Professional Documents
Culture Documents
Cobit Itil and Bs7799 (Found Via WWW - Filedonkey.com)
Cobit Itil and Bs7799 (Found Via WWW - Filedonkey.com)
PwC
Content
PwC
IS O 17799 Overview
BS 7799
• P rovides guidelines and recommendations for s ecurity management.
Organisational Risks
5
Security Physical and
Personnel
Organisation Asset Environmental
Security
System
Compliance
Development
Business
Comm / Ops Access and
Continuity
Management Control
Planning
Maintenance
6
Allocation of roles & res pons ibilities Security
3rd-party acces s ris ks /controls Organisation
Asset
Classification Inventory of As s ets
and Control Clas s ification bas ed on s ens itivity/bus ines s impact
Personnel
R ecruitment s creening
Security Awarenes s & training
R eporting of incidents
7
Physical and
P hys ical s ecurity perimeters Environmental
Incident procedures
Comm / Ops S egregation of duties
Management S ys tem planning & acceptance
Malicious s oftware protection
E -mail controls
Global Risk Management Solutions PwC July 2002
IS O 17799 Controls
Managing Acces s
- Application Level
Access
Control
- Operating Level
- Network Level 8
Copyright controls
Compliance R etention of records and information
9
Compliance with legis lation - Data protection
Compliance with company policy
PwC
CobiT P roduct F amily
EXECUTIVE SUMMARY
Implementation 11
Tool Set
Per process:
•Control objectives AI 6: Manage Changes: Control objectives
6.1: Change request initiation and control
•KPI’s: measure of performance 6.2: Impact assessment
•CSF’s: what do you need to do 6.3: Control of changes
6.4: Emergency changes
•KGI’s: measure of outcome 6.5: Documentation and procedures
•Maturity model 6.6: Authorised maintenance
6.7: Software release policy
6.8: Distribution of software
PwC
The ITIL jigsaw
what service the business requires of the provider ensuring that the customer has access to the appropriate
in order to provide adequate support to the business users services to support the business functions
16
• S ervice s upport:
– S ervice des k
– Incident manag ement
– P roblem manag ement
17
– Config uration management
– Chang e manag ement
– R eleas e management
PwC
What do we want to achieve with IT?
business
Support
Aligned
time
IT risks
19
Better Controlled
service
quality
Secure
time
cost
time time
The assignment of
responsibility for performing
specified activities to specific
groups or individuals
ITIL
BS 7799 - limited
Structure
? 21
& CobiT v3
Roles
Controls Processes
ITIL
CobiT
ISO 17799 CobiT - limited
Technology ISO 17799 - limited
ITIL- limited
ITIL
How do we get ISO 17799
IT design
there? CobiT
ce
n
ienc y
dent ia
uatio
ibility
Eval ol
it y
tiven
plian
Control Risk
y
r
bil
Cont
rit
Effic ic
Relia
Confi
Effec
Integ
Avail
Com
Materiality 4 4 4 1.5 1.5 1.5 1.5
Planning and organisation
PO 1 Define a strategic IT plan 2 C H
PO 2 Define the information architecture 1 E C C O
PO 3 Determine the technological direction 2 C H
PO 4 Define organisation and relationships 2 C H
PO 5 Manage the investment 2 C C O
PO 6 Communicate management aims and direction 1 E O
PO 7 Manage human resources 1 E E
PO 8 Ensure compliance with external requirements 1 E c O
PO 9 Assess risk 1 C C E c c O O
PO 10 Manage projects
PO 11 Manage quality
1
1
E
E
E
E c O
CobiT compliance check
Acquisition and implementation
AI 1 Identify automated solutions 1 E C
AI 2
AI 3
Acquire and maintain application software
Acquire and maintain technology architecture
1
1
E
E
E
E
O
O
O O 24
AI 4 Develop and maintain procedures 1 E E O O O
AI 5 Install and accredit systems 1 E O O
AI 6 Managing changes 2 C C c c O
Monitoring
M1 Monitor the process 1 E C C O O O O
M2 Assess internal control adequacy 1 E E C O O O O
M3 Obtain independent assurance 1 E E C O O O O
M4 Provide for Independent Audit 1 E E C O O O O
70%
62.50% 25
60%
40%
29.03%
30%
18.75%
20% 15.84%
11.39% 9.43%
8.33%
10%
4.88% 4.82%
0.00%
0%
1 2 3 4 5 6 7 8 9 10
ISO 17799 Modules
Controls Processes
CobiT ITIL
ISO 17799 Technology CobiT - limited
ISO 17799 -
ITIL-limited limited
Global Risk Management Solutions PwC July 2002
Nicolette Conradie:
Nicolette.Conradie@za.pwcglobal.com
082 891 8648
Angeli Hoekstra
Angeli.Hoekstra@za.pwcglobal.com
082 783 1371