W dniach 25-26 stycznia (po konferencji) odbyły się warsztaty prowadzone przez Eirka Guldentopsa, gościa specjalnego konferencji, jednego ze współtwórców standardu CobiT.

Warsztat prowadzony był w języku angielskim - opis poniżej.

Control Objectives for Information and related Technology (CobiT), helps meet the multiple needs of management by bridging the gaps between business risks, control needs and technical issues. CobiT has been developed as a generally applicable and acceptable standard for good Information Technology security and control practices that provides a reference framework for management, users, and IS auditors, but more importantly, as comprehensive guidance for management and business process owners. The CobiT framework provides a tool for the business process owner that facilitates the discharge of this responsibility.

An extended version, CobiT4.0, has recently been published. All participants should download a free copy from www.isaca.org or bring the published version. New research into Value Management has also become available and is equally extending the body of knowledge around IT best practices.

Current developments for CobiT4.1 are adding control practices and assurance steps and using that material for an enhanced Implementation Guide and a new extensive Assurance Guide.

This 2-day workshop will comprise:
- An introduction to IT Governance, covering its subjects of alignment, value delivery, risk management and performance measurement. A major element of IT Governance is the adoption of a control framework and CobiT is the internationally accepted standard for that. How IT Governance and CobiT relate will be explained.

- A walkthrough of the CobiT framework and concepts will be performed specifically covering its Control Objectives, Management Guidelines and Maturity Models. This will be illustrated with how this material is being used, and followed with explaining and illustrating the new Control Practices. The differences between version 3, 4.0 and 4.1 will be outlined.

- CobiT will then be compared to other standards like ISO17799 and ITIL. Results of some recent international surveys will help understand how enterprises use CobiT and how mature they are relative to the CobiT Maturity Models. A quick maturity assessment will be performed.

- Other CobiT products such as CobiT Online, CobiT QuickStart, Implementation Guide and the CobiT Security Baseline, will be introduces where time allows.

- While IT Assurance aspects, such as how the material can be leveraged, will be pointed out throughout the presentation, a specific separate section will cover the new assurance guide, its content and principles, and the detailed assurance steps developed for each control objective.

- Short exercises on IT Governance awareness and on how business goals drive IT goals will be performed. A more elaborate exercise is also part of the program, on determining important control objectives based on business and IT goals and on how to formulate assurance activities for these control objectives. These exercises will focus on Project and Change Management, on Security and on the IT organization.

The format of the workshop will be:
- 4 sessions per day of 90 minutes; some exercises will carry through the coffee breaks
- A little less than half of the time will consist of a number of presentations ranging from 20 to 60 minutes
- A little less than half of the time will be spent on 6 to 8 exercises ranging from 10 minutes to 50 minutes performed in small groups
- Each of the days will reserve at least 30 min for interactive discussions on topics of concern to the participants.

Each participant should bring:
- A basic understanding of CobiT
- CobiT 4.0 in electronic or paper form
- A laptop when possible; each 4-5 person group should have at least one laptop for the electronic exercises

Each participant will receive:
- The handout of the presentation foils
- An exercise workbook
- Electronic copies of exercise and additional reading material

Erik Guldentops is Executive Professor at the Management School of the University of Antwerp (UAMS), where he teaches on the subjects of IT risk management, control, security, audit and governance. He maintains a limited number of high level consulting relationships. He is Advisor to the Boards of the IT Governance Institute and the Information Systems Audit and Control Association (ISACA). He conceived the CobiT concept in 1992 and has directed ISACA's CobiT Projects between 1992 and 2006, with the objective to set, enhance and maintain the internationally accepted standard for control and governance over IT. He initiated the ValIT project in 2004 and is still a member of the ValIT and CobiT Steering Committees.

Guldentops joined SWIFT in the mid-1970s as a systems engineer, after holding technical supervisory positions in IT in major multinationals. He retired from SWIFT as director of security in 2001 where he held global line responsibilities for physical security, information security and business continuity. Before that he was Chief Inspector, in charge of security audit at the international banking cooperative, reporting to the Audit Committee of the Board of Directors. During that period (1986-1992) he also proposed, initiated and oversaw the development and deployment of the first worldwide public key infrastructure to support the banking industry's requirement for secure authentication of financial transactions. . In 1995 he moved to the corporate security function and initiated a five-year strategy to enhance and maintain his organisation's leadership position in secure financial communications. This strategy is executed through a powerful blend of high technology, sophisticated risk management and advanced security awareness practices.

Guldentops is past president of the Benelux Chapter of ISACA and served as ISACA international executive vice president with responsibility for research. He holds graduate and post-graduate degrees in computer science and is a Certified Information Systems Auditor (CISA) as well as a Certified Information Security Manager (CISM).