SlideShare a Scribd company logo

Cobit 5 (Control and Audit Information System)

Download as PPT, PDF
R
Rudi Kurniawan

1) ISACA defines information security as ensuring information confidentiality, integrity, and availability (CIA). Confidentiality means protecting private information, integrity means preventing improper information changes, and availability means reliable access to information. 2) There are various definitions of information security but the CIA concept is globally accepted. Ensuring information security is increasingly important as information and technology impact all aspects of life. 3) Managing risks, including information security risks, is essential for organizations to create value for stakeholders by realizing benefits while optimizing costs and risks. Both risks and opportunities must be considered to make balanced risk-related decisions.

Education
1 of 14
Downloaded 10 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
Kontrol dan AuditKontrol dan Audit Sistem InformasiSistem Informasi RUDI KURNIAWAN 11353100145 UIN SUSKA RIAU INFORMATION SYSTEM,FST
For information security ISACA defines information security as something that : Ensures that within the enterprise, information is protected against disclosure to unauthorised users (confidentiality), improper modification (integrity) and non-access when required (availability).
Cont... • Confidentiality means preserving authorised restrictions on access and disclosure, including means for protecting privacy and proprietary information. • Integrity means guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity. • Availability means ensuring timely and reliable access to and use of information
Cont.. Although several other definitions of the term exist, this definition provides the very basics of information security as it covers the confidentiality, integrity and availability (CIA) concept. It is important to note that while the CIA concept is globally accepted, there are broader uses of the term ‘integrity’ in the wider business context. COBIT 5 covers this term in the information enabler as information goals of completeness and accuracy.
Cont.. At a time when the significance of information and related technologies is increasing in every aspect of business and public life, the need to mitigate information risk, which includes protecting information and related IT assets from ever-changing threats, is constantly intensifying. Increasing regulation within the business landscape adds to the awareness of the board of directors of the criticality of information security for information and IT-related assets.
For Risk Enterprises exist to create value for their stakeholders. Consequently, any enterprise, commercial or not, has value creation as a governance objective. Value creation means realising benefits at an optimal resource cost while optimising risk (figure 4). Benefits can take many forms, e.g., financial for commercial enterprises or public service for government entities.
Cont... The risk optimisation component of value creation shows that: • Risk optimisation is an essential part of any governance system. • Risk optimisation cannot be seen in isolation, i.e., actions taken as part of risk management will influence benefits realisation and resource optimisation.
Cont... Risk is generally defined as the combination of the probability of an event and its consequence (ISO Guide 73). Consequences are that enterprise objectives are not met. COBIT 5 for Risk defines IT risk as business risk, specifically, the business risk associated with the use, ownership, operation, involvement, influence and adoption of IT within an enterprise. IT risk consists of IT-related events that could potentially impact the business. IT risk can occur with both uncertain frequency and impact and creates challenges in meeting strategic goals and objectives.
Cont... IT risk always exists, whether or not it is detected or recognised by an enterprise.
IT risk can be categorised as follows:  IT benefit/value enablement risk—Associated with missed opportunities to use technology to improve efficiency or effectiveness of business processes or as an enabler for new business initiatives.  IT programme and project delivery risk—Associated with the contribution of IT to new or improved business solutions, usually in the form of projects and programmes as part of investment portfolios  IT operations and service delivery risk—Associated with all aspects of the business as usual performance of IT systems and services, which can bring destruction or reduction of value to the enterprise.
Cont... Figure 5 shows that for all categories of downside IT risk (‘Fail to Gain’ and ‘Lose’ business value) there is an equivalent upside (‘Gain’ and ‘Preserve’ business). It is important to keep this upside/downside duality of risk in mind (see figure 6) during all risk-related decisions. For example, decisions should consider: The exposure that may result if a risk is not mitigated versus the benefit if the associated loss exposure is reduced to an acceptable level.
Cont... The potential benefit that may accrue if opportunities are taken versus missed benefits if opportunities are foregone. Risk is not always to be avoided. Doing business is about taking risk that is consistent with the risk appetite, i.e., many business propositions require IT risk to be taken to achieve the value proposition and realise enterprise goals and objectives, and this risk should be managed but not necessarily avoided.
Cont...
THANKS

More Related Content

PPTX
Cobit 5 ( Kontrol dan Auditing Sistem Informasi )
Pajar Bahari
 
PPT
Cobit 5 - Kontrol dan Audit Sistem informasi
sayuti01
 
PPTX
Arie rahman satria ( 11353100515 )
Arie Rahman Satria
 
PDF
Cobit 5 for Information Security
Seto Joseles
 
PDF
Cobit 5 for information security
Elkanouni Mohamed
 
PDF
Making Executives Accountable for IT Security
Seccuris Inc.
 
PPTX
Audit rizkie hafizzah
Rizkie Hafizzah
 
PPTX
CObIT
Sophia Abigayle
 
Cobit 5 ( Kontrol dan Auditing Sistem Informasi )
Pajar Bahari
 
Cobit 5 - Kontrol dan Audit Sistem informasi
sayuti01
 
Arie rahman satria ( 11353100515 )
Arie Rahman Satria
 
Cobit 5 for Information Security
Seto Joseles
 
Cobit 5 for information security
Elkanouni Mohamed
 
Making Executives Accountable for IT Security
Seccuris Inc.
 
Audit rizkie hafizzah
Rizkie Hafizzah
 
CObIT
Sophia Abigayle
 

What's hot (20)

PPTX
Donna Febriani
Donna Febriani
 
PPT
01 intro-cobit
yusrizalmukhtar
 
PPTX
Using COBIT PO9 to perform Project Risk Analysis
webmentorman
 
PPTX
Corporate governance of INFORMATION TECHNOLOGY (IT)
Osman Hasan
 
PPT
Governance Of Enterprise Information Technology V3
pjmartinez
 
PPT
Ais Romney 2006 Slides 06 Control And Ais
Sharing Slides Training
 
PPTX
Itil,cobit and ıso27001
Burcu Pelin TELLİ
 
PPTX
Cobit 41 framework
Yulias Sihombing, Ak, MAk, CIA
 
PPT
IT Governances
Jerald Burget
 
PPT
It governance
Mahetab Khan
 
PPTX
Global Artificial Intelligence (AI) Index
Mohammad Reda Katby
 
PPT
Ais Romney 2006 Slides 07 Is Control1
Sharing Slides Training
 
PPT
Cobit5 and-grc
Tatto Sugiopranoto
 
PDF
Grc coso cobit_mapped_shared
Seek Hai, Frank Chin
 
PPTX
rethinking marketing
Navneet Singh
 
PPT
MAKING SENSE OF IT GOVERNANCE
Rudy Shoushany
 
PDF
Control and audit of information System (hendri eka saputra)
Hendri Eka Saputra
 
PDF
IT Governance & ISO 38500
Ramiro Cid
 
PPTX
Lailatul izzati
Lailatul Izzati
 
PDF
Compliance Management | Compliance Solutions
Corporater
 
Donna Febriani
Donna Febriani
 
01 intro-cobit
yusrizalmukhtar
 
Using COBIT PO9 to perform Project Risk Analysis
webmentorman
 
Corporate governance of INFORMATION TECHNOLOGY (IT)
Osman Hasan
 
Governance Of Enterprise Information Technology V3
pjmartinez
 
Ais Romney 2006 Slides 06 Control And Ais
Sharing Slides Training
 
Itil,cobit and ıso27001
Burcu Pelin TELLİ
 
Cobit 41 framework
Yulias Sihombing, Ak, MAk, CIA
 
IT Governances
Jerald Burget
 
It governance
Mahetab Khan
 
Global Artificial Intelligence (AI) Index
Mohammad Reda Katby
 
Ais Romney 2006 Slides 07 Is Control1
Sharing Slides Training
 
Cobit5 and-grc
Tatto Sugiopranoto
 
Grc coso cobit_mapped_shared
Seek Hai, Frank Chin
 
rethinking marketing
Navneet Singh
 
MAKING SENSE OF IT GOVERNANCE
Rudy Shoushany
 
Control and audit of information System (hendri eka saputra)
Hendri Eka Saputra
 
IT Governance & ISO 38500
Ramiro Cid
 
Lailatul izzati
Lailatul Izzati
 
Compliance Management | Compliance Solutions
Corporater
 
Ad

Viewers also liked (13)

PPT
Information systems audit and control
Kashif Rana ACCA
 
PPTX
Auditor Sistem Informasi dalam Kurikulum Magister Sistem Informasi
Yeffry Handoko
 
PPTX
Simulasi audit menggunakan it governance ( cobit )
Nugroho Setiawan
 
PDF
Comparación de CobiT 5 con CobiT 4.1
Slime Argentina
 
PDF
Automation risk isaca2017
Mohammad Ibrahim Fheili
 
DOCX
153084837 makalah-cobit
arimayawulantara
 
PDF
COBIT 5
Deady Rizky Yunanto
 
PPT
PENGENALAN AUDIT DAN KONTROL SISTEM INFORMASI
Dhina Pohan
 
PDF
Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...
Directorate of Information Security | Ditjen Aptika
 
PPTX
Information System Architecture and Audit Control Lecture 1
Yasir Khan
 
PPT
Information system and control audit – lecture i
Kartik T. Vayeda & Co.
 
PPTX
Information System audit
Pratapchandra
 
PPT
Auditing In Computer Environment Presentation
EMAC Consulting Group
 
Information systems audit and control
Kashif Rana ACCA
 
Auditor Sistem Informasi dalam Kurikulum Magister Sistem Informasi
Yeffry Handoko
 
Simulasi audit menggunakan it governance ( cobit )
Nugroho Setiawan
 
Comparación de CobiT 5 con CobiT 4.1
Slime Argentina
 
Automation risk isaca2017
Mohammad Ibrahim Fheili
 
153084837 makalah-cobit
arimayawulantara
 
COBIT 5
Deady Rizky Yunanto
 
PENGENALAN AUDIT DAN KONTROL SISTEM INFORMASI
Dhina Pohan
 
Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...
Directorate of Information Security | Ditjen Aptika
 
Information System Architecture and Audit Control Lecture 1
Yasir Khan
 
Information system and control audit – lecture i
Kartik T. Vayeda & Co.
 
Information System audit
Pratapchandra
 
Auditing In Computer Environment Presentation
EMAC Consulting Group
 
Ad

Similar to Cobit 5 (Control and Audit Information System) (20)

PPTX
Tomi ismeidianto ( 11353104557 ) Control and Auditing information Systam
Tomi Ismeidianto
 
PDF
My_notes_part1.pdf
PhilLopez4
 
DOCX
case studies on risk management in IT enabled organisation(vadodara)
ishan parikh production
 
PPT
Information security background
Nicholas Davis
 
PPT
Information Security Background
Nicholas Davis
 
PDF
FDseminar IT Risk - Yuri Bobbert - Antwerp Management School
FDMagazine
 
PDF
Information Security Risk Management
Ersoy AKSOY
 
PPTX
Introduction to Risk Management Fundamentals
Toño Herrera
 
PPTX
Presentation1 110616195133-phpapp01(information security)
Bonagiri Rajitha
 
PDF
Accounting Information Systems 11th Edition Bodnar Solutions Manual
molicochoual
 
PPTX
FROM STRATEGY TO ACTION - Vasil Tsvimitidze
DataExchangeAgency
 
PPTX
Whitman_Ch05.pptx
Siphamandla9
 
PPTX
ke-1 - Copy cat massunu rahing.pptxdfdff
AhmadNaswin
 
PDF
Information Risk Management - Cyber Risk Management - IT Risks
Hernan Huwyler, MBA CPA
 
PDF
The Secure Online Business E Commerce It Functionality and Business Continuit...
ufothladky
 
PPTX
MIS: Information Security Management
Jonathan Coleman
 
PPTX
IT Security & Risk
Tanujpandey5
 
PPT
COBIT 4.0
bluekiu
 
PDF
Tips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
Hernan Huwyler, MBA CPA
 
PDF
200606_NWC_Strategic Security
Chad Korosec
 
Tomi ismeidianto ( 11353104557 ) Control and Auditing information Systam
Tomi Ismeidianto
 
My_notes_part1.pdf
PhilLopez4
 
case studies on risk management in IT enabled organisation(vadodara)
ishan parikh production
 
Information security background
Nicholas Davis
 
Information Security Background
Nicholas Davis
 
FDseminar IT Risk - Yuri Bobbert - Antwerp Management School
FDMagazine
 
Information Security Risk Management
Ersoy AKSOY
 
Introduction to Risk Management Fundamentals
Toño Herrera
 
Presentation1 110616195133-phpapp01(information security)
Bonagiri Rajitha
 
Accounting Information Systems 11th Edition Bodnar Solutions Manual
molicochoual
 
FROM STRATEGY TO ACTION - Vasil Tsvimitidze
DataExchangeAgency
 
Whitman_Ch05.pptx
Siphamandla9
 
ke-1 - Copy cat massunu rahing.pptxdfdff
AhmadNaswin
 
Information Risk Management - Cyber Risk Management - IT Risks
Hernan Huwyler, MBA CPA
 
The Secure Online Business E Commerce It Functionality and Business Continuit...
ufothladky
 
MIS: Information Security Management
Jonathan Coleman
 
IT Security & Risk
Tanujpandey5
 
COBIT 4.0
bluekiu
 
Tips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
Hernan Huwyler, MBA CPA
 
200606_NWC_Strategic Security
Chad Korosec
 

Recently uploaded (20)

PPTX
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
PDF
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
PPTX
Radiologic_Anatomy_of_the_Brachial_plexus [final].pptx
atiaruhi95
 
PPTX
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
PPTX
Tissue processing ( HISTOPATHOLOGICAL TECHNIQUE
mathiasmelwyn7
 
PDF
ChatGPT for Dummies - Pam Baker Ccesa007.pdf
Demetrio Ccesa Rayme
 
PPTX
202450812 BayCHI UCSC-SV 20250812 v17.pptx
home
 
PPTX
1st Inaugural Professorial Lecture held on 19th February 2020 (Governance and...
kawisojames10
 
PDF
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
PDF
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
PDF
GENETICS IN BIOLOGY IN SECONDARY LEVEL FORM 3
ElishamichaelSamwel
 
PDF
OBE - B.A.(HON'S) IN INTERIOR ARCHITECTURE -Ar.MOHIUDDIN.pdf
ArchitectAFMMohiuddi
 
PDF
Chapter 2 Heredity, Prenatal Development, and Birth.pdf
MarjorieLopezTiu
 
PDF
LDMMIA Reiki Yoga Finals Review Spring Summer
LDMMia Reiki Lectures
 
PDF
Computing-Curriculum for Schools in Ghana
abigailanane203
 
PDF
Updated Idioms and Phrasal Verbs in English subject
surbaraoye
 
PDF
Paper A Mock Exam 9_ Attempt review.pdf.
SameeraNaveed2
 
PPTX
master seminar digital applications in india
ananyaray35
 
PDF
Chinmaya Tiranga quiz Grand Finale.pdf
Nitin Suresh
 
PDF
Supply Chain Operations Speaking Notes -ICLT Program
labyankof
 
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
Radiologic_Anatomy_of_the_Brachial_plexus [final].pptx
atiaruhi95
 
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
Tissue processing ( HISTOPATHOLOGICAL TECHNIQUE
mathiasmelwyn7
 
ChatGPT for Dummies - Pam Baker Ccesa007.pdf
Demetrio Ccesa Rayme
 
202450812 BayCHI UCSC-SV 20250812 v17.pptx
home
 
1st Inaugural Professorial Lecture held on 19th February 2020 (Governance and...
kawisojames10
 
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
GENETICS IN BIOLOGY IN SECONDARY LEVEL FORM 3
ElishamichaelSamwel
 
OBE - B.A.(HON'S) IN INTERIOR ARCHITECTURE -Ar.MOHIUDDIN.pdf
ArchitectAFMMohiuddi
 
Chapter 2 Heredity, Prenatal Development, and Birth.pdf
MarjorieLopezTiu
 
LDMMIA Reiki Yoga Finals Review Spring Summer
LDMMia Reiki Lectures
 
Computing-Curriculum for Schools in Ghana
abigailanane203
 
Updated Idioms and Phrasal Verbs in English subject
surbaraoye
 
Paper A Mock Exam 9_ Attempt review.pdf.
SameeraNaveed2
 
master seminar digital applications in india
ananyaray35
 
Chinmaya Tiranga quiz Grand Finale.pdf
Nitin Suresh
 
Supply Chain Operations Speaking Notes -ICLT Program
labyankof
 

Cobit 5 (Control and Audit Information System)

  • 1. Kontrol dan AuditKontrol dan Audit Sistem InformasiSistem Informasi RUDI KURNIAWAN 11353100145 UIN SUSKA RIAU INFORMATION SYSTEM,FST
  • 2. For information security ISACA defines information security as something that : Ensures that within the enterprise, information is protected against disclosure to unauthorised users (confidentiality), improper modification (integrity) and non-access when required (availability).
  • 3. Cont... • Confidentiality means preserving authorised restrictions on access and disclosure, including means for protecting privacy and proprietary information. • Integrity means guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity. • Availability means ensuring timely and reliable access to and use of information
  • 4. Cont.. Although several other definitions of the term exist, this definition provides the very basics of information security as it covers the confidentiality, integrity and availability (CIA) concept. It is important to note that while the CIA concept is globally accepted, there are broader uses of the term ‘integrity’ in the wider business context. COBIT 5 covers this term in the information enabler as information goals of completeness and accuracy.
  • 5. Cont.. At a time when the significance of information and related technologies is increasing in every aspect of business and public life, the need to mitigate information risk, which includes protecting information and related IT assets from ever-changing threats, is constantly intensifying. Increasing regulation within the business landscape adds to the awareness of the board of directors of the criticality of information security for information and IT-related assets.
  • 6. For Risk Enterprises exist to create value for their stakeholders. Consequently, any enterprise, commercial or not, has value creation as a governance objective. Value creation means realising benefits at an optimal resource cost while optimising risk (figure 4). Benefits can take many forms, e.g., financial for commercial enterprises or public service for government entities.
  • 7. Cont... The risk optimisation component of value creation shows that: • Risk optimisation is an essential part of any governance system. • Risk optimisation cannot be seen in isolation, i.e., actions taken as part of risk management will influence benefits realisation and resource optimisation.
  • 8. Cont... Risk is generally defined as the combination of the probability of an event and its consequence (ISO Guide 73). Consequences are that enterprise objectives are not met. COBIT 5 for Risk defines IT risk as business risk, specifically, the business risk associated with the use, ownership, operation, involvement, influence and adoption of IT within an enterprise. IT risk consists of IT-related events that could potentially impact the business. IT risk can occur with both uncertain frequency and impact and creates challenges in meeting strategic goals and objectives.
  • 9. Cont... IT risk always exists, whether or not it is detected or recognised by an enterprise.
  • 10. IT risk can be categorised as follows:  IT benefit/value enablement risk—Associated with missed opportunities to use technology to improve efficiency or effectiveness of business processes or as an enabler for new business initiatives.  IT programme and project delivery risk—Associated with the contribution of IT to new or improved business solutions, usually in the form of projects and programmes as part of investment portfolios  IT operations and service delivery risk—Associated with all aspects of the business as usual performance of IT systems and services, which can bring destruction or reduction of value to the enterprise.
  • 11. Cont... Figure 5 shows that for all categories of downside IT risk (‘Fail to Gain’ and ‘Lose’ business value) there is an equivalent upside (‘Gain’ and ‘Preserve’ business). It is important to keep this upside/downside duality of risk in mind (see figure 6) during all risk-related decisions. For example, decisions should consider: The exposure that may result if a risk is not mitigated versus the benefit if the associated loss exposure is reduced to an acceptable level.
  • 12. Cont... The potential benefit that may accrue if opportunities are taken versus missed benefits if opportunities are foregone. Risk is not always to be avoided. Doing business is about taking risk that is consistent with the risk appetite, i.e., many business propositions require IT risk to be taken to achieve the value proposition and realise enterprise goals and objectives, and this risk should be managed but not necessarily avoided.