Professional Documents
Culture Documents
RISK
COBIT 5 Product Family
COBIT 5
COBIT 5 Enabler Guides
COBIT 5: Enabling Processes COBIT 5: Enabling Information Other Enabler Guides
COBIT 5 Principles
COBIT 5 Principles
3701 Algonquin Road, Suite 1010 Rolling Meadows, IL 60008 USA Phone: +1.847.253.1545 Fax: +1.847.253.1443 Email: info@isaca.org Web site: www.isaca.org
2013 ISACA. A
L L R i G H T s R E s E R V E D
FOR
RISK
COBIT 5 Goals Cascade Overview
Stakeholder Needs
Benefits Realisation Risk Optimisation Resource Optimisation Cascade to
Enterprise Goals
Cascade to
IT-related Goals
Cascade to
Enabler Goals
2013 ISACA. A
L L
R i G H T s
R E s E R V E D
FOR
RISK
Governance and Management in COBIT 5
Governance Objective: Value Creation Benefits Realisation Risk Optimisation Resource Optimisation
Governance Enablers
Governance Scope
Governing Body
Set Direction
Management
Monitor
Business Needs
Governance
Evaluate
Direct
Management Feedback
Monitor
Management
Plan (APO) Build (BAI) Run (DSS) Monitor (MEA)
FOR
RISK
Two Perspectives on Risk
Principles, Policies and Frameworks Services, Infrastructure and Applications People, Skills and Competencies
Information
Principles, Policies and Frameworks Services, Infrastructure and Applications People, Skills and Competencies
Risk
Information
COSO ERM
ISO 31000
ISO/IEC 27005
Others
ISO/IEC 27001/2
Others
IT Management Frameworks
2013 ISACA. A
L L
R i G H T s
R E s E R V E D
FOR
RISK
Risk Scenario Overview The Risk Management Process (AP012)
Top Down
Business Goals
Risk Factors
Identify business objectives. Identify scenarios with highest impact on achievement of business objectives.
Risk Scenarios
APO12.04 Articulate Risk Risk Management Capabilities
IT-related Capabilities
Event
Threat Type
Disclosure Interruption Modification Theft Destruction Ineffective design Ineffective execution Rules and regulations Inappropriate use
Asset/Resource
People and skills Organisational structures Process Infrastructure (facilities) IT infrastructure Information Applications
Actor
Internal (staff, contractor) External (competitor, outsider, business partner, regulator, market)
2013 ISACA. A
L L
R i G H T s
R E s E R V E D
FOR
RISK
APO09 Manage Service Agreements APO12 Manage Risk APO13 Manage Security
2013 ISACA. A
BAI03 Manage Solutions Identification and Build BAI04 Manage Availability and Capacity BAI05 Manage Organisational Change Enablement BAI06 Manage Changes BAI07 Manage Change Acceptance and Transitioning BAI10 Manage Configuration DSS03 Manage Problems DSS04 Manage Continuity DSS05 Manage Security Services DSS06 Manage Business Process Controls
L L
R i G H T s
R E s E R V E D
.
MEA03 Monitor, Evaluate and Assess Compliance With External Requirements
This gure highlights the key supporting COBIT 5 processes (shown in dark pink), as well as the other supporting processes (shown in light pink). The core risk processes are shown in light blue. Source: COBIT 5 for Risk, gure 18
FOR
RISK
COBIT 5 Enterprise Enablers
2. Processes
3. Organisational Structures
5. Information
Resources
Source: COBIT 5, gure 12
Enabler Dimension
Stakeholders
Internal Stakeholders External Stakeholders
Goals
Intrinsic Quality Contextual Quality (Relevance, Effectiveness) Accessibility and Security
Life Cycle
Plan Design Build/Acquire/ Create/Implement Use/Operate Evaluate/Monitor Update/Dispose
Good Practices
Practices Work Products (Inputs/Outputs)
2013 ISACA. A
L L
R i G H T s
R E s E R V E D
FOR
RISK
The Seven Phases of the Implementation Life Cycle
7H
ow
1 What a
ive ect f f e
Initiat e pr ogr am me
Establ is to ch h des ang ire e
Recog need nise act to
re th ed rive rs?
re?
n stai Su
2W
re we now? here a
Embed n approach ew es
Programme management
(outer ring)
Change enablement
(middle ring)
dm
th e
re ?
P la n p ro g ra m m e
Wh
Incomplete Process
Performed Process
Managed Process
Established Process
ed
er
ow
De
ew
la
I d e n tif y r o l e pla ye rs
oa
er
fi n
ant
to b
e?
m Co o
ap
B u il d i m pro ve m e nts
m ut u ni co c a m e te
le m I m p o ve m r imp
fi rg n e ta e t te
e en n t ts
De
ta
at er O p d us an
E xe
cu
COBIT 5 Process Assessment ModelPerformance Indicators Process Outcomes Base Practices (Management/ Governance Practices) Work Products (Inputs/ Outputs) Generic Practices
5H
ow
te
ge
do
we
Predictable Process
Optimising Process
Generic Resources
2013 ISACA. A
L L
R i G H T s
R E s E R V E D