Quality Assurance and Project Management

May 31 2017   9:49AM GMT

Cyber Attacks and ISACA, COBIT 5, CMMI, 33XXX Certifications

Jaideep Khanduja Jaideep Khanduja Profile: Jaideep Khanduja

Tags:
CMMI
COBIT
Cyber security
cyber-attacks
ISACA

In India for every cyber attack, you need to report it to CERT-IN. An interesting point to understand is how many companies follow Cobit 5? Quite a few are having their own processes and frameworks. In fact, how many organizations crave for process maturity? How do they manage their processes in terms of performance, management, and definition in a quantitative manner? Rather how many of those keep optimizing their processes on a regular basis? What is the optimization process? In the current scenario of increasing global cyber threats, it is very important to introspect these critical points to ensure that your organization is moving in right direction. Awareness about cyber attacks, threats, and vulnerabilities is quite important. Persons responsible for the cyber security of any organization can’t stay away from these burning issues anymore. In fact, ownership is quite important in these matters.

When we talk about 33XXX series of certifications, its aim is to facilitate process assessment. It has nothing to do with Risk or Cyber attacks. Since it derives from SPICE, that was used for software processes, management of process concept is derived from CMMI. In this regard, it is important to align the roles to processes. Though it is not straightforward and simple as it may appear. Because some processes cut across and overlap between multiple roles. For instance person responsible for managing suppliers has to manage multiple roles. Like procurement, contracts, invoicing, and governance. Largely, organizations believe in ‘build and run’ model. ISACA has yet not published the enabler Guide for Organization Structure. That is one of the reasons most of the organizations have their own approach on how to build their IT Organization. Still, the biggest challenge remains the mapping of key processes to respective owners.

Cyber Attacks are increasing worldwide

Logically, ownership must happen in a way that there remains no ambiguity. ISACA seems to be a very practical approach because it helps you to implement all in one go. And managing Cyber attacks in today’s scenario is very critical. Because it impacts on financials, reputation, and operations in a big way. In fact, if production head is answerable for the low product, so is the security expert for security leaks.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: