CobiT,, ITIL and ISO17799 How to use them in conjunction
|
|
- Amos Davis
- 7 years ago
- Views:
Transcription
1 CobiT,, ITIL and ISO17799 How to use them in conjunction Angeli Hoekstra & Nicolette Conradie
2 Content Overview IS O Nicolette Overview CobiT Overview ITIL How to us e them in conjunction Conclusion 2
3 Overview IS O Nicolette
4 IS O Overview BS 7799 Provides guidelines and recommendations for s ecurity management. Part 1 - S tandard; and P art 2 - Certification BS7799 ISO SABS IS O Part 1 accepted as International Standard; Part 2 to be accepted end of 2002.
5 IS O Modules Organisational Risks Security Policy Comm / Ops Management Security Organisation Asset Classification and Control Access Control System Development and Maintenance Personnel Security Business Continuity Planning Physical and Environmental Security Compliance 5
6 IS O Controls Security Policy Asset Classification and Control Documented & communicate IS policy R egularly reviewed Allocation of roles & res pons ibilities 3rd-party acces s ris ks /controls Outs ourcing Security Organisation Inventory of As s ets Clas s ification bas ed on s ens itivity/bus ines s impact 6
7 IS O Controls Personnel Security Comm / Ops Management R ecruitment s creening Awareness & training R eporting of incidents Phys ical s ecurity perimeters Equipment siting Clear desk & clear screen Incident procedures Segregation of duties System planning & acceptance Malicious s oftware protection controls Physical and Environmental Security 7
8 IS O Controls Access Control Managing Acces s - Application Level - Operating Level - Network Level 8 Business Continuity Planning Change control procedures Segregation of environments S ecurity requirements System Development and Maintenance Business continuity plans BCP framework and team roles & responsibilities Testing continuity plans Maintaining and updating continuity plans
9 IS O Controls Compliance Copyright controls R etention of records and information Compliance with legis lation - Data protection Compliance with company policy 9
10 Overview CobiT
11 CobiT P roduct F amily EXECUTIVE SUMMARY Implementation Tool Set 11 Management Guidelines Framework with High-Level Control Objectives Detailed Control Objectives Key Performance and Goal Indicators Critical Success Factors Audit Guidelines Maturity Model
12 CobiT Principles IT R E S O U R C E S Planning & Organisation Acquisition & Implementation Delivery & Support Data Applications Technology Facilities People Monitoring Process Domains I N F O R M A T I O N What you get Effectiveness Efficiency Confidentiality Integrity Availibility Compliance Reliability What you need B U S 12 I N E S S
13 CobiT Domains Acquisition & Implementation Processes Per process: Control objectives KPI s: measure of performance CSF s: what do you need to do KGI s: measure of outcome Maturity model 13 AI 1: Identify automated solutions AI 2: Acquire and maintain application software AI 3: Acquire and maintain technology infrastructure AI 4: Develop and maintain procedures AI 5: Install and accredit systems AI 6: Manage Changes AI 6: Manage Changes: Control objectives 6.1: Change request initiation and control 6.2: Impact assessment 6.3: Control of changes 6.4: Emergency changes 6.5: Documentation and procedures 6.6: Authorised maintenance 6.7: Software release policy 6.8: Distribution of software
14 CobiT Key Goal Indicators: Manage Change Reduced number# of errors introduced into systems due to changes Reduced number# of disruptions (loss of availability) caused by poorly managed change Reduced impact of disruptions caused by change Reduced level of resources and time required as a ratio to number# of changes Number# of emergency fixes/time. Key Performance Indicators: Manage Change Number# of different versions installed at the same time Number# of software release/and distribution methods per platform Number# of deviations from the standard configuration Number# of emergency fixes for which the normal change management process was not applied retro-actively Time lag between availability of fix and implementation of it.. ratio of accepted vs refused change implementation requests. 14 Critical Success Factors: Manage Change Expedient and comprehensive acceptance test procedures are applied prior to making the change. There is a reliable hardware and software inventory. There is segregation of duties between production and development.
15 Overview ITIL
16 The ITIL jigsaw what service the business requires of the provider in order to provide adequate support to the business users ensuring that the customer has access to the appropriate services to support the business functions 16 understanding and improving IT service provision, as an integral part of an overall business requirement for high quality IS management Business Continuity Management partnerships and outsourcing surviving change transformation of business practice through radical change. Network Service Management Operations Management Management of Local Processors Computer Installation and Acceptance Systems Management
17 ITIL service support & service delivery processes Service support: S ervice delivery Service desk Incident management Problem management Config uration management Change management Release management capacity management availability management financial management of IT s ervices s ervice level management IT s ervice continuity manag ement 17
18 How can they be used in conjunction?
19 What do we want to achieve with IT? Support business Aligned service quality service cost Better time Cheaper time time Stakeholder Value IT risks delivery time Controlled Secure time Faster time 19
20 How we can achieve these IT goals The assignment of responsibility for performing specified activities to specific groups or individuals The people that support effective and efficient IT service management The assignment of controls to IT processes to ensure that they deliver efficiently and effectively in line with clients requirements People Controls Structure & Roles Technology The technology that is supporting the IT delivery Metrics Processes The assignment of measurements to people, processes, technology and controls to ensure they comply to what they are intended for The interrelated series of activities that combine to produce products or services for internal & external clients 20 13
21 How we can achieve these IT goals ITIL BS limited? CobiT ISO People Controls Structure & Roles Technology ITIL- limited Metrics Processes CobiT v3 ITIL CobiT - limited ISO limited 21 13
22 How we can achieve these IT goals: Where are the methods strong in? ITIL strong in IT processes, but limited in security and system development CobiT s trong in IT controls and IT metrics, but does not s ay how (i.e. process flows) and not that strong in security ISO s trong in s ecurity controls, but does not s ay how (i.e. proces s flows ) Conclusion: No contradictions or real overlaps None identify people requirements Not strong on organisational side (structure & roles) Not s trong on technology s ide 22
23 How can we achieve these IT goals: continuous IT improvement Where do we want to be? Vision & objectives BS15000 ISO CobiT compliant etc. Where are we now? How do we get there? How do we know we have arrived? Assessments IT design Metrics How well does IT support business?: Alignment assessment How controlled is IT?: CobiT compliance check How secure is IT?: ISO Health Check How cost effective is IT?: benchmarking What does the user think of IT?: surveys ITIL ISO CobiT CobiT v3 mngt guidelines 23
24 Control Risk Control Evaluation Effectiveness Efficiciency Confidentiality Integrity Availibility Compliance Reliability Materiality lanning and organisation O 1 Define a strategic IT plan 2 C H O 2 Define the information architecture 1 E C C O O 3 Determine the technological direction 2 C H O 4 Define organisation and relationships 2 C H O 5 Manage the investment 2 C C O O 6 Communicate management aims and direction 1 E O O 7 Manage human resources 1 E E O 8 Ensure compliance with external requirements 1 E c O O 9 Assess risk 1 C C E c c O O O 10 Manage projects 1 E E O 11 Manage quality 1 E E c O cquisition and implementation I 1 Identify automated solutions 1 E C I 2 Acquire and maintain application software 1 E E O O O I 3 Acquire and maintain technology architecture 1 E E O I 4 Develop and maintain procedures 1 E E O O O I 5 Install and accredit systems 1 E O O I 6 Managing changes 2 C C c c O elivery and support S 1 Define service levels 1 E E C O O O O S 2 Manage third-party services 1 E E C O O O O S 3 Manage performance and capacity 1 E E O S 4 Ensure continuous service 2 C H c S 5 Ensure systems security 2 C c O O O S 6 Identify and allocate costs 1 E c S 7 Educate and train users 1 E C S 8 Assist and advice customers 1 E S 9 Manage the configuration 1 E O O S 10 Manage problems and incidents 1 E E O S 11 Manage data 2 c S 12 Manage facilities 2 c c S 13 Manage operations 1 E E O O onitoring 1 Monitor the process 1 E C C O O O O 2 Assess internal control adequacy 1 E E C O O O O 3 Obtain independent assurance 1 E E C O O O O 4 Provide for Independent Audit 1 E E C O O O O CobiT compliance check 24 Legend: E Exposure H Housekeeping C Concern O OK c concern +
25 How can we achieve these IT goals: continuous IT improvement ISO Health Check Graph depicting the level of non-compliance of company XYZ 70% 62.50% 25 60% % Non-compliance 50% 40% 30% 20% 10% 0% 29.03% 18.75% 15.84% 11.39% 9.43% 8.33% 4.88% 4.82% ISO Modules 0.00%
26 Conclusion Us e CobiT and IS O health check to determine current s tatus Identify weaknesses in processes and controls Us e ITIL to improve IT proces s es & controls, us e IS O to improve security processes & controls (although not strong on process side) Us e ITIL to determine technology, although not complete Us e CobiT to define metrics Query ITIL on possible structures? CobiT ISO ITIL ISO limited Structure & Roles People Metrics Controls Technology ITIL-limited Processes CobiT v3 ITIL CobiT - limited ISO limited 26
27 Nicolette Conradie: Angeli Hoekstra Your worlds Our people 2002 PricewaterhouseCoopers LLP. PricewaterhouseCoopers refers to the U.S. firm of PricewaterhouseCoopers LLP and other members of the worldwide PricewaterhouseCoopers organization.
Formulating and Implementing an HP IT program strategy using CobiT and HP ITSM
Formulating and Implementing an HP IT program strategy using CobiT and HP ITSM Mathias Sallé HP Research Laboratories mathias.salle@hp.com Steve Rosenthal Management Software Organization steve.rosenthal@hp.com
More informationBCS Specialist Certificate in Change Management Syllabus
BCS Specialist Certificate in Change Management Syllabus Version 1.9 March 2015 BCS Specialist Certificate in Change Management Syllabus Contents Change History... 2 Rationale... 3 Aims and Objectives...
More informationINFORMATION SYSTEMS. Revised: August 2013
Revised: August 2013 INFORMATION SYSTEMS In November 2011, The University of North Carolina Information Technology Security Council [ITSC] recommended the adoption of ISO/IEC 27002 Information technology
More informationow to use CobiT to assess the security & reliability of Digital Preservation
ow to use CobiT to assess the security & reliability of Digital Preservation Erpa WORKSHOP Antwerp 14-16 April 2004 Greet Volders Managing Consultant - VOQUALS N.V. Vice President & in charge of Education
More informationRevised October 2013
Revised October 2013 Version 3.0 (Live) Page 0 Owner: Chief Examiner CONTENTS: 1. Introduction..2 2. Foundation Certificate 2 2.1 The Purpose of the COBIT 5 Foundation Certificate.2 2.2 The Target Audience
More informationSan Francisco Chapter. Presented by Mike O. Villegas, CISA, CISSP
Presented by Mike O. Villegas, CISA, CISSP Agenda Information Security (IS) Vision at Newegg.com Typical Issues at Most Organizations Information Security Governance Four Inter-related CoBIT Domains ISO
More informationITIL Foundation. 182, Broadway, Newmarket, Auckland English, Entry Level IT Professionals. Language(s): Corporate Short Course
ITIL Foundation Length: Location: Language(s): Audience(s): Level: Vendor: Type: Delivery Method: 5 Days 182, Broadway, Newmarket, Auckland English, Entry Level IT Professionals Beginner ITIL Corporate
More informationITIL: What is it? How does ITIL link to COBIT and ISO 17799?
ITIL: What is it? How does ITIL link to COBIT and ISO 17799? 1 What is ITIL? The IT Infrastructure Library A set of books comprising an IT service management Best Practices framework An industry of products,
More information2005 Kasse Initiatives, LLC version 1.2. ITIL Overview - 1
ITIL IT Infrastructure Library Overview ITIL Overview - 1 Vocabulary Incident - any event which is not part of the standard operation of a service and which causes or may cause an interruption to or reduction
More informationCertified Information Systems Auditor (CISA)
Certified Information Systems Auditor (CISA) Course Introduction Course Introduction Module 01 - The Process of Auditing Information Systems Lesson 1: Management of the Audit Function Organization of the
More informationISO 27002:2013 Version Change Summary
Information Shield www.informationshield.com 888.641.0500 sales@informationshield.com Information Security Policies Made Easy ISO 27002:2013 Version Change Summary This table highlights the control category
More informationApril 20, 2006. Integrating COBIT into the IT Audit Process (Planning, Scope Development, Practices)
Integrating COBIT into the IT Audit Process (Planning, Scope Development, Practices) April 20, 2006 San Francisco ISACA Chapter Luncheon Seminar Presented By Lance M. Turcato, CISA, CISM, CPA Deputy City
More informationTerms of Reference for an IT Audit of
National Maritime Safety Authority (NMSA) TASK DESCRIPTION PROJECT/TASK TITLE: EXECUTING AGENT: IMPLEMENTING AGENT: PROJECT SPONSOR: PROJECT LOCATION: To engage a professional and qualified IT Auditor
More informationIT SERVICE MANAGEMENT. An Overview
ITSM White Paper IT SERVICE MANAGEMENT An Overview ISSUE 2 Uncontrolled Document Michael Davies Principal Consultant ProActive Services Pty Ltd Head Office: NSW: New Zealand Level 4, 60 Albert Road South
More informationDallas IIA Chapter / ISACA N. Texas Chapter. January 7, 2010
Dallas IIA Chapter / ISACA N. Texas Chapter Auditing Tuesday, October Project 20, 2009 Management Controls January 7, 2010 Table of Contents Contents Page # Project Management Office Overview 3 Aligning
More informationXYZ Medica Inc. Incident Management
XYZ Medica Inc. Incident Management December 2006 Suggested additions to this basic report template Classify Incidents as per the recommendations of ITIL then report against the separate classifications.
More informationIT Process Architectures for Enterprises Development: A Survey from a Maturity Model Perspective
IT Process Architectures for Enterprises Development: A Survey from a Maturity Model Perspective Roberto Santana Tapia 1 Department of Computer Science University of Twente E-mail: r.santanatapia@utwente.nl
More informationInformation Security: Business Assurance Guidelines
Information Security: Business Assurance Guidelines The DTI drives our ambition of prosperity for all by working to create the best environment for business success in the UK. We help people and companies
More informationStrategic IT audit. Develop an IT Strategic IT Assurance Plan
Strategic IT audit Develop an IT Strategic IT Assurance Plan Speaker Biography Hans Henrik Berthing is Partner at Verifica and Senior Advisor & Associated Professor at Aalborg University. He is specialized
More informationEffectively Assessing IT General Controls
Effectively Assessing IT General Controls Tommie Singleton UAB AGENDA Introduction Five Categories of ITGC Control Environment/ELC Change Management Logical Access Controls Backup/Recovery Third-Party
More informationUsing COBiT For Sarbanes Oxley. Japan November 18 th 2006 Gary A Bannister
Using COBiT For Sarbanes Oxley Japan November 18 th 2006 Gary A Bannister Who Am I? Who am I & What I Do? I am an accountant with 28 years experience working in various International Control & IT roles.
More informationIT Governance Dr. Michael Shaw Term Project
IT Governance Dr. Michael Shaw Term Project IT Auditing Framework and Issues Dealing with Regulatory and Compliance Issues Submitted by: Gajin Tsai gtsai2@uiuc.edu May 3 rd, 2007 1 Table of Contents: Abstract...3
More informationSoftware Asset Management (SAM) and ITIL Service Management - together driving efficiency
Software Asset Management (SAM) and ITIL Service Management - together driving efficiency Ian Preskett MIET C.Eng. MBCS CITP Software Asset Management Consultant ian.preskett@ipassociatesltd.co.uk Agenda
More informationRisk profile table for deployment of releases to the main web site. High Acceptable Unacceptable Unacceptable
ITIL V3 Intermediate Capability Stream: RELEASE, CONTROL AND VALIDATION (RC&V) CERTIFICATE SCENARIO BOOKLET Scenario One A global company develops their own applications to support the business. The Service
More informationStepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM
Stepping Through the Info Security Program Jennifer Bayuk, CISA, CISM Infosec Program How to: compose an InfoSec Program cement a relationship between InfoSec program and IT Governance design roles and
More informationPII Compliance Guidelines
Personally Identifiable Information (PII): Individually identifiable information from or about an individual customer including, but not limited to: (a) a first and last name or first initial and last
More informationBlackhawk Technical College. Information Technology Services. Process Improvement Visioning Document
Blackhawk Technical College Information Technology Services Process Improvement Visioning Document December 12, 2008 Steven Davidson Chief Information Officer Blackhawk Technical College sdavidson@blackhawk.edu
More informationITIL Introduction and Overview & ITIL Process Map
ITIL Introduction and Overview & ITIL Process Map Barbara Re 1 Where we are? IT organization has a long trouble to improve service level to their customers without adding cost, reducing quality or introducing
More informationICTEC. IT Services Issues 3.4.2008. HELSINKI UNIVERSITY OF TECHNOLOGY 2007 Kari Hiekkanen
ICTEC IT Services Issues 3.4.2008 IT Services? IT Services include (for example) Consulting, IT Strategy, IT Architecture, Process, Software Software development, deployment, maintenance, operation, Custom
More informationEXIN Foundation in IT Service Management based on ISO/IEC 20000
Preparation Guide EXIN Foundation in IT Service Management based on ISO/IEC 20000 Edition June 2015 Copyright 2015 EXIN All rights reserved. No part of this publication may be published, reproduced, copied
More informationMeasuring IT Governance Maturity Evidences from using regulation framework in the Republic Croatia
Measuring IT Governance Maturity Evidences from using regulation framework in the Republic Croatia MARIO SPREMIĆ, Ph.D., CGEIT, Full Professor Faculty of Economics and Business Zagreb, University of Zagreb
More informationIT Management Software Lifecycle Portfolio Überblick und Einordnung
HP OpenView, Mercury und Peregrine Anwendertreffen Stuttgart, 12. Juni 2007 IT Software Lifecycle Portfolio Überblick und Einordnung Thomas Nebe, Infonomics-Consulting thomas.nebe@infonomics-consulting.com
More information(Instructor-led; 3 Days)
Information Security Manager: Architecture, Planning, and Governance (Instructor-led; 3 Days) Module I. Information Security Governance A. Introduction to Information Security Governance B. Overview of
More informationhi Information Technologies Change Management Standard
hi Information Technologies Change Management Standard Classification Service Delivery Standard # SVD-002 Approval Authority Chief Information Officer Implementation Authority Director, Service Delivery
More informationCyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown
Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available
More informationHP Service Manager. Software Version: 9.40 For the supported Windows and Linux operating systems. Processes and Best Practices Guide (Codeless Mode)
HP Service Manager Software Version: 9.40 For the supported Windows and Linux operating systems Processes and Best Practices Guide (Codeless Mode) Document Release Date: December, 2014 Software Release
More informationInternal Audit Report ITS CHANGE MANAGEMENT PROCESS. Report No. SC-11-11
Internal Audit Report ITS CHANGE MANAGEMENT PROCESS Report No. SC-11-11 March 2011 SANTA CRUZ: INTERNAL AUDIT March 31, 2011 MARY DOYLE Vice Chancellor Information Technology Re: Internal Audit Report
More informationThe CMDB at the Center of the Universe
The CMDB at the Center of the Universe Reg Harbeck CA Wednesday, February 27 Session 5331 Purpose Clarify origin of CMDB concept and what it is Understand difference and equivalence between CMDB and Asset
More informationThe Importance of IT Controls to Sarbanes-Oxley Compliance
Hosted by Deloitte, PricewaterhouseCoopers and ISACA/ITGI The Importance of IT Controls to Sarbanes-Oxley Compliance 15 December 2003 1 Presenters Chris Fox, CA Sr. Manager, Internal Audit Services PricewaterhouseCoopers
More informationBUSINESS PROCESS MANAGEMENT and IT. Helping Align IT with Business
BUSINESS PROCESS MANAGEMENT and IT Helping Align IT with Business Our Business Helping IT organizations streamline Infrastructure Operations Process Development or Re-Engineering Implementation of an ITSM
More informationBCS Specialist Certificate in Business Relationship Management Syllabus. Version 1.9 March 2015
BCS Specialist Certificate in Business Relationship Management Syllabus Version 1.9 March 2015 BCS Specialist Certificate in Business Relationship Management Syllabus Contents Change History... 2 Rationale...
More informationCompliance Applicata. Milano, 7 febbraio 2007. Dr. Jean Paul Ballerini Sr. Technology Solutions Expert
Compliance Applicata Milano, 7 febbraio 2007 Dr. Jean Paul Ballerini Sr. Technology Solutions Expert Legislazione e Normative Terrorism Act 2000 Sarbanes Oxley Act FSA CMA HIPAA Here is another one Obscene
More informationBCS Specialist Certificate in Service Desk & Incident Management Syllabus
BCS Specialist Certificate in Service Desk & Incident Management Syllabus Version 1.8 March 2015 BCS Specialist Certificate in Service Desk & Incident Management Syllabus Contents Change History... 2 Rationale...
More informationDomain 1 The Process of Auditing Information Systems
Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge
More informationCriticism of Implementation of ITSM & ISO20000 in IT Banking Industry. Presented by: Agus Sutiawan, MIT, CISA, CISM, ITIL, BSMR3
Criticism of Implementation of ITSM & ISO20000 in IT Banking Industry Presented by: Agus Sutiawan, MIT, CISA, CISM, ITIL, BSMR3 Outline What is IT Service Management What is ISO 20000 Step by step implementation
More informationPreparation Guide. IT Service Management Foundation Bridge based on ISO/IEC 20000
Preparation Guide IT Service Management Foundation Bridge based on ISO/IEC 20000 Edition April 2011 Copyright 2011 EXIN All rights reserved. No part of this publication may be published, reproduced, copied
More informationIT Governance: framework and case study. 22 September 2010
IT Governance: framework and case study Presenter Yaowaluk Chadbunchachai Advisory Services Ernst & Young Corporate Services Limited Presentation topics ERM and IT governance IT governance framework IT
More informationComply, Improve, Transform: Regulatory Compliance Management for Software Development. Jim Duggan
Comply, Improve, Transform: Regulatory Compliance Management for Software Development Jim Duggan You Can Offset the Costs of Compliance! Complexity Drives Cost UP Sarbanes-Oxley HIPAA EPA Basel II M&A
More informationzoomlens January 2012 Why General Counsel should care about Software Asset Management
zoomlens January 2012 Why General Counsel should care about Software Asset Management An organization s ability to maintain compliance with its contractual obligations and manage costs depends on whether
More informationIntroduction. What is ITIL? Automation Centre. Tracker Suite and ITIL
1 Introduction The Information Technology Infrastructure Library (ITIL) aims to improve the management of IT services within the organization, for lowered costs, improved efficiency and productivity. But
More informationRisks in ERP implementation
Risks in ERP implementation ERP A high-end solution featuring integration of information technology and business application. Seeks to streamline and integrate operational processes and information flows
More informationRecent Researches in Electrical Engineering
The importance of introducing Information Security Management Systems for Service Providers Anel Tanovic*, Asmir Butkovic **, Fahrudin Orucevic***, Nikos Mastorakis**** * Faculty of Electrical Engineering
More informationOrchestrating the New Paradigm Cloud Assurance
Orchestrating the New Paradigm Cloud Assurance Amsterdam 17 January 2012 John Hermans - Partner Current business challenges versus traditional IT Organizations are challenged with: Traditional IT seems
More informationEmploying ITSM in Value Added Service Provisioning
RL Consulting People Process Technology Organization Integration Employing ITSM in Value Added Service Provisioning Prepared by: Rick Leopoldi January 31, 2015 BACKGROUND Service provisioning can oftentimes
More informationWhat Every Project Manager should know about ITIL s Service Lifecycle Framework. Daniel Cayouette PMP - daniel@cayouette.
What Every Project Manager should know about ITIL s Lifecycle Framework Daniel Cayouette PMP - daniel@cayouette.com Sept 19, 2009 1 Presentation Objectives This presentation will provide a high-level view
More informationXYZ Medica Inc. Change Management
XYZ Medica Inc. Change Management December 2006 Suggested additions to this basic report template Classify Changes as per the recommendations of ITIL then report against the separate classifications. This
More informationIntegrated Information Management Systems
Integrated Information Management Systems Ludk Novák ludek.novak@anect.com ANECT a.s. Brno, Czech Republic Abstract The article tries to find consensus in these tree different types of the systems the
More informationHP Service Manager. Software Version: 9.34 For the supported Windows and UNIX operating systems. Processes and Best Practices Guide
HP Service Manager Software Version: 9.34 For the supported Windows and UNIX operating systems Processes and Best Practices Guide Document Release Date: July 2014 Software Release Date: July 2014 Legal
More informationINFORMATION TECHNOLOGY SECURITY STANDARDS
INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL
More informationITIL's IT Service Lifecycle - The Five New Silos of IT
The workable, practical guide to Do IT Yourself Vol. 4.01 January 1, 2008 ITIL's IT Service Lifecycle - The Five New Silos of IT By Rick Lemieux In my last article I spoke about IT s evolution from its
More informationIT Governance. What is it and how to audit it. 21 April 2009
What is it and how to audit it 21 April 2009 Agenda Can you define What are the key objectives of How should be structured Roles and responsibilities Key challenges and barriers Auditing Scope Test procedures
More information1. Which of the following best means Combination of Internal & External Sourcing? 3. Which of the following CANNOT be stored and managed by a tool?
ITIL PRACTICE PAPER 1. Which of the following best means Combination of Internal & External Sourcing? A. Internal Sourcing-. B. External Sourcing C. Co-Sourcing D. Managed Services 2. Major Incidents require?
More informationITIL (IT Infrastructure Library) B y John Parshall
ITIL (IT Infrastructure Library) B y John Parshall Welcome My Background Currently the IT Director at La Crosse County Worked in IT for 20 years M anagement for 10 years Cheese Maker for 10 years Graduate
More informationUniversity of Sunderland Business Assurance Information Security Policy
University of Sunderland Business Assurance Information Security Policy Document Classification: Public Policy Reference Central Register Policy Reference Faculty / Service IG 003 Policy Owner Assistant
More informationISO20000: What it is and how it relates to ITIL v3
ISO20000: What it is and how it relates to ITIL v3 John DiMaria; Certified Six Sigma BB, HISP BSI Product Manager; ICT (ISMS,ITSM,BCM) Objectives and Agenda To raise awareness, to inform and to enthuse
More informationHow To Improve Your Business
IT Risk Management Life Cycle and enabling it with GRC Technology 21 March 2013 Overview IT Risk management lifecycle What does technology enablement mean? Industry perspective Business drivers Trends
More informationCLASSIFICATION SPECIFICATION FORM
www.mpi.mb.ca CLASSIFICATION SPECIFICATION FORM Human Resources CLASSIFICATION TITLE: POSITION TITLE: (If different from above) DEPARTMENT: DIVISION: LOCATION: Executive Director Executive Director, Information
More informationITSM Reporting Services. Enterprise Service Management. Monthly Metric Report
ITSM Reporting Services Monthly Metric Report October 2011 Contents Introduction 3 Background 3 Purpose 3 Scope 3 AI6 Manage Change 4 Number of Changes Logged 4 Number of Emergency Changes Logged 4 Percentage
More informationThe IT Infrastructure Library (ITIL)
IT service management is often equated with the Information Technology Infrastructure Library (ITIL), even though there are a variety of standards and frameworks contributing to the overall ITSM discipline.
More informationG11 EFFECT OF PERVASIVE IS CONTROLS
IS AUDITING GUIDELINE G11 EFFECT OF PERVASIVE IS CONTROLS The specialised nature of information systems (IS) auditing and the skills necessary to perform such audits require standards that apply specifically
More information1 What does the 'Service V model' represent? a) A strategy for the successful completion of all service management projects
1 What does the 'Service V model' represent? a) A strategy for the successful completion of all service management projects b) The path to Service Delivery and Service Support for efficient and effective
More information(NW & IT) Security: A Global Provider s Perspective
ECTA Regulatory Conference 2006 Workshop Data Protection, Retention and Security Issues in the Electronic Communications (NW & IT) Security: A Global Provider s Perspective 15 November 2006, Brussels Marcel
More informationAUDIT OF ACCOUNTING INFORMATION SYSTEM USING COBIT 4.1 FOCUS ON DELIVER AND SUPPORT DOMAIN
AUDIT OF ACCOUNTING INFORMATION SYSTEM USING COBIT 4.1 FOCUS ON DELIVER AND SUPPORT DOMAIN 1 NI PUTU SRI MERTA SURYANI, 2 GUSTI MADE ARYA SASMITA, 3 I KETUT ADI PURNAWAN 1 Under Graduate Student, Department
More informationService Portfolio Management PinkVERIFY
-11-G-001 General Criteria Does the tool use ITIL 2011 Edition process terms and align to ITIL 2011 Edition workflows and process integrations? -11-G-002 Does the tool have security controls in place to
More informationITIL AND COBIT EXPLAINED
ITIL AND COBIT EXPLAINED 1 AGENDA Overview of Frameworks Similarities and Differences Details on COBIT Framework (based on version 4.1) Details on ITIL Framework, focused mainly on version.2. Comparison
More informationCOBIT Helps Organizations Meet Performance and Compliance Requirements
DISCUSS THIS ARTICLE COBIT Helps Organizations Meet Performance and Compliance Requirements By Sreechith Radhakrishnan, COBIT Certified Assessor, ISO/IEC 20000 LA, ISO/IEC 27001 LA, ISO22301 LA, ITIL Expert,
More informationInformation audits in a perimeter-less world
Information audits in a perimeter-less world Jayesh Kamat Practice Head Risk Advisory services Seclore Partner The Business Challenge Information Value Some day, on the corporate balance sheet, there will
More informationISO27001 Controls and Objectives
Introduction This reference document for the University of Birmingham lists the control objectives, specific controls and background information, as given in Annex A to ISO/IEC 27001:2005. As such, the
More informationSound Transit Internal Audit Report - No. 2014-6
Sound Transit Internal Audit Report - No. 2014-6 Maturity Assessment: Information Technology Division Disaster Recovery Planning Report Date: June 5, 2015 Table of Contents Page Executive Summary 2 Background
More informationAUSTRALIAN GOVERNMENT INFORMATION MANAGEMENT OFFICE CYBER SECURITY CAPABILITY FRAMEWORK & MAPPING OF ISM ROLES
AUSTRALIAN GOVERNMENT INFORMATION MANAGEMENT OFFICE CYBER SECURITY CAPABILITY FRAMEWORK & MAPPING OF ISM ROLES Final Report Prepared by Dr Janet Tweedie & Dr Julie West June 2010 Produced for AGIMO by
More informationInformation Security Policies and Procedures Development Framework for Government Agencies. First Edition - 1432 AH
Information Security Policies and Procedures Development Framework for Government Agencies First Edition - 1432 AH 6 Contents Chapter 1 Information Security Policies and Procedures Development Framework
More information(NOTE: ALL BS7799 REFERENCES IN THIS DOCUMENT ARE FROM BS7799-2:1999 and SHOULD BE AMENDED TO REFLECT BS7799-2:2002)
(NOTE: ALL BS7799 REFERENCES IN THIS DOCUMENT ARE FROM BS7799-2:1999 and SHOULD BE AMENDED TO REFLECT BS7799-2:2002) 1. Approval and Authorisation Completion of the following signature blocks signifies
More informationIT Governance: The benefits of an Information Security Management System
IT Governance: The benefits of an Information Security Management System Katerina Cai, CISSP Hewlett-Packard 2004 Hewlett-Packard Development Company, L.P. The information contained herein is subject to
More informationITIL and ISO/IEC 27001 How ITIL can be used to support the delivery of compliant practices for Information Security Management Systems
ITIL and ISO/IEC 27001 How ITIL can be used to support the delivery of compliant practices for Information Security Management Systems Mark Sykes Principal Consultant Fox IT Ltd and Nigel Landman Managing
More informationSC7-ISO20000 Alignment issues Aligning ITIL to existing ISO JTC1- SC7 Software Engineering Standards
SC7-ISO20000 Alignment issues Aligning ITIL to existing ISO JTC1- SC7 Software Engineering Standards Dr. A.April ETS University Table of Contents Objectives Audience Current clash An ITIL overview ISO
More informationIS Management, ITIL, ISO, COBIT...
IS Management, ITIL, ISO, COBIT... Orsys, with 30 years of experience, is providing high quality, independant State of the Art seminars and hands-on courses corresponding to the needs of IT professionals.
More informationDe Nieuwe Code voor Informatiebeveiliging
De Nieuwe Code voor Informatiebeveiliging Piet Donga, ING Voorzitter NEN NC 27 - IT Security 1 Agenda Standardisation of Information security The new Code of Practice for Information Security The Code
More informationIT Audit and Compliance
Problem IT Audit and Compliance IT audit is about the formal verification and validation of the quality and effectiveness of IT controls to support the overall business control objectives. From a security
More informationApplying ITIL v3 Best Practices
white paper Applying ITIL v3 Best Practices to improve IT processes Rocket bluezone.rocketsoftware.com Applying ITIL v. 3 Best Practices to Improve IT Processes A White Paper by Rocket Software Version
More informationWEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY
WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY DATA LABEL: PUBLIC INFORMATION SECURITY POLICY CONTENTS 1. INTRODUCTION... 3 2. MAIN OBJECTIVES... 3 3. LEGISLATION... 4 4. SCOPE... 4 5. STANDARDS... 4
More informationPreparation Guide. EXIN IT Service Management Associate Bridge based on ISO/IEC 20000
Preparation Guide EXIN IT Service Management Associate Bridge based on ISO/IEC 20000 Edition January 2014 Copyright 2014 EXIN All rights reserved. No part of this publication may be published, reproduced,
More informationAligning IT with Business Needs (Why Right-sourcing works)
Aligning IT with Business Needs (Why Right-sourcing works) Mike Ryan Aligning IT with Business Needs (Why Right-sourcing works) Mike Ryan Challanges running IT Keeping IT Running Value Costs Mastering
More informationCOBIT 4.1 TABLE OF CONTENTS
COBIT 4.1 TABLE OF CONTENTS Executive Overview....................................................................... 5 COBIT Framework.........................................................................
More informationNetIQ FISMA Compliance & Risk Management Solutions
N E T I Q C O M P L I A N C E S E R I E S NetIQ FISMA Compliance & Risk Management Solutions The Federal Information Security Management Act (FISMA) requires federal agencies to create and implement a
More informationIssue 1.0. UoG/ILS/IS 001. Information Security and Assurance Policy. Information Security and Compliance Manager
Document Reference Number Date Title Author Owning Department Version Approval Date Review Date Approving Body UoG/ILS/IS 001 January 2016 Information Security and Assurance Policy Information Security
More informationCOBIT 5 Process Assessment Method (PAM) Debra Mallette, CGEIT, CISA, CSSBB Governance Risk and Compliance -G22
COBIT 5 Process Assessment Method (PAM) Debra Mallette, CGEIT, CISA, CSSBB Governance Risk and Compliance -G22 Session Objectives Why Assess Process Capability COBIT 5 Process Assessment Model Relationship
More informationDesigning a Data Governance Framework to Enable and Influence IQ Strategy
Designing a Data Governance Framework to Enable and Influence IQ Strategy Elizabeth M. Pierce University of Arkansas at Little Rock PG 135 Overview of Corporate and Key Asset Governance (Reproduced from
More information1 Why should monitoring and measuring be used when trying to improve services?
1 Why should monitoring and measuring be used when trying to improve services? a) To validate, direct, justify and intervene b) To validate, measure, monitor and change c) To validate, plan, act and improve
More informationPreparation Guide. EXIN IT Service Management Associate based on ISO/IEC 20000
Preparation Guide EXIN IT Service Management Associate based on ISO/IEC 20000 Edition January 2014 Copyright 2014 EXIN All rights reserved. No part of this publication may be published, reproduced, copied
More information