Example Success Story

00:01

Let's talk about an example success story of implementing co bit

00:06

in this video. We're going to talk about an example of example of Kobe being successfully implemented and the realized benefits of implementing this framework.

00:17

So let's start with this example.

00:19

An Australian I T consulting firm that works with health care, utility and large government sectors faced a heavily regulated environment.

00:28

That's a lot of laws and compliance obligations if we're talking about health care, utility and governmental sectors.

00:37

Previously, this firm utilized ISO 27,001 exclusively, which is more of a binary implementation, meaning you either comply or you don't.

00:47

It's also not as business focused, which created gaps in the technical application of the standard.

00:56

Thus the company faced a challenge.

00:59

How could they adopt both Eitel and is a 27,001 which are seemingly competing standards

01:06

cope. It gave this I T firm a solution.

01:10

This framework allowed the company to address the current state of I T governance.

01:14

This framework created a measuring stick, or criteria which the company could compare and evaluate its current state.

01:22

From there cope, it was used as a wrapper or container to coordinate the implementation of these different standards.

01:32

As cop, it was able to coordinate the implementation of both Eitel and is a 27,001 this Australian firm realize some benefits about Kobe. It

01:42

Kobe is a top down approach that is both detailed and can be aligned with the risk appetite of the business.

01:48

We've mentioned how Kobe addresses I t risk,

01:51

but it can be aligned and tailored to the risk appetite of the business.

01:56

How much risk is the business willing to take on

01:59

in this case? Probably not much. Given the heavily regulated industries in which this firm operated,

02:05

thus cope, it could be customized to orient the business into a more acceptable risk stance.

02:10

Kobe is business focused, making it a practical form of I t governance.

02:15

It aligns policy to more detailed controls and aligns the cost of controls to the perceived risk.

02:23

Let's talk about what that means. If the perceived risk of a certain system that houses sensitive information is high,

02:30

the cost of controls may be hired to protect that data.

02:35

Alternatively, if you've spent a lot of money on controls to protect information that the business does not need or is relevant. Um, that's a huge waste.

02:44

Thus cope. It can be implemented to align the cost of controls to the appropriate risk level so that you're not under spending and under protecting or overspending and over protecting.

02:57

As we've said a few times before, Kobe is broad and comprehensive, which is a huge benefit.