2. InfosecTrain
About Us
InfosecTrain is one of the finest Security and Technology Training and Consulting organization, focusing on a range of IT Security Trainings
and Information Security Services. InfosecTrain was established in the year 2016 by a team of experienced and enthusiastic professionals,
who have more than 15 years of industry experience. We provide professional training, certification & consulting services related to all areas
of Information Technology and Cyber Security.
3.
4. 4
PA RT 1 – C I SA D o m a i n 2 – G o ve r n a n c e a n d M a n a ge m e nt o f I T
T h i s a r t i c l e c o v e r s –
➢ O v e r a l l u n d e r s t a n d i n g o f t h e d o m a i n
➢ I m p o r t a n t c o n c e p t s t o f o c u s o n f r o m e x a m p o i n t o f v i e w
T h e a r t i c l e i s s p l i t i n t o 5 p a r t s a s b e l o w :
• Part 1 – Corporate Governance, Governance of Enterprise IT (GEIT), Auditor’s role in GEIT
• Part 2 – IT Balanced Score Card (BSC), IT Governing Committee (IT Strategy and Steering committee), Maturity and
process improvement models
• Part 3 – Risk Management, Human Resource Management, Sourcing Practices
• Part 4 – Information Security – Roles and Responsibilities, Business Continuity Planning (BCP), Business Impact Analysis
(BIA)
• Part 5 – Classification of Systems and criticality analysis, Components of Business Continuity Planning (BCP), Plan
Testing.
C C I S O C e r t i f i c a t i o n
5. 5
➢ Overall understanding of the domain
What is Corporate Governance?
What is Governance of Enterprise IT (GEIT)?
What is the role of auditor in GEIT?
➢ K n o w l e d g e o f t h e o r g a n i z a t i o n ’s t e c h n o l o g y d i r e c t i o n a n d I T a r c h i t e c t u r e a n d t h e i r
i m p l i c a t i o n s f o r s e t t i n g l o n g - t e r m s t r a t e g i c d i r e c t i o n s
➢ K n o w l e d g e o f t h e p r o c e s s e s f o r t h e d e v e l o p m e n t , i m p l e m e n t a t i o n a n d m a i n t e n a n c e
o f I T s t r a t e g y, p o l i c i e s , s t a n d a r d s a n d p r o c e d u r e s
➢ K n o w l e d g e o f t h e u s e o f c a p a b i l i t y a n d m a t u r i t y m o d e l s
➢ K n o w l e d g e o f p r o c e s s o p t i m i z a t i o n t e c h n i q u e s
➢ K n o w l e d g e o f I T r e s o u r c e i n v e s t m e n t a n d a l l o c a t i o n p r a c t i c e s , i n c l u d i n g
p r i o r i t i z a t i o n c r i t e r i a ( e . g . , p o r t f o l i o m a n a g e m e n t , v a l u e m a n a g e m e n t , p e r s o n n e l
m a n a g e m e n t
➢ K n o w l e d g e o f I T s u p p l i e r s e l e c t i o n , c o n t r a c t m a n a g e m e n t , r e l a t i o n s h i p
m a n a g e m e n t a n d p e r f o r m a n c e m o n i t o r i n g p r o c e s s e s i n c l u d i n g t h i r d p a r t y
o u t s o u r c i n g r e l a t i o n s h i p s
PA RT 1 – C I S A D o m a i n 2 – G o v e r n a n ce a n d M a n a g e m e nt o f I T
6. 6
➢ K n o w l e d g e o f e n t e r p r i s e r i s k m a n a g e m e n t ( E R M )
➢ K n o w l e d g e o f p r a c t i c e s f o r m o n i t o r i n g a n d r e p o r t i n g o f c o n t r o l s p e r f o r m a n c e ( e . g . ,
c o n t i n u o u s m o n i t o r i n g , q u a l i t y a s s u r a n c e [ Q A ] )
➢ K n o w l e d g e o f q u a l i t y m a n a g e m e n t a n d q u a l i t y a s s u r a n c e ( Q A ) s y s t e m s
➢ K n o w l e d g e o f p r a c t i c e s f o r m o n i t o r i n g a n d r e p o r t i n g o f I T p e r f o r m a n c e ( e . g . , b a l a n c e d
s c o r e c a r d s [ B S C s ] , k e y p e r f o r m a n c e i n d i c a t o r s [ K P I s ] )
➢ K n o w l e d g e o f b u s i n e s s i m p a c t a n a l y s i s ( B I A )
➢ K n o w l e d g e o f t h e s t a n d a r d s a n d p r o c e d u r e s f o r t h e d e v e l o p m e n t , m a i n t e n a n c e a n d
t e s t i n g o f t h e b u s i n e s s c o n t i n u i t y p l a n ( B C P )
➢ K n o w l e d g e o f p r o c e d u r e s u s e d t o i n v o k e a n d e x e c u t e t h e b u s i n e s s c o n t i n u i t y p l a n a n d
r e t u r n t o n o r m a l o p e r a t i o n s
7. 7
I m p o r ta nt c o n c e pt s f ro m exa m p o i nt o f v i e w :
➢ I t i s a s y s t e m b y w h i c h e n t i t y i s c o n t r o l l e d a n d d i r e c t e d
➢ S e t o f r e s p o n s i b i l i t i e s a n d p r a c t i c e s w h o p r o v i d e s t r a t e g i c d i r e c t i o n s , t h e r e b y
e n s u r i n g t h a t
• Goals are achievable,
• Risk are properly addressed and
• Organizational resources are properly utilized
➢ I n v o l v e s a s e t o f r e l a t i o n s h i p s b e t w e e n a c o m p a n y ’s m a n a g e m e n t , i t s b o a r d , i t s
s h a r e h o l d e r s a n d o t h e r s t a k e h o l d e r s
8. 8
➢ G E I T i s o n e o f t h e d o m a i n s o f C o r p o r a t e g o v e r n a n c e
➢ G E I T i s a s y s t e m i n w h i c h a l l s t a k e h o l d e r s , i n c l u d i n g t h e b o a r d , s e n i o r m a n a g e m e n t ,
i n t e r n a l c u s t o m e r s a n d d e p a r t m e n t s s u c h a s f i n a n c e , p r o v i d e i n p u t i n t o t h e d e c i s i o n -
m a k i n g p r o c e s s .
➢ G E I T i s t h e r e s p o n s i b i l i t y o f t h e b o a r d o f d i r e c t o r s a n d e x e c u t i v e m a n a g e m e n t .
9. 9
➢ P u r p o s e s o f G E I T a r e :
• to direct IT endeavors to ensure that IT performance meets the objectives of aligning IT with the enterprise’s objectives
and the realization of promised benefits
• enable the enterprise by exploiting opportunities and maximizing benefits
• IT resources should be used responsibly, and IT-related risk should be managed Appropriately
➢ K e y e l e m e n t o f G E I T i s t h e a l i g n m e n t o f b u s i n e s s a n d I T, l e a d i n g t o t h e a c h i e v e m e n t
o f b u s i n e s s v a l u e .
➢ E xa m p l e s o f G E I T i n c l u d e s t h e fo l l o w i n g :
• COBIT 5 is developed by ISACA, which includes five principles, five domains, 37 processes and 210 practices
• The International Organization for Standardization (ISO)/International Electro-technical Commission (IEC) 27001 (ISO
27001) – provides guidance to organizations implementing and maintaining information security programs.
• The Information Technology Infrastructure Library (ITIL) was developed by the UK Office of Government Commerce
(OGC)
• ISO/IEC 38500:2008 Corporate governance of information technology
• ISO/IEC 20000 is a specification for service management that is aligned with ITIL’s service management framework
11. 11
➢ To p r o v i d e l e a d i n g p r a c t i c e r e c o m m e n d a t i o n s t o s e n i o r m a n a g e m e n t t o h e l p
i m p r o v e t h e q u a l i t y a n d e f f e c t i v e n e s s o f t h e I T g o v e r n a n c e i n i t i a t i v e s
i m p l e m e n t e d .
➢ H e l p s e n s u r e c o m p l i a n c e w i t h G E I T i n i t i a t i v e s i m p l e m e n t e d w i t h i n a n o r g a n i z a t i o n
➢ c o n t i n u o u s m o n i t o r i n g , a n a l y s i s a n d e v a l u a t i o n o f m e t r i c s a s s o c i a t e d w i t h G E I T
i n i t i a t i v e s r e q u i r e a n i n d e p e n d e n t a n d b a l a n c e d v i e w t o e n s u r e a q u a l i t a t i v e
a s s e s s m e n t t h a t s u b s e q u e n t l y f a c i l i t a t e s t h e q u a l i t a t i v e i m p r o v e m e n t o f I T
p r o c e s s e s a n d a s s o c i a t e d G E I T i n i t i a t i v e s
➢ To c h e c k o n a l i g n m e n t o f t h e I T f u n c t i o n w i t h t h e o r g a n i z a t i o n ’s m i s s i o n , v i s i o n ,
v a l u e s , o b j e c t i v e s a n d s t r a t e g i e s
➢ To e n s u r e c o m p l i a n c e w i t h l e g a l , e n v i r o n m e n t a l , i n f o r m a t i o n q u a l i t y, f i d u c i a r y,
s e c u r i t y a n d p r i v a c y r e q u i r e m e n t s
13. OUR CONTACT
A B O U T O U R C O M PA N Y
InfosecTrain welcomes overseas customers to come and attend
training sessions in destination cities across the globe and enjoy their
learning experience at the same time.
1800-843-7890
sales@infosectrain.co
m
www.infosectrain.com
https://www.facebook.com/Infosectrain/
https://www.linkedin.com/company/infosec-train/
https://www.youtube.com/c/InfosecTrain