Evaluation of controls.
Neither provides an implementation blueprint or recipe book.
To obtain the most granular or atomic data possible.
A set of best practices for implementing and maintaining information security programs, with ISO/IEC 27001 being a well-known standard for Information Security Management Systems.
A large relational database.
ITIL provides a detailed framework for achieving successful operational service management of IT, including business value delivery.
The types of transactions in which the organization engages.
Extract, Transform, Load.
To provide guiding principles for effective, efficient, and acceptable use of IT within organizations.
It offers anytime access to organized data, helping to discover inefficiencies, strengths, weaknesses, and new opportunities.
Rules and/or statements developed by an organization to protect its Information and related Technology.
A broad field of IT that encompasses the collection and analysis of information to assist decision making and assess organizational performance.
Policies.
Process performance and information security policy compliance.
The goals and principles of information security in line with the business strategy/objectives.
Context diagrams.
Metadata.
Data access layer.
ITSM best practices.
Guidance to devise solutions appropriate to their unique situations.
Increasing size and complexity of organizations, legal requirements, and the pursuit of competitive advantage.
The need to dig through complex webs of linked spreadsheets and analyze data manually.
Governance and management of IT services.
Business needs, local circumstances, and the service provider’s maturity.
Responsible for its discharge through the executive management and the organization and resources under his/her charge.
Process cost, efficiency and quality, customer satisfaction, customer profitability, achievement of key performance indicators, and risk management.
Technologies and strategies for data analysis.
For its continuing suitability & adequacy, and effectiveness.
They are most accountable and responsible.
Risk Management.
Overall objectives, scope, and the importance of security as an enabling mechanism for information sharing.
Periodically.
Organizing and storing data for analysis.
Assessing opportunities for improvement and managing information security in response to changes.
ISO 20000 is broadly aligned with and draws strongly on ITIL.
Data entities and how they relate to each other.
Help ensure effectiveness and reliability of services and frameworks.
IT governance.
It supports auditing and evaluation of IT activities in a rigorous, objective, and repeatable way.
It enables running analytical reports on customer information to understand loyalty, purchasing habits, and preferences.
They should understand policies as part of the audit scope and test for compliance.
Manage IT investments, improve organizational performance, enhance project governance, minimize IT risks, and assure greater project success rates.
A safer workplace and enhanced compliance through a universal set of guidelines on risk management.
To ensure consistency and clarity in business rules and metrics.
To understand the business purpose and mitigate risks of suboptimal data configurations.
Increasing size and complexity of organizations, legal requirements, and pursuit of competitive advantage.
Clarification of policies and regulations.
It has been adopted by many organizations seeking to improve their IT services.
"Information resources shall be controlled in a manner that effectively prevents unauthorized access."
To facilitate easier data processing and transformation using ETL tools.
It provides guidelines and a common approach to risk management for organizations.
It specifies service management aligned with ITIL’s framework, including requirements for service management improvement and guidance for application.
They are complementary frameworks; COBIT describes what should be done, while ITIL describes how to do it.
Certified Information Systems Auditor.
ISO 31000:201.
Business Intelligence.
BI is about delivering relevant and reliable information to the right people at the right time to achieve better decisions faster.
Enterprise data flow architecture (EDFA), logical data architecture, and a business or per department structure.
A process-based maturity model for Information Security Management that helps assess the operating environment and align security management activities with business objectives.
To outline the major processes of the organization and the external parties with which the business interacts.
An owner who has approved management responsibility for its development, review, and evaluation.
It is the international standard for IT service management (ITSM) that aligns ITSM processes with business needs and best practices.
An enterprise perspective, addressing IT-related issues beyond just IT professionals.
Standards that service management processes should aim for.
To ensure they remain relevant and align with regular changes in IT focus and environment.
To the Board of Directors (BOD).
An international IT service management standard.
The topmost layer where end users directly deal with information using tools like spreadsheets and reporting applications.
The lowest layer that includes sources of information such as operational data, external data, and nonoperational data.
A central repository for storing and managing data that supports BI activities.
To copy, transform data into DW format, and ensure quality control.
Connects the data storage and quality layer with data stores in the data source layer.
Data about data, such as file name, size, creation date, and permissions.
Independently audited certification.
It becomes difficult to identify controls and ensure their operations.
To ensure effectiveness and reliability of products and services.
When significant changes to the enterprise, operations, or security-related risk occur.
Compliance with legislative, regulatory, and contractual requirements.
Clarification of policies, dependencies, suggestions, examples, narrative clarifications, background information, and tools.
To extract information from a data set and transform it into an understandable structure for use.
Decisions related to improvement in alignment of information security with business objectives.
To build it in stages and establish a business/IT advisory team.
Different parts of organizations deal with different transaction sets, customers, and products.
A business/IT advisory team that recommends investment priorities.
Procedures.
To demonstrate that organizations are following best practices.
They should know the procedures thoroughly to ensure effectiveness.
A collection of data from various data sources of an organization, such as sales, inventory, and marketing.
To assess and improve information security management.
At planned intervals (usually annually) or when significant changes occur.
Clean data with a specific and standard structure.
Subsets of information from the core DW, organized to meet specific business needs.
They are essential for navigating fast-moving environments effectively.
Transports information between various layers and manages control messages.
IS auditors review procedures to identify, evaluate, and test controls over IT processes.
To ensure fair representation.
ISO/IEC 27001 and 27002.
COBIT is developed by ISACA to support EGIT by ensuring IT is aligned with the business, enables the business, maximizes benefits, uses resources responsibly, and manages IT risk appropriately.
Performance management, analytics, predictive modeling, and data mining.
Presentation/Desktop Access Layer.
Guiding principles for governing bodies on the effective, efficient, and acceptable use of IT within an organization.
To maximize the value obtained from BI initiatives and ensure proper investment and prioritization.
It should never exceed the benefit.
To schedule tasks necessary to build and maintain the DW and data mart layers.
ISACA.
EGIT frameworks.
To state management’s commitment and outline the organization’s approach to managing information security.
Identify and report these policies for improvement.
Organizations need to design and implement a data architecture to effectively deliver BI.
A framework for setting control objectives and controls, including risk assessment and management.
To capture and organize data of interest for reporting and analysis.
The level of control and productivity/effectiveness.
It must be approved by senior management and communicated to all employees.
Classifications, levels of control, and responsibilities of all potential users regarding information.
A benchmark or reference point for evaluating performance/compliance.
To provide comprehensive information about data as it flows between various layers.
To describe permissions for the usage of IT resources including hardware, software, and networks.
Regularly, to ensure its continuing suitability, adequacy, and effectiveness.
A technology steering committee comprised of senior management.
Basis of policy definition, appropriateness, contents, and exceptions to the policies.
Facilitates basic data communication and browser-based user interfaces.
Data about data, which helps analyze and identify what data is in the warehouse and where it is stored.
Consolidation/Roll-up, Drill-down, and Slicing & Dicing.
Feedback from interested parties, results of independent reviews, and status of preventive actions.
IT exists to support the business, with advice primarily relating to internal IT matters.
They should be clear, concise, and derived from the parent policy.
They must sign off to comply with the policy at the time of hiring or contracting and regularly thereafter.
They apply to individual divisions and departments and must be consistent with corporate policies.
The processes and the embedded controls.
A mandatory requirement, code of practice, or specification approved by a recognized external standards organization.
Protect the integrity of their information assets and deliver value to stakeholders.
They must be identified and reported for improvement.
