Using COBIT 5 Framework for Cybersecurity Assessment Hugh Burley, - - PowerPoint PPT Presentation

▶

Jan 25, 2024 282 likes •555 views

Conference 2018 Conference 2018 Using COBIT 5 Framework for Cybersecurity Assessment Hugh Burley, Trevor Hurst, and Ivor MacKay Speakers Trevor Hurst, Chief Information Officer Ministry of Advanced Education, Skills & Training Hugh

SLIDE 1

Conference 2018

Using COBIT 5 Framework for Cybersecurity Assessment

Hugh Burley, Trevor Hurst, and Ivor MacKay

SLIDE 2

Conference 2018

Speakers

Trevor Hurst, Chief Information Officer Ministry of Advanced Education, Skills & Training Hugh Burley, Manager of Information Security/Information Security Officer Thompson Rivers University/BCNET Ivor MacKay, Manager, Information Technology BCNET

SLIDE 3

Conference 2018

Agenda

1. COBIT 5 Refresher
2. Why COBIT 5
3. Assessments
4. Q & A

SLIDE 4

Conference 2018

COBIT 5 Refresher

SLIDE 5

Conference 2018

COBIT PRINCIPLES

SLIDE 6

Conference 2018

Meeting Stakeholder Needs

SLIDE 7

Conference 2018

COBIT 5 ENABLERS

SLIDE 8

Conference 2018

GOVERNANCE VS MANAGEMENT

SLIDE 9

Conference 2018

SLIDE 10

Conference 2018

Why COBIT 5?

SLIDE 11

Conference 2018

Alignment

“How do I ensure all of our Digital investments contribute to Stakeholder Value and enable the strategy of my Institution?

Audit preparation (Risk Management)

Tell a better story (funding)

“How do I ensure benefits are realized and IT risks are mitigated? How can I prepare for upcoming Audit and/or review activity? “How do I better communicate the gaps in our environment and achieve better funding?

SLIDE 12

Conference 2018

OAGBC General Computing Controls Report

http://www.bcauditor.com/sites/default/files/publications/reports/OAGBC %20General%20Computing%20Controls%20Report_FINAL.pdf

SLIDE 13

Conference 2018

COBIT Maturity

SLIDE 14

Conference 2018

COBIT Maturity

SLIDE 15

Conference 2018

Assessments

SLIDE 16

Conference 2018

Assessment vs Audit Or is it really Gap Analysis vs. Internal Audit vs. Pre-Assessment

SLIDE 17

Conference 2018

Differences Between the COBIT 4.1 and the COBIT 5

SLIDE 18

APO12 Manage Risk APO13 Manage Security BAI06 Manage Changes DSS02 Manage Service Requests and Incidents

SLIDE 19

Conference 2018

Assessment Methodology

SLIDE 20

Conference 2018

KEY AREA: RISK a) Level of risk acceptance b) Risk review c) Risk approval KEY AREA: MANAGING SECURITY

SLIDE 21

Conference 2018

Risk Assessment Consequence Table

SLIDE 22

Conference 2018

KEY AREA: MANAGING CHANGE a) Methods of assessing change and its risks b) Approval process KEY AREA: MANAGE SERVICE REQUESTS AND INCIDENTS a) Problem tracking b) Evidence of reviewing Incidents and Requests

SLIDE 23

Conference 2018

Self-Assessment

SLIDE 24

Conference 2018

Self-Assessment

http://www.isaca.org/COBIT/Pages/Self-Assessment-Guide.aspx

SLIDE 25

Conference 2018

Self-Assessment

http://www.isaca.org/COBIT/Pages/COBIT-5-PAM.aspx

SLIDE 26

Conference 2018

Conference 2018

Conference 2018

Using COBIT 5 Framework for Cybersecurity Assessment

Hugh Burley, Trevor Hurst, and Ivor MacKay

Speakers

Trevor Hurst, Chief Information Officer Ministry of Advanced Education, Skills & Training Hugh Burley, Manager of Information Security/Information Security Officer Thompson Rivers University/BCNET Ivor MacKay, Manager, Information Technology BCNET

Agenda

COBIT 5 Refresher

COBIT PRINCIPLES

Meeting Stakeholder Needs

COBIT 5 ENABLERS

GOVERNANCE VS MANAGEMENT

Why COBIT 5?

Alignment

“How do I ensure all of our Digital investments contribute to Stakeholder Value and enable the strategy of my Institution?

Audit preparation (Risk Management)

Tell a better story (funding)

“How do I ensure benefits are realized and IT risks are mitigated? How can I prepare for upcoming Audit and/or review activity? “How do I better communicate the gaps in our environment and achieve better funding?

OAGBC General Computing Controls Report

COBIT Maturity

COBIT Maturity

Assessments

Assessment vs Audit Or is it really Gap Analysis vs. Internal Audit vs. Pre-Assessment

Differences Between the COBIT 4.1 and the COBIT 5

APO12 Manage Risk APO13 Manage Security BAI06 Manage Changes DSS02 Manage Service Requests and Incidents

Assessment Methodology

KEY AREA: RISK a) Level of risk acceptance b) Risk review c) Risk approval KEY AREA: MANAGING SECURITY

Risk Assessment Consequence Table

KEY AREA: MANAGING CHANGE a) Methods of assessing change and its risks b) Approval process KEY AREA: MANAGE SERVICE REQUESTS AND INCIDENTS a) Problem tracking b) Evidence of reviewing Incidents and Requests

Self-Assessment

Self-Assessment

http://www.isaca.org/COBIT/Pages/Self-Assessment-Guide.aspx

Self-Assessment

http://www.isaca.org/COBIT/Pages/COBIT-5-PAM.aspx

Info~Tech