January 30th, 2009, 04:46 PM
Need help finding a Matrix...
Ok, apparently, someone from very high up thinks there's a matrix from COBIT which lists something like duties of IT employees, and what functions they may and may not access. Apparently, this matrix either does not exists, or is otherwise buried un the COBIT handbook under a name obscure enough to eclipse George Bush's IQ.
I'm wondering if anyone else has this matrix, and if so, if they could generously point out it's location--either on the web, or in the COBIT handbook.
January 30th, 2009, 05:10 PM
This might be what your looking for:
COBIT PO 4.4 and PO 4.10óRoles, Responsibilities, and Segregation of Duties
As part of an effective regulatory compliance program, COBIT Planning and Organization (PO) section 4.4 directs management to ensure that all personnel have clearly defined roles and responsibilities in relation
to an organizationís IT systems. Further, COBIT PO 4.10 specifies that an organization should define and implement clearly defined user roles and responsibilities that exclude the opportunity for an individual or
department to co-opt or subvert critical parts of the IT system including data access, data entry, system administration, and security processes.
January 30th, 2009, 05:19 PM
Well, it's a start, but it's apparently either a table or another form of graphical representation of the information I'm looking for. Or something. Thanks.
January 30th, 2009, 07:53 PM
Ok, found the document. Turns out, it had nothing to do with COBIT at all, nor was there any copy of it on the internet. Oh well.
Thanks for the reply.
January 30th, 2009, 11:35 PM
Would your boss like a nice holiday at a splendacious resort on the East Coast of England?
This place used to be a "guest house" so I still have the industrial mincer, incinerator and the subterranean torture chamber
One of the first duties of middle and senior management is to define the roles an responsibilities of staff that they command. This varies from company to company? There is no template.
Perhaps I should replace your boss with a computer? I know that it is only an old 286 running DOS 5.0, but it is a hell of a lot more intelligent.
Seriously, just look at the job market. You see similar job titles, but when you look at the role/responsibilities they are all different from job to job.
The way I would suggest as a shortcut is to look at government and fortune 500 jobs and do a mix and match from those to suit your organisation. The basic problem is that IT jobs don't fit conveniently into pigeon holes like some others do? they vary from environment to environment.
On an amusing note, one of my duties was to change the roller towel in the ladies toilets! I am over 6 foot and so must have been the guy who fitted it to the wall......... the girls couldn't reach
It might also be a useful exercise to get your current employees to write out what their job description is and add anything else they would like to do?
Last edited by nihil; January 31st, 2009 at 10:29 AM.
If you cannot do someone any good: don't do them any harm....
As long as you did this to one of these, the least of my little ones............you did it unto Me.
What profiteth a man if he gains the entire World at the expense of his immortal soul?
By CXGJarrod in forum Wireless Security
Last Post: April 12th, 2005, 10:31 PM
By Networker in forum Miscellaneous Security Discussions
Last Post: April 4th, 2005, 09:32 PM
By High2Risk in forum AntiOnline's General Chit Chat
Last Post: November 21st, 2003, 02:58 AM
By preep in forum AntiOnline's General Chit Chat
Last Post: June 3rd, 2002, 11:52 PM
By cF_nM in forum Non-Security Archives
Last Post: December 14th, 2001, 06:15 PM