Risico’s van een gevirtualiseerde IT-omgeving

More documents

Recommendations

Info

Risico’s van een gevirtualiseerde IT-omgeving Possen & Ulrich----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------DomeinProcessnummerProcesEffectivenessEfficiencyKwaliteitsaspectenConfidentialityIntegrityAvailibilityComplianceReliabilityAcquire andImplementAI6 Manage changes P P P P SAcquire andImplementAI7 Install and accredit solutions and changes P S S SDeliver and Support DS1 Define and manage service levels P P S S S S SDeliver and Support DS2 Manage third-party services P P S S S S SDeliver and Support DS3 Manage performance and capacity P P SDeliver and Support DS4 Ensure continuous service P S PDeliver and Support DS5 Ensure systems security P P S S SDeliver and Support DS6 Identify and allocate costs P PDeliver and Support DS7 Educate and train users P SDeliver and Support DS8 Manage service desk and incidents P PDeliver and Support DS9 Manage the configuration S SDeliver and Support DS10 Manage problems P P SDeliver and Support DS11 Manage data P PDeliver and Support DS12 Manage the physical environment P PDeliver and Support DS13 Manage operations P P S SMonitor and Evaluate ME1 Monitor and evaluate IT performance P P S S S S SMonitor and Evaluate ME2 Monitor and evaluate internal control P P S S S S SMonitor and Evaluate ME3 Ensure compliance with external requirements P SMonitor and Evaluate ME4 Provide IT governance P P S S S S S----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Pagina 112
Risico’s van een gevirtualiseerde IT-omgeving Possen & Ulrich----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Bijlage 3 Geselecteerde CobiTprocessen en beheersmaatregelenOnderstaande tabel toont de binnen deze scriptie geselecteerde CobiT-processen en geeft een overzicht van de binnen CobiT gedefinieerde “Controlobjectives”.ProcessnumberPO02PO02PO02PO02PO09PO09ProcessDefine theinformationarchitectureDefine theinformationarchitectureDefine theinformationarchitectureDefine theinformationarchitectureAssess and manageIT risksAssess and manageIT risksControlobjectivenumberPO2.1PO2.2Control objectiveEnterprise InformationArchitecture ModelEnterprise Data Dictionary andData Syntax RulesControl objective descriptionEstablish and maintain an enterprise information model to enable applicationsdevelopment and decision-supporting activities, consistent with IT plans asdescribed in PO1. The model should facilitate the optimal creation, use andsharing of information by the business in a way that maintains integrity and isflexible, functional, cost-effective, timely, secure and resilient to failure.Maintain an enterprise data dictionary that incorporates the organisation’sdata syntax rules. This dictionary should enable the sharing of data elementsamongst applications and systems, promote a common understanding of dataamongst IT and business users, and prevent incompatible data elements frombeing created.PO2.3 Data Classification Scheme Establish a classification scheme that applies throughout the enterprise, basedon the criticality and sensitivity (e.g., public, confidential, top secret) ofenterprise data. This scheme should include details about data ownership;definition of appropriate security levels and protection controls; and a briefdescription of data retention and destruction requirements, criticality andsensitivity. It should be used as the basis for applying controls such as accesscontrols, archiving or encryption.PO2.4 Integrity Management Define and implement procedures to ensure the integrity and consistency ofall data stored in electronic form, such as databases, data warehouses and dataarchives.PO9.1IT Risk ManagementFrameworkEstablish an IT risk management framework that is aligned to theorganisation’s (enterprise’s) risk management framework.PO9.2 Establishment of Risk Context Establish the context in which the risk assessment framework is applied toensure appropriate outcomes. This should include determining the internaland external context of each risk assessment, the goal of the assessment, andthe criteria against which risks are evaluated.----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Pagina 113
Page 1:
Risico’s van een gevirtualiseerde
Page 4 and 5:
Possen & UlrichRisico’s van een g
Page 6 and 7:
Page 8 and 9:
Page 10 and 11:
Page 12 and 13:
Page 14 and 15:
Page 16 and 17:
Page 18 and 19:
Page 20 and 21:
Page 22 and 23:
Page 24 and 25:
Page 26 and 27:
Page 28 and 29:
Page 30 and 31:
Page 32 and 33:
Page 34 and 35:
Page 36 and 37:
Page 38 and 39:
Page 40 and 41:
Page 42 and 43:
Page 44 and 45:
Page 46 and 47:
Page 48 and 49:
Page 50 and 51:
Page 52 and 53:
Page 54 and 55:
Page 56 and 57:
Page 58 and 59:
Page 60 and 61:
Page 62 and 63:
Page 64 and 65: Possen & UlrichRisico’s van een g
Page 84 and 85: Risico’s van een gevirtualiseerde
Page 128: Possen & UlrichRisico’s van een g
show all

Risico’s van een gevirtualiseerde IT-omgeving

Create successful ePaper yourself

Delete template?

Save as template?