IT Compliance PBI, COBIT, ISO27001
Berikut ini adalah salah satu Guidance mengenai IT AUDIT, yaitu Mapping antara PBI 9/15/2007, COBIT dan ISO27001,
Selain itu ada guidance ITIL dan SDLC yang juga menjadi guidance utama standar pengelolaan IT.
| No | PBI 09/15/2007 | Area | COBIT | Area | ISO27001 | |
| 1 | Management | IT Management | A.5 | Security policy | ||
| IT Strategic Plan | P01 | Define a Strategic IT Plan | ||||
| IT Organization | P07 | Manage IT Human Resources | A.6 | Organization of information security | ||
| Personnel Control | A.8 | Human resources security | ||||
| Project Management | P05 | Manage the IT Investment | ||||
| Management Information System | ||||||
| IT Risk Awareness Program | P09 | Assess and Manage IT Risks | ||||
| Risk Monitoring & Measurement | ||||||
| 2 | System Dev & Acquisition | Project Management | P10 | Manage Projects | A.12 | IS Acquisition, Development & Maintenance |
| Program Change Management | A06 | Manage Changes | ||||
| Application Development Risk Management | A02 | Acquire and Maintain Application Software | ||||
| Acquisition, Procurement & Outsourcing | A05 | Procure IT Resources | ||||
| 3 | IT Operational Activities | Data Center Operational | A04 | Enable Operation and Use | ||
| Capacity Planning | DS03 | Manage Performance and Capacity | ||||
| Hardware & Software Configuration | DS09 | Manage the Configuration | ||||
| Problem & Incident Management | DS08 | Manage Service Desk and Incidents | A.13 | Information Security Incident Mgmt | ||
| Datawarehouse Management | ||||||
| Library Function | ||||||
| QA Function | P08 | Manage Quality | ||||
| Third Party Relationship | DS01 | Define and Manage Service Levels | ||||
| Disposal Management | ||||||
| IT Operation Risk Management | DS13 | Manage Operations | ||||
| 4 | Communication Network | Network Management | A.10 | Communications & Operations Mgmt | ||
| Network Access Control | A.11 | Access control | ||||
| Backup & Recovery | ||||||
| 5 | Information Security | Aset Management | DS05 | Ensure Systems Security | A.7 | Asset management |
| Human Resources Management | ||||||
| Physical & Environment Security | DS12 | Manage Physical Environment | A.9 | Physical and environmental security | ||
| Logical Security | ||||||
| 6 | Business Continuity Plan | Active Management Monitoring | DS04 | Ensure Continuous Service | A.14 | Business Continuity Management |
| Business Impact Analysis | ||||||
| 7 | End User Computing | EUC Policies and Procedures | ||||
| EUC Risk Management | ||||||
| 8 | Electronic Banking | Risk Management of E-banking | ||||
| Reporting of Plan & Realization | ||||||
| 9 | IT Internal Audit | IT Audit Referrence | M02 | Monitor and Evaluate Internal Control | A.15.3 | IS Audit considerations |
| IT Audit conducted by other parties | ||||||
| Internal Audit on other party services | ||||||
| IT Internal Audit Review | A.15 | Compliance | ||||
| 10 | The use of IT Service provider | IT Outsourcing | DS02 | Manage Third-Party Services |
taken from anjar’s blog.
Hi , do you have similar aws architecture decison flowchart or guide me where I can get in similar manner…
A cloud architecture is the most advanced and cutting-edge technology. The technique you described in this post, which includes reviewing…
Hi Tama, thanks for reading this article. Definitely the answer will be back to your decision, but here are some…
Hello Mr.Doddi! I've been read for your article since 2 years ago before i get into a collage. Then now…