Integrated Information Management Systems
|
|
- Derick Franklin
- 8 years ago
- Views:
Transcription
1 Integrated Information Management Systems Ludk Novák ANECT a.s. Brno, Czech Republic Abstract The article tries to find consensus in these tree different types of the systems the quality system, the IT service system and the information security system, which are frequently used for information. An aim is not to choose the best method, but to compose a complex framework based on advantages and synergies. The author describes his experience with integrations of the tree types of the systems into one consistent information framework. The integration is based on similarities of the systems especially on the PDCA Model, which is a key shared principle. The second principle is an effort to incorporate information risks into each type of systems. There is not possible to manage risk properly without close connection to realising information and communication technology benefits these days. Keywords: Information, Software quality, IT service, Information security, CobiT, ITIL, BS7799, PDCA model. 1 Introduction Wide using of information and communication technology (ICT) has a very serious consequence organizations are more and more dependent on quality, reliability and security of their information and communication systems including all related processes and activities. Provision of more effective and efficient services with appropriate reliability and security is an essential responsibility of people who are involved information. Information aims are also shifting. Increasing importance of ICT for organizations everyday life means it is not more acceptable just administrates and maintains ICT infrastructure. An information primer role is to manage and improve IT services, which are able to deliver defined and measurable added values for business units. So information gains an essential position in general business and strategy. There are several best practice methodologies or standards in the information and security world. CobiT (Control objectives for information and related technology), ISO 9000, ITIL (Information Technology Infrastructure Library), BS and/or ISO/IEC are the most general frameworks. New requirements on information have appeared recently (like Basel II, Sarbanes-Oxley Act, critical information infrastructure protection etc.) and emphases needs for information systems based on international standards and open methodologies. BASEL II the new capital accord establishes new requirements on operational risk control in banking. ICT is a key element of the operational risk and banks should adopt process driven approach to risk, information and operation. The Sarbanes-Oxley Act establishes new mandates for financial reporting based on internal control environment. Company s managers are fully responsible for the internal controls and should make statement about the internal control. Most financial reporting processes are driven by ICT, so strong information is also a key element. And information managers and other ICT professionals are held accountable for the quality and integrity of information produced by ICT. Security and Protection of Information
2 2 Starting points The regulation examples mentioned above present current situation in information. The new requirements do not distinguish among information, information risk, information security, ICT operations etc. There is just one control framework for information and the basic question is if any information is presented trustfully? 2.1 Information added value According to the current needs information has to find and defines an appropriate information added value (or ICT added value) much more extensively. There are tree general types of the added value connected with ICT: Increase automation an organization is able to align its business and information and enlarges its production and performance by using ICT the organization is effective (It does good thinks). Decrease costs an organization is able to use resources responsible and reduces costs and other expenses by using ICT the organization is efficient (It does thinks well). Manage risks an organization is able to adjust security measures and minimises security incidents, related risks and possible damages the organization is secure. Increase automation Decrease costs ICT added value Manage risks Figure 1: ICT added value The existing information needs and requirements stress all tree types of the information added value. There is an important issue to find a balance among all tree types, because it is not possible to realize ICT benefits without proper risk. On the other hand information risks should be in close connection to the ICT benefits and reflect them. This is a complex outlook on information sometimes called IT governance. 2.2 IT Governance and CobiT Methodology IT Governance is a structure of relationships and processes to direct and control the organization in order to achieve the organization s goals by adding value while balancing risk versus return over ICT and its processes. [1] CobiT (Control Objectives for Information and related Technology) [1] as an IT Governance model is a complex information framework and its basic idea says Information should reach effective balance between realising benefits by increase automation or decrease costs and managing risks. To accomplish this, information needs to identify most important activities to be performed, measure progress towards achieving goals and determine how well the ICT processes are performing. 84 Security and Protection of Information 2005
3 The COBIT concept is that control in ICT is approached by looking at information that is needed to support the business objectives or requirements, and by looking at information as being the result of the combined application of ICT resources that need to be managed by ICT processes. To satisfy business objectives, information needs to conform to certain criteria. The following tree basic elements form the CobiT framework: Information criteria present business goals and needs and their implications to information (effectiveness, efficiency, confidentiality, integrity, availability, compliance, and reliability). ICT resources are available means which can be used by information (data, applications, technology, facilities, and people). ICT processes are all activities and tasks related to information form four broad domains (planning and organization, acquisition and implementation, delivery and support, and monitoring). In summary, in order to provide the information that the organisation needs to achieve its objectives, IT governance must be exercised by the organisation to ensure that ICT resources are managed by a set of naturally grouped ICT processes. CobiT as a useful tools calls attention to: Organization contribution ensuring effective IT governance and information, User orientation measuring up to business expectations, Operational excellence performing the ICT function with increasing credibility and impact, Future orientation building the foundation for future delivery and continuous learning and growth. CobiT methodology is ideal for establishing a complex and comprehensive control environment for information. But there is a significant shortage. The ICT processes are not defined so deeply in CobiT. It was not authors aim to describe all details, but it is better to use another guidance to implement information from the practical point of view. 2.3 Integrated information system requirements There are thee types of the ICT added value and successful information should integrate all aspects quality, reliability and security. This information system should be composed from the following: Good relationship with business and users of information and communication systems enhancing effectiveness is essential to a quality system; Effectiveness of all ICT operations based on proper IT service delivery and support reducing expenses is a main goal of an IT service system; Control and limitation of information security risks and possible damages is a key benefit of an information security system. Quality IT service CobiT Information security Figure 2: Integrated information system Security and Protection of Information
4 Are these tree different information systems compatible each other or not? And can effective and efficient integration stand on advantages and synergies of the systems? You can hear similar questions quite often these days. 3 Information system basic components The quality has quality systems based on ISO 9000 (or ISO in IT). The reliability establishes an IT service system follows recommendations of BS 15000, which generalizes ITIL and the security stands for information security system, which applies controls from BS or ISO Each system and its contribution to the integrated information system are discussed in the next text. 3.1 Quality system Quality is the totality of characteristics of a product or service that bear on the ability to satisfy stated and implied needs. [ISO 8402] A Quality Management System (QMS) is a well-known system emphasises an importance of customers and their requirements for any business. ISO 9001:2000 [2] is a familiar example of a collection of quality best practices. The principles are valid for information too, so business unit and user requirements are seriously important issues. Excellent information should systematically discover user ideas and transform them properly to the real life. QMS s added value is to increase automation and partly to decrease costs. An suitable level of internal process formalism (like process definition, resources, document, record ) is another advantage of QMS. The guidance ISO/IEC 90003:2004 [3] covers all aspects of software quality, from acquisition to supply, including development, operation and maintenance of computer software, and providing guidance on how to implement highly successful ISO 9001:2000 process driven approach in a software environment. The structure of the standard demonstrates the comprehensiveness of the five perspectives (see the figure 3). Management responsibility Quality system ISO/IEC Resource Product realization Measurement, analysis and improvements Figure 3: Basic structure of quality system for software engineering A lot of organizations are running QMS, so information can use QMS s tools and rules as guidance for document, resource, record etc. There is also useful to add a concept of information into QMS framework not to establish any parallel structures. QMS s culture in the organization is a useful asset too, so it can be promoted to include information and/or information security issues. 3.2 IT service system IT service is a described set of facilities, IT and non-it, supported by the IT service provider that fulfils one or more needs of the customer and that is perceived by the customer as a coherent whole. [15] IT Service Management (ITSM) is relatively a new approach to information, which is concentrated on ICT operation processes. ISTM is primary known as the process and service-focused approach to information. ITSM addresses the provision and support of IT services tailored to the needs of the organization. ITSM offers a common framework for ICT activities, as part of the provision of services, based on ICT infrastructure. These activities are divided into processes (see figure 4), which when used together provide an 86 Security and Protection of Information 2005
5 effective ITSM framework for service delivery and service support. ITSM brinks decrease costs and partly increase automation for the organization. Service delivery processes Capacity Service continuity and availability Release process Release Service level Service reporting Control processes Change Configuration Resolution processes Incident Problem Information security Budgeting and accounting for IT services Realationship Processes Business relationship Supplier Figure 4: IT service processes ITSM concept is defined by two standards: the first BS :2002 [5] describes system specification and a code of practice is presented by the second BS :2003 [6]. There is a huge public interest consequently both standards are adopting as new international standards ISO/IEC IT Service Management in short way. ITSM concentrates on high reliability a transparency of ICT operations. A primary aim is to define operation processes including relationship and measurements, monitor and supervise process realizations and enhance operation effectiveness based on results and trends. ITSM is an ideal way, how to control, monitor and improve internal ICT operations. ITSM is not just about the standards. The philosophy comes from IT Infrastructure Library (ITIL) which is a complex set guidance, how to design, build and run ITSM. The documents describing service delivery and service support are a core the whole ITIL library. 3.3 Information security system Information security is preservation of confidentiality, integrity and availability of information; in addition, other properties, such as authenticity, accountability, non-repudiation, and reliability can also be involved. [8] An Information Security Management System (ISMS) concentrates on definition of processes connected with information risk analysis and treatment and the ICT added value is to manage risks. The standard BS :2002 [11] defines ISMS requirements and specifies how to design, enforce, control and improve information security. There is a draft of a new international standard ISO/IEC [12] based on BS :2002 and a final version is expected at the end of A key element of any ISMS is an information risk and treatment process which concentrates on choosing proper security objectives and controls. Security and Protection of Information
6 A code of practice for information security and other ISMS best practice are described in ISO/IEC 17799:2000 [7]. A new version is ready to be published by summer Information security categories on the following figure present the basic extend of ISO/IEC 17799:2005 [8]. ISO/IEC 17799:2005 Security policy Asset Access control Organizing information security Human resources security Physical and environmental security Communications and operations Information systems acquisition, development and maintenance Business continuity Information security incident Compliance Figure 5: Information security categories A draft of ISO/IEC Information security metrics and measurements [13] is currently in progress. An aim is to add tools, how to define measures and indicators into ISMS and sometimes it is called the 3 rd part of BS Shared principles of systems 4.1 PDCA Model All presented systems have a vital shared principle called PDCA Model (Plan Do Check Act). The model defines a basic cycle for each system. The cycle starts with planning of activities and defining expected results. Implementation and running as the second part is followed by monitoring all defined activities to have appropriate information on success of implementation, its strengths and weaknesses. This outputs and realised experiences should be used to continual improvement of the system. Plan Customers Requirements Satisfaction Do Check Act Requirements Satisfaction Suppliers Figure 6: PDCA Model concept 88 Security and Protection of Information 2005
7 PDCA Model external connections are important too. Customers (or users) are one side of externalities and suppliers are the other. The PDCA model requires a clear expression of customer requirements and proper monitoring their satisfaction. On the other hand the organization should define requirements to its suppliers and watch, how the suppliers fulfil the needs. PDCA Model is a key principle which makes possible to integrate tree systems concentrated on different topics. The other shared principles related to PDCA Model includes responsibility and commitment, resource, documentation and record control, awareness and training, reviews, continual improvement etc. 4.2 Standpoints to improve ISMS The conference main topic is information security and protection so we look at benefits of the information integration for ISMS. At first it is important to mentioned positive influence of QMS on ISMS. QMS is a well-known application of PDCA Model, so any good experience could be used for advocating ISMS. Using existing tools and following establish culture should be other preference for ISMS. Last but not least thing is share existing QMS structure in contradiction to create wholly new framework for ISMS. Relation between ITMS and ISMS contains more synergies. ITSM comprehends IT services as a fundament of information. Consequently it is advisable to apply this approach into ISMS. It means that IT services should be a starting point for risk analyses and risk treatment processes. This approach allows taking information security requirements as a part of IT service and including security into IT service reporting as a result. Change is other large room for collaboration ITSM and ISMS. ITSM offers deeper inspection and more detail description of change and related processes. ISMS can use this quite easy including configuration and release. Incident has a bit difficult situation, because ITSM recommendations should be join up with information security incident requirements defined by ISO/IEC TR 18044:2004 [9]. At the end it is necessary to warm, that availability and continuity have similar rules and residual problems are related to business comprehensions. 5 Conclusions It is not possible to discuss all information aspects and their information security consequences. The aim is to call attention to needs of joining different views. The integrated information system makes possible to take advantage of all existing similarities. It is clear that each discussed system stress its perspective, but there no barriers to improve each other. There are no limitations from this lookout. References [1] COBIT 3 rd Edition, Information Systems Audit and Control Foundation, ISACF [2] EN ISO 9001:2000 Quality systems Requirements. [3] ISO/IEC 90003:2004 Software engineering Guidelines for the application of ISO 9001:2000 to computer software. [4] Suryn, W., Hailey, V. A., and Coster, A.: Huge potential user base for ISO/IEC 90003, In ISO Focus, Volume 2, No.2, pp , February [5] BS :2002 IT Service Management Part 1: Specification for service. [6] BS :2003 IT Service Management Part 2: Code of practice for service. [7] ISO/IEC 17799:2000 Information Technology Security Techniques Code of practice for information security. [8] ISO/IEC FDIS 17799:2005 Information Technology Security Techniques Code of practice for information security. [9] ISO/IEC 18044:2004 Information Technology Security Techniques Information security incident. Security and Protection of Information
8 [10] Humphreys, T.: Being prepared to tackle threats to your business, In ISO Focus, Volume 2, No.2, pp , February [11] BS :2002 Information security systems Specification with guidance for use. [12] ISO/IEC FCD 24743:2004 Information Technology Security Techniques Information security systems requirements specification. [13] ISO/IEC 1 st WD 24742:2005 Information Technology Security Techniques Information security metrics and measurements. [14] [15] 90 Security and Protection of Information 2005
iso20000templates.com
iso20000templates.com Public IT Limited 2011 IT Service Policy Document Ref. ITSM01001 Version: 1.0 Draft 1 Document Author: Document Owner: V 1.0 Draft 1 Page 1 of 11 Revision History Version Date RFC
More informationHow To Implement An Information Security Management System
ISO/IEC 27001 Informa2on Security Management System Presented by Daminda Perera 26/07/2008 ISO/IEC 27001:2005 Informa@on technology Security techniques Informa@on security management systems Requirements
More informationRecent Advances in Automatic Control, Information and Communications
Proposal of the improvement of actual ITIL version based on comparative IT Service Management methodologies and standards The implementation of IT Service Management frameworks and standards Anel Tanovic*,
More informationAN OVERVIEW OF INFORMATION SECURITY STANDARDS
AN OVERVIEW OF INFORMATION SECURITY STANDARDS February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced
More informationWhite Paper. Continuous Process Improvement (CPI) Integrating Systems. Paper 2 of 2. Six Sigma Black Belt
White Paper Continuous Process Improvement (CPI) Integrating Systems Paper 2 of 2 Authored by: Sam Conjardi Six Sigma Black Belt Contents Introduction... 3 Complementary Systems... 3 Integrating Systems...
More informationISO/IEC 27002:2013 WHITEPAPER. When Recognition Matters
When Recognition Matters WHITEPAPER ISO/IEC 27002:2013 INFORMATION TECHNOLOGY - SECURITY TECHNIQUES CODE OF PRACTICE FOR INFORMATION SECURITY CONTROLS www.pecb.com CONTENT 3 4 5 6 6 7 7 7 7 8 8 8 9 9 9
More informationMoving from ISO 9001:2008 to ISO 9001:2015
ISO 9001 Transition guide ISO Revisions Moving from ISO 9001:2008 to ISO 9001:2015 The new international standard for quality management systems ISO 9001 - Quality Management System - Transition Guide
More informationITIL vs. ISO/IEC 20000: Similarities and Differences & Process Mapping
ITIL vs. ISO/IEC 20000: Similarities and Differences & Process Mapping White paper March 14, 2014 Scope of this document This document is intended for IT Professionals who are deciding on how to implement
More informationInformation Technology Governance. Steve Crutchley CEO - Consult2Comply www.consult2comply.com
Information Technology Governance Steve Crutchley CEO - Consult2Comply www.consult2comply.com What is IT Governance? Information Technology Governance, IT Governance is a subset discipline of Corporate
More informationDe Nieuwe Code voor Informatiebeveiliging
De Nieuwe Code voor Informatiebeveiliging Piet Donga, ING Voorzitter NEN NC 27 - IT Security 1 Agenda Standardisation of Information security The new Code of Practice for Information Security The Code
More informationBADM 590 IT Governance, Information Trust, and Risk Management
BADM 590 IT Governance, Information Trust, and Risk Management Information Technology Infrastructure Library (ITIL) Spring 2007 By Po-Kun (Dennis), Tseng Abstract: This report is focusing on ITIL framework,
More informationUnderstanding Principles and Concepts of Quality, Safety and Environmental Management System Graham Caddies
Understanding Principles and Concepts of Quality, Safety and Environmental Management System Graham Caddies Owner / Principal Advance Profitplan Understanding Principles & Concepts Page 1 of 10 Revision
More informationIRCA Briefing note ISO/IEC 20000-1: 2011
IRCA Briefing note ISO/IEC 20000-1: 2011 How to apply for and maintain Training Organization Approval and Training Course Certification IRCA 3000 Contents Introduction 3 Summary of the changes within ISO/IEC
More informationApplying Integrated Risk Management Scenarios for Improving Enterprise Governance
Applying Integrated Risk Management Scenarios for Improving Enterprise Governance János Ivanyos Trusted Business Partners Ltd, Budapest, Hungary, ivanyos@trusted.hu Abstract: The term of scenario is used
More informationEXIN Foundation in IT Service Management based on ISO/IEC 20000
Preparation Guide EXIN Foundation in IT Service Management based on ISO/IEC 20000 Edition June 2015 Copyright 2015 EXIN All rights reserved. No part of this publication may be published, reproduced, copied
More informationCriticism of Implementation of ITSM & ISO20000 in IT Banking Industry. Presented by: Agus Sutiawan, MIT, CISA, CISM, ITIL, BSMR3
Criticism of Implementation of ITSM & ISO20000 in IT Banking Industry Presented by: Agus Sutiawan, MIT, CISA, CISM, ITIL, BSMR3 Outline What is IT Service Management What is ISO 20000 Step by step implementation
More informationSafeguards Frameworks and Controls. Security Functions Parker, D. B. (1984). The Many Faces of Data Vulnerability. IEEE Spectrum, 21(5), 46-49.
Safeguards Frameworks and Controls Theory of Secure Information Systems Features: Safeguards and Controls Richard Baskerville T 1 F 1 O 1 T 2 F 2 O 2 T 3 F 3 O 3 T 4... T n...... F l O m T F O Security
More informationSecurity metrics to improve information security management
Security metrics to improve information security management Igli TASHI, Solange GHERNAOUTIHÉLIE HEC Business School University of Lausanne Switzerland Abstract The concept of security metrics is a very
More informationITIL's IT Service Lifecycle - The Five New Silos of IT
The workable, practical guide to Do IT Yourself Vol. 4.01 January 1, 2008 ITIL's IT Service Lifecycle - The Five New Silos of IT By Rick Lemieux In my last article I spoke about IT s evolution from its
More informationPractical IT Service Management: Rapid ITIL Without Compromise
W H I T E P A P E R Practical IT Service : Rapid ITIL Without Compromise John Custy IT Service Consultant and Managing Consutant JPC Group Executive Summary All businesses face challenges providing the
More informationSoftware Quality. Unit9. Software Quality Standards
Software Quality Unit9. Software Quality Standards 1 Standards A Standard is a document of voluntary application, containing technical specifications based on experience and technological development results.
More informationBenchmark of controls over IT activities. 2011 Report. ABC Ltd
www.pwc.com/cy Benchmark of controls over IT activities 2011 Report ABC Ltd... 2012 Scope and approach We wish to provide you with our IT Benchmarking report over IT activities at ABC Ltd (the Company)
More informationUnderstanding Management Systems Concepts
Understanding Management Systems Concepts Boğaç ÖZGEN Lead Auditor 1 管 理 计 划 初 始 化 做 实 施 检 查 控 制 过 程 行 动 改 善 活 动 系 统 监 视 2 Management (PLAN) Planning and Organizing (DO) Implementing and realization of
More informationFrequency Asked Questions Information Security Management System (ISMS) Standards Version 3.0 May 2005
Frequency Asked Questions Information Security Management System (ISMS) Standards Version 3.0 May 2005 The following are a set of frequently asked questions that relate to new developments regarding ISO/IEC
More informationISO/IEC 20000 Part 1 the next edition. Lynda Cooper project editor for ISO20000 part 1
ISO/IEC 20000 Part 1 the next edition Lynda Cooper project editor for ISO20000 part 1 Agenda The ISO20000 series Why has it changed Changes ITIL3 impact New requirements Changed requirements How to prepare
More informationISO 27000 Information Security Management Systems Foundation
ISO 27000 Information Security Management Systems Foundation Professional Certifications Sample Questions Sample Questions 1. is one of the industry standards/best practices in Service Management and Quality
More informationWhat s New In ITIL V3?
What s New In ITIL V3? George Spalding VP, Global Events Pink Elephant Pink Elephant Leading The Way In IT Management Best Practices The ITIL Books (V2) T h e B u s i n e s s Planning To Implement Service
More informationSITA Service Management Strategy Implementation. Presented by: SITA Service Management Centre
SITA Service Management Strategy Implementation Presented by: SITA Service Management Centre Contents What is a Service? What is Service Management? SITA Service Management Strategy Methodology Service
More informationManagement of Information Systems. Certification of Secure Systems and Processes
Management of Information Systems Certification of Secure Systems and Processes Information Security Management System (ISMS) ISO 27001 Protecting valuable information Information is an asset whose loss,
More information16) QUALITY MANAGEMENT SYSTEMS
INTRODUCTION 16) QUALITY MANAGEMENT SYSTEMS The aim of this paper is to give a brief introduction to the idea of a quality management system and specifically in ISO 9001:2000: Quality Management System.
More informationHow To Compare Itil To Togaf
ITSM vs EA KAOS ITSM vs EA SH Needs Business Goals 2 GOVERNANCE EVALUATE PLANNING ITSM IMPROVING OPERATING Business Programs Projects DEVELOPING EA IMPLEMENTING IT service - ITIL 3 Lifecycle approach Service
More informationPreparation Guide. EXIN IT Service Management Associate Bridge based on ISO/IEC 20000
Preparation Guide EXIN IT Service Management Associate Bridge based on ISO/IEC 20000 Edition January 2014 Copyright 2014 EXIN All rights reserved. No part of this publication may be published, reproduced,
More informationTrustworthy Computing Spring 2006
Trustworthy Computing Spring 2006 Project Topic: Risk Management of Information Technology Outsourcing under ITIL ITSM framework By: (Mina) Szu-Chia Cheng 1 pages of 19 Table of Content Abstract...3 Why
More informationEnabling Compliance Requirements using ISMS Framework (ISO27001)
Enabling Compliance Requirements using ISMS Framework (ISO27001) Shankar Subramaniyan Manager (GRC) Wipro Consulting Services Shankar.subramaniyan@wipro.com 10/21/09 1 Key Objectives Overview on ISO27001
More informationStandardising privacy and security for the cloud
Standardising privacy and security for the cloud Chris Mitchell Royal Holloway, University of London www.chrismitchell.net 1 Acknowledgements Like to thank organisers of event for inviting me to contribute.
More informationUniversity of Sunderland Business Assurance Information Security Policy
University of Sunderland Business Assurance Information Security Policy Document Classification: Public Policy Reference Central Register Policy Reference Faculty / Service IG 003 Policy Owner Assistant
More informationPreparation Guide. EXIN IT Service Management Associate based on ISO/IEC 20000
Preparation Guide EXIN IT Service Management Associate based on ISO/IEC 20000 Edition January 2014 Copyright 2014 EXIN All rights reserved. No part of this publication may be published, reproduced, copied
More informationThe Information Security Management System According ISO 27.001 The Value for Services
I T S e r v i c e M a n a g e m e n t W h i t e P a p e r The Information Security Management System According ISO 27.001 The Value for Services Author: Julio José Ballesteros Garcia Introduction Evolution
More informationManaging e-health data: Security management. Marc Nyssen Medical Informatics VUB Master in Health Telematics KIST E-mail: mnyssen@vub.ac.
Managing e-health data: Security management Marc Nyssen Medical Informatics VUB Master in Health Telematics KIST E-mail: mnyssen@vub.ac.be Structure of the presentation Data management: need for a clear
More informationWhite Paper. Comparison of ISO/IEC 20000 with ASL and BiSL
White Paper Comparison of ISO/IEC 20000 with ASL and BiSL Both ISO/IEC 20000 and ASL offer guidance for IT Service Providers, ISO/IEC 20000 giving broad guidance for IT Service Management and ASL focusing
More informationINTERMEDIATE QUALIFICATION
PROFESSIONAL QUALIFICATION SCHEME INTERMEDIATE QUALIFICATION SERVICE CAPABILITY PLANNING, PROTECTION AND OPTIMIZATION CERTIFICATE SYLLABUS The Swirl logo is a trade mark of the Cabinet Office ITIL is a
More informationList of courses offered by Marc Taillefer
ISO/IEC 20000 Foundation (IS20F.EN) List of courses offered by Marc Taillefer Designed to provide knowledge of what an IT service management system is and the minimum requirements that service providers
More informationHong Kong Information Security Group TRAINING AGENDA
TRAINING AGENDA THE ITIL FOUNDATION CERTIFICATE IN IT SEVICE MANAGEMENT The purpose of the ITIL Foundation certificate in IT Service Management is to certify that the candidate has gained knowledge of
More informationIT Service Management ITIL, COBIT
IT Service Management ITIL, COBIT Bülent Ekuklu Business Development Executive IBM Global Services Global Conditions are Changing 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% Agriculture Manufacturing Service
More informationInformation technology Security techniques Information security management systems Overview and vocabulary
INTERNATIONAL STANDARD ISO/IEC 27000 Third edition 2014-01-15 Information technology Security techniques Information security management systems Overview and vocabulary Technologies de l information Techniques
More informationWHITE PAPER. iet ITSM Enables Enhanced Service Management
iet ITSM Enables Enhanced Service Management iet ITSM Enables Enhanced Service Management Need for IT Service Management The focus within the vast majority of large and medium-size companies has shifted
More informationIMPLEMENTATION OF SECURITY CONTROLS ACCORDING TO ISO/IEC 27002 IN A SMALL ORGANISATION
48 IMPLEMENTATION OF SECURITY CONTROLS ACCORDING TO ISO/IEC 27002 IN A SMALL ORGANISATION MATÚŠ HORVÁTH, MARTIN JAKUB 1 INTRODUCTION Managerial work is directly dependent on information, it is therefore
More informationMeasuring the level of quality of IT Service Management
Central Page 176 of 344 Measuring the level of quality of IT Service Management Melita Kozina, Lucija Horvat Faculty of Organization and Informatics University of Zagreb Pavlinska 2, 42000 {melita.kozina,
More informationBusiness Excellence and ROI based process maturity
Business Excellence and ROI based process maturity SPEG North America 2014 KK Raman, KPMG 6th of May 2014 2014 KPMG, an Indian Partnership and a member firm of the KPMG network of independent member firms
More informationCOBIT 5 For Cyber Security Governance and Management. Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE)
COBIT 5 For Cyber Security Governance and Management Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE) Cybersecurity Governance using COBIT5 Cyber Defence Summit Riyadh, KSA
More informationRecent Researches in Electrical Engineering
The importance of introducing Information Security Management Systems for Service Providers Anel Tanovic*, Asmir Butkovic **, Fahrudin Orucevic***, Nikos Mastorakis**** * Faculty of Electrical Engineering
More informationName: Lynda Cooper Date: November 24th. Revising ISO/IEC 20000 to fit the future of service management
Name: Lynda Cooper Date: November 24th Revising ISO/IEC 20000 to fit the future of service management Agenda Brief overview of ISO20000 Changes Why and How What Your views and how you can influence the
More informationHow To Manage Information Technology
Nachweis der erreichten Sicherheit durch Prüfungen nach Standards?! DECUS Rheinlandtreffen St. Augustin, 18.11.2004 Bundesamt für Sicherheit in der Informationstechnik ISO/IEC nicht ISO/IEC 2. Standards
More informationIT and Business Process Performance Management: Case Study of ITIL Implementation in Finance Service Industry
IT and Business Process Performance Management: Case Study of Implementation in Finance Service Industry M S Faculty of Economics and Business Zagreb, University of Zagreb Kennedy s sq 6, 10000 Zagreb,
More informationCourse: Information Security Management in e-governance. Day 1. Session 3: Models and Frameworks for Information Security Management
Course: Information Security Management in e-governance Day 1 Session 3: Models and Frameworks for Information Security Management Agenda Introduction to Enterprise Security framework Overview of security
More informationITSM Governance In the world of cloud computing
ITSM Governance In the world of cloud computing Housekeeping Welcome to the Webinar Use the control panel to ask questions Can you see & hear us? enter your name & city to confirm Type Your Questions Here
More informationService Management Policy
Service Management Policy XIT-POL-006 Policy - PUBLIC- Author Jan Pavel Version 1.4 Status Reviewed by Approved by Responsible Final Tomas Kucera Tomas Kucera Pavel JANÁK Valid from 9.6.2010 Scope Whole
More informationISO/IEC 20000: 2011 IT Service Management. Tying together all your IT processes Product Guide
ISO/IEC 20000: 2011 IT Service Management Tying together all your IT processes Product Guide What is ISO/IEC 20000 IT Service Management? ISO/IEC 20000 is the first internationally recognized standard
More informationRESEARCH PAPERS FACULTY OF MATERIALS SCIENCE AND TECHNOLOGY IN TRNAVA SLOVAK UNIVERSITY OF TECHNOLOGY IN BRATISLAVA
RESEARCH PAPERS FACULTY OF MATERIALS SCIENCE AND TECHNOLOGY IN TRNAVA SLOVAK UNIVERSITY OF TECHNOLOGY IN BRATISLAVA 2012 Special Number QUALITY IN SERVICE MANAGEMENT SYSTEM ACCORDING TO ISO 20000 Ružena
More informationPreparation Guide. IT Service Management Foundation Bridge based on ISO/IEC 20000
Preparation Guide IT Service Management Foundation Bridge based on ISO/IEC 20000 Edition April 2011 Copyright 2011 EXIN All rights reserved. No part of this publication may be published, reproduced, copied
More informationLogging the Pillar of Compliance
WHITEPAPER Logging the Pillar of Compliance Copyright 2000-2011 BalaBit IT Security All rights reserved. www.balabit.com 1 Table of Content Introduction 3 Open-eyed management 4 ISO 27001 5 PCI DSS 5 Sarbanes
More informationSC7-ISO20000 Alignment issues Aligning ITIL to existing ISO JTC1- SC7 Software Engineering Standards
SC7-ISO20000 Alignment issues Aligning ITIL to existing ISO JTC1- SC7 Software Engineering Standards Dr. A.April ETS University Table of Contents Objectives Audience Current clash An ITIL overview ISO
More informationSelection and use of the ISO 9000 family of standards
Selection and use of the ISO 9000 family of standards ISO and international standardization ISO/TC 176, Quality management and quality assurance ISO is the International Organization for Standardization.
More informationGOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001
1 GOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001 Tolga MATARACIOGLU 1 and Sevgi OZKAN 2 1 TUBITAK National Research Institute of Electronics and Cryptology (UEKAE), Department of
More informationISO 9001 : 2000 Quality Management Systems Requirements
A guide to the contents of ISO 9001 : 2000 Quality Management Systems Requirements BSIA Form No. 137 February 2001 This document is the copyright of the BSIA and is not to be reproduced without the written
More informationSecurity Standards. 17.1 BS7799 and ISO17799
17 Security Standards Over the past 10 years security standards have come a long way from the original Rainbow Book series that was created by the US Department of Defense and used to define an information
More informationAn Overview of ISO/IEC 27000 family of Information Security Management System Standards
What is ISO/IEC 27001? The ISO/IEC 27001 standard, published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), is known as Information
More informationITIL. Lifecycle. www.alctraining.com.my. ITIL Intermediate: Continual Service Improvement. Service Strategy. Service Design. Service Transition
Take your ITIL skills to the next level ITIL Lifecycle ITIL Intermediate: Part of the complete ITIL Education Program Advance your career Add value to your organisation Gain credits towards ITIL Expert
More informationIntroduction to ITIL for Project Managers
CSC NORTH AMERICAN PUBLIC SECTOR Introduction to ITIL for Project Managers May Chantilly Luncheon Linda Budiman, PMP ITILv2 & ITILv3 Process Architect ITIL Service Manager, CobiT certified 5/13/2008 8:08:45
More informationGeoff Harmer PhD, CEng, FBCS, CITP, CGEIT Maat Consulting Reading, UK www.maatconsulting.com
COBIT 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT Maat Consulting Reading, UK www.maatconsulting.com 1 Copyright Notice COBIT is 1996, 1998, 2000, 2005 2012 ISACA and IT Governance Institute.
More informationD5.1: Process Implementation and Maturity Baseline Assessment Framework
D5.1: Process Implementation and Maturity Baseline Assessment Framework Internal Deliverable Document ID Status Version Author(s) Due FedSM- D5.1 Final 1.1 Javier Rubio- Loyola M7 (30 March 2013) Abstract
More informationMethods Commission CLUB DE LA SECURITE DE L INFORMATION FRANÇAIS. 30, rue Pierre Semard, 75009 PARIS
MEHARI 2007 Overview Methods Commission Mehari is a trademark registered by the Clusif CLUB DE LA SECURITE DE L INFORMATION FRANÇAIS 30, rue Pierre Semard, 75009 PARIS Tél.: +33 153 25 08 80 - Fax: +33
More informationPreparation Guide. Side entry to the EXIN Expert in IT Service Management based on ISO/IEC 20000
Preparation Guide Side entry to the EXIN Expert in IT Service Management based on ISO/IEC 20000 Edition June 2015 Copyright 2015 EXIN All rights reserved. No part of this publication may be published,
More informationEVALUATION FRAMEWORK FOR SERVICE CATALOG MATURITY IN INFORMATION TECHNOLOGY ORGANIZATIONS
EVALUATION FRAMEWORK FOR SERVICE CATALOG MATURITY IN INFORMATION TECHNOLOGY ORGANIZATIONS Carlos Moreno Martínez Information Systems Department, Universidad Europea de Madrid Spain Email: 20839394@live.uem.es
More informationInformation Technology Auditing for Non-IT Specialist
Information Technology Auditing for Non-IT Specialist IIA Pittsburgh Chapter October 4, 2010 Agenda Introductions What are General Computer Controls? Auditing IT processes controls Understanding and evaluating
More informationBenefits to the Quality Management System in implementing an IT Service Management Standard ISO/IEC 20000-1
Benefits to the Quality System in implementing an IT Standard ISO/IEC 20000-1 Presentation to: ASQ North Jersey September 15, 2010 Subrata Guha Director IT s UL DQS Inc. A New Global Alliance for Systems
More informationSarbanes Oxley Act Statement of Ability. An AdRem Software White Paper
Sarbanes Oxley Act Statement of Ability An AdRem Software White Paper 2009 AdRem Software, Inc. This document is written by AdRem Software and represents the views and opinions of AdRem Software regarding
More informationISO/IEC 27001:2013 webinar
ISO/IEC 27001:2013 webinar 11 June 2014 Dr. Mike Nash Gamma Secure Systems Limited UK Head of Delegation, ISO/IEC JTC 1/SC 27 Introducing ISO/IEC 27001:2013 and ISO/IEC 27002:2013 New versions of the Information
More information-Blue Print- The Quality Approach towards IT Service Management
-Blue Print- The Quality Approach towards IT Service Management The Qualification and Certification Program in IT Service Management according to ISO/IEC 20000 TÜV SÜD Akademie GmbH Certification Body
More informationStepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM
Stepping Through the Info Security Program Jennifer Bayuk, CISA, CISM Infosec Program How to: compose an InfoSec Program cement a relationship between InfoSec program and IT Governance design roles and
More informationInformation and Communication Technology. Helpdesk Support Procedure
BELA-BELA LOCAL MUNICIPALITY Chris Hani Drive, Bela- Bela, Limpopo. Private Bag x 1609 BELA-BELA 0480 Tel: 014 736 8000 Fax: 014 736 3288 Website: www.belabela.gov.za OFFICE OF THE MUNICIPAL MANAGER Information
More informationISO 27001 Gap Analysis - Case Study
ISO 27001 Gap Analysis - Case Study Ibrahim Al-Mayahi, Sa ad P. Mansoor School of Computer Science, Bangor University, Bangor, Gwynedd, UK Abstract This work describes the initial steps taken toward the
More informationRevision of ISO 9001 Quality Management Systems Requirements
Revision of ISO 9001 Quality Management Systems Requirements Frequently Asked Questions When will the new ISO 9001 be published? The international standard ISO 9001:2008 Quality management systems Requirements
More informationIT Governance: The benefits of an Information Security Management System
IT Governance: The benefits of an Information Security Management System Katerina Cai, CISSP Hewlett-Packard 2004 Hewlett-Packard Development Company, L.P. The information contained herein is subject to
More informationISO 9000 Introduction and Support Package: Guidance on the Documentation Requirements of ISO 9001:2008
Document: ISO/TC 176/SC 2/N 525R2 ISO 9000 Introduction and Support Package: 1 Introduction Two of the most important objectives in the revision of the ISO 9000 series of standards have been a) to develop
More informationITIL: What it is What it Can Do For You V2.1
ITIL: What it is What it Can Do For You V2.1 Service Solution Company Facilitated by: Patrick Musto Agenda Answer the questions what? and how? Historical Background Fundamental Principles 5 Lifecycle Phases
More informationThe new 27000 Family of Standards & ISO/IEC 27001
ISO/IEC 27000 Family of Standards by Dr. Angelika Plate 07-09 June 2011, Beirut, Lebanon June 2011 The new 27000 Family of Standards & ISO/IEC 27001 June 2011 ISO/IEC 27000 Family of Standards 2 The new
More informationThe Future of Best Practices in IT Service Management - ITIL Version 3 Explained
The Future of Best Practices in IT Service Management - ITIL Version 3 Explained Reg Harbeck CA Monday, August 13, 2007 Session 1455 ITIL V3: The Processes Governance Processes: Service Measurement Service
More informationInformation Security Management System Policy
Information Security Management System Policy Public Version 3.3 Issued Document Name Owner P079A ISMS Security Policy Information Security Security Policies, Standards and Procedures emanate from the
More informationAn Implementation Roadmap
An Implementation Roadmap The 2nd Abu Dhabi IT s Forum P J Corum, CSQA, CSTE, ITSM Managing Director Quality Assurance Institute Middle East and Africa Dubai, UAE Quality Assurance Institute Middle East
More informationCHArTECH BOOkS MANAgEMENT SErIES INTrODuCINg ITSM AND ITIL A guide TO IT SErvICE MANAgEMENT www.icaew.com/itfac
Chartech Books Management Series Introducing ITSM and ITIL A Guide to IT Service Management www.icaew.com/itfac Introducing ITSM and ITIL A Guide to IT Service Management by Colin Rudd This report is published
More informationHence to overcome these challenges, it has become imperative to learn these topics and create awareness amongst the employees.
IT Service Management Trainings for Bank Konark Solutions and Services (KS&S) is an organization with Industry expert trainers and consultants. KS&S provides a wide range of Industry specific trainings
More informationInformation Security Measurement Roles and Responsibilities
Information Security Measurement Roles and Responsibilities Margareth Stoll and Ruth Breu Abstract An adequate information security management system (ISMS) to minimize business risks and maximize return
More informationA Review ISO 9001:2015 Draft
A Review ISO 9001:2015 Draft ISO 9001 Why is it changing? Disclaimers Verbal statements made by the presenter may represent personal opinions and/or interpretations. The presentation includes information
More informationISO/IEC 20000 IT Service Management - Benefits and Requirements for Service Providers and Customers
ISO/IEC 20000 IT Service Management - Benefits and Requirements for Service Providers and Customers Authors Ralf Buchsein, Manager, KESS DV-Beratung GmbH Klaus Dettmer, Product Manager, iet Solutions GmbH
More informationPolicy Title: Information and Communication Technologies (ICT) Service Management Policy. Policy Number: P60122
Policy Title: Information and Communication Technologies (ICT) Service Management Policy Policy Number: P60122 Section Reference Policy Contents Page(s) 1. Policy Administration 2 2. Policy Objective,
More informationFor the latest information on VHP publications, visit our website: www.vanharen.net.
Other publications by Van Haren Publishing on IT Management Van Haren Publishing specialises in titles on Best Practices, methods and standards within IT and business management. These publications are
More informationInformation Security Management System Information Security Policy
Management System Policy Version: 3.4 Issued Document Name: Owner: P079A - ISMS Security Policy Classification: Public Security Policies, Standards and Procedures emanate from the Policy which has been
More informationInformation Security Management Systems
Information Security Management Systems Øivind Høiem CISA, CRISC, ISO27001 Lead Implementer Senior Advisor Information Security UNINETT, the Norwegian NREN About Øivind Senior Adviser at the HE sector
More information2005 Kasse Initiatives, LLC version 1.2. ITIL Overview - 1
ITIL IT Infrastructure Library Overview ITIL Overview - 1 Vocabulary Incident - any event which is not part of the standard operation of a service and which causes or may cause an interruption to or reduction
More information