370 likes | 647 Views
ISACA Global Leadership Conference Update. ISACA Lietuvos skyriaus gegužės mėn. susitikimas Henrikas Šavela, Pirmininko pavaduotojas Aušra Gustainienė, Narystės direktorė 2011.05.25. Agenda. ISACA Statistics ISACA Hosted Chapter websites CobIT5 Update ISACA Certifications overview
E N D
ISACA Global Leadership Conference Update ISACA Lietuvos skyriaus gegužės mėn. susitikimas Henrikas Šavela, Pirmininko pavaduotojas Aušra Gustainienė, Narystės direktorė 2011.05.25.
Agenda • ISACA Statistics • ISACA Hosted Chapter websites • CobIT5 Update • ISACA Certifications overview • Research Deliverables
ISACA Organization • 191 chapters • 79 countries, 6 continents • 2,000+ chapter leaders • Together we touch >85,000 members
Regional Breakdown Five geographic regions around the world >18,000 >40,000 >20,000 >4,000 >3,500 >2,000 As of 1 February 2011
Web site development • Lithuanian chapter in Phase x? • Latvia chapter participated in Phase x? – will gladly share experience, especially in making “localizing” website. • ISACA offers: • Training manual • Short tutorial videos (2-3 minutes each) • 9 Topics/tasks • Available 24/7
COBIT 5 Objectives • The initiative charge from the Board of Directors is to “tie together and reinforce all ISACA knowledge assets with COBIT.” COBIT 5 will: • Provide a renewed and authoritative governance and management framework for enterprise information and related technology, building on the current widely recognized and accepted COBIT framework, linking together and reinforcing all other major ISACA frameworks and guidance such as: Val IT Risk IT BMIS ITAF Board Briefing Taking Governance Forward • Connect to other major frameworks and standards in the marketplace (ITIL, ISO standards, etc.) © 2010 ISACA. All rights reserved. 11
What Will Be Delivered? • An enterprisewide, “end-to-end” framework addressing governance and management of information and related technology. • The framework structure will include familiar components such as a domain/process model and other components such as governance/ management practices, RACI charts and inputs/ outputs. • An initial COBIT 5 product architecture, specifying which types of “products” and other “guidance” that could be developed for specific IT professional audiences (e.g., assurance, security, risk) in support of enterprise business needs. © 2010 ISACA. All rights reserved. 12
Draft Framework • A work in progress today
Potential Products • A work in progress today
Other Guidance Options The COBIT 5 product architecture will also contain practitioner guidance designed to support specific business requirements, the needs of ISACA constituent groups, specific content topic development and reference to the COBIT framework and specific framework as necessary. Such guidance could include: • Getting Started Guides • Mappings • Surveys and Benchmarks • Implementation Guides
Key Messages for IT Professionals • IT Professionals in assurance, security governance, risk and control roles • COBIT 5 is builds and expands on COBIT 4.1 • COBIT 5 will include the scope of Val IT and Risk IT within a single framework—current users will have more robust functionality with better integration (also integrating BMIS and ITAF) • Enterprise leadership needs to champion effective governance and management of enterprise IT—COBIT can help.
Time Plan • Plan the initiative and obtain necessary approvals • Design the overarching COBIT 5.0 framework and validate the design with • the market • Design draft document Public Exposure, April 2010 • Design workshop, May 2010 • Finalize the overarching COBIT 5.0 framework design, May - July 2010 • Develop the contents for the overarching COBIT 5.0 framework publication • Development workshops, summer 2010 • Subject Matter Expert content reviews, October 2010 – April 2011 (including an exposure draft of the full publication) • Public exposure of draft framework, June – July 2011 • Finalize the overarching COBIT 5.0 framework development, July – August 2011 • Prepare the developed materials for publication, post September 2011
COBIT 5 News • As the initiative progresses throughout 2010 and 2011 there will be periodic updates provided: • On the ISACA web site, www.isaca.org/COBIT5 • In the COBIT Focus newsletter • In other ISACA membership communications, events, marketing materials and PR activities • Watch these spaces for more news!
Certifications Overview Established 1978 65,000 certifications awarded SC Magazine 2009 Best Professional Certification Program awardANSI Accredited as compliant to ISO/IEC 17024:2003 Established 2002 65,000 certifications awarded Finalist SC Magazine 2009 & 2010 Best Professional Certification ProgramANSI Accredited as compliant to ISO/IEC 17024:2003 Established 2007 65,000 certifications awarded Established 2010 Finished Grandfathering Phase (April 2010 - March 2011) First exam December 2011
Certification Summary CRISC / CGEIT CRISC – operational level to mitigate risk CGEIT – significant management, advisory or assurance role CRISC / CISA CRISC – design, implement and maintain IS controls CISA – perform independent reviews of controls CRISC / CISM CRISC – encompass security, operational and compliance CISM – manage, design, oversee and/or assess Inf. Security
CRISC - Grandfathering CRISC grandfathering application deadline extended to 30 June 2011! Requirements 8 years of IT or business experience 6 years of experience across all domains with a minimum of 3 years experience in risk- related domains Compliance with the: CRISC Continuing Education Policy ISACA Code of Professional Ethics www.isaca.org/crisc 22
Research Deliverables • The Guidance & Practices Committee(GPC) is responsible for developingpractical and pragmatic guidance forISACA’s constituents related to ISACA’sframeworks, emerging technologies andother issues that are relevant to members
Top Technology & Business IssueSurvey Report • The survey identified seven top issues among ISACA’smembers: 1. Regulatory Compliance 2. Enterprise based IT Management and IT Governance 3. Information Security Management 4. Disaster Recovery / Business Continuity 5. Challenges of managing IT Risks 6. Vulnerability Management 7. Continuous Process Improvement / Business Agility
GPC Deliverables • The GPC is addressing the areas identifiedin this survey (among others) with practicalguidance in the form of: 1. White Papers 2. Audit programs 3. Books 4. Presentations at Conferences 5. Vision Series
GPC Deliverables • Implementing and Continually Improving ITGovernance • Available for download for members, purchase for all • Tool kit zip files for ISACA members now contain 22supporting documents in various formats including anExcel Process Maturity Tool based on the COBITmaturity model and designed to provide practicalsupport for its use, highlighting the need to addressIT governance, perform a gap analysis and identifyareas to mature.
GPC Deliverables • Security, Audit and Control Features OracleDatabase, 3rd Edition • Focuses on the attributes and incrementalfunctionality in the most recent Oracle relationaldatabase management system (RDBMS) softwarereleases 10g and 11g (with focus on 11g). • Audit / assurance program and internal controlquestionnaire available as a download to members at www.isaca.org/research
GPC Deliverables • Monitoring of Internal Controls and IT • Expands the 2009 COSO Guidance on Monitoringof Internal Controls by bringing emphasis to themonitoring of application and IT general controlsand discussing the use of automation (tools) forincreased efficiency and effectiveness ofmonitoring processes • Available free to members atwww.isaca.org/research
Guidance and PracticesWhitepapers • The Guidance and Practices Committee hasdeveloped 10 white papers: • Cloud Computing: Business Benefits withSecurity, Assurance and GovernancePerspectives • Securing Mobile Devices • Data Loss Prevention (DLP) • New Service Auditor Standard that is ReplacingSAS70 • Social Media • E-Commerce and Consumer Retailing: Risks andBenefits • Electronic Discovery • Security Information and Event Management(SIEM): Business Benefits and Security,Assurance and Governance Perspectives • Virtualization: Benefits and Challenges • Sustainability
Guidance andPracticesWhitepapers • Currently there are five more papers indevelopment: • XBRL • Geolocation • Secure Web Coding • Data Analytics • Business Continuity Mangement
Guidance and PracticesCloud Projects • IT Control Objectives for Cloud Computing– June 2011 • Guiding Principles for Cloud Computing • Enterprise Governance of IT for CloudComputing • Cloud Vision Series • Continued white papers and auditprograms
Klausimai diskusijai • Kokia kryptimi ISACA Lietuvos skyrius turėtų eiti? • ISACA Lietuva narių ir sertifikuotų narių skaičiaus didinimo? • Į sertifikatų ir narystės bei aktyvaus dalyvavimo ISACA Lietuvos skyriaus veikloje vertės kūrimą darbdavio akimis? • Kokią papildomą naudą ISACA Lietuvos skyrius galėtų suteikti nariams?