Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
Already have an account? Sign In »
3 hours 43 minutes
Let's continue with phase is four through seven.
In this video, we're going to talk about Face four, face five, face six and face seven of the implementation approach
Face for addresses. What needs to be done for an enterprise to realize its I T governance goals.
Face four will focus on planning and feasible and practical solutions to the enterprise, governance and management goals.
If the organization wants to manage security, then feasible and practical solutions will be assessed and planned accordingly.
For example, creating a security aware work culture, maybe a practical solution that could be planned through mandatory training and awareness programs.
In this phase, projects should be defined and supported by business cases.
Ah well developed business case can ensure that benefits are identified and monitored and that there's executive buy in
face. Four will also consist of a change plan for implementation.
Face five will focus on how to get the enterprise to its target.
In this phase, proposed solutions should be implemented into day to day practices.
Let's continue with the example of managing security within an enterprise.
The solution of training and awareness programs should be implemented into daily practices such as training and weekly email alerts of new types of phishing attempts
face. Five should also establish measures and monitoring systems
ensure that performance can be measured in some way.
We discussed this and performance management, but there needs to be a measure to see how well the enterprises performing in accordance with its governance and management objectives.
These measures and monitoring systems will ensure that business alignment is achieved.
All in all, co bit dictates that success requires multiple factors.
Engagement at all levels of the company, awareness and communication of the implemented governance program. Senior leadership by in
if in order to have appropriate communication and time and resource is and ownership of business and I t process owners are essential
ownership of I T process owners and business owners will ensure that there's accountability and responsibility of the I T governance program and that it's being perpetuated or trickled down throughout the enterprise and not just staying at the top level.
Phase six is focused on whether or not the enterprise got to where they wanted to be.
This can be done through monitoring achievement of the improvements, using performance metrics and expected benefits of the ICTY governance program
in this phase focus on the sustainable transition of improved governance and management practices into normal business operations.
You want to make sure that it's transitioned weld and becomes a pillar rather than a short term deal.
If it is only a short term change, he waste a lot of time. And Resource is designing and implementing a program that doesn't have lasting benefits.
For example, if you want to manage security within an enterprise,
focus on sustainability of a continued security aware work culture instead of a one time training deal that users will forget and or will not be kept up with. And it won't be up to date with the latest security vulnerabilities that affect them.
Finally, and Face seven were focused on keeping the momentum going.
Review the successes of the program and identify any further governance and management requirements.
This will reinforce the need for continual improvement to keep up to date with security risks.
It also prioritizes further improvements to the governance system.
The cyber landscape continually changes along with security threats that organizations face.
Thus it's essential that improvements are continually put into motion to keep up with the current environment, the organization does business in
this will ensure that your I T governance program remains up to date appropriate and useful, and it changes with your organization for effective governance and management of I T. Resource is
Is Kobe it meant to be implemented and then self run? Or do you have to set up a process for continual improvement?
It's meant for continual improvement and to be revisited on a regular, an ongoing basis.
So in this video we talked about the remaining four phases of Kobe, its implementation approach.