BADM 590 IT Governance, Information Trust, and Risk Management
|
|
- Christine Nash
- 8 years ago
- Views:
Transcription
1 BADM 590 IT Governance, Information Trust, and Risk Management Information Technology Infrastructure Library (ITIL) Spring 2007 By Po-Kun (Dennis), Tseng
2 Abstract: This report is focusing on ITIL framework, which is a set of guidelines for an IT department to control and measure their quality of IT operation. The principles of ITIL mainly deal with processes about IT Service Delivery and Support in order to reach the objectives of the organization. The content of this report includes three major parts which are, first of all, the advance of information security issues involved with SOX Act and other best practices such as COSO, CobiT, and ISO Secondly, the ITIL overview and its main processes and coverage, which will be coming up with the other two case studies, that are deriving from educational organization and other areas. Finally, the report will discuss the connection of ITIL with other key practices to see how they complement and link with ITIL.
3 Background: The bottom line of information security: Recently, most of the enterprises rely on using information technologies to fulfill their enormous data and transactions, such as an online banking service and an internal control process. By applying the sophisticated information technologies, those firms can simplify their business processes, raise their efficiency, and save their time and costs dramatically. With the continuous advance of information technologies and the commercial dependency, information security has started to play a key role in the real business world. This is why enterprises are on pins and needles since most companies are using the information technologies to assist with their tasks, the reliability and accountability of employing these technologies will become critical issues as well as how a company select a suitable IT control framework to maintain and measure its internal security level. IT security threats such as Spyware, Fishing web-side, or even employees could lead to incalculable damages. From 1992, the Committee of Sponsoring Organization (COSO) issued a report for enterprise internal control. Businesses have started to search a right and precise framework for fitting into the specific industry of the businesses. In addition in finding the best practice, the companies also faced more and more regulations from government and requirements from customers. There are some examples below: Financial controls SOX (2002)
4 Privacy Privacy Amendment Act (2001) Health information HIPAA (1996) Customer information GLBA (1999) Except for IT control framework, however, IT service management (ITIL) is also a key part of the whole IT security management area. As a result, this report will be focused on here and connection of ITIL with other frameworks. Sox (the Sarbanes-Oxley Act): In order to prevent financial problems such as Enron s bankruptcy and WorldCom s false accounting report, the US. Legislature had to pass the Sarbanes-Oxley Act (SOX) supervising public companies internal financial states in The first principle of SOX is that To improve quality and transparency in financial reporting and independent audits and accounting services for public companies, to create a Public Company Accounting Oversight Board, to enhance the standard setting process for accounting practices, to strengthen the independence of firms that audit public companies, to increase corporate responsibility and the usefulness of corporate financial disclosure, to protect the objectivity and independence of securities analysts, to improve Securities and Exchange Commission resources and oversight, and for other purposes. 1, which is the most important function for SOX. The overall Act, 1
5 however, has 11 titles and 66 sections. From title 1 to 6, the contents are mainly involved with establishing an independent Public Company Accounting Oversight Board, PCAOB, which deals with auditing and financial reports of public companies. From title 8 to 11, the purpose is to emphasize responsibilities of top managers. Otherwise, the section 302, Corporate Responsibility For Financial Reports, and 404, Management Assessment Of Internal Controls, required a suitable internal control framework. However, what is suitable for organizations acting in different industries and embracing different requirements? The most recognized standards are COSO, Cobit, ISO 17799, and ITIL. What are the Best Practices? COSO: In 1992, the Committee of Sponsoring Organization issued a report especially for enterprise internal control divided into 5 sections that are Monitoring, Information and Communication, Control Activities, Risk Assessment, and Control Environment. Until now, most of the accounting firms have already recognized COSO as an internal control framework. CobiT: Cobit emerged from the COSO practice. It was derived from the information systems audit and control associations (ISACA) and the IT governance institutes (ITIG) in Simply put, Cobit is the control objectives for information and related technologies. Hence, its
6 mission is to research, develop, publicize, and promote an authoritative, up-to-date, international set of generally accepted information technology control objectives for day-to-day use by business managers, IT professionals, and assurance professionals. 2 As the result, CobiT will not offer how to do it but what to do, and it also not covers any software or tool for improving IT services. There are four domains for CobiT,(1) Plan and Organize, (2) Acquire and Implement, (3) Deliver and Support, (4) Monitor and Evaluate. ISO 17799: ISO 17799, published by the international Organization for Standardization in 2001, is international accepted information security management standard. ISO provide a series of management guidelines, which include three dimensions that are Confidentiality, Integrity, and Availability. As CobiT, ISO is also not a technical standard and product or technology driven; contrary, it covers only the management of information security controls. Otherwise, ISO covers almost all information fields not just about IT areas. ITIL (Information Technology Infrastructure Library): Internal and external IT Service and Support professionals are all taking ITIL as their judging criterion. Even Microsoft operations framework (MOF) frequently references ITIL and its corresponding language. 2
7 What is ITIL? ITIL is not a now term and in fact that it has been introduced over two decades. The development of ITIL originated from Central Computer and Telecommunication Agency (CCTA), called the Office of Government Commerce (OCG) now. It has been widely accepted by many organizations from different countries. (A example of how ITIL measure the maturity of organization refers to appendix )However, it has just been applied in the US. within 10 years. It appropriately details a multitude of processes, totally eight books, which explain how IT service should be managed. Book 1. Service Support Book 2. Service Delivery Book 3. Business Perspective Book 4. ICT infrastructure Book 5. Applications Management Book 6. Security Management Book 7. Planning & Implementation Book 8. Software Asset Management At the heart of ITIL is IT service management (ITSM), which includes two books, Service Support and Service Delivery. There are ten basic processes to be defined by the two books as following:
8 Service support Service Delivery Configuration Management Availability Management Incident Management Capacity Management Problem Management Service Continuity Management Change Management Financial Management Release Management Service Level Management There are no standards for these processes. How well this work is enough for the organizations to be up to their requirements. In general, ITIL plays a role in the organizations as a set of guideline, which can be customized to: (1) Assist in getting a handle on the big picture. (2) Help build order and structure where there may be chaos. (3) Reference theory as well as practical tips on what should be done, not how to do so. Where to apply ITIL? Some use it as specifically for only the content from the Service Delivery and Service Support books while others use it for all of ITIL. Basically, whole service management must refer to any components relating to IT service prerequisites and so it must take account of the whole ITIL fields and has not been confined in only just two major orientations or two books. This is the definition of Service Management and the principle of ITIL. Otherwise, the
9 prerequisites of improving customer service quality are another core area that ITIL must focus on. To satisfy customers requirements will be the fundamental to ITIL and below shows several key activities that are essential for building successful ITIL processes within this area: (1) Documenting, negotiating, and agreeing customer and business quality targets and responsibilities in Service Level Agreements (SLAs). (2) Regular assessment of customer opinion in customer feedback and customer satisfaction surveys. (3) IT personal regularly taking the customer journey and sampling the customer experience. (4) IT personnel taking the customer and business perspective and always trying to keep customer interaction as simple and enjoyable as possible. (5) Understanding the ICT infrastructure. 3 The inner of ITIL: Service Delivery: There are five components that include Service Level Management, Financial Management for IT Service, Capacity Management, IT Service Continuity, and Availability Management, which cover whole quality improving plans for IT services as exhibit
10 Exhibit 1: The Service Delivery Processes (Source: An Introductory Overview of ITIL, itsmf, April 2004, p.13 ) Service Level Management is the most important position of processes in ITIL. It provides clear service delivery standards and the major interface for each organization and user. The major components of SLM are the Service Catalogue, Service Level Agreements (SLAs), and Operational Level Agreements (OLAs). Especially Service Catalogues provides definitions of each service, which include the deliverables, limitations of services, and measurements of service delivery performance, within the IT organization. In order to define what level of service an organization needs, Capacity Management can be ran with business, service support, and financial units together to establish the annual IT
11 infrastructure growth plan. The processes of Financial Management for IT Service gets involved with three major financial aspects, which are budgeting, IT Accounting including audit reports, and Chargeback. Availability Management allows organizations to review business requirements that include availability, reliability, maintainability, serviceability, and security. In order to recover and to avoid incidents that could cause disruption of service, IT Service Continuity focuses on contributing an acceptable level of service disruption with an agreed schedule. As a result, businesses can minimize the service disruption and keep trace the risk of disruption. Service Support: One of the major disciplines in Service Management is to support these services that were established by the Service Delivery group. This includes: Help Desk or Service Desk, Incident Management, Problem Management, Configuration Management, Change Management, and Release Management. The relations of these units show in the exhibit 2. Exhibit 2: The Service Support Processes
12 (Source: An Introductory Overview of ITIL, itsmf, April 2004, p.16 ) The Service Desk is responsible for reporting all incidents and requests, services as a center of all units and users within an organization and provides an interface for other Service Support processes. Incident Management is in charge of solving and detecting all incidents and must reinstate the system to the normal service level of organizations as fast as possible. The objective of Problem Management is to reduce impacts and damages that result from Incident Management. Thus, Problem Management is used to work as an assister for Incident Management to solve the detected problems.
13 To manage changes effectively, Change Management has to ensure that all changes are accepted through proper testing, risk assessment, and scheduling. The main function of Configuration Management is to deal with all operating data relating to the operating factors of any IT infrastructure elements in the organization. Near to Change Management, Release Management has to govern and to update the newest launching software versions and enterprise applications. Planning & Implementation: The six work stages can perform the implementation tasks of IT Service Management as following: Exhibit 3: (Source: Implementing ITIL-Adapting Your IT Organization to the Coming Revolution in IT Service, Randy A. S., 2005, CH 3, p. 15) Visioning stage is to identify and confirm what should be covered by the implementation
14 of ITIL as well as the benefits of implementing ITIL. Through this stage, IT organizations can know where to put more efforts and to avoid unnecessary labor force wasted. The goal of assessment stage has three: find out the gaps between organizations, fill up these gaps, and establish the Win projects which is like a small project fulfill to accomplish a tactical task, such as implementing IT Service Catalog. After finishing the preparation, the planning stage will take place to design implementation plans and come up with the overall implementation program. Then, the foundation stage will commence to work on establishing the strategic goals and defining the working procedures and the responsibilities. In this stage, organizational, technological, and governance strategies will be all getting together. The objective of Initial Win stage is to offer immediate benefits by building 2-5 small projects for each ITSM process. The small projects all have specific functions that are visible and touchable in the organization. Finally, the Control stage will carry out the process designed in the foundation stage and start the life cycle regularly. However, the efforts of implementing ITIL will not be over 12 months. Case Study : University of Canterbuey in New Zealand The seasons for using ITIL:
15 (1) The IT service level of the University had been reduced by several incidents of miscommunication and misunderstanding. (2) Various units and support groups need standardization of internal control and re-alignment. (3) Rather than act as only a support function, ITIL can improve the IT service group s overall services quality and correspond to the university s core business value. Implementing process: (1) Identified requirements for change (2) Identified the scope of this project (3) Defined the objectives of this project (4) Established the project structure (5) Organized the project deliverables and benefits for the IT department The project organizational structure: (1) ITIL implementation project manager (2) Service management project team (ITSM) (3) Implementation teams for each specific process within ITIL framework (4) Steering group (5) Reference groups (6) Reporting lines Resource requirements:
16 (1) Human resources Facilities will be required to fully participate or partly participate in this project. (2) Helpdesk telephone system Since the project tries to increase ability of helpdesk to solve incidents at first point of contact, the resource requirements are still unidentified. (3) Software Benefits of using ITIL: ITIL provides an approach that helps enterprises deriving their core business process more reliable, valuable, and effective. Benefits can be produce such as: Improved productivity Service standardization Improved customer satisfaction Improved communication quality between IT service group and customers Reduced cost Improved the business process as clearly defined roles and responsibilities Saved reaction time for managers Avoided problems effectively
17 Benefits to the customer of IT services: Provide documented procedures for external users Enable the customer to reach business objectives Provide feedback and necessary changes from monitoring of service performance Case Study : Service-Oriented IT Management: Benefit, Cost, and Success Factors The six organizations appreciate that the benefits of using ITIL are not only increased service quality and reduced risks, but also helping with managerial and service efficiency. Standardization and optimizing of process, for instance, will greatly improve managerial efficiency because managers can guarantee that all support centers located around globe will be all consistent and systematic. Exhibit 4 shows that the comparison of per- and post- adopting ITIL in terms of three levels of business engineering: strategies, processes, and systems. After implementation of ITIL, the six organizations getting rid of problems including most are not uniform, not standardized, and without interfaces. Exhibit 4: Gives an overview of the initial situation and the new solution on the three levels of business engineering
18 (Source: Service-Oriented IT Management: Benefit, Cost and Success Factors, Alex, H., 2005, p.4) Mapping ITIL into other best practices: ITIL cannot work alone and we all known that if you can t measure it you can t control it, and if you can t control it you can t manage it.. This is why we must use CobiT to set up the IT control framework and then establish ITIL for IT service Management. In fact that
19 ITIL can address the 34 CobiT processes linking with Service Delivery and Support even though, regarding to the appendix, there are some overlaps, which actually enable you to integrate CobiT and ITIL. On the other side, organization can use the security processes and controls defined by ISO to complement weaknesses of ITIL as well since ISO is used for the entire information security section not just for IT-related issues. Especially, when an organization wants to specify issues that will have an impact for the whole organization s security, ISO will be highly helpful. Otherwise, obviously ITIL s Problem Management and Configuration Management do not correspond to ISO according to appendix. However, Change Management, for example, will be directly complemented by CobiT s Change Management and also in ISO s Operational Change Control. We can say that the guidance, indicators, and controls for the definition of service level agreements, availability management, and business continuity management providing by CobiT and ISO17799 enable one to totally supplement ITIL s service delivery processes referring to appendix. Conclusion: As previously mentioned, we notice that ITIL is well-developed on delivery and support
20 processes yet it is weak on security controls. Therefore, in order to create a round-the-clock information security environment, the best way is to integrate these frameworks and to take from the long to add to the short. Organizations may use ITIL as defined processes, use CobiT as metrics or benchmarks, and use IS as risk mitigation for security management. Besides, to be more efficient organizations, it is better not try to complete implementation of ITIL, CobiT, and ISO at the same time because the goals for each organization may be different based on cost, benefit, risk control, or regulatory compliance perspectives. References: 1. ISACA: Serving IT Governance Professionals. (2006) How does ITIL link to COBIT and ISO Article available online at
21 2. H, Axel., T, Gerrit., and B, Walter.(2005). Service-oriented IT Management: Benefit, Cost, and Success Factors Article available online at 3. A, Randy.(2005). Implementing ITIL p John, W. (2005). Combining ITIL with COBIT and Article available online at 0Cobit%20and% pdf 6. Alex, H. (2005). Service-Oriented IT Management: Benefit, Cost and Success Factors. Article available online at 7. itsmf,( April 2004) An Introductory Overview of ITIL. Article available online at 8. D, Hamish.(2002). Proposal to Implement the Information Technology Infrastructure Library Framework for IT Service Management. Article available online at %20ITIL.pdf Appendix ITIL Maturity Measures
22 Appendix ITIL Service support vs. CobiT: Integration of ITIL and COBIT
23 ITIL Service Delivery vs. CobiT: Appendix Integration of ITIL and ISO ITIL Service Support vs. ISO 17799
24 ITIL Service Delivery vs. ISO 17799
Criticism of Implementation of ITSM & ISO20000 in IT Banking Industry. Presented by: Agus Sutiawan, MIT, CISA, CISM, ITIL, BSMR3
Criticism of Implementation of ITSM & ISO20000 in IT Banking Industry Presented by: Agus Sutiawan, MIT, CISA, CISM, ITIL, BSMR3 Outline What is IT Service Management What is ISO 20000 Step by step implementation
More informationAN OVERVIEW OF INFORMATION SECURITY STANDARDS
AN OVERVIEW OF INFORMATION SECURITY STANDARDS February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced
More informationRecommendations for the SMB Market. p: 813.227.4900 f: 813.227.4501 www.numarasoftware.com
WHITE PAPER By Larr y Desiano Field Sales Engineer Manager and Best Practices Leader Numara Software Inc. T H E C H A L L E N G E F O R T H E S M B M A R K E T Recently, there has been a great deal of
More informationIntroduction: ITIL Version 3 and the ITIL Process Map V3
Introduction: ITIL Version 3 and the ITIL Process Map V3 IT Process Maps www.it-processmaps.com IT Process Know-How out of a Box IT Process Maps GbR, 2009-2 - Contents HISTORY OF ITIL... 4 The Beginnings...
More informationTrustworthy Computing Spring 2006
Trustworthy Computing Spring 2006 Project Topic: Risk Management of Information Technology Outsourcing under ITIL ITSM framework By: (Mina) Szu-Chia Cheng 1 pages of 19 Table of Content Abstract...3 Why
More informationCreating and Maturing a Service Catalog
Creating and Maturing a Service Catalog By Wendy Kuhn and Pam Erskine Third Sky, Inc. Introduction Developing a service catalog can seem like a simple marketing and communications activity or a daunting
More informationThe IT Infrastructure Library (ITIL)
IT service management is often equated with the Information Technology Infrastructure Library (ITIL), even though there are a variety of standards and frameworks contributing to the overall ITSM discipline.
More informationThe Rise of Service Level Management. Gary Case
pink elephant WHITE PAPER: The Rise of Service Level Management in ITIL V3 The Rise of Service Level Management in ITIL V3 february, 2010 Gary Case Principal Consultant, Pink Elephant Table of Contents
More informationIT Service Desk Health Check & Action Plan
IT Service Desk Health Check & Action Plan Version: 1.0 Date: April, 2003 Authors: Fatima Cabral, Gary Case, David Ratcliffe Pink Elephant Leading the Way in IT Management Best Practices www.pinkelephant.com
More information-Blue Print- The Quality Approach towards IT Service Management
-Blue Print- The Quality Approach towards IT Service Management The Qualification and Certification Program in IT Service Management according to ISO/IEC 20000 TÜV SÜD Akademie GmbH Certification Body
More informationWhat Should IS Majors Know About Regulatory Compliance?
What Should IS Majors Know About Regulatory Compliance? Working Paper Series 08-12 August 2008 Craig A. VanLengen Professor of Computer Information Systems/Accounting Northern Arizona University The W.
More informationITIL V3 Application Support Volume 1
ITIL V3 Application Support Volume 1 Service Management For Application Support ITIL is a Registered Trade Mark and Community Trademark of the Office of Government and Commerce. This document may contain
More informationIT governance in Brazil:
Article IT governance in Brazil: does it matter? Authors Prof. Dr. Guilherme Lerch Lunardi, Universidade Federal do Rio Grande (FURG), Brazil. IT governance in Brazil Prof. Dr. Joâo Luiz Becker, Universidade
More informationApplying Integrated Risk Management Scenarios for Improving Enterprise Governance
Applying Integrated Risk Management Scenarios for Improving Enterprise Governance János Ivanyos Trusted Business Partners Ltd, Budapest, Hungary, ivanyos@trusted.hu Abstract: The term of scenario is used
More informationINTERNATIONAL JOURNAL OF ENGINEERING SCIENCES & RESEARCH TECHNOLOGY
[Sultana, 2(4): April, 2013] ISSN: 2277-9655 IJESRT INTERNATIONAL JOURNAL OF ENGINEERING SCIENCES & RESEARCH TECHNOLOGY A Case Study on Implementing ITIL in Business Organization Considering Business Benefits
More informationExecutive's Guide to
Executive's Guide to IT Governance Improving Systems Processes with Service Management, COBIT, and ITIL ROBERT R. MOELLER WILEY John Wiley & Sons, Inc. Contents Preface xiii PART I: IT GOVERNANCE CONCEPTS
More informationAn Implementation Roadmap
An Implementation Roadmap The 2nd Abu Dhabi IT s Forum P J Corum, CSQA, CSTE, ITSM Managing Director Quality Assurance Institute Middle East and Africa Dubai, UAE Quality Assurance Institute Middle East
More informationThe Rise of Service Level Management in ITIL V3. April 2008. Oblicore, Inc.
The Rise of Service Level Management in ITIL V3 April 2008 Oblicore, Inc. Table of Contents The Move From Version 2 To Version 3................... 3 What s New In V3?..................................
More informationImplementation of ITIL in a Moroccan company: the case of incident management process
www.ijcsi.org 30 of ITIL in a Moroccan company: the case of incident management process Said Sebaaoui 1, Mohamed Lamrini 2 1 Quality Statistic Computing Laboratory, Faculty of Science Dhar el Mahraz, Fes,
More informationIntegrating Project Management and Service Management
Integrating Project and Integrating Project and By Reg Lo with contributions from Michael Robinson. 1 Introduction Project has become a well recognized management discipline within IT. is also becoming
More informationThe CMDB at the Center of the Universe
The CMDB at the Center of the Universe Reg Harbeck CA Wednesday, February 27 Session 5331 Purpose Clarify origin of CMDB concept and what it is Understand difference and equivalence between CMDB and Asset
More informationIntegrated Information Management Systems
Integrated Information Management Systems Ludk Novák ludek.novak@anect.com ANECT a.s. Brno, Czech Republic Abstract The article tries to find consensus in these tree different types of the systems the
More informationFrameworks for IT Management
Frameworks for IT Management Copyright protected. Use is for Single Users only via a VHP Approved License. For information and printed versions please see www.vanharen.net 18 ITIL - the IT Infrastructure
More informationIn the launch of this series, Information Security Management
Information Security Management Programs: Operational Assessments Lessons Learned and Best Practices Revealed JUSTIN SOMAINI AND ALAN HAZLETON As the authors explain, a comprehensive assessment process
More informationStorage Management Within the NEW ITIL Version 3 Context. Dr. D. Akira Robinson, IT Governance Management, Ltd. Dept of Navy
Storage Management Within the NEW ITIL Version 3 Context Dr. D. Akira Robinson, IT Governance Management, Ltd. Dept of Navy Why ITIL? Total dependence on Information Technology Need to deal with complexity
More informationIT Service Management ITIL, COBIT
IT Service Management ITIL, COBIT Bülent Ekuklu Business Development Executive IBM Global Services Global Conditions are Changing 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% Agriculture Manufacturing Service
More informationGlobal Strategic Sourcing Services
where experience counts Global Strategic Sourcing Services Capabilities Overview Prepared For: Our Current and Future Valued Clients Our Strategic Sourcing Capabilities Sourcing Strategy Deciding whether
More informationIPMA 2006 ITIL in Practice The Alignability Process Model and HP OpenView Service Desk
IPMA 2006 ITIL in Practice The Alignability Process Model and HP OpenView Service Desk Presented by and Lilien Systems ITIL is a Registered Trade Mark, and a Registered Community Trade Mark of the Office
More informationIT PROCESSES BEST PRACTICES FOR. Version 1.0 Date: 04/06/2007
BEST PRACTICES FOR IT PROCESSES Version 1.0 Date: 04/06/2007 The Saudi e-government Program (Yesser) has exerted its best effort to achieve the quality, reliability, and accuracy of the information contained
More informationApplying ITIL v3 Best Practices
white paper Applying ITIL v3 Best Practices to improve IT processes Rocket bluezone.rocketsoftware.com Applying ITIL v. 3 Best Practices to Improve IT Processes A White Paper by Rocket Software Version
More informationDetermining Best Fit. for ITIL Implementations
Determining Best Fit for ITIL Implementations Michael Harris President David Consulting Group Agenda Why ITIL? The Evolution of IT Metrics Towards the Business What do businesses need from IT Introduction
More informationMapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA
Volume 3, July 2014 Come join the discussion! Alberto León Lozano will respond to questions in the discussion area of the COBIT 5 Use It Effectively topic beginning 21 July 2014. Mapping COBIT 5 with IT
More informationMaking Compliance Work for You
white paper Making Compliance Work for You with application lifecycle management Rocket bluezone.rocketsoftware.com Making Compliance Work for You with Application Lifecycle Management A White Paper by
More informationCOBIT 5 For Cyber Security Governance and Management. Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE)
COBIT 5 For Cyber Security Governance and Management Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE) Cybersecurity Governance using COBIT5 Cyber Defence Summit Riyadh, KSA
More informationEnhancing IT Governance, Risk and Compliance Management (IT GRC)
Enhancing IT Governance, Risk and Compliance Management (IT GRC) Enabling Reliable eservices Tawfiq F. Alrushaid Saudi Aramco Agenda GRC Overview IT GRC Introduction IT Governance IT Risk Management IT
More informationThe multisourcing approach to IT consolidation
Experience the commitment WHITE PAPER The multisourcing approach to IT consolidation The proven commercial practice of multisourcing services integration can help state and local governments achieve IT
More informationPreparation Guide. EXIN IT Service Management Associate Bridge based on ISO/IEC 20000
Preparation Guide EXIN IT Service Management Associate Bridge based on ISO/IEC 20000 Edition January 2014 Copyright 2014 EXIN All rights reserved. No part of this publication may be published, reproduced,
More informationBenchmark of controls over IT activities. 2011 Report. ABC Ltd
www.pwc.com/cy Benchmark of controls over IT activities 2011 Report ABC Ltd... 2012 Scope and approach We wish to provide you with our IT Benchmarking report over IT activities at ABC Ltd (the Company)
More informationSnohomish County PUD. Service Management Journey. Chris Thorpe Tina Myren June 16, 2010
Snohomish County PUD Service Management Journey Chris Thorpe Tina Myren June 16, 2010 Topics Snohomish County PUD How We Started Our Approach Change Management ITSM Tool Top Ten Tips Who Is Snohomish County
More informationTutorial: Towards better managed Grids. IT Service Management best practices based on ITIL
Tutorial: Towards better managed Grids. IT Service Management best practices based on ITIL EGI Technical Forum 2011, Lyon (France) September 22, 2011 Dr. Thomas Schaaf www.gslm.eu EMERGENCE TECH LTD. The
More informationPreparation Guide. EXIN IT Service Management Associate based on ISO/IEC 20000
Preparation Guide EXIN IT Service Management Associate based on ISO/IEC 20000 Edition January 2014 Copyright 2014 EXIN All rights reserved. No part of this publication may be published, reproduced, copied
More informationAPPLICATION OF INFORMATION TECHNOLOGY SERVICE MANAGEMENT WITHIN SELECTED LOGISTICS AND TRANSPORT SERVICES
Proceedings of the 13 th International Conference Reliability and Statistics in Transportation and Communication (RelStat 13), 16 19 October 2013, Riga, Latvia, p. 363 369. ISBN 978-9984-818-58-0 Transport
More informationIT Governance Dr. Michael Shaw Term Project
IT Governance Dr. Michael Shaw Term Project IT Auditing Framework and Issues Dealing with Regulatory and Compliance Issues Submitted by: Gajin Tsai gtsai2@uiuc.edu May 3 rd, 2007 1 Table of Contents: Abstract...3
More informationITIL AND COBIT EXPLAINED
ITIL AND COBIT EXPLAINED 1 AGENDA Overview of Frameworks Similarities and Differences Details on COBIT Framework (based on version 4.1) Details on ITIL Framework, focused mainly on version.2. Comparison
More informationJohn Kacmarynski TLG Learning. ITIL History Benefits of Implementing ITIL Integrated Service Lifecycle Approach and Processes
John Kacmarynski TLG Learning ITIL History Benefits of Implementing ITIL Integrated Service Lifecycle Approach and es What is not defined cannot be controlled What is not controlled cannot be measured
More informationITSM 101. Patrick Connelly and Sandeep Narang. Gartner. www.it.ufl.edu
ITSM 101 Patrick Connelly and Sandeep Narang Gartner 1 IT Service Management 101 Agenda What is IT Service Management? Why is IT Service Management Important? Speaking a Common Language: Overview of Key
More informationGLOBAL STANDARD FOR INFORMATION MANAGEMENT
GLOBAL STANDARD FOR INFORMATION MANAGEMENT Manohar Ganshani Businesses have today expanded beyond local geographies. Global presence demands uniformity within the processes across disparate locations of
More informationA Comparison of IT Governance & Control Frameworks in Cloud Computing. Jack D. Becker ITDS Department, UNT & Elana Bailey
A Comparison of IT Governance & Control Frameworks in Cloud Computing Jack D. Becker ITDS Department, UNT & Elana Bailey ITDS Department, UNT MS in IS AMCIS 2014 August, 2014 Savannah, GA Presentation
More informationBest Practice ITIL (Information Technology Infrastructure Library)
Best Practice ITIL (Information Technology Infrastructure Library) To achieve G H Bank s overall objectives, the Information Technology Group must provide excellent cutting-edge IT services to all stakeholders
More informationHas Your Organization Out-Grown Your Helpdesk? A guide to determine when your company is at the right stage to shift to a Service Desk.
Has Your Organization Out-Grown Your Helpdesk? A guide to determine when your company is at the right stage to shift to a Service Desk. 1 P a g e Has Your Organization Out-Grown Your Helpdesk? A guide
More informationService Improvement. Part 3 The Strategic View. Robert.Gormley@ed.ac.uk http://www.is.ed.ac.uk/itil
Service Improvement Part 3 The Strategic View Robert.Gormley@ed.ac.uk http://www.is.ed.ac.uk/itil Service Management House Customers Avail. Mgmt Capacity Mgmt Service Level Mgmt Continuity Mgmt Financial
More informationLogging the Pillar of Compliance
WHITEPAPER Logging the Pillar of Compliance Copyright 2000-2011 BalaBit IT Security All rights reserved. www.balabit.com 1 Table of Content Introduction 3 Open-eyed management 4 ISO 27001 5 PCI DSS 5 Sarbanes
More informationContents. viii. 4 Service Design processes 57. List of figures. List of tables. OGC s foreword. Chief Architect s foreword. Preface.
iii Contents List of figures List of tables OGC s foreword Chief Architect s foreword Preface Acknowledgements v vii viii 1 Introduction 1 1.1 Overview 4 1.2 Context 4 1.3 Purpose 8 1.4 Usage 8 2 Management
More informationThe ITIL Service Desk. Common Sense Comes To Life. Version : 1.3 Date : August 13, 2003 : Pink Elephant Global Hosting Services www.pinkghost.
The ITIL Service Desk Common Sense Comes To Life Version : 1.3 Date : August 13, 2003 Location : Pink Elephant Global Hosting Services Table Of Contents 1 ITIL DEFINED... 3 2 ITIL S BUSINESS BENEFITS...
More informationGetting In-Control - Combining CobiT and ITIL for IT Governance and Process Excellence. Executive Summary: What is the business problem?
Getting In-Control - Combining CobiT and ITIL for IT Governance and Process Excellence Executive Summary: Nearly all of us who are running an IT shop feel the need to gain or increase control, predictability,
More informationITIL's IT Service Lifecycle - The Five New Silos of IT
The workable, practical guide to Do IT Yourself Vol. 4.01 January 1, 2008 ITIL's IT Service Lifecycle - The Five New Silos of IT By Rick Lemieux In my last article I spoke about IT s evolution from its
More informationIT Service Management
IT Service Management VNUG Conference 2013-09-04 Anders Stenmark Business Critical Consultant, HP Agenda Introduction Reliable service delivery ITSM ITSM Assessments 2 Introduction Anders Stenmark Business
More informationISO20000: What it is and how it relates to ITIL v3
ISO20000: What it is and how it relates to ITIL v3 John DiMaria; Certified Six Sigma BB, HISP BSI Product Manager; ICT (ISMS,ITSM,BCM) Objectives and Agenda To raise awareness, to inform and to enthuse
More informationTWO-THIRDS OF ORGANISATIONS HAVE ENGAGED WITH ITIL Is your Company an IT Service Management Laggard?
For further information: Hilary King Dimension Data Tel: +27 11 575 6728 Cell: +27 82 414 9623 Fax: +27 11 576 6728 hilary.king@za.didata.com EMBARGOED: NOT FOR PUBLICATION UNTIL 22h00 CAT ON 28 FEBRUARY
More informationITIL V3 Service Lifecycle Key Inputs and Outputs
ITIL V3 Lifecycle & ITIL V3 Lifecycle Key 1 ITIL V3 Lifecycle & Use Material Complying with all applicable copyright laws is responsibility user No part this document may be reproduced, stored in or introduced
More informationThe ITIL Story. Pink Elephant. The contents of this document are protected by copyright and cannot be reproduced in any manner.
1. ITIL Defined The Information Technology Infrastructure Library (ITIL) is a set of guidance developed by the United Kingdom s Office Of Government Commerce (OGC). The guidance, documented in a set of
More informationiso20000templates.com
iso20000templates.com Public IT Limited 2011 IT Service Policy Document Ref. ITSM01001 Version: 1.0 Draft 1 Document Author: Document Owner: V 1.0 Draft 1 Page 1 of 11 Revision History Version Date RFC
More informationSecurity & IT Governance: Strategies to Building a Sustainable Model for Your Organization
Security & IT Governance: Strategies to Building a Sustainable Model for Your Organization Outside View of Increased Regulatory Requirements Regulatory compliance is often seen as sand in the gears requirements
More informationITIL: What is it? How does ITIL link to COBIT and ISO 17799?
ITIL: What is it? How does ITIL link to COBIT and ISO 17799? 1 What is ITIL? The IT Infrastructure Library A set of books comprising an IT service management Best Practices framework An industry of products,
More informationSECURITY. Risk & Compliance Services
SECURITY Risk & Compliance s V1 8/2010 Risk & Compliances s Risk & compliance services Summary Summary Trace3 offers a full and complete line of security assessment services designed to help you minimize
More informationProcess Ownership and Service Ownership
Process Ownership and Service Ownership Maximizing the Value of Key Roles A Third Sky White Paper By Lou Hunnebeck, ITIL Expert and Service Design 2011 Author, VP ITSM Vision & Strategy for Third Sky,
More informationUsing COBiT For Sarbanes Oxley. Japan November 18 th 2006 Gary A Bannister
Using COBiT For Sarbanes Oxley Japan November 18 th 2006 Gary A Bannister Who Am I? Who am I & What I Do? I am an accountant with 28 years experience working in various International Control & IT roles.
More informationIT Service Management (ITSM) & IT Infrastructure Library (ITIL) Overview
IT Service (ITSM) & IT Infrastructure Library (ITIL) Overview September 2005 Hamid Nouri President, Nouri Associates Client Briefing What is IT Infrastructure Library (ITIL)? Information Technology Infrastructure
More informationEmploying ITSM in Value Added Service Provisioning
RL Consulting People Process Technology Organization Integration Employing ITSM in Value Added Service Provisioning Prepared by: Rick Leopoldi January 31, 2015 BACKGROUND Service provisioning can oftentimes
More informationService Management ITIL Service Design
Service Management ITIL Service Design Univ.-Prof. Dr.-Ing. Wolfgang Maass Chair in Economics Information and Service Systems (ISS) Saarland University, Saarbrücken, Germany WS 2011/2012 Thursdays, 8:00
More informationIT Organisation in Change
IT Organisation in Change ENTERPRISE SOFTWARE ENGINEERING & SOFTWARE ENGINEERING IN THE ENTERPRISE IT change Quality of IT s Costs of IT s change Future Now Perfect IT s Business Demands Can we deliver?
More informationHP Operational ITSM Service. For continual service improvement
HP Operational ITSM Service For continual service improvement Overview Enhance service levels by applying best practices and standards Improve productivity and reduce costs Deliver true business value
More informationAchieving Business Imperatives through IT Governance and Risk
IBM Global Technology Services Achieving Business Imperatives through IT Governance and Risk Peter Stremus Internet Security Systems, an IBM Company Introduction : Compliance Value Over the past 15 years
More informationThis article will provide background on the Sarbanes-Oxley Act of 2002, prior to discussing the implications for business continuity practitioners.
Auditing the Business Continuity Process Dr. Eric Schmidt, Principal, Transitional Data Services, Inc. Business continuity audits are rapidly becoming one of the most urgent issues throughout the international
More informationContract management roles and responsibilities
Contract management roles and responsibilities This White Paper describes the formal arrangements for managing the relationship with the provider through a demand and supply organization. This is a governance
More informationIntroduction to ITIL for Project Managers
CSC NORTH AMERICAN PUBLIC SECTOR Introduction to ITIL for Project Managers May Chantilly Luncheon Linda Budiman, PMP ITILv2 & ITILv3 Process Architect ITIL Service Manager, CobiT certified 5/13/2008 8:08:45
More informationICTEC. IT Services Issues 3.4.2008. HELSINKI UNIVERSITY OF TECHNOLOGY 2007 Kari Hiekkanen
ICTEC IT Services Issues 3.4.2008 IT Services? IT Services include (for example) Consulting, IT Strategy, IT Architecture, Process, Software Software development, deployment, maintenance, operation, Custom
More informationIT and Business Process Performance Management: Case Study of ITIL Implementation in Finance Service Industry
IT and Business Process Performance Management: Case Study of Implementation in Finance Service Industry M S Faculty of Economics and Business Zagreb, University of Zagreb Kennedy s sq 6, 10000 Zagreb,
More informationManager s Certificate in IT Service Management. Guidelines & Syllabus for Prospective Candidates
Manager s Certificate in IT Service Management Guidelines & Syllabus for Prospective Candidates CONTENTS PREFACE 1. INTRODUCTION 2. SYLLABUS 3. THE HOLDER OF THE CERTIFICATE 4. ELIGIBILITY FOR THE WRITTEN
More informationITIL - QUICK REFERENCE GUIDE
http://www.tutorialspoint.com/itil/itil_quick_guide.htm ITIL - QUICK REFERENCE GUIDE Copyright tutorialspoint.com ITIL Overview ITIL is a framework providing best practice guidelines on all aspects of
More informationService Support 123 Success Secrets. Copyright by Jonathan Hammond
Service Support 123 Success Secrets Copyright by Jonathan Hammond Notice of rights All rights reserved. No part of this book may be reproduced or transmitted in any form by any means, electronic, mechanical,
More informationThe ITIL Story White Paper
The ITIL Story White Paper Produced By: Pink Elephant Version: 3.3 Date of Publication: September, 2004 Table of Contents 1. ITIL Defined... 3 2. Non-Proprietary... 4 3. Concepts Behind The Library...
More informationTerms of Reference for an IT Audit of
National Maritime Safety Authority (NMSA) TASK DESCRIPTION PROJECT/TASK TITLE: EXECUTING AGENT: IMPLEMENTING AGENT: PROJECT SPONSOR: PROJECT LOCATION: To engage a professional and qualified IT Auditor
More informationCobiT and IT Governance Elements for building in security. from the top, down and the bottom, up
CobiT and IT Governance Elements for building in security from the top, down and the bottom, up David Kohrell, PMP, CISA, MA, MCRP david.kohrell@tapuniversity.com This presentation was developed using
More informationIT Compliance 24.09.2007. After Hours Seminar September 2007 Zurich. Improving IT Risk & Compliance Management (RCM)
IT Compliance 24.09. AHS After Hours Seminar Zurich Improving IT Risk & Compliance Management (RCM) Bruno J. Wiederkehr Member of the Board ISACA Switzerland Chapter Agenda 1. Understanding the RCM Requirements
More information10 Best-Selling Modules For Home Information Technology Professionals
Integriertes Risk und Compliance Management als Elemente einer umfassenden IT-Governance Strategie Ing. Martin Pscheidl, MBA, MSc cert. IT Service Manager Manager, Technical Sales CA Software Österreich
More informationDomenico Raguseo. IT Governance e Business Technology (approfondimenti su ITIL)
IT Governance e Business Technology (approfondimenti su ITIL) Domenico Raguseo Italy Client Technical Professional Manager SW Europe Service Management Solution Architect Leader http://www.linkedin.com/in/dragus
More informationITIL V3 AND THE SERVICE LIFECYCLE PART I THE MISSING COMPONENT
ITIL V3 AND THE SERVICE LIFECYCLE PART I THE MISSING COMPONENT PLANVIEW INC. BACKGROUND IT departments continually have tremendous demands placed on them to manage new initiatives, projects, incidents,
More informationTeamQuest and ITIL Version 2
TeamQuest and ITIL Version 2 Part 1 Introducing ITIL Version 2 With the advent of ITIL Version 3, is ITIL Version 2 still relevant? is one of the most commonly asked ITIL questions. The answer is a resounding
More informationORGANIZED FOR BUSINESS: BUILDING A CONTEMPORARY IT OPERATING MODEL
ORGANIZED FOR BUSINESS: BUILDING A CONTEMPORARY IT OPERATING MODEL Time is running out for the traditional, monopolistic IT model now that users have so many alternatives readily available. Today s enterprises
More informationThe State of Tennessee. Category: Enterprise IT Management Initiatives. Managing by Metrics, A Process Improvement Initiative
The State of Tennessee Category: Enterprise IT Management Initiatives Managing by Metrics, A Process Improvement Initiative 2009 NASCIO Recognition Award Nomination For work performed in 2008 Executive
More informationUsing QUalysgUard to Meet sox CoMplianCe & it Control objectives
WHITE PAPER Using QualysGuard to Meet SOX Compliance & IT Objectives Using QualysGuard To Meet SOX Compliance and IT Objectives page 2 CobIT 4.0 is a significant improvement on the third release, making
More information14 October 2015 ISACA Curaçao Conference By: Paul Helmich
Governance, Risk & Compliance A practical approach 14 October 2015 ISACA Curaçao Conference By: Paul Helmich Topics today What is GRC? How much of all the GRC literature, tools, etc. do I need to study
More informationSan Francisco Chapter. Cassius Downs Network Edge LLC
Cassius Downs Network Edge LLC ITIL History ITIL Books V3 Objectives Business Benefits of V3 V3 Changes Training & Certification V2 or V3? Summary 2 The 12 Rules 1. EXERCISE Rule #1: Exercise boosts brain
More informationSESSION 709 Wednesday, November 4, 9:00am - 10:00am Track: Strategic View
SESSION 709 Wednesday, November 4, 9:00am - 10:00am Track: Strategic View The Business of IT Provisioning Bill Irvine Transformation Strategist, Accelerate Innovation, VMware billirvine@comcast.net Session
More informationCourse: Information Security Management in e-governance. Day 1. Session 3: Models and Frameworks for Information Security Management
Course: Information Security Management in e-governance Day 1 Session 3: Models and Frameworks for Information Security Management Agenda Introduction to Enterprise Security framework Overview of security
More informationCHArTECH BOOkS MANAgEMENT SErIES INTrODuCINg ITSM AND ITIL A guide TO IT SErvICE MANAgEMENT www.icaew.com/itfac
Chartech Books Management Series Introducing ITSM and ITIL A Guide to IT Service Management www.icaew.com/itfac Introducing ITSM and ITIL A Guide to IT Service Management by Colin Rudd This report is published
More informationOffice of the Auditor General AUDIT OF IT GOVERNANCE. Tabled at Audit Committee March 12, 2015
Office of the Auditor General AUDIT OF IT GOVERNANCE Tabled at Audit Committee March 12, 2015 This page has intentionally been left blank Table of Contents Executive Summary... 1 Introduction... 1 Background...
More informationITIL V3 Foundation Certification - Sample Exam 1
ITIL V3 Foundation Certification - Sample Exam 1 The new version of ITIL (Information Technology Infrastructure Library) was launched in June 2007. ITIL V3 primarily describes the Service Lifecycle of
More informationMicrosoft s Compliance Framework for Online Services
Microsoft s Compliance Framework for Online Services Online Services Security and Compliance Executive summary Contents Executive summary 1 The changing landscape for online services compliance 4 How Microsoft
More information