SlideShare a Scribd company logo
1 of 1
Download to read offline
CGEIT
Best Practices
and Concepts
http://80na20.blogspot.com
Strategy
Boston Consulting Group (BSG) Matrix
Balanced Scorecard (BSC)
Key Concepts
SWOT analysis
Gap Analysis
Porter five forces analysis
Ansoff Matrix
Jo-Hari Window
Continuous
Improvement
Cycles
DMAIC Cycle
DMADV Cycle
PDCA Cycle
7 phases of the
Implementation Life Cycle
Boyd Cycle (OODA)
Agility Loops
Governance
COBIT 5
ISO 38500
ISO/IEC 38500:2015
Information technology --
Governance of IT for the organization
ISO/IEC TR 38502:2014
Information technology --
Governance of IT --
Framework and model
ISO 27014:2013
Information technology -- Security techniques
-- Governance of information security
ISO 17998:2012
Information technology -- SOA Governance Framework
SOA - service-oriented architecture
Strategic alignment model (SAM)
Key Concepts
Stakeholders
RACI charts
Project Management
PMBoK
PRINCE2
Managing Successful Programmes (MSP)
Key Concepts
Project, Program, & Portfolio Management
PERT charts
SOW – statement of work
Gantt chart
Risk Management
ISO 31000
ISO 31000:2009, Risk management – Principles
and guidelines, provides principles, framework
and a process for managing risk.
COSO Framework ERM
ISO 27005
ISO/IEC 27005:2011
Information technology -- Security
techniques -- Information security
risk management
RISK IT
Management of Risk (M_o_R)
COBIT5 for Risk
OCTAVE
NIST 800-37 rev.1 Guide for Applying
the Risk Management Framework to
Federal Information Systems: a
Security Life Cycle Approach
NIST 800-39
Managing Information Security Risk: Organization,
Mission, and Information System View
Key Concepts
Business Impact
Key Risk Indicators (KRIs)
Types of risk – quantitative and qualitative
Root cause analysis
Delphi technique
Monte Carlo simulation
Risk Treatments
Avoidance (eliminate, withdraw
from or not become involved)
Reduction (optimize – mitigate)
Sharing (transfer – outsource or insure)
Retention (accept and budget)
...
Benefits realization,
Resource Optimization
Val IT
COBIT5 for Business Benefits Realization
Key Concepts
The Business Case
Cost-benefit analysis (CBA)
Internal rate of return (IRR)
Net present value (NPV)
Payback period
Retorn on investment (ROI)
Total Cost of Ownership (TCO)
Benchmarking
SMART
Metrics, KPI, KGI, CSF
ITSM + Enterprise
Architecture (EA)
ITIL v3
ITIL Service Strategy
ITIL Service Design
ITIL Service Transition
ITIL Service Operation
ITIL Continual Service Improvement (CSI)
ISO 20000
ISO/IEC 20000-1:2011
Information technology -- Service management --
Part 1: Service management system requirements
ISO/IEC 20000-2:2012
Information technology -- Service management
-- Part 2: Guidance on the application of service
management systems
ISO/IEC TR 20000-4:2010
Information technology -- Service management
-- Part 4: Process reference model
...
The Open Group Architecture Framework (TOGAF)
COBIT5 Implementation
Zachman Framework
Quality Management
Six Sigma
ISO 9001ISO 9001:2015
Quality management systems -- Requirements
Total Quality Management (TQM)
EFQM - European Foundation for Quality Management
Information Security
ISO 27001
ISO/IEC 27001:2013
Information technology -- Security techniques --
Information security management systems --
Requirements
ISO/IEC 27002:2013
Information technology -- Security techniques --
Code of practice for information security controls
ISO/IEC 27013:2015
Information technology -- Security techniques --
Guidance on the integrated implementation of
ISO/IEC 27001 and ISO/IEC 20000-1
...
COBIT5 for Information Security
Business Model for Information Security (BMIS)
NIST 800-100 Information Security
Handbook: A Guide for Managers
SABSA (Sherwood Applied Business Security Architecture
http://sabsa.org/
NIST 800-53 rev.4
Security and Privacy Controls for Federal
Information Systems and Organizations
Business
Continuity
ISO 22301
ISO 22301:2012
Societal security -- Business continuity management
systems --- Requirements
ISO 22313:2012
Societal security -- Business continuity management systems -- Guidance
ISO/IEC 27031:2011
Information technology -- Security techniques -- Guidelines
for information and communication technology readiness
for business continuity
BS 25999
ANSI/ASIS/BSI BCM.01.2010
Business Continuity Management Systems:
Requirements with Guidance for Use
NIST SP 800-34 rev.1
Contingency Planning Guide for Federal Information Systems
CMMI and etc
Capability Maturity Model Integration (CMMI)
ISO 15504
ISO/IEC TR 20000-4:2010
Information technology -- Service management
-- Part 4: Process reference model
ISO/IEC 15504-3:2004
Information technology -- Process assessment --
Part 3: Guidance on performing an assessment
COBIT 5 Assessment Programme
Outsoursing
ISO 37500-2014 Guidance on outsourcing
Outsourcing Professional Body of Knowledge - OPBOK Version 10
NOA Outsourcing Life Cycle
NIST 800-35 Guide to Information Technology Security Services
Information Management
COBIT 5 Enabling Information
Key Concepts
DIKW
Other
ASL - Application Services Library
BiSL - Business Information Services Library
eTOM - Enhanced Telecom Operations Map
eSCM - eSourcing Capability Model
ISPL - Information Services Procurement Library
...
Domains
Domain 1: Framework for the Governance of Enterprise IT (25%)
Domain 2: Strategic Management (20%)
Domain 3: Benefits Realization (16%)
Domain 4: Risk Optimization (24%)
Domain 5: Resource Optimization (15%)
mm CGEIT draft.mmap - 16.10.2016 - Mindjet

More Related Content

Viewers also liked

пр Что ожидают работодатели от молодых специалистов
пр Что ожидают работодатели от молодых специалистовпр Что ожидают работодатели от молодых специалистов
пр Что ожидают работодатели от молодых специалистовAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
пр Куда идет ИБ в России? (региональные аспекты)
пр Куда идет ИБ в России? (региональные аспекты)пр Куда идет ИБ в России? (региональные аспекты)
пр Куда идет ИБ в России? (региональные аспекты)Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Модель зрелости процесса (мониторинг и оценка ИБ)
Модель зрелости процесса (мониторинг и оценка ИБ) Модель зрелости процесса (мониторинг и оценка ИБ)
Модель зрелости процесса (мониторинг и оценка ИБ) Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
UEBA – поведенческий анализ, а не то, что Вы подумали
UEBA – поведенческий анализ, а не то, что Вы подумалиUEBA – поведенческий анализ, а не то, что Вы подумали
UEBA – поведенческий анализ, а не то, что Вы подумалиAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 

Viewers also liked (17)

mm РС БР ИББС 2.7
mm РС БР ИББС 2.7mm РС БР ИББС 2.7
mm РС БР ИББС 2.7
 
Mm обмен информацией с FinCERT
Mm обмен информацией с FinCERTMm обмен информацией с FinCERT
Mm обмен информацией с FinCERT
 
Principles for-info-sec-practitioners-poster [ru]
Principles for-info-sec-practitioners-poster [ru]Principles for-info-sec-practitioners-poster [ru]
Principles for-info-sec-practitioners-poster [ru]
 
тб меры защиты пдн при скзи (проект)
тб меры защиты пдн при скзи (проект)тб меры защиты пдн при скзи (проект)
тб меры защиты пдн при скзи (проект)
 
2013 09 статья для lan
2013 09 статья для lan2013 09 статья для lan
2013 09 статья для lan
 
пр Что ожидают работодатели от молодых специалистов
пр Что ожидают работодатели от молодых специалистовпр Что ожидают работодатели от молодых специалистов
пр Что ожидают работодатели от молодых специалистов
 
пр про SOC для ФСТЭК
пр про SOC для ФСТЭКпр про SOC для ФСТЭК
пр про SOC для ФСТЭК
 
пр Куда идет ИБ в России? (региональные аспекты)
пр Куда идет ИБ в России? (региональные аспекты)пр Куда идет ИБ в России? (региональные аспекты)
пр Куда идет ИБ в России? (региональные аспекты)
 
About cgeit
About cgeitAbout cgeit
About cgeit
 
Forensic imaging tools
Forensic imaging tools Forensic imaging tools
Forensic imaging tools
 
пр Модель зрелости Dlp
пр Модель зрелости Dlpпр Модель зрелости Dlp
пр Модель зрелости Dlp
 
Требования по иб фстэк (госис, пдн, асу тп) V.1
Требования по иб фстэк (госис, пдн, асу тп) V.1Требования по иб фстэк (госис, пдн, асу тп) V.1
Требования по иб фстэк (госис, пдн, асу тп) V.1
 
Перечень документов (пдн в рф) 2014 07-24
Перечень документов (пдн в рф) 2014 07-24Перечень документов (пдн в рф) 2014 07-24
Перечень документов (пдн в рф) 2014 07-24
 
требования по иб фстэк (госис, пдн, асу тп) V.1.1
требования по иб фстэк (госис, пдн, асу тп) V.1.1требования по иб фстэк (госис, пдн, асу тп) V.1.1
требования по иб фстэк (госис, пдн, асу тп) V.1.1
 
Комплект документов по ISO 27001-2013
Комплект документов по ISO 27001-2013Комплект документов по ISO 27001-2013
Комплект документов по ISO 27001-2013
 
Модель зрелости процесса (мониторинг и оценка ИБ)
Модель зрелости процесса (мониторинг и оценка ИБ) Модель зрелости процесса (мониторинг и оценка ИБ)
Модель зрелости процесса (мониторинг и оценка ИБ)
 
UEBA – поведенческий анализ, а не то, что Вы подумали
UEBA – поведенческий анализ, а не то, что Вы подумалиUEBA – поведенческий анализ, а не то, что Вы подумали
UEBA – поведенческий анализ, а не то, что Вы подумали
 

Similar to mm CGEIT Best Practices and Concepts

Standards and best practices
Standards and best practicesStandards and best practices
Standards and best practicesRamiro Cid
 
IT frameworks
IT frameworksIT frameworks
IT frameworkscyouss
 
201306 CIO NET The Value of IT Frameworks
201306 CIO NET The Value of IT Frameworks201306 CIO NET The Value of IT Frameworks
201306 CIO NET The Value of IT FrameworksFrancisco Calzado
 
Msp It Goverance And Service Delivery Process
Msp It Goverance And Service Delivery ProcessMsp It Goverance And Service Delivery Process
Msp It Goverance And Service Delivery Processkadhar_masthan
 
Compliance Framework
Compliance FrameworkCompliance Framework
Compliance Frameworkbarnetdh
 
Demystifying ISO 20000-1 Standard
Demystifying ISO 20000-1 StandardDemystifying ISO 20000-1 Standard
Demystifying ISO 20000-1 StandardNUS-ISS
 
The Room | Innotrain systematization
The Room | Innotrain systematization The Room | Innotrain systematization
The Room | Innotrain systematization Graphic Design Sydney
 
411705005-IATF-16949-PPT-TRAINING-AWARENESS.pptx
411705005-IATF-16949-PPT-TRAINING-AWARENESS.pptx411705005-IATF-16949-PPT-TRAINING-AWARENESS.pptx
411705005-IATF-16949-PPT-TRAINING-AWARENESS.pptx401apecgkvelu
 
Qwr iso20000 auditor m04 implementing audit and tooling us 06 apr14
Qwr iso20000 auditor m04 implementing audit and tooling us 06 apr14Qwr iso20000 auditor m04 implementing audit and tooling us 06 apr14
Qwr iso20000 auditor m04 implementing audit and tooling us 06 apr14said missoum
 
Mark thomas cobit-and-frameworks
Mark thomas cobit-and-frameworksMark thomas cobit-and-frameworks
Mark thomas cobit-and-frameworksAbou Tesnime
 
Introduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementIntroduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementChristian F. Nissen
 
David Pultorak ISECON 2007 Keynote: IT Frameworks
David Pultorak ISECON 2007 Keynote: IT FrameworksDavid Pultorak ISECON 2007 Keynote: IT Frameworks
David Pultorak ISECON 2007 Keynote: IT FrameworksDavid Pultorak
 
IT Management Toolkit - ITIL Is Not Enough
IT Management Toolkit - ITIL Is Not EnoughIT Management Toolkit - ITIL Is Not Enough
IT Management Toolkit - ITIL Is Not EnoughAhmed Al-Hadidi
 
Added value of an integrated management system
Added value of an integrated management systemAdded value of an integrated management system
Added value of an integrated management systemPECB
 
How Your Organization Can Become ISO Certified...It's easier than you think
How Your Organization Can Become ISO Certified...It's easier than you thinkHow Your Organization Can Become ISO Certified...It's easier than you think
How Your Organization Can Become ISO Certified...It's easier than you thinkITSM Academy, Inc.
 

Similar to mm CGEIT Best Practices and Concepts (20)

Standards and best practices
Standards and best practicesStandards and best practices
Standards and best practices
 
IT frameworks
IT frameworksIT frameworks
IT frameworks
 
201306 CIO NET The Value of IT Frameworks
201306 CIO NET The Value of IT Frameworks201306 CIO NET The Value of IT Frameworks
201306 CIO NET The Value of IT Frameworks
 
Msp It Goverance And Service Delivery Process
Msp It Goverance And Service Delivery ProcessMsp It Goverance And Service Delivery Process
Msp It Goverance And Service Delivery Process
 
Usulan untuk wg1 dan wg2 pada pnps2015 rapat awal pt35-01 - 9 april 2015
Usulan untuk wg1 dan wg2 pada pnps2015   rapat awal pt35-01 - 9 april 2015Usulan untuk wg1 dan wg2 pada pnps2015   rapat awal pt35-01 - 9 april 2015
Usulan untuk wg1 dan wg2 pada pnps2015 rapat awal pt35-01 - 9 april 2015
 
Usulan untuk wg1 dan wg2 serta kualitas data pada pnps2015 rapat ke-2 pt35-...
Usulan untuk wg1 dan wg2 serta kualitas data pada pnps2015   rapat ke-2 pt35-...Usulan untuk wg1 dan wg2 serta kualitas data pada pnps2015   rapat ke-2 pt35-...
Usulan untuk wg1 dan wg2 serta kualitas data pada pnps2015 rapat ke-2 pt35-...
 
CobiT And ITIL Breakfast Seminar
CobiT And ITIL Breakfast SeminarCobiT And ITIL Breakfast Seminar
CobiT And ITIL Breakfast Seminar
 
Compliance Framework
Compliance FrameworkCompliance Framework
Compliance Framework
 
Demystifying ISO 20000-1 Standard
Demystifying ISO 20000-1 StandardDemystifying ISO 20000-1 Standard
Demystifying ISO 20000-1 Standard
 
Usulanuntukwg1danwg2dandata28 feb2017
Usulanuntukwg1danwg2dandata28 feb2017Usulanuntukwg1danwg2dandata28 feb2017
Usulanuntukwg1danwg2dandata28 feb2017
 
The Room | Innotrain systematization
The Room | Innotrain systematization The Room | Innotrain systematization
The Room | Innotrain systematization
 
411705005-IATF-16949-PPT-TRAINING-AWARENESS.pptx
411705005-IATF-16949-PPT-TRAINING-AWARENESS.pptx411705005-IATF-16949-PPT-TRAINING-AWARENESS.pptx
411705005-IATF-16949-PPT-TRAINING-AWARENESS.pptx
 
Qwr iso20000 auditor m04 implementing audit and tooling us 06 apr14
Qwr iso20000 auditor m04 implementing audit and tooling us 06 apr14Qwr iso20000 auditor m04 implementing audit and tooling us 06 apr14
Qwr iso20000 auditor m04 implementing audit and tooling us 06 apr14
 
Mark thomas cobit-and-frameworks
Mark thomas cobit-and-frameworksMark thomas cobit-and-frameworks
Mark thomas cobit-and-frameworks
 
Introduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementIntroduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT management
 
David Pultorak ISECON 2007 Keynote: IT Frameworks
David Pultorak ISECON 2007 Keynote: IT FrameworksDavid Pultorak ISECON 2007 Keynote: IT Frameworks
David Pultorak ISECON 2007 Keynote: IT Frameworks
 
CMMI for Services v2.0 Changes, Practice Areas, Appraisals
CMMI for Services v2.0 Changes, Practice Areas, AppraisalsCMMI for Services v2.0 Changes, Practice Areas, Appraisals
CMMI for Services v2.0 Changes, Practice Areas, Appraisals
 
IT Management Toolkit - ITIL Is Not Enough
IT Management Toolkit - ITIL Is Not EnoughIT Management Toolkit - ITIL Is Not Enough
IT Management Toolkit - ITIL Is Not Enough
 
Added value of an integrated management system
Added value of an integrated management systemAdded value of an integrated management system
Added value of an integrated management system
 
How Your Organization Can Become ISO Certified...It's easier than you think
How Your Organization Can Become ISO Certified...It's easier than you thinkHow Your Organization Can Become ISO Certified...It's easier than you think
How Your Organization Can Become ISO Certified...It's easier than you think
 

More from Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001

More from Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001 (20)

NIST Cybersecurity Framework (CSF) 2.0: What has changed?
NIST Cybersecurity Framework (CSF) 2.0: What has changed?NIST Cybersecurity Framework (CSF) 2.0: What has changed?
NIST Cybersecurity Framework (CSF) 2.0: What has changed?
 
pr ISMS Documented Information (lite).pdf
pr ISMS Documented Information (lite).pdfpr ISMS Documented Information (lite).pdf
pr ISMS Documented Information (lite).pdf
 
ISO Survey 2022: ISO 27001 certificates (ISMS)
ISO Survey 2022: ISO 27001 certificates (ISMS)ISO Survey 2022: ISO 27001 certificates (ISMS)
ISO Survey 2022: ISO 27001 certificates (ISMS)
 
12 Best Privacy Frameworks
12 Best Privacy Frameworks12 Best Privacy Frameworks
12 Best Privacy Frameworks
 
Cybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdfCybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdf
 
My 15 Years of Experience in Using Mind Maps for Business and Personal Purposes
My 15 Years of Experience in Using Mind Maps for Business and Personal PurposesMy 15 Years of Experience in Using Mind Maps for Business and Personal Purposes
My 15 Years of Experience in Using Mind Maps for Business and Personal Purposes
 
From NIST CSF 1.1 to 2.0.pdf
From NIST CSF 1.1 to 2.0.pdfFrom NIST CSF 1.1 to 2.0.pdf
From NIST CSF 1.1 to 2.0.pdf
 
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdfISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
 
ISO 27001 How to accelerate the implementation.pdf
ISO 27001 How to accelerate the implementation.pdfISO 27001 How to accelerate the implementation.pdf
ISO 27001 How to accelerate the implementation.pdf
 
How to use ChatGPT for an ISMS implementation.pdf
How to use ChatGPT for an ISMS implementation.pdfHow to use ChatGPT for an ISMS implementation.pdf
How to use ChatGPT for an ISMS implementation.pdf
 
pr Privacy Principles 230405 small.pdf
pr Privacy Principles 230405 small.pdfpr Privacy Principles 230405 small.pdf
pr Privacy Principles 230405 small.pdf
 
ISO 27001:2022 Introduction
ISO 27001:2022 IntroductionISO 27001:2022 Introduction
ISO 27001:2022 Introduction
 
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
 
ISO 27005:2022 Overview 221028.pdf
ISO 27005:2022 Overview 221028.pdfISO 27005:2022 Overview 221028.pdf
ISO 27005:2022 Overview 221028.pdf
 
ISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdf
 
ISO Survey 2021: ISO 27001.pdf
ISO Survey 2021: ISO 27001.pdfISO Survey 2021: ISO 27001.pdf
ISO Survey 2021: ISO 27001.pdf
 
All about a DPIA by Andrey Prozorov 2.0, 220518.pdf
All about a DPIA by Andrey Prozorov 2.0, 220518.pdfAll about a DPIA by Andrey Prozorov 2.0, 220518.pdf
All about a DPIA by Andrey Prozorov 2.0, 220518.pdf
 
Supply management 1.1.pdf
Supply management 1.1.pdfSupply management 1.1.pdf
Supply management 1.1.pdf
 
Employee Monitoring and Privacy.pdf
Employee Monitoring and Privacy.pdfEmployee Monitoring and Privacy.pdf
Employee Monitoring and Privacy.pdf
 
GDPR RACI.pdf
GDPR RACI.pdfGDPR RACI.pdf
GDPR RACI.pdf
 

Recently uploaded

20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Brian Pichman
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxUdaiappa Ramachandran
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 

Recently uploaded (20)

20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
20230104 - machine vision
20230104 - machine vision20230104 - machine vision
20230104 - machine vision
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 

mm CGEIT Best Practices and Concepts

  • 1. CGEIT Best Practices and Concepts http://80na20.blogspot.com Strategy Boston Consulting Group (BSG) Matrix Balanced Scorecard (BSC) Key Concepts SWOT analysis Gap Analysis Porter five forces analysis Ansoff Matrix Jo-Hari Window Continuous Improvement Cycles DMAIC Cycle DMADV Cycle PDCA Cycle 7 phases of the Implementation Life Cycle Boyd Cycle (OODA) Agility Loops Governance COBIT 5 ISO 38500 ISO/IEC 38500:2015 Information technology -- Governance of IT for the organization ISO/IEC TR 38502:2014 Information technology -- Governance of IT -- Framework and model ISO 27014:2013 Information technology -- Security techniques -- Governance of information security ISO 17998:2012 Information technology -- SOA Governance Framework SOA - service-oriented architecture Strategic alignment model (SAM) Key Concepts Stakeholders RACI charts Project Management PMBoK PRINCE2 Managing Successful Programmes (MSP) Key Concepts Project, Program, & Portfolio Management PERT charts SOW – statement of work Gantt chart Risk Management ISO 31000 ISO 31000:2009, Risk management – Principles and guidelines, provides principles, framework and a process for managing risk. COSO Framework ERM ISO 27005 ISO/IEC 27005:2011 Information technology -- Security techniques -- Information security risk management RISK IT Management of Risk (M_o_R) COBIT5 for Risk OCTAVE NIST 800-37 rev.1 Guide for Applying the Risk Management Framework to Federal Information Systems: a Security Life Cycle Approach NIST 800-39 Managing Information Security Risk: Organization, Mission, and Information System View Key Concepts Business Impact Key Risk Indicators (KRIs) Types of risk – quantitative and qualitative Root cause analysis Delphi technique Monte Carlo simulation Risk Treatments Avoidance (eliminate, withdraw from or not become involved) Reduction (optimize – mitigate) Sharing (transfer – outsource or insure) Retention (accept and budget) ... Benefits realization, Resource Optimization Val IT COBIT5 for Business Benefits Realization Key Concepts The Business Case Cost-benefit analysis (CBA) Internal rate of return (IRR) Net present value (NPV) Payback period Retorn on investment (ROI) Total Cost of Ownership (TCO) Benchmarking SMART Metrics, KPI, KGI, CSF ITSM + Enterprise Architecture (EA) ITIL v3 ITIL Service Strategy ITIL Service Design ITIL Service Transition ITIL Service Operation ITIL Continual Service Improvement (CSI) ISO 20000 ISO/IEC 20000-1:2011 Information technology -- Service management -- Part 1: Service management system requirements ISO/IEC 20000-2:2012 Information technology -- Service management -- Part 2: Guidance on the application of service management systems ISO/IEC TR 20000-4:2010 Information technology -- Service management -- Part 4: Process reference model ... The Open Group Architecture Framework (TOGAF) COBIT5 Implementation Zachman Framework Quality Management Six Sigma ISO 9001ISO 9001:2015 Quality management systems -- Requirements Total Quality Management (TQM) EFQM - European Foundation for Quality Management Information Security ISO 27001 ISO/IEC 27001:2013 Information technology -- Security techniques -- Information security management systems -- Requirements ISO/IEC 27002:2013 Information technology -- Security techniques -- Code of practice for information security controls ISO/IEC 27013:2015 Information technology -- Security techniques -- Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1 ... COBIT5 for Information Security Business Model for Information Security (BMIS) NIST 800-100 Information Security Handbook: A Guide for Managers SABSA (Sherwood Applied Business Security Architecture http://sabsa.org/ NIST 800-53 rev.4 Security and Privacy Controls for Federal Information Systems and Organizations Business Continuity ISO 22301 ISO 22301:2012 Societal security -- Business continuity management systems --- Requirements ISO 22313:2012 Societal security -- Business continuity management systems -- Guidance ISO/IEC 27031:2011 Information technology -- Security techniques -- Guidelines for information and communication technology readiness for business continuity BS 25999 ANSI/ASIS/BSI BCM.01.2010 Business Continuity Management Systems: Requirements with Guidance for Use NIST SP 800-34 rev.1 Contingency Planning Guide for Federal Information Systems CMMI and etc Capability Maturity Model Integration (CMMI) ISO 15504 ISO/IEC TR 20000-4:2010 Information technology -- Service management -- Part 4: Process reference model ISO/IEC 15504-3:2004 Information technology -- Process assessment -- Part 3: Guidance on performing an assessment COBIT 5 Assessment Programme Outsoursing ISO 37500-2014 Guidance on outsourcing Outsourcing Professional Body of Knowledge - OPBOK Version 10 NOA Outsourcing Life Cycle NIST 800-35 Guide to Information Technology Security Services Information Management COBIT 5 Enabling Information Key Concepts DIKW Other ASL - Application Services Library BiSL - Business Information Services Library eTOM - Enhanced Telecom Operations Map eSCM - eSourcing Capability Model ISPL - Information Services Procurement Library ... Domains Domain 1: Framework for the Governance of Enterprise IT (25%) Domain 2: Strategic Management (20%) Domain 3: Benefits Realization (16%) Domain 4: Risk Optimization (24%) Domain 5: Resource Optimization (15%) mm CGEIT draft.mmap - 16.10.2016 - Mindjet