1 00:00:00,000 --> 00:00:03,318 [UPBEAT MUSIC] 2 00:00:03,318 --> 00:00:08,060 3 00:00:08,060 --> 00:00:11,180 Welcome to Global Information Security Society 4 00:00:11,180 --> 00:00:12,563 for Professionals of Pakistan. 5 00:00:12,563 --> 00:00:17,412 6 00:00:17,412 --> 00:00:20,510 [NON-ENGLISH SPEECH] 7 00:00:20,510 --> 00:00:25,410 Global Information Society for Professionals of Pakistan 8 00:00:25,410 --> 00:00:27,400 [NON-ENGLISH SPEECH] 9 00:00:27,400 --> 00:00:44,690 10 00:00:44,690 --> 00:00:46,740 Governance and management of IT. 11 00:00:46,740 --> 00:00:50,350 [NON-ENGLISH SPEECH] session 2.4. 12 00:00:50,350 --> 00:00:57,230 [NON-ENGLISH SPEECH] Domain 2 [NON-ENGLISH SPEECH] fourth 13 00:00:57,230 --> 00:01:01,310 session [NON-ENGLISH SPEECH] obviously it is fifth. 14 00:01:01,310 --> 00:01:03,380 [NON-ENGLISH SPEECH] 15 00:01:03,380 --> 00:01:23,000 16 00:01:23,000 --> 00:01:28,520 Formally session 1, 2, 3, and 4th, 2.4 session. 17 00:01:28,520 --> 00:01:31,550 [NON-ENGLISH] session [NON-ENGLISH SPEECH] 18 00:01:31,550 --> 00:01:38,120 19 00:01:38,120 --> 00:01:39,500 Portfolio management. 20 00:01:39,500 --> 00:01:41,330 IT portfolio management. 21 00:01:41,330 --> 00:01:43,950 [NON-ENGLISH SPEECH] investment. 22 00:01:43,950 --> 00:01:45,680 Investment [NON-ENGLISH SPEECH]. 23 00:01:45,680 --> 00:01:49,355 Prioritization [NON-ENGLISH SPEECH] 24 00:01:49,355 --> 00:01:53,570 25 00:01:53,570 --> 00:01:56,675 Allocation, [NON-ENGLISH SPEECH] 26 00:01:56,675 --> 00:02:02,090 27 00:02:02,090 --> 00:02:02,900 For the alignment. 28 00:02:02,900 --> 00:02:05,510 [NON-ENGLISH SPEECH] 29 00:02:05,510 --> 00:02:18,740 30 00:02:18,740 --> 00:02:22,010 IT department [NON-ENGLISH SPEECH] 31 00:02:22,010 --> 00:02:40,700 32 00:02:40,700 --> 00:02:44,330 Strategies [NON-ENGLISH] objectives [NON-ENGLISH SPEECH] 33 00:02:44,330 --> 00:02:45,055 34 00:02:45,055 --> 00:02:46,010 [COUGHS] Sorry. 35 00:02:46,010 --> 00:02:48,393 [COUGHING] Excuse me. 36 00:02:48,393 --> 00:02:50,810 [NON-ENGLISH SPEECH] 37 00:02:50,810 --> 00:02:53,330 Anyways, [NON-ENGLISH SPEECH] 38 00:02:53,330 --> 00:03:14,270 39 00:03:14,270 --> 00:03:16,590 For example, [NON-ENGLISH SPEECH] easy money 40 00:03:16,590 --> 00:03:22,040 [NON-ENGLISH SPEECH] Bitcoin [NON-ENGLISH SPEECH] 41 00:03:22,040 --> 00:03:24,864 terminologies [NON-ENGLISH SPEECH] 42 00:03:24,864 --> 00:03:27,920 43 00:03:27,920 --> 00:03:29,920 Foreign exchange [NON-ENGLISH SPEECH] investment 44 00:03:29,920 --> 00:03:32,390 [NON-ENGLISH SPEECH] 45 00:03:32,390 --> 00:03:34,947 Objective [NON-ENGLISH SPEECH] 46 00:03:34,947 --> 00:03:36,200 47 00:03:36,200 --> 00:03:38,780 NGO [NON-ENGLISH SPEECH] 48 00:03:38,780 --> 00:04:05,310 49 00:04:05,310 --> 00:04:08,372 [NON-ENGLISH SPEECH] 50 00:04:08,372 --> 00:04:09,310 51 00:04:09,310 --> 00:04:12,042 [NON-ENGLISH SPEECH] 52 00:04:12,042 --> 00:04:22,690 53 00:04:22,690 --> 00:04:26,380 day-to-day operations [NON-ENGLISH SPEECH] 54 00:04:26,380 --> 00:04:34,137 55 00:04:34,137 --> 00:04:35,720 IT portfolio management [NON-ENGLISH]. 56 00:04:35,720 --> 00:04:39,430 IT portfolio management [NON-ENGLISH SPEECH] IT 57 00:04:39,430 --> 00:04:43,150 portfolio management, [NON-ENGLISH SPEECH] 58 00:04:43,150 --> 00:06:26,440 59 00:06:26,440 --> 00:06:29,676 Inside the organization, outside the organization 60 00:06:29,676 --> 00:06:32,282 [NON-ENGLISH SPEECH] 61 00:06:32,282 --> 00:06:50,500 62 00:06:50,500 --> 00:06:58,570 So this snapshot of existing status of our IT 63 00:06:58,570 --> 00:07:01,587 of our organization, [NON-ENGLISH SPEECH] portfolio 64 00:07:01,587 --> 00:07:02,170 [NON-ENGLISH]. 65 00:07:02,170 --> 00:07:08,350 I hope [NON-ENGLISH SPEECH] The IT portfolio is distinct from 66 00:07:08,350 --> 00:07:10,250 the IT financial management. 67 00:07:10,250 --> 00:07:14,010 Financial management [NON-ENGLISH SPEECH] 68 00:07:14,010 --> 00:07:48,340 69 00:07:48,340 --> 00:07:53,020 It has strategic goals in determining the IT direction 70 00:07:53,020 --> 00:07:55,660 towards [NON-ENGLISH SPEECH] 71 00:07:55,660 --> 00:08:27,340 72 00:08:27,340 --> 00:08:31,360 On the basis of your expertise, your portfolio, 73 00:08:31,360 --> 00:08:34,179 [NON-ENGLISH SPEECH] 74 00:08:34,179 --> 00:09:33,190 75 00:09:33,190 --> 00:09:37,750 Redundant [NON-ENGLISH], slack time [NON-ENGLISH SPEECH] 76 00:09:37,750 --> 00:09:41,620 77 00:09:41,620 --> 00:09:46,156 So this is what is called IT portfolio management. 78 00:09:46,156 --> 00:09:50,130 79 00:09:50,130 --> 00:09:53,460 Key governance practices in IT portfolio management 80 00:09:53,460 --> 00:09:56,880 include the evaluation, direction, and monitoring 81 00:09:56,880 --> 00:09:59,093 of value optimization. 82 00:09:59,093 --> 00:10:01,260 So [NON-ENGLISH] value [NON-ENGLISH SPEECH] Optimize 83 00:10:01,260 --> 00:10:04,290 [NON-ENGLISH SPEECH] 84 00:10:04,290 --> 00:10:08,850 85 00:10:08,850 --> 00:10:13,470 So key governance practices in IT portfolio management includes 86 00:10:13,470 --> 00:10:15,645 [NON-ENGLISH SPEECH] 87 00:10:15,645 --> 00:10:28,800 88 00:10:28,800 --> 00:10:32,370 OK, IT portfolio management continued. 89 00:10:32,370 --> 00:10:36,180 The most significant advantage of IT portfolio management 90 00:10:36,180 --> 00:10:39,510 is agility in adjusting investment based 91 00:10:39,510 --> 00:10:43,150 on built-in feedback mechanism. 92 00:10:43,150 --> 00:10:45,720 Obviously, [NON-ENGLISH SPEECH] 93 00:10:45,720 --> 00:11:09,420 94 00:11:09,420 --> 00:11:12,360 Implementation method includes, portfolio management 95 00:11:12,360 --> 00:11:15,180 [NON-ENGLISH] implement [NON-ENGLISH SPEECH] Number 96 00:11:15,180 --> 00:11:18,900 [NON-ENGLISH], risk profile analysis. 97 00:11:18,900 --> 00:11:21,030 [NON-ENGLISH SPEECH] 98 00:11:21,030 --> 00:11:42,490 99 00:11:42,490 --> 00:11:47,370 Whatever is the treatment plan you have. 100 00:11:47,370 --> 00:11:50,440 Diversification of projects, infrastructure and technology, 101 00:11:50,440 --> 00:11:52,770 [NON-ENGLISH SPEECH] 102 00:11:52,770 --> 00:13:06,120 103 00:13:06,120 --> 00:13:11,040 OK, next slide [NON-ENGLISH SPEECH] Now over 104 00:13:11,040 --> 00:13:12,300 to you. 105 00:13:12,300 --> 00:13:14,930 Discussion question number 1. 106 00:13:14,930 --> 00:13:19,740 107 00:13:19,740 --> 00:13:21,897 Number 2 we have here. 108 00:13:21,897 --> 00:14:13,110 109 00:14:13,110 --> 00:14:15,210 OK. 110 00:14:15,210 --> 00:14:18,735 Usually, exam [NON-ENGLISH SPEECH] 111 00:14:18,735 --> 00:15:34,860 112 00:15:34,860 --> 00:15:36,780 OK. 113 00:15:36,780 --> 00:15:40,620 The merger of two organizations, multiple self-developed legacy 114 00:15:40,620 --> 00:15:43,100 applications from both organizations 115 00:15:43,100 --> 00:15:46,880 are to be replaced by a new common platform. 116 00:15:46,880 --> 00:15:49,290 Which of the following would be the greatest risk? 117 00:15:49,290 --> 00:15:52,220 Project management and the progress reporting 118 00:15:52,220 --> 00:15:54,890 is combined in a project management office which is 119 00:15:54,890 --> 00:15:56,460 driven by external consultant. 120 00:15:56,460 --> 00:16:01,632 I think it's risk but it's not the greatest risk. 121 00:16:01,632 --> 00:16:07,190 The replacement effort consists of several independent projects 122 00:16:07,190 --> 00:16:10,220 without integrating the resource allocation in a portfolio 123 00:16:10,220 --> 00:16:12,650 management approach, the risk. 124 00:16:12,650 --> 00:16:14,540 The resource of each organization 125 00:16:14,540 --> 00:16:17,840 is inefficiently allocated while they 126 00:16:17,840 --> 00:16:21,980 are being from familiarized with the other companies legacy 127 00:16:21,980 --> 00:16:22,560 system. 128 00:16:22,560 --> 00:16:24,650 The new platform will force the business area 129 00:16:24,650 --> 00:16:26,900 of both organizations to change their work process. 130 00:16:26,900 --> 00:16:27,500 Good. 131 00:16:27,500 --> 00:16:30,765 [NON-ENGLISH SPEECH] 132 00:16:30,765 --> 00:16:44,810 133 00:16:44,810 --> 00:16:51,710 The correct answer is B. The correct answer 134 00:16:51,710 --> 00:16:53,390 is the replacement effort consists 135 00:16:53,390 --> 00:16:57,800 of several independent products without integrating the resource 136 00:16:57,800 --> 00:16:59,845 allocation in a portfolio management. 137 00:16:59,845 --> 00:17:02,720 [NON-ENGLISH SPEECH] 138 00:17:02,720 --> 00:17:31,340 139 00:17:31,340 --> 00:17:33,890 To gain an understanding of the effectiveness 140 00:17:33,890 --> 00:17:37,970 of an organization's planning and management of investment 141 00:17:37,970 --> 00:17:40,750 in IT assets, an IS auditor should review the? 142 00:17:40,750 --> 00:17:47,690 143 00:17:47,690 --> 00:17:54,860 Enterprise data model, IT balanced scorecard, 144 00:17:54,860 --> 00:18:01,280 IT organizational structure, historical financial statement. 145 00:18:01,280 --> 00:18:06,560 [NON-ENGLISH], simple, straightforward answer. 146 00:18:06,560 --> 00:18:12,470 Naveed Ali [NON-ENGLISH SPEECH] C. OK. 147 00:18:12,470 --> 00:18:19,230 148 00:18:19,230 --> 00:18:24,440 Ikra [NON-ENGLISH] answer [NON-ENGLISH] D. 149 00:18:24,440 --> 00:18:26,660 [NON-ENGLISH SPEECH] Ikra [NON-ENGLISH] financial 150 00:18:26,660 --> 00:18:27,860 background [NON-ENGLISH]. 151 00:18:27,860 --> 00:18:30,260 To gain an understanding of the effectiveness 152 00:18:30,260 --> 00:18:34,610 of an organization's planning and management of investment 153 00:18:34,610 --> 00:18:39,110 in IT assets, an IS auditor should review the? 154 00:18:39,110 --> 00:18:43,370 IS auditor [NON-ENGLISH SPEECH] review [NON-ENGLISH SPEECH] 155 00:18:43,370 --> 00:18:44,840 Management of investment. 156 00:18:44,840 --> 00:18:47,570 [NON-ENGLISH SPEECH] 157 00:18:47,570 --> 00:18:58,610 158 00:18:58,610 --> 00:18:59,980 Historical financial statements. 159 00:18:59,980 --> 00:19:03,420 [NON-ENGLISH SPEECH] Seems good. 160 00:19:03,420 --> 00:19:06,620 [NON-ENGLISH] enterprise data model [NON-ENGLISH SPEECH] IT 161 00:19:06,620 --> 00:19:12,650 balanced scorecard [NON-ENGLISH SPEECH] OK. 162 00:19:12,650 --> 00:19:15,350 So [NON-ENGLISH SPEECH] 163 00:19:15,350 --> 00:19:16,940 164 00:19:16,940 --> 00:19:21,174 The correct answer is IT balanced scorecard. 165 00:19:21,174 --> 00:19:25,610 166 00:19:25,610 --> 00:19:27,290 [NON-ENGLISH SPEECH] 167 00:19:27,290 --> 00:19:32,465 168 00:19:32,465 --> 00:19:33,920 You can read. 169 00:19:33,920 --> 00:19:37,010 Concentrate on answer B, the IT balanced scorecard. 170 00:19:37,010 --> 00:19:43,524 [NON-ENGLISH SPEECH] IT balanced scorecard [NON-ENGLISH SPEECH] 171 00:19:43,524 --> 00:20:04,490 172 00:20:04,490 --> 00:20:09,515 So IT balanced scorecard [NON-ENGLISH SPEECH] 173 00:20:09,515 --> 00:20:16,190 174 00:20:16,190 --> 00:20:19,430 Number [NON-ENGLISH], financial growth. 175 00:20:19,430 --> 00:20:23,340 Number [NON-ENGLISH SPEECH] internal processes. 176 00:20:23,340 --> 00:20:26,700 Number [NON-ENGLISH], ability to innovate. 177 00:20:26,700 --> 00:20:29,240 Innovation [NON-ENGLISH SPEECH]. 178 00:20:29,240 --> 00:20:32,040 [NON-ENGLISH SPEECH] customer satisfaction. 179 00:20:32,040 --> 00:20:36,500 180 00:20:36,500 --> 00:20:37,000 OK. 181 00:20:37,000 --> 00:20:41,500 182 00:20:41,500 --> 00:20:44,250 Process maturity framework. 183 00:20:44,250 --> 00:20:47,540 [NON-ENGLISH SPEECH] 184 00:20:47,540 --> 00:20:51,950 185 00:20:51,950 --> 00:20:54,920 Process maturity framework. 186 00:20:54,920 --> 00:20:56,900 [NON-ENGLISH SPEECH] 187 00:20:56,900 --> 00:26:30,010 188 00:26:30,010 --> 00:26:33,160 So these are the process maturity things. 189 00:26:33,160 --> 00:26:35,600 [NON-ENGLISH SPEECH] 190 00:26:35,600 --> 00:26:38,800 191 00:26:38,800 --> 00:26:40,990 It's a life cycle to complete a task. 192 00:26:40,990 --> 00:26:43,290 [NON-ENGLISH SPEECH] 193 00:26:43,290 --> 00:26:46,538 194 00:26:46,538 --> 00:26:50,522 [COUGHING] 195 00:26:50,522 --> 00:26:56,020 196 00:26:56,020 --> 00:26:58,150 Sorry. 197 00:26:58,150 --> 00:27:00,550 [NON-ENGLISH SPEECH] 198 00:27:00,550 --> 00:27:57,790 199 00:27:57,790 --> 00:27:59,350 Obviously, it was efficient. 200 00:27:59,350 --> 00:28:01,510 [NON-ENGLISH SPEECH] 201 00:28:01,510 --> 00:28:13,582 202 00:28:13,582 --> 00:28:16,930 In another case, [NON-ENGLISH SPEECH] 203 00:28:16,930 --> 00:28:28,740 204 00:28:28,740 --> 00:28:30,990 Yes, it was effective. 205 00:28:30,990 --> 00:28:33,620 [NON-ENGLISH SPEECH] 206 00:28:33,620 --> 00:28:50,010 207 00:28:50,010 --> 00:28:52,030 Yes, it was efficient. 208 00:28:52,030 --> 00:28:53,430 [NON-ENGLISH SPEECH] 209 00:28:53,430 --> 00:28:54,725 Yes, it was effective. 210 00:28:54,725 --> 00:28:57,180 [NON-ENGLISH SPEECH] 211 00:28:57,180 --> 00:29:01,140 212 00:29:01,140 --> 00:29:03,340 It was a quality process. 213 00:29:03,340 --> 00:29:05,210 [NON-ENGLISH SPEECH] 214 00:29:05,210 --> 00:29:22,110 215 00:29:22,110 --> 00:29:25,260 So this is called process maturity. 216 00:29:25,260 --> 00:29:27,122 OK. 217 00:29:27,122 --> 00:29:28,830 [NON-ENGLISH] different frameworks market 218 00:29:28,830 --> 00:29:31,500 [NON-ENGLISH SPEECH] CMMI [NON-ENGLISH], 219 00:29:31,500 --> 00:29:33,990 Capability Maturity Integration Model. 220 00:29:33,990 --> 00:29:36,420 [NON-ENGLISH SPEECH] 221 00:29:36,420 --> 00:29:42,300 222 00:29:42,300 --> 00:29:45,920 COBIT Process Assessment Model [NON-ENGLISH SPEECH] CMMI 223 00:29:45,920 --> 00:29:48,826 [NON-ENGLISH SPEECH] 224 00:29:48,826 --> 00:29:53,610 225 00:29:53,610 --> 00:29:57,060 Maintaining consistency, efficiency, and effectiveness 226 00:29:57,060 --> 00:30:00,750 of IT processes require the implementation of a process 227 00:30:00,750 --> 00:30:01,960 maturity framework. 228 00:30:01,960 --> 00:30:04,620 [NON-ENGLISH SPEECH] 229 00:30:04,620 --> 00:30:29,520 230 00:30:29,520 --> 00:30:32,500 Several models may be encountered in the organization, 231 00:30:32,500 --> 00:30:36,245 including COBIT [NON-ENGLISH] process assessment model. 232 00:30:36,245 --> 00:30:38,760 [NON-ENGLISH SPEECH] 233 00:30:38,760 --> 00:31:05,430 234 00:31:05,430 --> 00:31:10,695 So they fall in about 35, 36, 30, 30, 37 processes. 235 00:31:10,695 --> 00:31:12,755 [NON-ENGLISH SPEECH] 236 00:31:12,755 --> 00:31:14,700 237 00:31:14,700 --> 00:31:17,050 Stage 1, stage 2, stage 3. 238 00:31:17,050 --> 00:31:19,650 [NON-ENGLISH SPEECH] 239 00:31:19,650 --> 00:31:55,890 240 00:31:55,890 --> 00:32:01,620 CMMI, Capability Maturity Model Integration, 241 00:32:01,620 --> 00:32:03,915 [NON-ENGLISH SPEECH] 242 00:32:03,915 --> 00:32:49,860 243 00:32:49,860 --> 00:32:52,600 So initial processes are unpredictable. 244 00:32:52,600 --> 00:32:55,844 [NON-ENGLISH SPEECH] 245 00:32:55,844 --> 00:33:02,610 246 00:33:02,610 --> 00:33:07,090 The processes are unpredictable, poorly controlled, and reactive. 247 00:33:07,090 --> 00:33:09,570 [NON-ENGLISH SPEECH] 248 00:33:09,570 --> 00:33:47,850 249 00:33:47,850 --> 00:33:51,070 Processes are unpredictable, poorly controlled, and reactive. 250 00:33:51,070 --> 00:33:54,465 Repeatable, [NON-ENGLISH SPEECH] 251 00:33:54,465 --> 00:36:03,080 252 00:36:03,080 --> 00:36:05,360 Several organizations I want to name. 253 00:36:05,360 --> 00:36:10,730 Allied Bank [NON-ENGLISH SPEECH] processes are well standardized 254 00:36:10,730 --> 00:36:12,820 [NON-ENGLISH SPEECH] 255 00:36:12,820 --> 00:36:14,220 256 00:36:14,220 --> 00:36:16,520 They are working in silos. 257 00:36:16,520 --> 00:36:19,160 [NON-ENGLISH SPEECH] 258 00:36:19,160 --> 00:38:15,530 259 00:38:15,530 --> 00:38:18,140 So that is called optimization level 5. 260 00:38:18,140 --> 00:38:20,930 [NON-ENGLISH SPEECH] 261 00:38:20,930 --> 00:38:44,417 262 00:38:44,417 --> 00:38:50,305 [CHUCKLES] [NON-ENGLISH SPEECH] [CHUCKLES] [NON-ENGLISH SPEECH] 263 00:38:50,305 --> 00:38:57,140 264 00:38:57,140 --> 00:39:01,500 Optimize [NON-ENGLISH] according to your external customers, 265 00:39:01,500 --> 00:39:02,240 stakeholders. 266 00:39:02,240 --> 00:39:07,020 So this is called process maturity levels. 267 00:39:07,020 --> 00:39:10,338 [NON-ENGLISH SPEECH] 268 00:39:10,338 --> 00:39:13,190 269 00:39:13,190 --> 00:39:19,202 PDCA model, Plan, Do, Check, Act. 270 00:39:19,202 --> 00:39:21,650 [NON-ENGLISH SPEECH] 271 00:39:21,650 --> 00:40:37,145 272 00:40:37,145 --> 00:40:38,510 Implement the plan. 273 00:40:38,510 --> 00:40:41,705 Collecting data for charting, analysis. 274 00:40:41,705 --> 00:40:44,030 [NON-ENGLISH SPEECH] 275 00:40:44,030 --> 00:40:51,260 276 00:40:51,260 --> 00:40:54,920 I'm going for studies [NON-ENGLISH SPEECH] 277 00:40:54,920 --> 00:41:02,990 278 00:41:02,990 --> 00:41:06,130 [CHUCKLES] [NON-ENGLISH SPEECH] 279 00:41:06,130 --> 00:41:20,752 280 00:41:20,752 --> 00:41:24,041 [CHUCKLES] [NON-ENGLISH SPEECH] 281 00:41:24,041 --> 00:42:18,076 282 00:42:18,076 --> 00:42:23,560 [CHUCKLES] [NON-ENGLISH SPEECH] plan, do, check, act, clear? 283 00:42:23,560 --> 00:42:25,720 [NON-ENGLISH] question. 284 00:42:25,720 --> 00:42:28,310 [NON-ENGLISH SPEECH] 285 00:42:28,310 --> 00:42:31,056 286 00:42:31,056 --> 00:42:34,940 [CHUCKLES] OK, quality management. 287 00:42:34,940 --> 00:42:38,634 Quality management [NON-ENGLISH SPEECH] 288 00:42:38,634 --> 00:43:13,120 289 00:43:13,120 --> 00:43:17,230 The development and maintenance of defined and documented IT 290 00:43:17,230 --> 00:43:24,550 quality management processes is evident of effective GEIT, 291 00:43:24,550 --> 00:43:27,670 Governances Enterprise IT. 292 00:43:27,670 --> 00:43:29,920 [NON-ENGLISH] IT governance [NON-ENGLISH] governance 293 00:43:29,920 --> 00:43:33,355 in enterprise IT, [NON-ENGLISH SPEECH] 294 00:43:33,355 --> 00:43:40,450 295 00:43:40,450 --> 00:43:45,713 Governance in enterprise IT, end-to-end organization 296 00:43:45,713 --> 00:43:48,130 [NON-ENGLISH SPEECH] 297 00:43:48,130 --> 00:44:00,382 298 00:44:00,382 --> 00:44:01,840 Quality management defined as a set 299 00:44:01,840 --> 00:44:06,260 of tasks that produce desired results when properly performed. 300 00:44:06,260 --> 00:44:08,050 Various standards provides guidelines 301 00:44:08,050 --> 00:44:10,820 for governance of quality management, 302 00:44:10,820 --> 00:44:16,450 including those in ISO 20000 series. 303 00:44:16,450 --> 00:44:18,600 [NON-ENGLISH SPEECH] 304 00:44:18,600 --> 00:44:31,060 305 00:44:31,060 --> 00:44:34,510 Anyways, the good news is the IS auditor 306 00:44:34,510 --> 00:44:36,350 should be aware of quality management. 307 00:44:36,350 --> 00:44:40,616 However, [NON-ENGLISH SPEECH] 308 00:44:40,616 --> 00:45:45,940 309 00:45:45,940 --> 00:45:47,470 Statement that the IS auditor should 310 00:45:47,470 --> 00:45:48,800 be aware of quality management. 311 00:45:48,800 --> 00:45:53,390 However, [NON-ENGLISH SPEECH] [CHUCKLES] [NON-ENGLISH SPEECH] 312 00:45:53,390 --> 00:45:57,620 The CISA exam does not test specific on any ISO standard. 313 00:45:57,620 --> 00:46:00,670 So [NON-ENGLISH SPEECH] 314 00:46:00,670 --> 00:46:12,280 315 00:46:12,280 --> 00:46:13,040 Excuse me. 316 00:46:13,040 --> 00:46:15,970 Discussion question number 3. 317 00:46:15,970 --> 00:46:18,090 OK, go ahead. 318 00:46:18,090 --> 00:47:09,990 319 00:47:09,990 --> 00:47:11,640 OK [NON-ENGLISH]. 320 00:47:11,640 --> 00:47:13,840 [NON-ENGLISH SPEECH] 321 00:47:13,840 --> 00:48:04,350 322 00:48:04,350 --> 00:48:07,300 Identify and report the controls currently in place. 323 00:48:07,300 --> 00:48:09,664 [NON-ENGLISH SPEECH] 324 00:48:09,664 --> 00:48:23,910 325 00:48:23,910 --> 00:48:28,260 Correct answer is D. [NON-ENGLISH SPEECH] 326 00:48:28,260 --> 00:49:15,540 327 00:49:15,540 --> 00:49:21,210 Process number 4, element number 4, identify [NON-ENGLISH SPEECH] 328 00:49:21,210 --> 00:49:31,680 329 00:49:31,680 --> 00:49:36,125 OK, next question [NON-ENGLISH SPEECH] Number 4. 330 00:49:36,125 --> 00:49:50,400 331 00:49:50,400 --> 00:49:54,940 [NON-ENGLISH] critical success factor [NON-ENGLISH SPEECH] 332 00:49:54,940 --> 00:51:10,290 333 00:51:10,290 --> 00:51:14,070 Most critical success factor, security program 334 00:51:14,070 --> 00:51:18,210 [NON-ENGLISH SPEECH] Establishment of a review board. 335 00:51:18,210 --> 00:51:19,700 Creation of security unit. 336 00:51:19,700 --> 00:51:24,750 337 00:51:24,750 --> 00:51:28,170 Effective support of an executive sponsor. 338 00:51:28,170 --> 00:51:30,395 Selection of a security process owner. 339 00:51:30,395 --> 00:51:35,100 340 00:51:35,100 --> 00:51:37,140 [NON-ENGLISH SPEECH] 341 00:51:37,140 --> 00:51:51,990 342 00:51:51,990 --> 00:51:54,780 A is a good option. 343 00:51:54,780 --> 00:51:57,593 [NON-ENGLISH SPEECH] So rethink. 344 00:51:57,593 --> 00:52:02,880 345 00:52:02,880 --> 00:52:05,130 [NON-ENGLISH SPEECH] 346 00:52:05,130 --> 00:52:26,010 347 00:52:26,010 --> 00:52:30,032 [CHUCKLES] [NON-ENGLISH SPEECH] 348 00:52:30,032 --> 00:52:35,340 349 00:52:35,340 --> 00:52:39,780 Correct answer is C. [NON-ENGLISH SPEECH] 350 00:52:39,780 --> 00:52:55,020 351 00:52:55,020 --> 00:53:00,780 OK, performance optimization. 352 00:53:00,780 --> 00:53:02,850 Performance optimization. 353 00:53:02,850 --> 00:53:06,390 Performance optimization [NON-ENGLISH SPEECH] 354 00:53:06,390 --> 00:53:20,010 355 00:53:20,010 --> 00:53:21,640 It's a balance. 356 00:53:21,640 --> 00:53:28,530 It's a trade-off between the highest level of performance 357 00:53:28,530 --> 00:53:32,745 and the minimum use of resources. 358 00:53:32,745 --> 00:53:35,010 [NON-ENGLISH SPEECH] 359 00:53:35,010 --> 00:55:21,411 360 00:55:21,411 --> 00:55:25,163 [CHUCKLES] [NON-ENGLISH SPEECH] 361 00:55:25,163 --> 00:55:30,770 362 00:55:30,770 --> 00:55:32,280 [CHUCKLES] [NON-ENGLISH SPEECH] 363 00:55:32,280 --> 00:55:34,290 So this is called optimization. 364 00:55:34,290 --> 00:55:40,950 So maximum extract by using minimum possible resources. 365 00:55:40,950 --> 00:55:43,250 [NON-ENGLISH SPEECH] 366 00:55:43,250 --> 00:55:46,550 367 00:55:46,550 --> 00:55:48,560 Performance optimization is the process 368 00:55:48,560 --> 00:55:51,440 of improving both perceived service performance 369 00:55:51,440 --> 00:55:54,500 while bringing highest productivity to the highest 370 00:55:54,500 --> 00:55:56,700 level possible. 371 00:55:56,700 --> 00:55:58,910 [NON-ENGLISH] 372 00:55:58,910 --> 00:56:07,460 373 00:56:07,460 --> 00:56:08,540 OK. 374 00:56:08,540 --> 00:56:10,460 Ideally, this productivity will be 375 00:56:10,460 --> 00:56:13,340 gained without excessive additional investment in the IT 376 00:56:13,340 --> 00:56:14,450 infrastructure. 377 00:56:14,450 --> 00:56:16,160 Effective performance measures are 378 00:56:16,160 --> 00:56:18,410 used to create and facilitate action 379 00:56:18,410 --> 00:56:24,110 to improve both performance and GEIT, Governances Enterprise IT. 380 00:56:24,110 --> 00:56:27,747 [NON-ENGLISH SPEECH] these depend upon the clear definition 381 00:56:27,747 --> 00:56:28,580 of performance goal. 382 00:56:28,580 --> 00:56:31,362 [NON-ENGLISH SPEECH] 383 00:56:31,362 --> 00:56:46,216 384 00:56:46,216 --> 00:56:47,780 [COUGHS] Sorry. 385 00:56:47,780 --> 00:56:51,189 [COUGHING] 386 00:56:51,189 --> 00:56:56,060 387 00:56:56,060 --> 00:56:58,730 [NON-ENGLISH SPEECH] 388 00:56:58,730 --> 00:57:24,290 389 00:57:24,290 --> 00:57:26,340 Clear definition of performance goal, 390 00:57:26,340 --> 00:57:28,340 the establishment of effective metrics 391 00:57:28,340 --> 00:57:29,570 to monitor goal achievement. 392 00:57:29,570 --> 00:57:32,090 [NON-ENGLISH SPEECH] 393 00:57:32,090 --> 00:57:52,760 394 00:57:52,760 --> 00:57:53,920 You are on right track. 395 00:57:53,920 --> 00:57:56,760 [NON-ENGLISH SPEECH] 396 00:57:56,760 --> 00:58:18,500 397 00:58:18,500 --> 00:58:19,230 It's great. 398 00:58:19,230 --> 00:58:20,480 It's the optimization. 399 00:58:20,480 --> 00:58:23,030 [NON-ENGLISH SPEECH] 400 00:58:23,030 --> 00:58:37,550 401 00:58:37,550 --> 00:58:41,045 Different tools and techniques [NON-ENGLISH SPEECH] 402 00:58:41,045 --> 00:58:56,930 403 00:58:56,930 --> 00:59:00,230 White belt, brown belt, blue belt, 404 00:59:00,230 --> 00:59:03,940 [NON-ENGLISH] then finally, [NON-ENGLISH SPEECH] 405 00:59:03,940 --> 00:59:23,030 406 00:59:23,030 --> 00:59:26,535 White belt, green belt, blue belt, orange belt, 407 00:59:26,535 --> 00:59:28,160 [NON-ENGLISH] belt, [NON-ENGLISH] belt, 408 00:59:28,160 --> 00:59:28,743 [NON-ENGLISH]. 409 00:59:28,743 --> 00:59:30,430 [NON-ENGLISH SPEECH] 410 00:59:30,430 --> 01:00:15,070 411 01:00:15,070 --> 01:00:19,106 Internal processes or customer satisfaction. 412 01:00:19,106 --> 01:00:22,580 [NON-ENGLISH SPEECH] KPIs, Key Performance Indicator. 413 01:00:22,580 --> 01:00:24,260 Key performance indicator. 414 01:00:24,260 --> 01:00:28,030 Key performance indicator [NON-ENGLISH SPEECH] 415 01:00:28,030 --> 01:00:31,730 416 01:00:31,730 --> 01:00:34,210 For example, [NON-ENGLISH] call center [NON-ENGLISH] key 417 01:00:34,210 --> 01:00:37,450 performance indicator [NON-ENGLISH SPEECH] 418 01:00:37,450 --> 01:00:56,770 419 01:00:56,770 --> 01:00:59,230 Yes, he's done a good job. 420 01:00:59,230 --> 01:01:01,330 [NON-ENGLISH SPEECH] 421 01:01:01,330 --> 01:02:55,690 422 01:02:55,690 --> 01:02:57,100 So this is called benchmarking. 423 01:02:57,100 --> 01:03:03,820 Then [COUGHING] business process reengineering. 424 01:03:03,820 --> 01:03:07,450 Business process reengineering [NON-ENGLISH SPEECH] 425 01:03:07,450 --> 01:04:28,090 426 01:04:28,090 --> 01:04:31,570 Root Cause Analysis, RCA. 427 01:04:31,570 --> 01:04:35,350 Root cause analysis [NON-ENGLISH SPEECH] 428 01:04:35,350 --> 01:05:46,530 429 01:05:46,530 --> 01:05:48,270 It was the root cause analysis. 430 01:05:48,270 --> 01:05:51,000 [NON-ENGLISH SPEECH] 431 01:05:51,000 --> 01:06:04,410 432 01:06:04,410 --> 01:06:06,010 It was the root cause analysis. 433 01:06:06,010 --> 01:06:09,240 [NON-ENGLISH] root cause analysis [NON-ENGLISH SPEECH] 434 01:06:09,240 --> 01:06:15,630 435 01:06:15,630 --> 01:06:18,700 Life cycle cost benefit analysis. 436 01:06:18,700 --> 01:06:21,305 [NON-ENGLISH SPEECH] 437 01:06:21,305 --> 01:06:48,240 438 01:06:48,240 --> 01:06:54,670 Feasibility study, business case, requirement analysis, 439 01:06:54,670 --> 01:06:59,520 requirement gathering, development, testing, 440 01:06:59,520 --> 01:07:01,050 [NON-ENGLISH SPEECH] 441 01:07:01,050 --> 01:07:59,040 442 01:07:59,040 --> 01:08:00,970 This is called optimization. 443 01:08:00,970 --> 01:08:03,030 [NON-ENGLISH SPEECH] 444 01:08:03,030 --> 01:08:13,230 445 01:08:13,230 --> 01:08:14,325 Clear, [INAUDIBLE]. 446 01:08:14,325 --> 01:08:18,270 447 01:08:18,270 --> 01:08:23,220 Thank you very much on the behalf of GISSP. 448 01:08:23,220 --> 01:08:24,600 [NON-ENGLISH SPEECH] 449 01:08:24,600 --> 01:08:33,235 450 01:08:33,235 --> 01:08:36,630 [COUGHING] Sorry. 451 01:08:36,630 --> 01:08:40,130 [NON-ENGLISH SPEECH]