cobit (control objectives for information and related...
TRANSCRIPT
![Page 1: CobiT (Control Objectives for Information and Related Technology)ayu_ws.staff.gunadarma.ac.id/.../files/69710/6.+COBIT.pdf · IT Risk Management Framework COBIT. Framework IT Manajemen](https://reader033.vdocuments.site/reader033/viewer/2022052409/60a1401c31b73c7d887ef7f6/html5/thumbnails/1.jpg)
COBIT
Jurusan Sistem Informasi
Fakultas Ilmu Komputer dan Teknologi Informasi
Universitas Gunadarma
Pertemuan 7
![Page 2: CobiT (Control Objectives for Information and Related Technology)ayu_ws.staff.gunadarma.ac.id/.../files/69710/6.+COBIT.pdf · IT Risk Management Framework COBIT. Framework IT Manajemen](https://reader033.vdocuments.site/reader033/viewer/2022052409/60a1401c31b73c7d887ef7f6/html5/thumbnails/2.jpg)
Pertemuan 7
Materi Perkuliahan :
COBIT (Control Objectives for Information and Related Technology)
Tujuan Pembelajaran :
1. Mahasiswa dapat memberikan gambaran Konsep audit TI denganmenerapkan COBIT
2. Mahasiswa memahami Konsep dan kerangka COBIT
3. Mahasiswa memahami dan menerapkan kobit dalam audit sisteminformasi
![Page 3: CobiT (Control Objectives for Information and Related Technology)ayu_ws.staff.gunadarma.ac.id/.../files/69710/6.+COBIT.pdf · IT Risk Management Framework COBIT. Framework IT Manajemen](https://reader033.vdocuments.site/reader033/viewer/2022052409/60a1401c31b73c7d887ef7f6/html5/thumbnails/3.jpg)
Cakupan Materi COBIT
Konsep, Visi dan Misi COBIT
Lingkup COBIT
Kerangka COBIT
Domain COBIT
![Page 4: CobiT (Control Objectives for Information and Related Technology)ayu_ws.staff.gunadarma.ac.id/.../files/69710/6.+COBIT.pdf · IT Risk Management Framework COBIT. Framework IT Manajemen](https://reader033.vdocuments.site/reader033/viewer/2022052409/60a1401c31b73c7d887ef7f6/html5/thumbnails/4.jpg)
ISACA (Information Systems Audit and
Control Association)
ISACA Organisasi dalam tata kelolateknologi informasi Audit IT dan
standar penjamin IT
ISACA Keamanan informasi Dasardari audit sistem informasi dan
pengendalian
![Page 5: CobiT (Control Objectives for Information and Related Technology)ayu_ws.staff.gunadarma.ac.id/.../files/69710/6.+COBIT.pdf · IT Risk Management Framework COBIT. Framework IT Manajemen](https://reader033.vdocuments.site/reader033/viewer/2022052409/60a1401c31b73c7d887ef7f6/html5/thumbnails/5.jpg)
COBIT (Control Objectives for Information and Related Technology)
COBIT dibuat oleh ISACA (Information Systems Audit and Control Association)
IT Governance Institute
COBIT berfokus pada audit, control and security issues
COBIT dirancang sebagai alatpenguasaan IT membantu
pemahaman dan manage resiko, manfaat dan evaluasi IT
![Page 6: CobiT (Control Objectives for Information and Related Technology)ayu_ws.staff.gunadarma.ac.id/.../files/69710/6.+COBIT.pdf · IT Risk Management Framework COBIT. Framework IT Manajemen](https://reader033.vdocuments.site/reader033/viewer/2022052409/60a1401c31b73c7d887ef7f6/html5/thumbnails/6.jpg)
Visi CobiT
Sebagai model daripenguasaan IT
Misi CobiT
Melakukan penelitian, pengembangan, publikasi danpromosi terhadap control objective dari teknologiinformasi yang secara umum diterima dilingkunganinternasional untuk pemakaian sehari-hari olehmanager dan auditor.
![Page 7: CobiT (Control Objectives for Information and Related Technology)ayu_ws.staff.gunadarma.ac.id/.../files/69710/6.+COBIT.pdf · IT Risk Management Framework COBIT. Framework IT Manajemen](https://reader033.vdocuments.site/reader033/viewer/2022052409/60a1401c31b73c7d887ef7f6/html5/thumbnails/7.jpg)
Lingkup CobiT (4 Domain dalam CobiT)
1. Planning & Organization2. Acquisition & Implementation3. Delivery & Support4. Monitoring
![Page 8: CobiT (Control Objectives for Information and Related Technology)ayu_ws.staff.gunadarma.ac.id/.../files/69710/6.+COBIT.pdf · IT Risk Management Framework COBIT. Framework IT Manajemen](https://reader033.vdocuments.site/reader033/viewer/2022052409/60a1401c31b73c7d887ef7f6/html5/thumbnails/8.jpg)
COBiT Frameworks
![Page 9: CobiT (Control Objectives for Information and Related Technology)ayu_ws.staff.gunadarma.ac.id/.../files/69710/6.+COBIT.pdf · IT Risk Management Framework COBIT. Framework IT Manajemen](https://reader033.vdocuments.site/reader033/viewer/2022052409/60a1401c31b73c7d887ef7f6/html5/thumbnails/9.jpg)
Pola Pikir
![Page 10: CobiT (Control Objectives for Information and Related Technology)ayu_ws.staff.gunadarma.ac.id/.../files/69710/6.+COBIT.pdf · IT Risk Management Framework COBIT. Framework IT Manajemen](https://reader033.vdocuments.site/reader033/viewer/2022052409/60a1401c31b73c7d887ef7f6/html5/thumbnails/10.jpg)
IT Risk Management Framework COBIT
![Page 11: CobiT (Control Objectives for Information and Related Technology)ayu_ws.staff.gunadarma.ac.id/.../files/69710/6.+COBIT.pdf · IT Risk Management Framework COBIT. Framework IT Manajemen](https://reader033.vdocuments.site/reader033/viewer/2022052409/60a1401c31b73c7d887ef7f6/html5/thumbnails/11.jpg)
Framework IT Manajemen Resiko
PenetapanObjektif
IdentifikasiResiko
PenilaianResiko
Proses untuk mengetahui resiko Sumber(manusia, proses dan teknologi, internal,
eksternal, bencana, ketidakpastia, kesempatan)
Proses untuk menilai seberapa besarresiko terjadi dan dampak dari resiko
Kriteria informasi dari COBIT dasar dalammengidentifikasi objektif TI. Kriteria informasi COBIT
(Effectiveness, Efficiency, Confidentiality, Integrity, Availability, Compliance dan Reliability)
![Page 12: CobiT (Control Objectives for Information and Related Technology)ayu_ws.staff.gunadarma.ac.id/.../files/69710/6.+COBIT.pdf · IT Risk Management Framework COBIT. Framework IT Manajemen](https://reader033.vdocuments.site/reader033/viewer/2022052409/60a1401c31b73c7d887ef7f6/html5/thumbnails/12.jpg)
Penilaian Resiko
Identifikasi Resiko
![Page 13: CobiT (Control Objectives for Information and Related Technology)ayu_ws.staff.gunadarma.ac.id/.../files/69710/6.+COBIT.pdf · IT Risk Management Framework COBIT. Framework IT Manajemen](https://reader033.vdocuments.site/reader033/viewer/2022052409/60a1401c31b73c7d887ef7f6/html5/thumbnails/13.jpg)
Framework IT Manajemen Resiko
ResponResiko
Monitor Resiko
Setiap langkah dimonitor untukmenjamin bahwa resiko dan respon
berjalan sepanjang waktu.
Menerapkan control objektif yang sesuai dalam melakukan manajemen
resiko 34 Control Objectives.
![Page 14: CobiT (Control Objectives for Information and Related Technology)ayu_ws.staff.gunadarma.ac.id/.../files/69710/6.+COBIT.pdf · IT Risk Management Framework COBIT. Framework IT Manajemen](https://reader033.vdocuments.site/reader033/viewer/2022052409/60a1401c31b73c7d887ef7f6/html5/thumbnails/14.jpg)
Control Domain Planning &
Organisation
Planning & Organisation
PO1 Define a strategic IT plan
PO2 Define the information architecture
PO3 Determine technological direction
PO4 Define the IT organization and relationships
PO5 Manage the IT investment
PO6 Communicate management aims and direction
PO7 Manage human resource
PO8 Ensure compliance with external requirements
PO9 Assess risks
PO10 Manage projects
PO11 Manage quality
![Page 15: CobiT (Control Objectives for Information and Related Technology)ayu_ws.staff.gunadarma.ac.id/.../files/69710/6.+COBIT.pdf · IT Risk Management Framework COBIT. Framework IT Manajemen](https://reader033.vdocuments.site/reader033/viewer/2022052409/60a1401c31b73c7d887ef7f6/html5/thumbnails/15.jpg)
Control Domain Acquisition &
Implementation
Acquisition & Implementation
AI1 Identify automated solutions
AI2 Acquire and maintain application software
AI3 Acquire and maintain technology infrastructure
AI4 Develop and maintain procedures
AI5 Install and accredit systems
AI6 Manage changes
![Page 16: CobiT (Control Objectives for Information and Related Technology)ayu_ws.staff.gunadarma.ac.id/.../files/69710/6.+COBIT.pdf · IT Risk Management Framework COBIT. Framework IT Manajemen](https://reader033.vdocuments.site/reader033/viewer/2022052409/60a1401c31b73c7d887ef7f6/html5/thumbnails/16.jpg)
Control Domain Delivery & SupportDelivery & Support DS1 Define and manage service levels
DS2 Manage third-party services
DS3 Manage performance and capacity
DS4 Ensure continuous service
DS5 Ensure system security
DS6 Identify and sllocate costs
DS7 Educate and rain users
DS8 Assists and advise customers
DS9 Manage the configuiration
DS10 Manage problems and incidents
DS11 Manage data
DS12 Manage facilities
DS13 Manage operations
![Page 17: CobiT (Control Objectives for Information and Related Technology)ayu_ws.staff.gunadarma.ac.id/.../files/69710/6.+COBIT.pdf · IT Risk Management Framework COBIT. Framework IT Manajemen](https://reader033.vdocuments.site/reader033/viewer/2022052409/60a1401c31b73c7d887ef7f6/html5/thumbnails/17.jpg)
Control Domain Monitoring
Monitoring M1 Monitor the processes
M2 Assess internal control adequacy
M3 Obtain independent assurance
M4 Provider for independent audit
![Page 18: CobiT (Control Objectives for Information and Related Technology)ayu_ws.staff.gunadarma.ac.id/.../files/69710/6.+COBIT.pdf · IT Risk Management Framework COBIT. Framework IT Manajemen](https://reader033.vdocuments.site/reader033/viewer/2022052409/60a1401c31b73c7d887ef7f6/html5/thumbnails/18.jpg)
CobiT Framework (Plan and Organise)
Topics :1. Strategi dan taktik2. Merencanakan visi3. Organisasi dan
infrastruktur
Questions :1. Apakah IT dan strategi bisnis
sudah ditetapkan ?2. Apakah perusahaan sudah
menggunakan secara maksimumsumber dayanya ?
3. Apakah semua orang di dalamorganisasi sudah memahamisasaran IT ?
4. Apakah resiko IT sudah dipahami& diatur ?
5. Apakah mutu system IT sudahsesuai dengan kebutuhan bisnis ?
![Page 19: CobiT (Control Objectives for Information and Related Technology)ayu_ws.staff.gunadarma.ac.id/.../files/69710/6.+COBIT.pdf · IT Risk Management Framework COBIT. Framework IT Manajemen](https://reader033.vdocuments.site/reader033/viewer/2022052409/60a1401c31b73c7d887ef7f6/html5/thumbnails/19.jpg)
CobiT Framework (Acquire and Implement)
Topics :1. IT solutions2. Perubahandan dan
PemeliharaanPemeliharaan
Questions :1. Apakah proyek baru dapat
dapat memberikan solusiterhadap kebutuhan bisnis?
2. Apakah proyek baru dapatselesai tepat waktu dan sesuaianggaran?
3. Apakah sistem kerja yg barubisa diterapkandgn dgn baik?
4. Apakah perubahan yg dibuattdk merepotkan kegiatan bisnisyg berjalan?
![Page 20: CobiT (Control Objectives for Information and Related Technology)ayu_ws.staff.gunadarma.ac.id/.../files/69710/6.+COBIT.pdf · IT Risk Management Framework COBIT. Framework IT Manajemen](https://reader033.vdocuments.site/reader033/viewer/2022052409/60a1401c31b73c7d887ef7f6/html5/thumbnails/20.jpg)
CobiT Framework (Deliver and Support )
Topics :1. Layanan pengantaran
& dukungan2. Dukungan proses
penyusunan
Questions :1. Apakah layanan IT yg
diberikan sesuai dgn prioritasbisnis ?
2. Apakah biaya IT dapatdioptimalkan?
3. Apakah pekerja mampumenggunakan sistem IT lebihproduktif dan aman ?
4. Apakah keamanan, integritas dan ketersediaansudah pada tempatnya?
![Page 21: CobiT (Control Objectives for Information and Related Technology)ayu_ws.staff.gunadarma.ac.id/.../files/69710/6.+COBIT.pdf · IT Risk Management Framework COBIT. Framework IT Manajemen](https://reader033.vdocuments.site/reader033/viewer/2022052409/60a1401c31b73c7d887ef7f6/html5/thumbnails/21.jpg)
CobiT Framework (Monitor and
Evaluate)
Topics :1. Penilaian over time,
jaminan pengiriman2. Sistem pengendalian
manajmen kesalahan3. Pengukuran pekerjaan
Questions :1. Dapatkan Dapatkah IT
mendeteksi suatupermasalahan sebelumsemuanya terlambat?
2. Apakah jaminan kemandirianyg diperlukan dpt memastikanbidang2 kritis bisa beroperasisesuai dgn yg diharapkan?
![Page 22: CobiT (Control Objectives for Information and Related Technology)ayu_ws.staff.gunadarma.ac.id/.../files/69710/6.+COBIT.pdf · IT Risk Management Framework COBIT. Framework IT Manajemen](https://reader033.vdocuments.site/reader033/viewer/2022052409/60a1401c31b73c7d887ef7f6/html5/thumbnails/22.jpg)
Skala Maturity Framework COBITMaturity Model Metode untukmengukur level pengembangan
manajemen proses untuk mengukurkapabilitas manajemen
Maturity Model digunakan untuk memetakan :1. Status pengelolaan TI perusahaan pada saat itu.2. Status standart industri dalam bidang TI saat ini (sebagai
pembanding)3. Status standart internasional dalam bidang TI saat ini
(sebagai pembanding)4. Strategi pengelolaan TI perusahaan (ekspetasi
perusahaan terhadap posisi pengelolaan TI perusahaan)
![Page 23: CobiT (Control Objectives for Information and Related Technology)ayu_ws.staff.gunadarma.ac.id/.../files/69710/6.+COBIT.pdf · IT Risk Management Framework COBIT. Framework IT Manajemen](https://reader033.vdocuments.site/reader033/viewer/2022052409/60a1401c31b73c7d887ef7f6/html5/thumbnails/23.jpg)
COBIT Maturity Model https://cobitindo.blogspot.com/
![Page 24: CobiT (Control Objectives for Information and Related Technology)ayu_ws.staff.gunadarma.ac.id/.../files/69710/6.+COBIT.pdf · IT Risk Management Framework COBIT. Framework IT Manajemen](https://reader033.vdocuments.site/reader033/viewer/2022052409/60a1401c31b73c7d887ef7f6/html5/thumbnails/24.jpg)
Tingkat Skala Maturity (6 Level)
• Level 0 (Non-existent) Perusahaan tidak mengetahuisama sekali proses teknologi informasi di perusahaannya.
• Level 1 (Initial Level) Organisasi tidak menyediakanlingkungan yang stabil untuk mengembangkan produkbaru.
• Level 2 (Repeatable Level) Kebijakan untuk mengaturpengembangan proyek dalam mengimplementasikankebijakan mulai diatur.
![Page 25: CobiT (Control Objectives for Information and Related Technology)ayu_ws.staff.gunadarma.ac.id/.../files/69710/6.+COBIT.pdf · IT Risk Management Framework COBIT. Framework IT Manajemen](https://reader033.vdocuments.site/reader033/viewer/2022052409/60a1401c31b73c7d887ef7f6/html5/thumbnails/25.jpg)
Tingkat Skala Maturity (6 Level)
• Level 3 (Defined Level) Proses standar dalampengembangan produk baru didokumentasikan didasaridengan produk yang diintegrasikan.
• Level 4 (Managed Level) Organisasi membuat matriksuatu produk, proses dan pengukuran hasil.
• Level 5 (Optimized Level) Seluruh organisasi difokuskanpada proses peningkatan secara terus-menerus.
![Page 26: CobiT (Control Objectives for Information and Related Technology)ayu_ws.staff.gunadarma.ac.id/.../files/69710/6.+COBIT.pdf · IT Risk Management Framework COBIT. Framework IT Manajemen](https://reader033.vdocuments.site/reader033/viewer/2022052409/60a1401c31b73c7d887ef7f6/html5/thumbnails/26.jpg)
34 Domain Proses COBIT, Skor dan
Tingkat Maturity
![Page 27: CobiT (Control Objectives for Information and Related Technology)ayu_ws.staff.gunadarma.ac.id/.../files/69710/6.+COBIT.pdf · IT Risk Management Framework COBIT. Framework IT Manajemen](https://reader033.vdocuments.site/reader033/viewer/2022052409/60a1401c31b73c7d887ef7f6/html5/thumbnails/27.jpg)
34 Domain Proses COBIT, Skor dan
Tingkat Maturity
![Page 28: CobiT (Control Objectives for Information and Related Technology)ayu_ws.staff.gunadarma.ac.id/.../files/69710/6.+COBIT.pdf · IT Risk Management Framework COBIT. Framework IT Manajemen](https://reader033.vdocuments.site/reader033/viewer/2022052409/60a1401c31b73c7d887ef7f6/html5/thumbnails/28.jpg)
34 Domain Proses COBIT, Skor dan
Tingkat Maturity
![Page 29: CobiT (Control Objectives for Information and Related Technology)ayu_ws.staff.gunadarma.ac.id/.../files/69710/6.+COBIT.pdf · IT Risk Management Framework COBIT. Framework IT Manajemen](https://reader033.vdocuments.site/reader033/viewer/2022052409/60a1401c31b73c7d887ef7f6/html5/thumbnails/29.jpg)
34 Domain Proses COBIT, Skor dan
Tingkat Maturity
![Page 30: CobiT (Control Objectives for Information and Related Technology)ayu_ws.staff.gunadarma.ac.id/.../files/69710/6.+COBIT.pdf · IT Risk Management Framework COBIT. Framework IT Manajemen](https://reader033.vdocuments.site/reader033/viewer/2022052409/60a1401c31b73c7d887ef7f6/html5/thumbnails/30.jpg)
Tugas Kelompok
Setiap kelompok terdiri dari 2 anggota
Tugas diprint out seperti membuat proposal dan dikumpulkan padaperkuliahan minggu 10
Tugas : (Sesuai pembagian tugas sebelumnya)
1. Analisis Kinerja Website E-Government
2. Analisis Kinerja Mesin Anjungan Tunai Mandiri (ATM)
Spesifikasi tugas :
1. Membuat pertanyaan terkait dengan analisis kinerja sistem yang diamati
2. Pertanyaan saling terkait antara 4 domain dan saling terhubung
3. Pertanyaan harus mengacu dengan 4 domain COBIT
4. Level masing-masing domain 0 sampai 5