Professional Documents
Culture Documents
Cob It
Cob It
Worapat Paireekreng
AI3
1.
IT
IT
IT
Governance
IT
2.
5
Control environment
Risk assessment
Control activities
Information and communication
2.
ITIL
2.
ISO 17799:2005
2005
2.
(Capability Maturity
Model Integration)
5
1
(Initial)
2
(Managed)
3
(Defined)
2.
COBIT
COBIT
2.
COBIT
IT Governance
5
(Strategic
Alignment)
(Value
Delivery)
(Resource
Management)
(Risk
2.
COBIT
2.
COBIT
7
(effectiveness) ,
3.
3.1
Level 0 :
Level 1 :
Level 2 :
Level 3 :
3.
3.1
Level 0
E-Transaction Law
r
Level 1
Level 2
Level 3
COSO
no
COBIT
}
IT
r
o
ITIL
o
ISO/IEC17799:2000
}
3.
3.2 COBIT
COBIT
COBIT
IT Governance
3.
3.2 COBIT
KPIs (Key
Performance Indicators)
KGI
(Key Goal Indicators)
3.
3.2 COBIT
3.
3.2 COBIT
3.
3.2 COBIT
COBIT, ,
3.
3.2 COBIT
COBIT
IT
IT
3.
3.2 COBIT
COBIT
3.
3.3
IT Governance
COSO
COBIT
3.
3.3
High-level Control
Objective
Management
Guildelines
Maturity Model
COBIT
3.
3.3
3.
3.3
IT Governance
COBIT
3.
3.3
,
( DS5) COBIT 4.0
4.
AI3
AI3 :: Acquire
Acquire and
and Maintain
Maintain Technology
Technology Infrastructure
Infrastructure
AI3
AI3 :: Acquire
Acquire and
and Maintain
Maintain Technology
Technology Infrastructure
Infrastructure
AI3
AI3 :: Acquire
Acquire and
and Maintain
Maintain Technology
Technology Infrastructure
Infrastructure
by focusing on
AI3
AI3 :: Acquire
Acquire and
and Maintain
Maintain Technology
Technology Infrastructure
Infrastructure
and is measured by
AI3
AI3 :: Acquire
Acquire and
and Maintain
Maintain Technology
Technology Infrastructure
Infrastructure
AI3
AI3 :: Acquire
Acquire and
and Maintain
Maintain Technology
Technology Infrastructure
Infrastructure
AI3
AI3 :: Acquire
Acquire and
and Maintain
Maintain Technology
Technology Infrastructure
Infrastructure
AI3
AI3 :: Acquire
Acquire and
and Maintain
Maintain Technology
Technology Infrastructure
Infrastructure
Develop
Develop aa strategy
strategy and
and plan
plan for
for infrastructure
infrastructure maintenance
maintenance and
and
ensure
ensure that
that changes
changes are
are controlled
controlled in
in line
line with
with the
the organisations
organisations
change
change management
management procedure.
procedure.
Include
Include periodic
periodic review
review against
against business
business needs,
needs, patch
patch
management
management and
and upgrade
upgrade strategies,
strategies, risks,
risks, vulnerabilities
vulnerabilities
assessment
assessment and
and security
security requirements.
requirements.
Establish
Establish development
development and
and test
test environments
environments to
to support
support effective
effective
and
and efficient
efficient feasibility
feasibility and
and integration
integration testing
testing of
of applications
applications and
and
infrastructure
infrastructure in
in the
the early
early stages
stages of
of the
the acquisition
acquisition and
and development
development
process.
process.
Consider
Consider functionality,
functionality, hardware
hardware and
and software
software configuration,
configuration,
integration
integration and
and performance testing,
testing, migration
migration between
between
environments,
environments, version
version control,
control, test
test data
data and
and tools,
tools, and
and security.
security.
AI3
AI3 :: Acquire
Acquire and
and Maintain
Maintain Technology
Technology Infrastructure
Infrastructure
3. Management Guidelines
INPUT
PO3
PO8
PO10
AI1
AI6
DS3
PROCESS
Control
Objectives
AI3.1
AI3.2
AI3.3
AI3.4
OUTPUT
AI5
Procurement decisions
AI7
Configured system to be
tested/installed
DS12
Physical environment
requirements
PO3
DS3
System monitoring
requirements
AI4
Infrastructure knowledge
DS1
AI3
AI3 :: Acquire
Acquire and
and Maintain
Maintain Technology
Technology Infrastructure
Infrastructure
3. Management Guidelines
AI3
AI3 :: Acquire
Acquire and
and Maintain
Maintain Technology
Technology Infrastructure
Infrastructure
3. Management Guidelines
Business Goals
IT Goals
Define Goals
Process Goals
KPIs
Activity Goals
AI3
AI3 :: Acquire
Acquire and
and Maintain
Maintain Technology
Technology Infrastructure
Infrastructure
3. Management Guidelines
Activity Goals
Producing
a technology
acquisition plan that aligns to the t
echnology infrastructure plan
Planning infrastructure
maintenance
Providing development and test
environment infrastructure
Implementing internal control,
security and auditability measures
Activity
Goal
Process
Goal
IT
Goal
DEFINE GOALS
Business
Goal
AI3
AI3 :: Acquire
Acquire and
and Maintain
Maintain Technology
Technology Infrastructure
Infrastructure
3. Management Guidelines
Process Goals
Provide
appropriate platforms
for the business applications in li
ne with the defined IT architectur
e and technology standards.
Provide a reliable and secure IT
infrastructure.
Activity
Goal
Process
Goal
IT
Goal
DEFINE GOALS
Business
Goal
AI3
AI3 :: Acquire
Acquire and
and Maintain
Maintain Technology
Technology Infrastructure
Infrastructure
3. Management Guidelines
IT Goals
Acquire
and maintain an
integrated and standardised IT i
nfrastructure.
Optimise the IT infrastructure,
resources and capabilities.
Create IT agility
Activity
Goal
Process
Goal
IT
Goal
DEFINE GOALS
Business
Goal
AI3
AI3 :: Acquire
Acquire and
and Maintain
Maintain Technology
Technology Infrastructure
Infrastructure
4. Maturity Model
5 Optimised
4 Managed and Measurable
3 Defined Process
2 Repeatable but Intuitive
1 Initial/Ad Hoc
0 Non-existent
AI3
AI3 :: Acquire
Acquire and
and Maintain
Maintain Technology
Technology Infrastructure
Infrastructure
4. Maturity Model
0 Non-existent when
AI3
AI3 :: Acquire
Acquire and
and Maintain
Maintain Technology
Technology Infrastructure
Infrastructure
4. Maturity Model
AI3
AI3 :: Acquire
Acquire and
and Maintain
Maintain Technology
Technology Infrastructure
Infrastructure
4. Maturity Model
AI3
AI3 :: Acquire
Acquire and
and Maintain
Maintain Technology
Technology Infrastructure
Infrastructure
4. Maturity Model
AI3
AI3 :: Acquire
Acquire and
and Maintain
Maintain Technology
Technology Infrastructure
Infrastructure
4. Maturity Model
AI3
AI3 :: Acquire
Acquire and
and Maintain
Maintain Technology
Technology Infrastructure
Infrastructure
4. Maturity Model
5 Optimised when
AI3
AI3 :: Acquire
Acquire and
and Maintain
Maintain Technology
Technology Infrastructure
Infrastructure
4. Maturity Model
Level
Awareness
Policies,
Tools and
and
Standards and Automation
Communicatio Procedures
n
Skill and
Expertise
AI3
AI3 :: Acquire
Acquire and
and Maintain
Maintain Technology
Technology Infrastructure
Infrastructure
5. Link to Business
IT
4.
19.
19.
5.
14.
5.
COBIT