Scribd Logo
Hochladen

Willkommen bei Scribd!

  • SYAHRAKI SYAHRIR Disruptive Tech. IT Governance COBIT SSM v1.1 2 PDF

    Hochgeladen von

    Agus Wijaya
    14 Ansichten29 Seiten

    Originaltitel

    SYAHRAKI-SYAHRIR-Disruptive-Tech.-IT-Governance-COBIT-SSM-v1.1-2.pdf

    Copyright

    © © All Rights Reserved

    Verfügbare Formate

    PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden

    Copyright:

    © All Rights Reserved
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    14 Ansichten29 Seiten

    SYAHRAKI SYAHRIR Disruptive Tech. IT Governance COBIT SSM v1.1 2 PDF

    Hochgeladen von

    Agus Wijaya

    Copyright:

    © All Rights Reserved
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 29

    RESPONSE TO DISRUPTIVE

    TECHNOLOGY:
    IT GOVERNANCE AWAKENS
    Syahraki Syahrir, SE Ak. CISA, CISM
    REQUIREMENTS FOR SURVIVING DISRUPTION WAVE

    IT GOVERNANCE AS ENABLER

    GUIDE TO EFFECTIVE IT GOVERNANCE

    Veda Praxis 2018


    REQUIREMENTS FOR SURVIVING DISRUPTION WAVE

    Veda Praxis 2018


    REQUIREMENTS FOR SURVIVING DISRUPTION WAVE

    BALANCING PRACTICING SECURITY MANAGING MORE


    INNOVATION WITH AWARENESS COMPLEX REGULATION
    RISK

    Veda Praxis 2018


    REQUIREMENTS FOR SURVIVING DISRUPTION WAVE

    BALANCING PRACTICING SECURITY MANAGING MORE


    INNOVATION WITH AWARENESS COMPLEX REGULATION
    RISK

    Veda Praxis 2018


    BALANCING INNOVATION WITH RISK

    NEW TECHNOLOGY

    PERFORMANCE
    HOW FAST NEW
    TECHNOLOGY OLD TECHNOLOGY
    REPLACE THE
    OLD?

    TIME

    Veda Praxis 2018


    BALANCING INNOVATION WITH RISK

    “understands
    Strong innovators
    that
    technological
    advances wait for no
    one – and the need to
    transform their
    innovation functions,
    as well as their
    broader organizations,
    for the digital world is
    urgent.

    BCG ANALYSIS

    Veda Praxis 2018


    Veda Praxis 2018
    REQUIREMENTS FOR SURVIVING DISRUPTION WAVE

    BALANCING PRACTICING SECURITY MANAGING MORE


    INNOVATION WITH AWARENESS COMPLEX REGULATION
    RISK

    Veda Praxis 2018


    PRACTICING AWARENESS

    MANY FACES OF FRAUD IN THE DIGITAL ERA:


    Internet
    Enabled
    CARD FRAUD Computing
    • Card present (stolen/skimmed)
    • Card not present (telephone/internet) Networked
    Systems
    ONLINE BANKING FRAUD
    Distributed
    INSIDER FRAUD Systems

    MONEY LAUNDERING Mainframes

    STOCK MARKET MANIPULATION 1960’s 1970’s 1980’s 1990’s

    Source: Securitystats.com, Karisable.com


    Veda Praxis 2018
    PRACTICING AWARENESS
    NUMBER OF CYBER ATTACKS TO COMPANY TYPES OF CYBER ATTACKS EXPERIENCED BY
    INCREASE BY 280% SINCE 2012 COMPANIES DURING 2017:

    98% MALWARE
    69% PHISHING & SOCIAL ENGINEERING
    67% WEB-BASED ATTACKS
    58% MALICIOUS CODE
    63% BOTNETS
    43% STOLEN DEVICES
    53% DENIAL OF SERVICES
    40% MALICIOUS INSIDERS
    27% RANSOMWARE

    3 SUCCESSFUL ATTACKS
    EXPERIENCED BY
    COMPANY EACH WEEK
    Veda Praxis 2018
    PRACTICING AWARENESS
    PRIMARY CONSEQUENCES FOR CYBER
    ATTACKS:
    3%
    Equipment damages

    21% 33%
    Revenue loss
    Business disruption
    (diminished employee
    productivity, business
    process failure)

    43%
    Information loss

    Source: Accenture, 2017


    Veda Praxis 2018
    REQUIREMENTS FOR SURVIVING DISRUPTION WAVE

    BALANCING PRACTICING SECURITY MANAGING MORE


    INNOVATION WITH AWARENESS COMPLEX REGULATION
    RISK

    Veda Praxis 2018


    MANAGING MORE COMPLEX REGULATION

    BEST PRACTICES RISK MANAGEMENT OTHER GOVERNMENT


    RELATED TO IT USAGE IN POLICIES/PROGRAMS
    FINANCIAL SECTOR (REFERENCES)

    • SNI ISO 31000: Risk • PBI & POJK Anti Money • National Payment
    Management Laundering Gateway
    • SNI ISO 27001: IT Security • POJK Risk Management • G20 Digital Economy
    Management System • PBI & POJK Financial Ministeral Declaration
    • SNI ISO 37001: Anti-Bribery Technology • Indonesia e-Commerce
    Management System • PBI E-Money Roadmap
    • COSO Enterprise Risk • PBI Remittance • Palapa Ring Project
    Management (ERM) • 1 Juta Domain Indonesia
    Go Online
    • 1000 Startup Digital

    Veda Praxis 2018


    REQUIREMENTS FOR SURVIVING DISRUPTION WAVE

    IT GOVERNANCE AS AN ENABLER

    GUIDE TO EFFECTIVE IT GOVERNANCE

    Veda Praxis 2018


    IT GOVERNANCE AS AN ENABLER

    Veda Praxis 2018


    HIGH STANDARDS OF CORPORATE GOVERNANCE ARE CRUCIAL TO
    THE VALUE OF COMPANIES, ESPECIALLY IN EMERGING MARKETS

    Veda Praxis 2018


    GCG IMPLEMENTATION IN INDONESIA
    BUMN Tbk. PRIVATE SECTOR

    BANK Tbk. INSURANCE

    Source: Majalah Economic Review Indonesia Good Corporate Governance Award 2017
    Veda Praxis 2018
    GCG IMPLEMENTATION IN INDONESIA

    IT GOVERNANCE HAS IMPROTANT ROLES!

    IT Governance practices provide:


    • Guardrails to guide innovation & change process
    (controls)
    • Risk management
    • Continuous monitoring

    Covering the specific needs of the new digital paradigm:


    • Interconnected systems
    • Velocity of processing
    • Unprecedented volume of data

    Veda Praxis 2018


    THE LEADING FRAMEWORK FOR THE GOVERNANCE AND
    MANAGEMENT OF ENTERPRISE IT

    RELEASED ON DECEMBER 2012

    CONTAINS A TOTAL OF 5 DOMAINS AND 37 PROCESSES

    Veda Praxis 2018


    COBIT 5 PROCESSES

    Source: ISACA
    Veda Praxis 2018
    Source: ISACA
    Veda Praxis 2018
    REQUIREMENTS MAPPING

    BALANCING INNOVATION PRACTICING SECURITY MANAGING MORE COMPLEX


    WITH RISK AWARENESS REGULATION

    APO04 MEA03 MEA03


    MANAGE INNOVATION MANAGE SECURITY SERVICES MONITOR, EVALUATE, AND
    ASSESS COMPLIANCE WITH
    APO12 EXTERNAL REQUIREMENTS
    MANAGE RISK

    Veda Praxis 2018


    BENEFITS FROM IMPLEMENTING IT GOVERNANCE

    EFFECTIVE IT GOVERNANCE IS THE SINGLE MOST IMPORTANT PREDICTOR OF


    THE VALUE AN ORGANIZATION GENERATES FROM IT

    Returns on IT investment
    generated by enterprises
    performing effective IT
    governance:

    40% HIGHER THAN THEIR


    COMPETITOR

    Source: Harvard Business Review


    Veda Praxis 2018
    BENEFITS FROM IMPLEMENTING IT GOVERNANCE

    CEOs RECOGNIZED THAT “IT GOVERNANCE OR SOME FORM


    80% THEREOF IS REQUIRED” TO RESOLVE “IT ISSUES”.

    57% CEOs LOOKED TO IT GOVERNANCE TO ALIGN STRATEGY.

    53% CEOs LOOKED TO IT GOVERNANCE TO MANAGE IT RISKS.

    Source: CIO Research Reports 2012


    Veda Praxis 2018
    REQUIREMENTS FOR SURVIVING DISRUPTION WAVE

    IT GOVERNANCE AS AN ENABLER

    GUIDE TO EFFECTIVE IT GOVERNANCE

    Veda Praxis 2018


    GUIDE TO EFFECTIVE IT GOVERNANCE

    Veda Praxis 2018


    RECOMMENDATIONS

    KEY TAKE-AWAY:
    • IT Governance should “Best Fit” to Organization’s needs.

    • IT Governance is part of Enterprise Governance

    • Top-performing companies govern differently from other companies.

    • Key mechanism include:


    o Executives committees for monitoring and decision making
    o The “Three Lines of Defense” & risk management
    o Enterprise-wide IT investment decision processes for innovation
    o Formal Post Implementation Review of innovation and IT-related
    project
    Veda Praxis 2018
    MAY THE FORCE BE WITH YOU

    AD Premier, 8th floor


    TB Simatupang No 05
    Pasar Minggu, Jakarta 12540

    info@vedapraxis.com @veda_praxis

    Das könnte Ihnen auch gefallen