Now you've got your consumer-driven IT; you've got the big concept of bring-your-own-device; you've got social media; you've got the business delivering capability direct without IT.
COBIT 5's fundamental difference that we're seeing today is that organizations are looking to take a value-based perspective to their governance of enterprise IT or more importantly their IT investments that empower the business. It's designed so that you can really truly understand what the organizational construct is, where you're looking to invest and where you're looking to drive organizational value. Where is that value? Then, how are we going to get there? The old days of IT, with long-running projects, the business value of it in two or three years has gone away.
So in measuring that value component, we need to understand where we are in terms of deriving business value so we know when to effectively cut our losses.
A term used in industries, I'm sure all the listeners are aware of now, is 'file quickly'. Well rather than 'file quickly,' let's 'succeed quickly. COBIT 5 provides an overarching structure so that organizations can put that in place and deliver that, and that's one of the areas where value is truly derived and one of the true differences from COBIT 5 to the past.
Now, COBIT 5 reaches back from the business initiative - the business strategy - right through to requirement, so almost true cradle-to-grave support. For instance, you and I today are both sitting in our homes hundreds of miles apart talking to one another, where when COBIT came out we would have been within an office some place. So much is remote. So much is outside of the organization. Because of this, the IT threat landscape has changed and so my question to you is: what do you see as the top IT threats to the extended enterprise today and where do you see COBIT 5 helping organizations to address those sophisticated and different threats?
STROUD: The threat profile has changed dramatically if we go back to when you and I started in this industry would be surely in the same room and you know it might even be a hallway apart. Threats are different; threats were fundamentally from inside.
And don't get me wrong - those internal threats continue. But now we're seeing a lot of changes in terms of the threat landscape and threat profile, and we recently did a release on the threats that we're seeing in the industry, things like data leakage. This is becoming a fundamental business issue for many organizations today.
The fact is that data can leak out and you think about that information, and not necessarily personally identifiable information, but organizational information, trade secrets information, clearly we're seeing that as a major issue out there. Inadvertent employee mistakes are still happening so we're not going to stop them anytime soon, because as you put process in place, we do mitigate that to some extent, but they will still happen.
Now we're still seeing a growing threat in our dimension consumer driven IT now because of your bring-your-own-device. If the enterprise construct is not effectively developed to control this access from third-party devices, then you may have the opportunity to have data leakage or using those devices as a way to penetrate inside your organization. I think we're getting better at that and better at managing that as we move forward. Other things that are very topical like cyber attacks, external hacking and disgruntled employees, they're all still out there.
They're single digit kind of threats if you want to put a percentage on them, but overall what's happening is this threat landscape, there are more and more external threats now coming in to be able to get inside the environment of the data center or the IT construct, and these need to be understood and not necessarily always avoided.
Sometimes you just want to take a mitigation posture or you might want to take an acceptance posture depending on the business risk, the business climate and the business appetite.
One of the things that we reinforce and support in COBIT 5 for Information Security is how to put an effective risk posture in place, and we need to understand that security begins at the business and as a holistic partner. That's one of the key aspects in the changing threat landscape.
We need to be aware of all of these threats, we need to understand them and when you put effective process in place to either deal with them or if our risk posture allows us to accept some of them, how to deal with them after the event. That's going to depend on what industry you are in. If you're in an industry that cannot accept any risk, you're going to have a larger investment in security.
There are organizations that maybe can accept some of these. This is all about understanding your risk profile from a business perspective and understanding what the organizational impact is so that you can make effective investment decisions in the right areas.
And I think that's a key thing that we're seeing today. IT is moving so quickly. We need to make effective decisions rapidly and realize that we may have to revisit them on quite a regular basis. That implementation guide and the tool kit that comes with it give you good guidance in terms of what you need to do. The first aspect of doing this is to go back and have a quick look at your organizational posture and culture in terms of what does governance enterprise IT mean in your organization.
Where are the threats? Where are the risks? Where are the various opportunities? The new piece in COBIT 5 is the governance environment and that's one of the things that I recommend [to] practitioners looking to effectively implement this. You might want to go and look at the implementation guide and actually balance the governance domain versus your current governance process you have in place today.
All organizations have some form or structure resemblance of governance and that governance process should map quite well to the guidance that we give in COBIT 5 to effectively implement this governance domain.
It's not something to take and lift and use exactly as is. You're going to map it or mold it to your organizational requirements, your organizational construct and the various competitive advantages that you have. Other editions. Error rating book. Refresh and try again. Open Preview See a Problem? Your email address will not be published. Home for pdf and pdf novel book online the book book free book pdf pdf how book pdf download and book pdf free download books for edition pdf book the pdf.
Utilized together, in part or in whole, these IT frameworks offer guidance for effective management of IT services. IServer helps organizations analyze, audit and manage their governance, risk and compliance by consolidating governance and risk documentation into a central repository, allowing impact analysis and compliance reports to be generated.
COBIT provides an implementable " set of controls over information technology and organizes them around a logical framework of IT- related processes and enablers. Cobit 5 for risk download We discuss in these cobit 5 foundation exam questions free from different topics like cobit 5 book, cobit 5. Role Specification: EC 2 the appointment of specialist advisors as and when required. File Name: cobit 5 for information security pdf download.
COBIT 5. Skip to Main Content. Next Available Dates. Best java book with exercises. Beauty and the beast book free download. Organization and management book free download.
Fantastic beasts and where to find them book epub download. Believe and achieve book free download. Motion forces and energy science book answers. Fantastic beasts and where to find them book.
0コメント