
rd
Quarter 2012
1
st
Quarter 2013
4
th
Quarter 2012?
✔
✔
3
rd
Quarter 2012
A Work In Progress
✔
✔
3
rd
Quarter 2012
1
st
Quarter 2013
4
th
Quarter 2012?
Dr. Derek J. Oliver
Ravenswood Consultants Ltd., Tel: 01268 794556
Ravenswood House,Mob: 07768 363808
148-150, Essex Way,E-mail: [email protected]
South Benfleet,
Essex, SS7 1LN
And so Goodbye . . .
Ravenswood Consultants Ltd., Tel: 01268 794556
Ravenswood House,Mob: 07768 363808
148-150, Essex Way,E-mail: [email protected]
South Benfleet,
Essex, SS7 1LN
And so Goodbye . . .
Categories
TechnologyDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 0
- Slides 28
- Age 48 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
44 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
44 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
36 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
33 views
21
Know for Certain
DaveSinNM
19 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
23 views