cobit hw eda emriye faruk
DESCRIPTION
iuoiTRANSCRIPT
![Page 1: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/1.jpg)
COBITCOBITControl Objectives for Information and Related Control Objectives for Information and Related
Technologies Technologies (Bilgi ve İlgili Teknolojiler İçin Kontrol Hedefleri)(Bilgi ve İlgili Teknolojiler İçin Kontrol Hedefleri)
ISE501ISE501Foundations in IT ManagementFoundations in IT Management
Eda TOPALOĞLUEda TOPALOĞLU Emriye COŞKUNEmriye COŞKUN Faruk TİFTİKCİFaruk TİFTİKCİ120510001120510001 120510004120510004 120501004120501004
![Page 2: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/2.jpg)
What is COBIT?What is COBIT?Provide us understanding of ITProvide us understanding of ITWe can decide more efficiently about ITWe can decide more efficiently about ITBy using it, we can By using it, we can understand and manage understand and manage
IT investmentsIT investmentsIdentifIdentifiesies the major IT resources the major IT resourcesDefinDefineses the management control objectives the management control objectivesOrganises IT activitiesOrganises IT activitiesBetter quality IT servicesBetter quality IT services
![Page 3: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/3.jpg)
What is COBIT?What is COBIT?
reduce related risks
increase the value of ITCOBIT helps to banagers, controller, IT users to
reachs to their goalsCOBIT is focused on what is required to achieve
![Page 4: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/4.jpg)
What is dWhat is differences between the ifferences between the COBIT 4.1 and COBIT 5COBIT 4.1 and COBIT 5 ??
New GEIT PrinciplesNew GEIT Principles Increased Focus on EnablersIncreased Focus on Enablers New Process Reference ModelNew Process Reference Model New and Modified ProcessesNew and Modified Processes Practices and ActivitiesPractices and Activities Goals and MetricsGoals and Metrics Inputs and OutputsInputs and Outputs RACI ChartsRACI Charts Process Capability Maturity Models and Process Capability Maturity Models and
AssessmentsAssessments
![Page 5: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/5.jpg)
1. 1. New GEIT PrinciplesNew GEIT PrinciplesCOBIT 5 is based on five key principlesCOBIT 5 is based on five key principles
![Page 6: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/6.jpg)
1.1. Meeting Stakeholder Needs1.1. Meeting Stakeholder Needs
Enterprises have many stakeholders.
Value creation means realising benefits at an optimal resource cost while optimising risk.
Enterprises exist to create value for their stakeholders.
The governance system should consider all stakeholders when making benefit, resource and risk assessment decisions.
![Page 7: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/7.jpg)
1.1. Meeting Stakeholder Needs1.1. Meeting Stakeholder Needs Stakeholder needs have to
be transformed into an enterprises’ actionable strategy.
The COBIT 5 goals cascade is the mechanism to translate stakeholder needs into specific, actionable and customised enterprise goals.
![Page 8: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/8.jpg)
1.2. Covering the Enterprise End-to-End1.2. Covering the Enterprise End-to-End COBIT 5 addresses the governance and
management of information and related technology from an enterprise-wide, end-to-end perspective.
This means that COBIT 5: Integrates governance of enterprise IT into enterprise governance.
Covers all functions and processes within the enterprise.
![Page 9: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/9.jpg)
1.2. Covering the Enterprise End-to-End 1.2. Covering the Enterprise End-to-End
![Page 10: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/10.jpg)
1.3. Applying a Single Integrated Framework1.3. Applying a Single Integrated Framework
COBIT 5 is a single and integrated framework, because;
it aligns with other latest relevant standards and frameworks used by enterprises
it provides a simple architecture for structuring guidance materials
it integrates different ISACA frameworks such as Val IT, Risk IT, BMIS
This allows the enterprise to use COBIT 5 as the governance and management framework integrator
![Page 11: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/11.jpg)
1.3. Applying a Single Integrated Framework1.3. Applying a Single Integrated FrameworkThe following frameworks, standards and
other guidance were used as reference material and input for the development of COBIT 5; ITIL
TOGAF ISOFEA (Federal Enterprise Architecture)CEAF (The Commission Enterprise IT
Architecture Framework)APM (Association for Project Management)etc.
![Page 12: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/12.jpg)
1.3. Applying a Single Integrated Framework1.3. Applying a Single Integrated Framework
![Page 13: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/13.jpg)
1.4. 1.4. Enabling a Holistic ApproachEnabling a Holistic Approach The COBIT 5 framework describes seven
categories of enablers1.Principles, policies and frameworks2.Processes3.Organisational structures4.Culture, ethics and behaviour5.Information6.Services, infrastructure and
applications7.People, skills and competencies
![Page 14: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/14.jpg)
1.4. 1.4. Enabling a Holistic Approach Enabling a Holistic Approach
![Page 15: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/15.jpg)
1.4.1. Principles,policies and frameworks1.4.1. Principles,policies and frameworksPrinciples, policies and frameworks are
the vehicle to translate the desired behaviour into practical guidance for day-to-day management
1.4.2. Processes1.4.2. ProcessesProcesses describe an organised set of
practices.Processes describe the activities to achieve
certain objectives and produce a set of outputs
![Page 16: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/16.jpg)
1.4.3. Organisational Structures1.4.3. Organisational StructuresOrganisational structures are the decision
mechanism in an enterprises
1.4.4. Culture, ethics and behaviour 1.4.4. Culture, ethics and behaviour Culture, ethics and behaviour of
individuals are very often ignored in governance and management activities
![Page 17: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/17.jpg)
1.4.5. Information1.4.5. InformationInformation is pervasive throughout any
organisation. Information is required for keeping the organisation running
1.4.6 Services, infrastructure and 1.4.6 Services, infrastructure and applicationsapplications
Services, infrastructure and applications include the infrastructure, technology and applications that provide the enterprise with information technology
![Page 18: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/18.jpg)
1.4.7. Organisational Structures1.4.7. Organisational StructuresPeople, skills and competencies are
linked to people and are required for successful completion of all activities and for making correct decisions and taking corrective actions.
![Page 19: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/19.jpg)
1.5. 1.5. Separating GovernanceSeparating Governance f from rom ManagementManagement
The COBIT 5 framework makes a clear distinction between governance and management
These two disciplines; Encompass different types of activities Require different organisational structures Serve different purposes
![Page 20: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/20.jpg)
1.5. 1.5. Separating GovernanceSeparating Governance f from rom ManagementManagement
Governance : In most enterprises, governance is the responsibility of the board of directors under the leadership of the chairperson.
Management : In most enterprises, management is the responsibility of the executive management under the leadership of the CEO.
![Page 21: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/21.jpg)
1.5. 1.5. Separating GovernanceSeparating Governance f fromrom ManagementManagement
Governance : Governance ensures that stakeholder needs, conditions and options are evaluated to determine balanced.
Management : Management plans, builds, runs and monitors activities to achieve the enterprise objectives.
![Page 22: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/22.jpg)
22
1.5. 1.5. Separating GovernanceSeparating Governance f from rom ManagementManagement
![Page 23: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/23.jpg)
Val IT and Risk IT frameworks are principles-basedCOBIT 5 includes RiskIT and ValIT
![Page 24: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/24.jpg)
Risk ITRisk ITIT risk is a part of business risk IT risk is a part of business risk Provides an end-to-end, comprehensive view Provides an end-to-end, comprehensive view
of all risksof all risksUnderstand how to manage the risk Understand how to manage the risk Risk can be categorised;Risk can be categorised; -IT Benefit/Value enabler -IT Benefit/Value enabler -IT Operation and Service Delivery -IT Operation and Service Delivery
-IT Programme/Project delivery-IT Programme/Project delivery
![Page 25: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/25.jpg)
Val ITVal ITIs a governance framework that can be used
to create business value from IT investmentsThis framework is used to valuable
investments
![Page 26: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/26.jpg)
2. 2. Increased Focus on EnablersIncreased Focus on Enablers
COBIT 4.1 did not have enablersInformation, infrastructure, applications
(services) and people (people, skills and competencies) were COBIT 4.1 resources
This part is related Enabling a Holistic Approach
![Page 27: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/27.jpg)
3. 3. New Process Reference ModelNew Process Reference Model
COBIT 5 is based on a revised process reference model with a new governance domain and several new and modified processes that now cover enterprise activities end-to-end, i.e., business and IT function areas.
COBIT 5 consolidates COBIT 4.1, Val IT and Risk IT into one framework
![Page 28: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/28.jpg)
3. 3. New Process Reference ModelNew Process Reference Model
![Page 29: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/29.jpg)
4. 4. New and Modified ProcessesNew and Modified Processes
COBIT 5 introduces five new governance processes that have leveraged and improved COBIT 4.1, Val IT and Risk IT governance approaches.
This guidance:Helps enterprises to further refine and strengthen
executive management-level GEIT practices and activities
![Page 30: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/30.jpg)
4. 4. New and Modified ProcessesNew and Modified ProcessesThere are several new and modified processes
that reflect current thinking, in particular:APO03 Manage enterprise architecture.APO04 Manage innovation.APO05 Manage portfolio.APO06 Manage budget and costs.APO08 Manage relationships.APO13 Manage security.BAI05 Manage organisational change
enablement.BAI08 Manage knowledge.BAI09 Manage assets.DSS05 Manage security service.DSS06 Manage business process controls.
![Page 31: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/31.jpg)
4. 4. New and Modified ProcessesNew and Modified Processes
COBIT 5 processes now cover end-to-end business and IT activities, i.e., a full enterprise-level view.
This provides for a more holistic and complete coverage of practices reflecting the pervasive enterprise wide nature of IT use.
![Page 32: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/32.jpg)
5. 5. Practices and ActivitiesPractices and Activities
The COBIT 5 governance or management practices are equivalent to the COBIT 4.1 control objectives and Val IT and Risk IT processes.
The COBIT 5 activities are equivalent to the COBIT 4.1 control practices and Val IT and Risk IT management practices
![Page 33: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/33.jpg)
6. 6. Goals and MetricsGoals and Metrics
COBIT 5 follows the same goal and metric concepts as COBIT 4.1, Val IT and Risk IT, but these are renamed enterprise goals, IT-related goals and process goals reflecting an enterprise level view.
COBIT 5 provides a revised goals cascade based on enterprise goals driving IT-related goals and then supported by critical processes.
![Page 34: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/34.jpg)
7. 7. Inputs and OutputsInputs and Outputs
COBIT 5 provides inputs and outputs for every management practice, whereas COBIT 4.1 only provided these at the process level.
This provides additional detailed guidance for designing processes to include essential work products and to assist with interprocess integration.
![Page 35: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/35.jpg)
8. 8. RACI ChartsRACI Charts
COBIT 5 provides RACI charts describing roles and responsibilities in a similar way to COBIT 4.1, Val IT and Risk IT.
COBIT 5 provides a more complete, detailed and clearer range of generic business and IT role players and charts than COBIT 4.1 for each management practice, enabling better definition of role player responsibilities or level of involvement when designing and implementing processes.
![Page 36: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/36.jpg)
8. 8. RACI ChartsRACI Charts
Source: COBIT® 5: Enabling Processes, page 31. © 2012 ISACA® All rights reserved.
Source: COBIT® 4.1, page 39. © 2007 IT Governance Institute® All rights reserved.
![Page 37: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/37.jpg)
9. 9. Process Capability Models and Process Capability Models and AssessmentsAssessments
COBIT 5 discontinues the COBIT 4.1, Val IT and Risk IT CMM-based capability maturity modelling approach.
COBIT 5 will be supported by a new process capability assessment approach based on ISO/IEC 15504, and the COBIT Assessment Programme has already been established for COBIT 4.1 as an alternative to the CMM approach.
![Page 38: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/38.jpg)
9. 9. Process Capability Models and Process Capability Models and AssessmentsAssessments
![Page 39: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/39.jpg)
9. 9. Process Capability Models and Process Capability Models and AssessmentsAssessments
The COBIT Assessment Programme approach is considered by ISACA to be more robust, reliable and repeatable as a process capability assessment method.
The COBIT Assessment Programme supports:Formal assessments by accredited
assessors (assessor training is being developed)
Less rigorous self-assessments for internal gap analysis and process improvement planning
![Page 40: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/40.jpg)
9. 9. Process Capability Models and Process Capability Models and AssessmentsAssessments
COBIT 4.1, Val IT and Risk IT users wishing to move to the new COBIT Assessment Programme approach will need to realign their previous ratings, adopt and learn the new method, and initiate a new set of assessments in order to gain the benefits of the new approach.
Although some of the information gathered from previous assessments may be reusable, care will be needed in migrating this information forward because there are significant differences in requirements.
![Page 41: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/41.jpg)
CCOBIT 5 FRAMEWORKOBIT 5 FRAMEWORK
![Page 42: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/42.jpg)
DEFINITIONCOBIT 5 is a governance and management
framework for information and related technology that starts from stakeholder needs with regard to information and technology.
The COBIT 5 framework is intended for all enterprises, including non‐profit and public sector.
![Page 43: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/43.jpg)
COBIT 5 Framework - 5 Principles
The cobit 5 framework based on 5 principles.
![Page 44: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/44.jpg)
Principle 1: Integrator FrameworkCOBIT 5 is an integrator
framework since it:Brings together existing
ISACA guidance on governance and management of enterprise IT
Aligns with the latest relevant other standards and frameworks
Provides a simple architecture for structuring guidance materials and producing a consistent product set
![Page 45: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/45.jpg)
2. The Governance Objective: Stakeholder ValueEnterprises exist to create value for their
stakeholders, so the governance objective for any enterprise is value creation.
Vaue creation: realising benefits at an optimal resource cost whilst optimising risk
![Page 46: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/46.jpg)
3. Business & Context Focus
focussing on enterprise goals and objectives, by covering all of the critical business elements
every organisation operates in a different context; this context is determined by external factors
requires that every organisation builds their own, customised governance and management system.
![Page 47: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/47.jpg)
4. The COBIT 5 Governance Approach—Enabler based‐
![Page 48: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/48.jpg)
4. The COBIT 5 Governance Approach—Enabler based‐Governance Enablers:They are the organisational
resources for governance, such as frameworks, principles,structure, processes and practices, toward or through which action is directed and objectives can be attained.
Governance Scope: Governance can be applied to the whole enterprise, an entity, a tangible or intangible asset.
![Page 49: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/49.jpg)
4. The COBIT 5 Governance Approach—Enabler based‐
Roles, Activities and Relationships: how they are involved what they do how they interact
![Page 50: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/50.jpg)
5. Governance and Management structured‐ ‐Cobit 5 frameworks makes a clear
distinction between governence and management.
These two disciplines include: different types of activities require different organisational structures serve different purposes
![Page 51: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/51.jpg)
5. Governance and Management structured‐ ‐Gonernance: It ensures that stakeholder needs,
conditions & options are evaluated to determine: balance, agreed-on enterprise objectives to be
achieved; setting direction through prioritisation & decision
making; monitoring performance, compliance compliance against agreed-on direction & objectives
Management: It plans, builts, runs & monitors activities in alignment with the direction set by thev governance body to achieve the enterprise objectives.
![Page 52: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/52.jpg)
COBIT 5 Architecture
![Page 53: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/53.jpg)
COBIT 5 ArchitectureThe Governance Objectives
Existing ISACA guidance (COBIT 4.1, Val IT 2, Risk IT, BMIS, etc.
Other relevant standards and frameworks Cobit 5 Enablers
Processes, Culture Ethics Behavior, Organizational Structure Information Principles & Policies Skills & Competencies Service Capabilities
![Page 54: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/54.jpg)
COBIT 5 ArchitectureCobit 5 Knowledge Base:
Current guidance and content Structure for future contents
Cobit 5 Product Family COBIT 5: The Framework(this volume) COBIT 5: Process Reference Guide COBIT 5: Implementation Guide COBIT 5: Practice guide
![Page 55: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/55.jpg)
Value criationThe governance objective is value creation means
realising benefits at an optimal resource cost whilst optimising risk.
The stakeholders for enterprice IT can be Internal External
![Page 56: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/56.jpg)
Governance ObjectivesGovernance objectives are based on the stakeholders needs
and the value criation( benefits, resources and risks )The existing ISACA guidance is used: COBIT 4.1, Val IT,
Risk IT, BMIS, ITAF, TGF, Board Briefing.Other relevant frameworks: ITIL, TOGAF
![Page 57: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/57.jpg)
Goals CascadeGovernance objectives translate into enterprise goalsRealising enterprise goals requires IT related goalsFor IT related goals to be achieved, enablers are required
![Page 58: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/58.jpg)
Goals CascadeEnterprise goals mapped to Governance
Objectives
![Page 59: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/59.jpg)
Goals CascadeIT related goals
![Page 60: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/60.jpg)
Enablers are tangible and intangible elements that make governance and management over enterprise IT work. The enablers are driven by the goal cascade.
Enablers
![Page 61: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/61.jpg)
Enablers
![Page 62: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/62.jpg)
This model is a key component of the COBIT 5 framework because it is the basic structure for all seven categories of enablers.
The generic model identifies a number of components that are common for each enabler:
Generic Enabler Model
![Page 63: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/63.jpg)
Enabler Capability LevelsThe process maturity model of COBIT 4.1 has been
replaced with a capability model based on ISO/IEC 15504.
![Page 64: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/64.jpg)
Knowledge based & productsThe knowledge base contains all guidance and
contentSeries of products built from the knowledge base
![Page 65: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/65.jpg)
Governance & Management Processes Cobit 5 defend an opinion that organization implement governance and
management processes, such that the key areas above are covered. The GOVERNANCE domain, contains five governance processes; within
each process; within each process, evaluate, direct and monitor practices are defined The 4 MANAGEMENT domains, in line with the responsibility areas of
plan, build, run and monitor provides an end‐to‐end coverage of IT.
![Page 66: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/66.jpg)
Process Reference Model1 governance domain: EDM4 management domains: APO, BAI, DDS,
MEA
![Page 67: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/67.jpg)
Process Reference ModelThe complete set of 36 processes: 5 governance & 36
management processes.
![Page 68: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/68.jpg)
ImplementationThe 7 phases of the implementataion life cycle
![Page 69: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/69.jpg)
COBIT 4.1 MAPPING ITIL v3Every organisation needs to adapt the use of
standards and practices to suit its individual requirements.
COBIT helps to define what should be done and ITIL provides the how for service management aspects.
![Page 70: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/70.jpg)
COBIT 4.1 MAPPING ITIL v3Typical uses for the standards and practices are: To support governance by:– Providing a management policy and control framework– Enabling process ownership, clear responsibility and accountability
for IT activities– Aligning IT objectives with business objectives, setting priorities and
allocating resources– Ensuring return on investments and optimizing costs– Making sure that significant risks have been identified and are
transparent to management, responsibility for risk management has been assigned and embedded in the organisation, and assurance that effective controls are in place has been provided to management
– Ensuring resources have been organised efficiently and sufficient capability (technical infrastructure, process and skills) exists to execute the IT strategy
– Making sure that critical IT activities can be monitored and measured, so problems can be identified and corrective action can be taken
![Page 71: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/71.jpg)
COBIT 4.1 MAPPING ITIL v3 To define requirements in service and project definitions,
internally and with service providers. For example:– Improving IT service and business process alignment and
integration– Setting clear, business-related IT objectives and metrics– Defining services and projects in end-user terms– Creating SLAs and contracts that can be monitored by customers– Making sure that customer requirements have been cascaded
properly into technical IT operational requirements– Considering services and project portfolios collectively so
relative priorities can be set and resources can be allocated on an equitable and achievable basis
![Page 72: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/72.jpg)
COBIT 4.1 MAPPING ITIL v3To verify provider capability or demonstrate
competence to the market by:– Independent third-party assessments and audits– Contractual commitments– Attestations and certifications
![Page 73: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/73.jpg)
COBIT 4.1 MAPPING ITIL v3To facilitate continuous improvement by:– Maturity assessments– Gap analyses– Benchmarking– Improvement planning– Avoidance of reinventing already-proven good approaches
![Page 74: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/74.jpg)
COBIT 4.1 MAPPING ITIL v3As a framework for audit/assessment and an external
view through:– Objective and mutually understood criteria– Benchmarking to justify weaknesses and
gaps in control– Increasing the depth and value of
recommendations by following generally accepted preferred approaches
![Page 75: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/75.jpg)
HIGH LEVEL MAPPING
![Page 76: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/76.jpg)
STRUCTURAL COMPARISON
![Page 77: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/77.jpg)
COVERAGE OF IT GOVERNANCE FOCUS AREAS
![Page 78: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/78.jpg)
COVERAGE OF IT GOVERNANCE FOCUS AREAS ( Cont.)
![Page 79: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/79.jpg)
COVERAGE OF IT GOVERNANCE FOCUS AREAS ( Cont.)
![Page 80: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/80.jpg)
COVERAGE OF IT GOVERNANCE FOCUS AREAS ( Cont.)
![Page 81: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/81.jpg)
COVERAGE OF IT GOVERNANCE FOCUS AREAS ( Cont.)
![Page 82: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/82.jpg)
DETAILED MAPPING COBIT TO ITIL
![Page 83: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/83.jpg)
DETAILED MAPPING COBIT TO ITIL
![Page 84: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/84.jpg)
DETAILED MAPPING COBIT TO ITIL
![Page 85: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/85.jpg)
DETAILED MAPPING COBIT TO ITIL
![Page 86: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/86.jpg)
DETAILED MAPPING COBIT TO ITIL
![Page 87: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/87.jpg)
COBIT & ITIL MAPPING
![Page 88: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/88.jpg)
Incident ManagementITIL v3: part of Service OperationCOBIT : part of Deliver & Support
Major tasks: – Identify and track incidents in a timely manner. – Classify the incident and provide initial support. – Localise potential causes of the incident. – Recover the services and manage closure. – Take ownership of the incident. – Monitor, track and communicate the execution
![Page 89: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/89.jpg)
Problem ManagementITIL v3: part of Service OperationCOBIT : part of Deliver & Support
Major tasks: – Identify and record problems. – Classify the problem, focused on the impact
on the business. – Investigate the root cause of the problem. – Resolve the cause of the problem. – Close the problem.
![Page 90: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/90.jpg)
Configuration Management ITIL v3: part of Service TransitionCOBIT : part of Deliver & SupportMajor tasks: – Identify the demand for relevant information (purpose, scope,
objectives, policies and procedures for sound configuration). – With the owner, identify and label configuration items (CI),
available documentation, versions and interrelationships. – Document CIs in a central configuration management
database (CMDB). – Establish procedures and documentation standards to ensure
that only authorised and identifiable CIs are recorded and historical,
traceable information is available. – Ensure permanent accountability of data (status accounting). – Verify and audit the physical existence of CIs recorded in the
CMDB.
![Page 91: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/91.jpg)
Change Management ITIL v3: part of Service TransitionCOBIT : part of Acquire & Implement Major tasks: – Record, log and filter requests for change (RFCs). – Prioritise and categorise the RFC. – Assess the impact of the RFC on the infrastructure and other
services as well as on non-IT processes (e.g., information security) and effects of not implementing the RFC.
– Identify required resources for implementing the RFC. – Obtain approval for the RFC. – Schedule the implementation. – Implement the RFC. – Review the implementation of the RFC. – Establish an entity in charge of the authorisation process of those
RFCs identified with major impact; this entity is called the change advisory board (CAB)
![Page 92: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/92.jpg)
Capacity ManagementITIL v3: part of Service DeliveryCOBIT : part of Deliver & Support
Major tasks: – Define, plan and manage the requirements. – Provide resources for the services. – Monitor the performance of resources and
adjust if necessary. – Plan and implement improvements. – Establish and maintain a capacity plan.23
![Page 93: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/93.jpg)
What are What are DS3-DS4-DS8-DS9-DS10-DS11-DS3-DS4-DS8-DS9-DS10-DS11-DS13-A16-ME1DS13-A16-ME1 items? items?
DS-3
DS3- MANAGE PERFORMANCE & CAPACITY
•Require a process to periodically review current performance and capacity of IT resources •Include forecasting future needs based on workload, storage and contingency requirements•Provide assurance that information resources supporting business requirements are continually available
![Page 94: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/94.jpg)
DS3 has 5 principles.
DS3.1 Performance and Capacity PlanningEstablish a planning process for the review of
performance and capacity of IT resources Leverage appropriate modeling techniques to
produce a model of the current and forecasted performance, capacity and throughput of the IT resources.
![Page 95: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/95.jpg)
DS3.2 Current Performance and CapacityDetermine if sufficient capacity and
performance exist to deliver against agreed-upon service levels.
DS3.3 Future Performance and CapacityConduct performance and capacity forecasting
of IT resources at regular intervals to minimize the risk of service disruptions
Identify workload trends and determine forecasts to be input to performance and capacity plans.
![Page 96: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/96.jpg)
DS3.4 IT Resources AvailabilityProvide the required capacity and
performance, taking into account aspectsPlans properly address availability, capacity
and performance of individual IT resources.DS3.5 Monitoring and ReportingMaintain and tune current performance
within IT and address To report delivered service availability to the
business, as required by the SLAs
![Page 97: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/97.jpg)
DS-4
DS4 ENSURE CONTINUOUS SERVICEProvide continuous IT services requires
developing, maintaining and testing IT continuity plans
Minimize the probability and impact of a major IT service interruption on key business functions and processes.
![Page 98: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/98.jpg)
DS4 has 10 principles.
DS4.1 IT Continuity FrameworkDevelop a framework for IT continuity to support
enterprise wide business continuity management using a consistent process.
Adress the organizational structure for continuity management, covering the roles, tasks and responsibilities of internal and external service providers, their management and their customers, and the planning processes
![Page 99: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/99.jpg)
DS4.2 IT Continuity PlansDevelop IT continuity plans based on the
framework and designed to reduce the impact of a major disruption
Cover usage guidelines, roles and responsibilities, procedures, communication processes, and the testing approach.
![Page 100: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/100.jpg)
DS4.3 Critical IT ResourcesBuild in resilience and establish priorities in
recovery situationsAvoid the distraction of recovering less-critical
items and ensure responseConsider resilience, response and recovery
requirements for different tiersDS4.4 Maintenance of the IT Continuity PlanEncourage IT management to define and
execute change control procedures Communicate changes in procedures and
responsibilities clearly and in a timely manner.
![Page 101: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/101.jpg)
DS4.5 Testing of the IT Continuity PlanTest the IT continuity plan on a regular basis Require careful preparation, documentation,
reporting of test results and, according to the results, implementation of an action plan
DS4.6 IT Continuity Plan TrainingProvide all concerned parties with regular
training sessions regarding the procedures and their roles and responsibilities in case of an incident or disaster.
![Page 102: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/102.jpg)
DS4.7 Distribution of the IT Continuity PlanDetermine a defined and managed distribution
strategy that are properly and securely distributed and available to authorized interested parties
DS4.8 IT Services Recovery and ResumptionPlan the actions to be taken for the period when
IT is recovering and resuming servicesInclude activation of backup sites, initiation of
alternative processing, customer and stakeholder communication, and resumption procedures
![Page 103: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/103.jpg)
DS4.9 Offsite Backup StorageStore offsite all critical backup media,
documentation and other IT resources necessary for IT recovery and business continuity plans
Determine the content of backup storage in collaboration between business process owners and IT personnel
DS4.10 Post-resumption ReviewDetermine whether IT management has
established procedures for assessing the adequacy of the plan and update the plan accordingly.
![Page 104: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/104.jpg)
DS-8
DS8 MANAGE SERVICE DESK AND INCIDENTS
Timely and effective response to IT user queries and problems requires a well-designed and well-executed service desk and incident management process
Include setting up a service desk function with registration, incident escalation, trend and root cause analysis, and resolution
Include increased productivity through quick resolution of user queries
![Page 105: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/105.jpg)
DS8 has 5 principles.
DS8.1 Service DeskEstablish a service desk functionInclude monitoring and escalation procedures
based on agreed-upon service levelsDS8.2 Registration of Customer QueriesEstablish a function and system to allow logging
and tracking of calls, incidents, service requests and information needs
Work such processes as incident management, problem management, change management, capacity management and availability management.
![Page 106: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/106.jpg)
DS8.3 Incident EscalationEstablish service desk proceduresEnsure that incident ownership and life
cycle monitoring remain with the service desk for user-based incidents, regardless which IT group is working on resolution activities.
![Page 107: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/107.jpg)
DS8.4 Incident ClosureEstablish procedures for the timely
monitoring of clearance of customer queries. When the incident has been resolved, the
service desk records the resolution stepsDS8.5 Reporting and Trend Analysis
Produce reports of service desk activity to enable management to measure service performance and service response times
Identify trends or recurring problems
![Page 108: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/108.jpg)
DS-9
DS9 MANAGE THE CONFIGURATIONRequire the establishment and
maintenance of an accurate and complete configuration repository
Include collecting initial configuration information, establishing baselines, verifying and auditing configuration information, and updating the configuration repository as needed
![Page 109: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/109.jpg)
DS9 has 3 principles.
DS9.1 Configuration Repository and Baseline
Establish a supporting tool and a central repository to contain all relevant information on configuration items
Monitor and record all assets and changes to assets.
Maintain a baseline of configuration items for every system and service as a checkpoint to which to return after changes
![Page 110: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/110.jpg)
DS9.2 Identification and Maintenance of Configuration Items
Establish configuration procedures to support management and logging of all changes to the configuration repositoryDS9.3 Configuration Integrity Review
Periodically review the configuration data to verify and confirm the integrity of the current and historical configuration
Periodically review installed software against the policy for software usage
![Page 111: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/111.jpg)
DS-10
DS10 MANAGE PROBLEMSRequire the identification and classification of
problems, root cause analysis and resolution of problems
Include the formulation of recommendations for improvement, maintenance of problem records and review of the status of corrective actions
Maximize system availability, improves service levels, reduces costs, and improves customer convenience and satisfaction
![Page 112: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/112.jpg)
DS10 has 4 principles.
DS10.1 Identification and Classification of Problems
Implement processes to report and classify problems that have been identified as part of incident management.
Categorize problems as appropriate into related groups or domains (e.g., hardware, software, support software)
![Page 113: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/113.jpg)
DS10.2 Problem Tracking and ResolutionAllow tracking, analyzing and determining the
root cause of all reported problems considering:• All associated configuration items• Outstanding problems and incidents• Known and suspected errors• Tracking of problem trends
DS10.3 Problem ClosurePut in place a procedure to close problem records
either after confirmation of successful elimination of the known error or after agreement
![Page 114: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/114.jpg)
DS10.4 Integration of Configuration, Incident and Problem Management
Integrate the related processes of configuration, incident and problem management to ensure effective management of problems and enable improvements.
![Page 115: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/115.jpg)
DS-11
DS11 MANAGE DATARequire identifying data requirementsInclude the establishment of effective
procedures to manage the media library, backup and recovery of data, and proper disposal of media
Helps ensure the quality, timeliness and availability of business data
![Page 116: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/116.jpg)
DS11.1 Business Requirements for Data Management
Verify that all data expected for processing are received and processed completely
Support restart and reprocessing needsDS11.2 Storage and Retention ArrangementsDefine and implement procedures for effective
and efficient data storage, retention and archiving to meet business objectives, the organization’s security policy and regulatory requirements
DS10 has 6 principles.
![Page 117: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/117.jpg)
DS11.3 Media Library Management System
Define and implement procedures to maintain an inventory of stored and archived media to ensure their usability and integrity
DS11.4 DisposalDefine and implement procedures to ensure
that business requirements for protection of sensitive data and software are met when data and hardware are disposed or transferred
![Page 118: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/118.jpg)
DS11.5 Backup and RestorationDefine and implement procedures for backup
and restoration of systems, applications, data and documentation in line with business requirements and the continuity plan
DS11.6 Security Requirements for Data Management
Define and implement policies and procedures to identify and apply security requirements
![Page 119: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/119.jpg)
DS-13
DS13 MANAGE OPERATIONSComplete and accurate processing of data
requires effective management of data processing procedures and diligent maintenance of hardware.
Includes defining operating policies and procedures for effective management
Helps maintain data integrity and reduces business delays and IT operating costs.
![Page 120: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/120.jpg)
DS13 has 5 principles.DS13.1 Operations Procedures and InstructionsDefine, implement and maintain procedures for IT
operationsCover shift handover (formal handover of activity,
status updates, operational problems, escalation procedures and reports on current responsibilities)
DS13.2 Job SchedulingOrganize the scheduling of jobs, processes and
tasks into the most efficient sequence, maximizing throughput and utilization to meet business requirements
![Page 121: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/121.jpg)
DS13.3 IT Infrastructure MonitoringDefine and implement procedures to monitor the IT
infrastructure and related eventsDS13.4 Sensitive Documents and Output
DevicesEstablish appropriate physical safeguards,
accounting practices and inventory management over sensitive IT assets
DS13.5 Preventive Maintenance for HardwareDefine and implement procedures to ensure timely
maintenance of infrastructure to reduce the frequency and impact of failures or performance degradation
![Page 122: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/122.jpg)
ME-1
ME1 MONITOR AND EVALUATE IT PERFORMANCE
Effective IT performance management requires a monitoring process
Include defining relevant performance indicators, systematic and timely reporting of performance, and prompt acting upon deviations
![Page 123: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/123.jpg)
ME1 has 6 principles.
ME1.1 Monitoring ApproachEstablish a general monitoring framework
and approach to define the scope, methodology and process
Integrate the framework with the corporate performance management system
![Page 124: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/124.jpg)
ME1.2 Definition and Collection of MonitoringData
Work with the business to define a balanced set of performance targets
Have them approved by the business and other relevant stakeholders
Define benchmarks with which to compare the targets, and identify available data to be collected to measure the targets
Establish processes to collect timely and accurate data to report on progress against targets.
![Page 125: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/125.jpg)
ME1.3 Monitoring MethodDeploy a performance monitoring methodCapture measurements Provide a succinct, all-around view of IT
performanceME1.4 Performance AssessmentPeriodically review performance against
targetsAnalyze the cause of any deviationsInitiate remedial action to address the
underlying causes
![Page 126: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/126.jpg)
ME1.5 Board and Executive ReportingDevelop senior management reports on IT’s
contribution to the businessInclude in status reports the extent to which
planned objectives have been achieved, budgeted resources used, set performance targets met and identified risks mitigated
![Page 127: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/127.jpg)
ME1.6 Remedial Actions Identify and initiate remedial actions based on
performance monitoring, assessment and reporting
Include follow-up of all monitoring, reporting and assessments through:Review, negotiation and establishment of management responsesAssignment of responsibility for remediation Tracking of the results of actions committed
![Page 128: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/128.jpg)
AI-6AI6- MANAGE CHANGESAll changes, including emergency
maintenance and patches, relating to infrastructure and applications within the production environment are formally managed in a controlled manner
Provide mitigation of the risks of negatively impacting the stability or integrity of the production environment.
![Page 129: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/129.jpg)
A16 has 5 principles.
AI6.1 Change Standards and ProceduresSet up formal change management procedures to
handle in a standardized manner all requestsAI6.2 Impact Assessment, Prioritization and
AuthorizationAssess all requests for change in a structured
way to determine the impact on the operational system and its functionality
![Page 130: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/130.jpg)
AI6.3 Emergency ChangesEstablish a process for defining, raising, testing,
documenting, assessing and authorizing emergency changes
AI6.4 Change Status Tracking and ReportingEstablish a tracking and reporting system to
document rejected changesCommunicate the status of approved and in-
process changes, and complete changesAI6.5 Change Closure and DocumentationWhenever changes are implemented, update the
associated system and user documentation and procedures accordingly
![Page 131: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/131.jpg)
References http://www.isaca.org/Knowledge-Center/cobit/Documents/COBIT4.pdf
http://www.isaca.org/Knowledge-Center/cobit/Documents/CobiT-4.1-Brochure.pdf
http://en.wikipedia.org/wiki/COBIT
http://www.google.com.tr/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&sqi=2&ved=0CCIQFjAA&url=http%3A%2F%2Fwww.isaca.org%2FCOBIT%2FDocuments%2FCOBIT5-Compare-With-4.1.ppt&ei=Ta17UKyeKYrCswaN74HoBg&usg=AFQjCNEf4XzkLoXZxfFYQLKOHICaXSlESg&sig2=i1HTIOC97nMm4k1kMmk1jQ
http://www.bpmwatch.com/columns/changing-role-of-governance-in-outsourcing-contract/
![Page 132: COBIT HW Eda Emriye Faruk](https://reader038.vdocuments.net/reader038/viewer/2022102819/563db986550346aa9a9e2892/html5/thumbnails/132.jpg)
References COBIT5-Framework-ED-27JUNE2011.pdf Miha.ef.uni-lj.si/_dokumenti3plus2/192073/ITIL-COBIT_nov.pdf COBIT%20Mapping%202nd%20Edition[1].pdf Scillani%20Article%20Combining%20ITIL%20with%20Cobit%20and
%2017799[1].pdf COBIT%20Mapping%202nd%20Edition[1].pdf itgovernance.co.uk/files/ITIL-COBiT-ISO17799JointFramework.pdf www.financialexecutives.org/COBIT5-Update-Research-.pptx http://www.qualified-audit-partners.be/user_files/
QECB_IIA_COBIT5_EN_Overview_201111.pdf http://www.slideshare.net/Billy82/microsoft-powerpoint-marrying-cobit-and-itil-for-
effective#btnNext http://www.mitsm.de/itil-wiki/process-descriptions-english/incident-management http://www.slideshare.net/hafeezi/business-it-management-intro-to-cobit-itil-
9568869#btnNext http://www.isaca.org/Education/Conferences/Documents/EuroCACS-
Presentations/323.pdf