4 hours 7 minutes

Video Transcription

Hello, everybody. Welcome to lessen 7.4
findings. My name is on Leandro gonna salvage instructor for today's lesson
In this video, you will identify and understand through a case of study some key points to consider when implementing covet in your business,
as we discussed in previous sessions for the standards standards at being practices, Simon frameworks can be selected based on their ability to satisfy the stakeholders needs. However, simply understanding the levels will not automatically select the right frameworks.
Since every enterprise sees biloute differently
on inventory off appropriate solutions must be conduct.
Let's check a really well known example off a successful carpet implementation, which is the central bank off German a k C B J.
The law establishing that Stevie A stipulates that the object IBS of the Central Bank Shelby it maintained monetary stability in the kingdom on promote the sustained growth off the kingdom's economy in accordance with the general economic policy off the Government
City J. Saul was a work of the international standards and frameworks. You know that can be a benefit to the financial sector in Jordan on continually encouraged the Jordanian banks to be on top of every new opportunity to create competitive advantage in the region.
Not really that C. V. A. Has issued many regulations in the past in a couple of years for four different financial sector in the Jordan to comply with including, for example, PC iced Unger's carpet framework cyber security framework on recently
asking that you're dining banks toe for a plan to comply with J. D. P. R.
This makes the city gate one of the pioneers and unique rivulet regulatory bodies in the region who is playing a significant role in enhancing the financial sector.
The requirements for Jordanian banks at fears Bland's appears very aggressive. However, once you know
everyone wasn't bored, the results have bean outstanding. You like to see you know the glass helpful because at the end,
complaint being complained woodcarving without necessarily understanding the context and the business goals and everything, as I told you in previous lessons, even even when you're
plane in the same field as other competitors, for example, your bank, which is you know, example in this except lesson. But you know, that doesn't mean that you will have the same exact goals or this jewel want to go to use the same exact process as the other back. So yeah,
one requirement for TV A The West created much of activities that banks are required to implement. All 40 processes off the carpet framework targeting a specific capability. Levels this process are required to chief a capability level tree within the first
Tony Tony months off the publication. You know the regulation that you know c v a exposed on achieve capably level five within three years of the publication of the regulation. This means a lot of work.
In addition to the requirement to mid specific
process capability levels. The following additional requirements are numbered.
Used the 17 enterprise goals and 17 i t related goals as per the carpet framework to create the goals, cascaded dr Enablers
have a minimum set of policies for the government's framework. Have a minimum instead of reports for the government's framework. Established and maintained the infrastructure that supports the government's framework. Adopt the necessary mattresses off competences on policies off human resource
management to achieve the requirements
off heat and to ensure that the appropriate human resources are in place.
Adopt the court of conduct that reflects professional behavior related to the management of information if it's related to technology, uh, clearly find the decider Behavioral Rules and Consequences
addition into additionally, to all of this, as this wasn't enough, the CVS is required all bags to establish to comedy's for the governance and management, off information and related technology. Is the comedy off governments of information on that direct
directive steering committee off I. T.
All of this suggests that a big challenge as carpet is dictated as I a standard rather than I suggested framework. As I told you before, when you see that's a framework, it is flexible enough to adapt to your business goals in this case, implementing the 40 processes,
uh, level tree and 11 5 within the 1st 3 years.
Three years? I'm sorry. Uh, it's kind of a big challenge.
Assumption made by the city Gate was their organizations operator similar in similar environments, resources on levels off complexity, which added a few challenges again. That's
can I not true because, uh,
even if you're playing the same feel again with other banks and maybe your incoming commerce, and you have other e commerce competitors that that covet application will not be the same
in addition to the coverage requirements the central bank has to eat, the central bank has issued many other regulations around the cloud computing cybersecurity, and recently it does the adoption of J. D. P. R.
However, understanding that carpet framework can be leveraged to be, yeah, leverage as an over reaching governance and management model for the enterprise. I t. I love these requirements can be aligned on the one program to avoid, you know, redundancy.
So these aggressive time love time line of meeting the requirement capabilities levels have bean,
you know, challenge a really big challenge to the Jordanian bags
foreign marred by not by not allowing the flexibility of choosing the goals and process is based on the stakeholders needs again.
This for me, this is kind of a big challenge just blindly saying that you have to comply with the 40 card process is off, you know, getting ah
to level five off the capability. And that seems a little harsh to me. And I have been, you know, I see the benefits because, you know, at the end of more, the more mature are your process. Are your your business? It will be better. But you know, that means a lot of money. Ah, lot off work
is like saying that you will reduce all the risk that you find
some some risk that doesn't represent a big
challenge to you or, you know, they fall under the risk appetite of the business. You will not, you know, waste money, trying to reduce them. So this is kind of the same thing. It's like me saying to you, Okay, you conduct your risk analysis and you find, like, I don't know, for the risk.
Now, which of them 20 are high priority.
But right now, I don't care. You just have to reduce all of them. That implies a lot of money and a lot of work.
So ah, following example with cell before for for the lab, that's linked. Linkage? Um, we saw were first created the business impact analysis by having the assets at his assets inventory. And then we created we had
the probability off those impacts being, you know, successfully
breached on. We have the risk. Then we have that keep K p I. To keep performance indicators in the key risk indicators, which, as I told you before, key performance indicators was that, you know, I'm kind of at the day today
metrics and the cure is indicators waas
attached to one wrist specifically And after that, we can see that we will be able to see all the risk for the business. And, you know, the ones that fall under uh does involve under the risk appetite we need to mitigate.
Now for that, we can, you know, try to meet a ***. We can avoid
the risk for like, for example, if the risk waas associated to our web page, for example, you could say, you know what? Close it down. I don't want t to other ties with a Web page. I will do it all fashion or whatever that means a boy in the risk we can transfer it
we can and try to buy on cyber security insurance
to see, you know, if something happens that the insurance will have to pay for everything are we can, you know, mitigated. We can't like Kana measures. I think this case we can, you know, apply maybe deal, piece that the league or that the loss prevention
solutions we can, you know, apply firewalls or whatever. I PS where the solution is to reduce the risk. We can apply it right now
what the city J stands for Well, civilians stands for central back off Jordan which was the one the guilty one off forcing all the Jordanian banks to be complained with all the four recovered processes level tree
ah in level five within the 1st 3 years.
What does the C B. J Law stipulates? Well, I kind of a sport like that for you, but you know, it stipulates specifically in quoting the operatives of the central bank, Shot shall be to maintain monetary stability in the kingdom and to promote the sustained growth of the kingdom's economy
in accordance with the general economic policy
of the government.
In a video with this car Some key points to consider when implementing courage in your business
supplementary materials in this case specifically the 2nd 1 leveraging carpet five Mr Digital Information System planning a case study for the Nigerian pharmaceutical industry and thorough in ah case start implementing colored five by Mark Thomas.
Well, that's it for today, folks. I hope you get the video and talk to you soon

Up Next


This COBIT 2019 training course will prepare students to successfully attain the COBIT 2019 certification. Students will learn to implement governance and management concepts within organizations to help minimize the gap between business and IT.

Instructed By

Instructor Profile Image
Alejandro Guinea
CERT Regional Director