4 hours 7 minutes
Hello, everybody. Welcome to lessen seven point to covet implementation operative you My name is on hands are gonna and I'll begin Instructor for baseless
In this video you will identify and understand to a case of study some key points to consider when in fluent and carve it in your business.
So ah, balancing performance and conformance in business can be really hard A hard task adding up the you know, regulatory compliance and conformance needs in any organization can have a major effect on enterprise performance if not govern and managed effectively
in many countries around the work, including Guatemala which was where I live in Central America, the central back, the central bank sometimes Monday that up there all banks become compliant with global and locker regulation.
Discovered is a framework that can be that can integrate all these requirements because becoming, you know,
covet complain can cost a big fall off snow off activity amongst boards. An executive management across the banks in the country. In the next, you know, lessons will see that a country already mandated that to be covered complaint which is a big you know, challenge for for business
as with this cause before the importance of assaulted governance off enterprise I t. Again get get problem. Can't on learning how to take advantage of the coverage framework in Gridley regularly and had hands not only compliance but also
be a positive move towards enhancing the overall governance
posture in any business
before diving into any details off adopting a get or governance for enterprise i t. Framework. It is important to first understand that the enterprise access to great value for its stakeholders frameworks do not want to guarantee success but can be get practice models
that can enable success.
Therefore, Bali was created through internal and external service providers that monster straight strive to meet the three core are ingredients off creating valley.
We will really mention it that in previous lessons realized benefits while optimizing risk on resource is s O, for example, let me let me give you an example. Uh,
reduce risk off information leakage, for example, that could be, you know, a trigger for for, you know, for stakeholder to to create a neat for example, someone told you that a licking and information can lead you to hide penalties, Penalties?
Aah! Financial penalties, for example,
you're opening a business in Europe and you know someone someone told you about the J d. P. R and the *** that they my imply or in force over your business.
So, for example, reduce again reduced risk of information leakage.
One of the task that you have to create first is to perform and business impact analogies. For example, the impact in this case will be huge. Defines that day DPR put in place are, you know, huge and you know you could also go to jail. So jail time is, you know, the streakers
a lot of
problems. So yeah, I am, but will be high s O, for example, leave you on e commerce. You'll really have the important part, you know, Want one of the ingredients of the risk formula, Then you have to. For example, you can perform a vulnerability assessment
over your web server or you hire someone to
performed a penetration testing over your Web server, for example. So, yeah, you have the ingredients now in for plus probability and you have the risk. So one thing that you can, for example, one goal will be to reduce the risk off information leakage.
So a challenge. Many organization faces not realizing that there are several government levels on areas that must be considered when selecting the most appropriate framework in today's environment. One single industry friend or simply want be enough for for for for the business in this case, for example,
GPR. Yeah, that would be enough. But what happens if you are also dealing
with credit cards? You might be. Also, you might need also to be compliant with P. C. I. And I'm top of that. And maybe you're in the health industry. Yeah, you have said credit cards at the host hospital, for example. So you have to be hip, a compliant
eso just right there. There are three different publications on and, you know,
standards you have to be complained with. So this includes a lot of work and you know, a lot of problems because if you're trying to be complying with one and then with the other, I mean what the 1st 1 though we want to be complaining with, are the task similar to each other?
This is what carve it comes into place to kind of
cover all these three publications and standards so you can integrate them all in one single occasion. So looking through a government lands, it is important to understand that adopting the frameworks requires a solid understanding of the business environment. Remember, we talked about in the beginning
to get to know the business context
as well as the Bali that each of these frameworks provide. Therefore, it is vital that frameworks are analyzed on adopt based on several factors. Olive. We should focus on one thing. Create value for the enterprise again.
If you're, for example, hospital that accepts credit cards. Andi has information about European citizens. Eso just right there. I can't think of three major publications or standards that you have to be complaining with
GPR hipper and PC, I just right there. I believe it will be like four years off work trying to be complying with all of them. So call it performs like an umbrella over. These are public publication and standards, and you can find them all in one single location.
So that means that I t enable investments provide expected business benefits while optimizing resources and risk
recognizes the recognizing. This is the first step towards great in a system off framework that support or provides Bali,
for example. Again, information leakage. The one that I I mentioned before just to just to show you have, you know, real quick example Here, uh, for example, you're trying Thio. First, assess the impact. I mean, assuming that you already have the asset in mentoring
which, you know, it includes physical things,
persons or people in your organization. You already have all your information, as it's then you You can create a business in back analysis knowing what you have and how much it will hurt you to lose it or to you know, someone that much it that much those assets, for example,
you will have an idea with the business impact analysis.
Then you you, I said the probability off, you know, off someone or somebody or I don't know whatever natural disaster affecting that acid, you know. And if you already have the probability of the impact and for example, the probability is high and and the impact is high as well, the voice will be hired.
Or, you know, you will have to consider
mediating that risk as soon as possible.
What does G I t stands for well, we saw that at the beginning of the video. Understands for governance off enterprise I t.
What's the most basic formula to Kai could calculate risk will be impact plus probability. Sometimes you can also include, you know, minus the condom measures Do my having place, eh? So you can, you know,
tried to move from qualitative analysis to a quantitative analysis
in today's video. With this cost some key points to consider when implementing covet in your business
again Supplementary materials are the same as the previous video. There's I really could too you know of the I believe this too. Case studies will actually help you to, you know, try to understand how to implement covet Needless to say, ah
carving a CZ, you can see already. You know, if you have you have being with me to the entire course, you have to hire someone to actually implement it. R r did You can actually get certified on you know, the basic stuff for carpet. But you can also get certified in implementing carpet, for example
or auditing covet?
Yes, just you know.
Well, that's it for today, folks. I hope you enjoyed the video and took
This COBIT 2019 training course will prepare students to successfully attain the COBIT 2019 certification. Students will learn to implement governance and management concepts within organizations to help minimize the gap between business and IT.