COBITFramework_ManagementGuidelines---IT治理框.ppt

1、SITC: Service that verification, detection and correction of the accuracy of output occur; and that information provided in the output is used. AC6 Transaction Authentication and Integrity Before passing transaction data between internal applications and business/operational functions (in or outside

2、 the enterprise), check it for proper addressing, authenticity of origin and integrity of content. Maintain authenticity and integrity during transmission or transport,SITC: Service however, it is unstructured, rudimentary and prone to error. Configuration documentation accuracy is inconsistent, and

3、 only limited planning and impact assessment take place prior to a change. 3 Defined when There is a defined formal change management process in place, including categorisation, prioritisation, emergency procedures, change authorisation and release management, and compliance is emerging. Workarounds

4、 take place, and processes are often bypassed. Errors may occur and unauthorised changes occasionally occur. The analysis of the impact of IT changes on business operations is becoming formalised, to support planned rollouts of new applications and technologies,SITC: Service programs It provides pol

5、icies and standards that can be mandated It provides good practice and guidance It has controls that can be implemented on an as-is basis,SITC: Service &Security,172,Sample Questions,How does COBIT help management and audtors? Audit findings are now expressed in COBITs terms Audit requirements are p

6、roperly understood and defined Audit findings will be reduced using COBIT Management now understand what auditing is all about,SITC: Service &Security,173,Sample Questions,Which part of the COBIT toolset will help the business and IT understand how to measure results? Management guidelines Framework

7、 Control objectives IT Governance Implementation Guide Using COBIT and Val IT, 2nd edition,SITC: Service &Security,174,Sample Questions,COBIT helps to meet regulatory requirements by? Helps demonstrate adequate controls over IT activities Defining the precise control practices that apply to well kno

8、w regulations Specifying the specific control objectives which satisfy well know regulations Serving as a set of control objectives mandated by regulatory bodies,SITC: Service &Security,175,Sample Questions,COBIT is a framework and a prescribed set of practices? True False,SITC: Service &Security,17

9、6,Sample Questions,COBIT aids in the management of IT activities by? Identifying the control objectives for each activity Establishing the maturity levels for each activity Organizing IT activities into well-defined processes Defining the steps in each activity,SITC: Service &Security,177,Sample Que

10、stions,The register of IT suppliers is periodically reviewed and updated is an example of a: DS2? Control objective Key activity KGI Control Practice,SITC: Service &Security,178,Exercise 2,Non-existent,Level 0 Non-existent Management processes are not applied at all. Level 1 Initial/Ad Hoc Processes

11、 are ad hoc and disorganized. Level 2 Repeatable Processes follow a regular pattern. Level 3 Defined Processes are documented and communicated. Level 4 Managed Processes are monitored and measured. Level 5 Optimized Good practices are followed and automated,Level 0,Level 1,Level 2,Level 3,Level 4,Level 5,Initial/Ad Hoc,Repeatable,Defined,Managed,Optimized,Level 1,Level