|
|
|
|
Government Advocacy: IT starts with COBIT at the National Audit Office of Lithuania |
 Life is more complex than what we read in books, and most of us trust in things we can test rather than the words we hear. But it is necessary to have words on which to base our learning…terms that enable us to assign meaning, or to affix our experiences and practices to them.
COBIT is such a word, perceived to be not only a deposit of good practice with tools and advice on how to use it, but also as a way of thinking, which changed traditional attitudes on and approaches to IT governance and management.
The time was right when COBIT 4.1 was translated into Lithuanian in 2011.
It was a good decision to translate COBIT into our language, helping Lithuanians adopt a new way of thinking and a new set of knowledge. Each new page brings to us something new or reminds us of something we already knew, but had forgotten in the midst of our busy daily routine. Reading COBIT increases our competence while making us stronger and more certain in our professional lives.
In Lithuanian, valdymas stands both for governance and management. Often mixed, misused or small-scaled, it gives an illusion that effective management of the plan/build/run/monitor cycle solves all IT problems. And then governance entails responsibility to the stakeholders with the evaluate/direct/monitor cycle. |
| |
| Read More >> |
| Category: Audit-Assurance
Published: 5/23/2013 2:12:00 PM |
|
|
|
COBIT...the meta-framework |
 My default source of IT good practice is COBIT. It is my meta-framework: the framework I use to structure all other bodies of knowledge. As a consultant, COBIT is my first choice for my engagements. I go to it first to assess, to frame, to define, to justify, to audit. I turn to other bodies of knowledge (BoKs) such as ITIL, Prince2, PMBOK, e-CF, or USMBOK when I need more detail.
For me, it is a no-brainer to reach for COBIT first and most often:
- Purpose. COBIT is an IT practice (and now governance) framework. It is intended to be a comprehensive description of all IT practices. It may not do that perfectly, but it comes much closer than other BoKs, which all have their own particular bias or slant or area of interest. Which leads us to...
- Coverage. COBIT covers more practices than any other BoKs except USMBOK.
- Rigour. Not all BoKs are as systematically structured as COBIT. For example, ITIL's narrative style (no…really…compared to other frameworks, ITIL is downright chatty) may appeal, but as a foundation for my consulting activities, the rigour and structure of COBIT is more dependable and useful. COBIT is systematically numbered, and every entity has a consistent structure. I actually find the formal COBIT structure much easier to use: I find answers more quickly, I get clearer concepts with less confusion, and I frame things readily.
- Benchmark. You can assess against COBIT; it has clearly defined requirements.
- Credibility. COBIT is written by a team, not a couple of authors per book. The same team for all the books. And then the list of all COBIT contributors and reviewers runs to pages. It is owned and published by a not-for-profit membership body set up and run by auditors, process geeks and security wonks. Its governance (and discretion) rocks.
- Accessibility. COBIT is low cost. There are fairly loose copyright and trademark constraints for use by consultants and vendors. You can subscribe to an interactive personalised online version (only COBIT 4.1 for now).
- Novelty. COBIT is of course not "new" any more than ITIL was when the world "discovered" it a decade ago. But COBIT has yet to be a fad, and the world is ready for a new fad. I think COBIT is IT's next silver bullet. That is, of course, not a good thing and will need to be managed, but if it is true it will certainly kick along COBIT adoption.
- Governance. COBIT will be embraced because the realisation is dawning that cloud and SaaS and BYOD are business decisions—not IT decisions—and that therefore it is high time the organisation as a whole stepped up to its responsibilities for IT instead of abdicating and blaming IT. Organisations have failed their IT like bad parents. The road to redemption is better enterprise-level governance of IT, and that's what COBIT 5 is all about. ITIL V3 Service Strategy actually talks about governance quite a lot but, seemingly, nobody has read it. COBIT has the governance high ground.
I encourage everyone in IT to have a copy of COBIT 5 at hand. I use COBIT: |
| |
| Read More >> |
| Category: Audit-Assurance
Published: 5/21/2013 3:54:00 PM |
|
|
|
Big data defined |
 There are a number of definitions of big data presently being used. The origins of the term come from a 2001 paper by Doug Laney of Meta Group. In the paper, Laney defines big data as data sets where the three Vs—volume, velocity and variety—present specific challenges in managing these data sets.
Velocity refers to the speed with which data is created. And, this speed has been increasing dramatically. Looking at the infographic below, we can see some staggering examples of data velocity: each minute, 48 hours of video are uploaded to YouTube, Twitter users send 100,000 tweets and Instagram users share 3,600 photos.
Figure 1 (Source: Domo.com)
Velocity is also quickly becoming the key aspect of big data that warrants management. Visitors to LinkedIn, for example, are not prepared to wait more than a few seconds for the “People You May Know” screen to display. For speedy results, LinkedIn needs to process terabytes of data (and do it fast). |
| |
| Read More >> |
| Category: Audit-Assurance
Published: 5/17/2013 1:54:00 PM |
|
|
|
Meet Your Board Members: Christos Dimitriadis |
 Today’s ISACA Now post profiles International Vice President Christos Dimitriadis, Ph.D., CISA, CISM, CRISC, the head of information security at Greece’s INTRALOT GROUP. Christos is chair of ISACA’s COBIT Security Task Force and has served as chair of ISACA’s External Relations Committee and as a member of the Relations Board, Academic Relations Committee, ISACA Journal Editorial Committee and Business Model for Information Security Work Group.
ISACA: Describe your professional background.
Christos: I have been conducting research in information security since 1996, when studying at the University of Patras, Greece. When developing my diploma thesis, I studied risks for mobile operators, assessing companies and developing case studies. This was more or less my initiation in the profession. When I completed my five-year studies and received my diploma, I decided to gain more expertise through Ph.D. studies on 3G and 4G security, also involving research in identity management, biometrics, honeynets and gaming theory in mobile security.
In 2000, I started working for a consultancy company, providing services in information security in Europe. And in 2007 I decided to take a CISO position at INTRALOT, a multinational supplier of gaming and transactional systems. |
| |
| Read More >> |
| Category: Audit-Assurance
Published: 5/14/2013 4:20:00 PM |
|
|
|
International President: Insights from a year at the helm of ISACA |
 The INSIGHTS conference next month in Berlin, Germany, offers a unique opportunity to interact with industry leaders, learn cutting-edge skills, renew old bonds and forge new ones, and reinvigorate your professional self to face emerging challenges. I will be taking advantage of all of those opportunities and I hope you do, too.
In addition to participating in this innovative event, I have a special duty to perform at INSIGHTS—stepping down as international president, having served my one-year term, and welcoming Tony Hayes to the role. It was a great honor to serve as ISACA’s 2012-2013 international president. It has been an exciting and productive year, and I am confident that Tony will skillfully lead the association through the next 12 months.
In looking back over the year, a number of activities stand out. The COBIT 5 family of products grew in adoption across a wide range of industries around the world. For example, COBIT 5 for Information Security was released, along with the COBIT 5 accredited training program and the first two courses. |
| |
| Read More >> |
| Category: ISACA
Published: 5/10/2013 10:43:00 AM |
|
|
|
|
|
<< First
< Previous
Page: 1 of 56
Next >
Last >>
|
|
|
|
This blog is intended to offer a way for ISACA leaders, constituents and staff to exchange information of interest pertinent to the association, the business environment and/or the profession.
The comments on this site are the author’s own and do not necessarily represent ISACA’s opinions or plans. ISACA does not endorse, monitor or control any links to external sites offered in this blog, and makes no warranty or statement regarding the content on those external sites.
Anyone posting comments on this site should ensure that the content remains on-topic and steers well clear of any statements that could be considered insensitive, offensive or threatening. Given ISACA’s global nature, the need to communicate in a way that is accessible and acceptable to many cultures should be taken into account. ISACA retains the right, at its sole discretion, to refuse content that is considered inappropriate.
To volunteer to write a blog or suggest a topic send an email here.
|
|
|
|
|