4 hours 7 minutes

Video Transcription

Hello, everybody. Welcome to lessen 7.3. Designed and methodology. My name is on hand, Regina, and I'll be your instructor for the tasteless.
The learning operatives of this lesson is to identify and understand through a case study some key points to consider when implementing covered in your business.
So, uh, there there several standards, frameworks and bodies of knowledge out there, both local and international
consider looking at the framework eco system for more multiple levels. These levels provide good good starting point for that's reminding what valleys created by leverage, a framework
stakeholder needs have many drivers. But these must be a balance between performance and conformance as well.
Uh, just considered, you know, we have three main sources for carpet. In the first place is enterprise governance, for example. Performance business goes and conformance for simple sort, sir. Banks away. J d p r you name it
on. Whatever that. Whatever standard publication on creates conformance needs.
You just put it right there
a second. Ah, point. We have enterprise I t governance and third point and framework standards. And with Brax is, for example, I Till I saw nest and you name it as Well,
so to continue with the previous example we had,
we have two main points here a k p i n k air I k p i ski performance indicators. So basically, remember that we discussed that proves example was to, um,
get information leakage in the problem. We already I says, you know, we already had what we assumed we had on inventory asset inventory, and then we created at the business impact analysis, which you can find several courses here in cyber ready for business impact analysis and also for risk management as well.
So we created the risk that the business in back analysis and then we create, you know,
which we consider first, the in fact handed the probability which gave us again the risk. Ah, and with the risk, we decided to, for example, implements and Connor measures to reduce the risk. So we have to measure that condom measure, right? Remember that we have to measure ah,
capability and and maturity
for the processes and Solutions week we have. And you know, for example, in this case, we have two important metrics, which is K p I and Care I, for example, KP eyes keep performance indicators that again, and they give us an idea of what's happening. For example, how many times do I lose Internet
in a month, for example,
or how many times on electric surge happens, or how many times I get a ticket that I cannot close it in the 1st 5 days? For example? Those aren't things aren't happening right now and the k R I, which is key risk indicators. They're just attached to a risk we identify.
For example, we way say it Like, for example,
we had a 75% risk off. That's a leakage because, you know, we already again, I says the impact in the probability and we had the 75% result in risks just as an example. So we can actually attach that k a ride to to that number
and see how the number reduces after we put a condom measure
and, you know, continuously checking the care I because at the end, risk can change like the impact can change from one day to the other. Remember, with the famous wannacry run, some word got out and you know everyone Everyone was being, you know, infected And, you know,
it wasn't nobody's focus. It wasn't a zero day attack,
but, you know, that's the problem. And the day before that window seven waas. Okay, well, you can I can hear you screaming through through through through your computer. It wasn't okay, but, you know, it was some some some what? Okay, But after the wannacry incident, I mean the probability.
you know, a skyrocket, because at the end, they impact remained the same for the computers or for the service for whatever. But, you know, the probably changed. Ah, lot
s o the risk change. So you had a curious indicator attached to that To that risk, you will be able to see a changed in that measure. So at the business governments level, the balanced scorecard, health measured business performance.
Well, you know, key risking the caterer can help with risk monitoring
measurement. For example, at the comedy off sponsoring Organization CEO, it's all creates a system off internal controls for conformance. This is followed by the governance off enterprise. I t where frameworks such as covet exist
at the standards and good practices levels. Friend boards can be selected based on their ability ability to satisfy the stick the stakeholders needs.
Simply understanding these labels will not automatically select the right framework, since every enterprices Bali differently on inventory of appropriate solution must be conducted.
There are a few minutes we discuss in previous sessions. Are, you know, just for reference? Let me give you thio covered. Consider, to be important. First, a best practice is on Lee, as good as how well is adopt.
And the 2nd 1 is that framework are suggested, not prescriptive. And finally, there's no such thing as a single to silver bullet.
I mean, you cannot again. I mean, I've been telling you that rule entire course, whatever that works for, you will not work
for another business even if you play in there in the same business context. I mean, even if your company your competitors, for example, or your partners or whatever, even if your bank and there's another bank near to you, the implementation will not be the same. Therefore, it's not. It's not a surprise that
one of the top questions today regarding multiple framework is this.
Is there a frame where that will help me manage all of my friend works? The standards and with brass is our regulations. Well, they're the answer is actually simple. Yes, it's called Carpet. We have seen discussions through the entire course. Um, we have been discussing through Italian course. I'm sorry.
Call it. Assist our enterprises in achieving value
through the government and management enterprise. I t on the court of framework. You know, they're five principles. Six uncovered 1019 which are made Your imp. It'll how an enterprise Lex adopts on uses other frameworks. How does covet become
a framework to manage frameworks
from Mac From a holistic view? The carpet enablers will not only help identify which frame boards are appropriate, but can also says in that, reminding the level off adoption as well. One of the powerful features of carpet is that references other frameworks, having established coven
us Noah's flexible framework,
does it make sense to consider a standard? No. Doesn't make sense to consider it a standard as well as made specific regulatory need. This is what is happening in several countries around the world. I mean,
the results are amazing, and, you know, some countries are actually mandating
to be compliant would covet. Now this seems like a bit of a stretch because, you know,
complain with the 40 processes we saw in the previous domain and, you know, actually getting that, too, for temple level, tree off capability or maturity or level five even for the four it processes, that just
is, Ah, hard work and a lot of work. But, you know, the results are not supporting
now. You know, we will discuss that in the next lesson.
What those k p I and Care I stands for. Well, it stands for key performance indicator and key risk indicators
mentioned that remain. Divisions, divisions, incoming frameworks, eco system. Well, we have enterprise governance, you know, business goals, performance conformance JD PR sucks.
We have governance and I'm sorry, Enterprise. I t governance. And finally, we have frameworks, standards and good practice
in today's video. With this cost some key points to consider when implementing covered in your business
supplementary materials as always. I sacha carted 2019 framework introduction and methodology and the two cases studies. I mentioned it before.
Well, that's it for today, folks. I hope being jaded video and talk to you soon

Up Next


This COBIT 2019 training course will prepare students to successfully attain the COBIT 2019 certification. Students will learn to implement governance and management concepts within organizations to help minimize the gap between business and IT.

Instructed By

Instructor Profile Image
Alejandro Guinea
CERT Regional Director