1 / 13

PART 1 – CISA Domain 2 – Governance and Management of IT

Knowledge of the organizationu2019s technology direction and IT architecture and their implications for setting long-term strategic directions<br>

infosectrain01
Download Presentation

PART 1 – CISA Domain 2 – Governance and Management of IT

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. www.infosectrain.com PART 1 – CISA Domain 2 – Governance and Management of IT

  2. InfosecTrain About Us InfosecTrain is one of the finest Security and Technology Training and Consulting organization, focusing on a range of IT Security Trainings and Information Security Services. InfosecTrain was established in the year 2016 by a team of experienced and enthusiastic professionals, who have more than 15 years of industry experience. We provide professional training, certification & consulting services related to all areas of Information Technology and Cyber Security.

  3. PART 1 – CISA Domain 2 – Governance and Management of IT This article covers – ➢ Overall understanding of the domain ➢ Important concepts to focus on from exam point of view The article is split into 5 parts as below: • Part 1 – Corporate Governance, Governance of Enterprise IT (GEIT), Auditor’s role in GEIT • Part 2 – IT Balanced Score Card (BSC), IT Governing Committee (IT Strategy and Steering committee), Maturity and process improvement models • Part 3 – Risk Management, Human Resource Management, Sourcing Practices • Part 4 – Information Security – Roles and Responsibilities, Business Continuity Planning (BCP), Business Impact Analysis (BIA) • Part 5 – Classification of Systems and criticality analysis, Components of Business Continuity Planning (BCP), Plan Testing. 4 CCISO Certification

  4. PART 1 – CISA Domain 2 – Governance and Management of IT ➢ Overall understanding of the domain What is Corporate Governance? What is Governance of Enterprise IT (GEIT)? What is the role of auditor in GEIT? ➢ Knowledge of the organization’s technology direction and IT architecture and their implications for setting long -term strategic directions ➢ Knowledge of the processes for the development, implementation and maintenance of IT strategy, policies, standards and procedures ➢ Knowledge of the use of capability and maturity models ➢ Knowledge of process optimization techniques ➢ Knowledge of IT resource investment and allocation practices, including prioritization criteria (e. g., portfolio management, value management, personnel management ➢ Knowledge of IT supplier selection, contract management, relationship management and performance monitoring processes including third party outsourcing relationships 5

  5. ➢ Knowledge of enterprise risk management (ERM) ➢ Knowledge of practices for monitoring and reporting of controls performance (e. g., continuous monitoring , quality assurance [QA]) ➢ Knowledge of quality management and quality assurance (QA) systems ➢ Knowledge of practices for monitoring and reporting of IT performance (e. g., balanced scorecards [BSCs], key performance indicators [KPIs]) ➢ Knowledge of business impact analysis (BIA) ➢ Knowledge of the standards and procedures for the development, maintenance and testing of the business continuity plan (BCP) ➢ Knowledge of procedures used to invoke and execute the business continuity plan and return to normal operations 6

  6. Important concepts from exam point of view: ➢ It is a system by which entity is controlled and directed ➢ Set of responsibilities and practices who provide strategic directions, thereby ensuring that • Goals are achievable, • Risk are properly addressed and • Organizational resources are properly utilized ➢ Involves a set of relationships between a company ’s management, its board, its shareholders and other stakeholders 7

  7. ➢ GEIT is one of the domains of Corporate governance ➢ GEIT is a system in which all stakeholders, including the board, senior management, internal customers and departments such as finance, provide input into the decision - making process. ➢ GEIT is the responsibility of the board of directors and executive management. 8

  8. ➢ Purposes of GEIT are: • to direct IT endeavors to ensure that IT performance meets the objectives of aligning IT with the enterprise’s objectives and the realization of promised benefits • enable the enterprise by exploiting opportunities and maximizing benefits • IT resources should be used responsibly, and IT-related risk should be managed Appropriately ➢ Key element of GEIT is the alignment of business and IT, leading to the achievement of business value. ➢ Examples of GEIT includes the following: • COBIT 5 is developed by ISACA, which includes five principles, five domains, 37 processes and 210 practices • The International Organization for Standardization (ISO)/International Electro-technical Commission (IEC) 27001 (ISO 27001) – provides guidance to organizations implementing and maintaining information security programs. • The Information Technology Infrastructure Library (ITIL) was developed by the UK Office of Government Commerce (OGC) • ISO/IEC 38500:2008 Corporate governance of information technology • ISO/IEC 20000 is a specification for service management that is aligned with ITIL’s service management framework 9

  9. 10

  10. ➢ To provide leading practice recommendations to senior management to help improve the quality and effectiveness of the IT governance initiatives implemented. ➢ Helps ensure compliance with GEIT initiatives implemented within an organization ➢ continuous monitoring , analysis and evaluation of metrics associated with GEIT initiatives require an independent and balanced view to ensure a qualitative assessment that subsequently facilitates the qualitative improvement of IT processes and associated GEIT initiatives ➢ To check on alignment of the IT function with the organization’s mission, vision, values, objectives and strategies ➢ To ensure compliance with legal, environmental, information quality, fiduciary, security and privacy requirements 11

  11. 12

  12. ABOUT OUR COMPANY OUR CONTACT InfosecTrain welcomes overseas customers to come and attend training sessions in destination cities across the globe and enjoy their learning experience at the same time. https://www.facebook.com/Infosectrain/ 1800-843-7890 sales@infosectrain.co https://www.linkedin.com/company/infosec-train/ m www.infosectrain.com https://www.youtube.com/c/InfosecTrain

More Related