IT Governance – Leveraging Best Practices for Governance Success

Slides:



Advertisements
Similar presentations
INTRODUCTION TO IT SERVICE MANAGEMENT
Advertisements

Service Delivery – your ticket to play
Alignment of Enterprise Governance and IT Governance
Analisa Proses. Terjemahan model analisis menjadi desain software.
Auditing Corporate Information Security John R. Robles Tuesday, November 1, Tel:
Title Slide Higher Education Office of Information Technology Management Methodology By James M. Dutcher.
ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.
TI BISNIS ITG using COBIT &
Centro de Convenciones, August 22-23, 2006
COBIT - II.
Roger Southgate Past President of ISACA London Chapter Member of the BSI Committees for Service Management and IT Governance Leader.
Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
SOX and IT Audit Programs John R. Robles Thursday, May 31, Tel:
Demystifying ITIL Greg Charles, Ph.D. Area Principal Consultant, CA
Improving IT Governance Through Formal Change Management
Managing Information Technology Service Delivery
A framework for describing IT Project Management Processes and Tool Set Features Enterprise Project Management Framework.
IT Governance – Leveraging ITIL® v2/v3 for Governance Success
Leveraging ITIL Challenges and Successes Greg Charles, Ph.D. Area Principal Consultant February 2006.
Information Technology Infrastructure Library (ITIL)
ITIL: Why Your IT Organization Should Care Service Support
Demonstrating IT Relevance to Business Aligning IT and Business Goals with On Demand Automation Solutions Robert LeBlanc General Manager Tivoli Software.
Integrated Process Model - v2
Information Technology Service Management
Understanding ITIL. The Legislation Minefield  Privacy & Security  Personal Information Protection Electronic Document Act (PIPEDA)  US Patriot Act.
Getting Smarter with Information An Information Agenda Approach
The Problem Solutions: Standards & Frameworks
© 2010 Plexent – All rights reserved. 1 Change –The addition, modification or removal of approved, supported or baselined CIs Request for Change –Record.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
A NASSCOM ® Initiative Security and Quality Kamlesh Bajaj CEO, DSCI May 23, 2009 NASSCOM Quality Summit Hyderabad 1.
Information Security Governance 25 th June 2007 Gordon Micallef Vice President – ISACA MALTA CHAPTER.
Optimize ITIL ® Implementations With processes automation ITIL is a Registered Trademark by the OGC Dimitri Mizernik
The Evergreen, Background, Methodology and IT Service Management Model
Continual Service Improvement Process
Collin County’s Doing More with Less How Collin County’s ITIL Framework has worked to do more with less.
Roles and Responsibilities
1. IT AUDITS  IT audits: provide audit services where processes or data, or both, are embedded in technologies.  Subject to ethics, guidelines, and.
CSI - Introduction General Understanding. What is ITSM and what is its Value? ITSM is a set of specialized organizational capabilities for providing value.
Service Transition & Planning Service Validation & Testing
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
Roadmap to Maturity FISMA and ISO 2700x. Technical Controls Data IntegritySDLC & Change Management Operations Management Authentication, Authorization.
An Integrated Control Framework & Control Objectives for Information Technology – An IT Governance Framework COSO and COBIT 4.0.
Committee of Sponsoring Organizations of The Treadway Commission Formed in 1985 to sponsor the National Commission on Fraudulent Financial Reporting “Internal.
Security Standards and Threat Evaluation. Main Topic of Discussion  Methodologies  Standards  Frameworks  Measuring threats –Threat evaluation –Certification.
1 Optimizing IT Better Planning, Better Control, Better Results Copyright © 2009 K-12 Technology Works.
IT Governance: COBIT, ISO17799 & ITIL. Introduction COBIT ITIL ISO17799Others.
Information Technology Infrastructure Library (ITIL) History, Concepts and Alignment to CobiT and ISO Thursday, October 12, 2006.
COBIT®. COBIT® - Control Objectives for Information and related Technology. C OBI T was initially created by the Information Systems Audit & Control Foundation.
Kathy Corbiere Service Delivery and Performance Commission
ITIL Awareness UC JDCMG Discussion 4/26/2017.
C OBI T and slides © 2007 IT Governance Institute. Used with permission. An Overview of C OBI T ®
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
The Service Monitoring and Control Toolkit 1 Protect your business with an effective alert management system and high service availability.
ICS Area Managers Training 2010 ITIL V3 Overview April 1, 2010.
#325 - CobiT and Service Delivery Debra Mallette, CISA, CSSBB Kaiser Permanente IT.
Project Management Tools for the PMO and for the PM Doc Dochtermann VP Strategy & Policy PMI -SVC July 25, 2007.
ITIL and Remedy ITSM Implementation Overview
COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.
1 Using CobiT to Enhance IT Security Governance LHS © John Mitchell John Mitchell PhD, MBA, CEng, CITP, FBCS, MBCS, FIIA, CIA, CISA, QiCA, CFE LHS Business.
Service Design.
ISACA Willamette Valley Chapter Luncheon Thursday, March 20, 2008 Practical Auditors Guide for CobiT Steve Balough, CISA.
BIL 424 NETWORK ARCHITECTURE AND SERVICE PROVIDING.
Managing Information Technology Service Delivery
EITS Planning & Decision Support
Understanding ITIL.
INTRODUCTION TO IT SERVICE MANAGEMENT
Transforming IT Management
ITIL Awareness UC JDCMG Discussion 9/22/2018.
Demystifying ITIL Greg Charles, Ph.D. Area Principal Consultant, CA
Presentation transcript:

IT Governance – Leveraging Best Practices for Governance Success Greg Charles, Ph.D. Area Senior Technology Specialist Western U.S. ITIL, Governance & Best Practices Lead CA, Inc. December 2007

Governance Compliance IT Governance Defined as: The management of risk & compliance. “The overall methodology by which IT is directed, administered and controlled” Governance Compliance April 24, 2017 Copyright © 2007 CA

Three Pillars of IT Governance April 24, 2017 Copyright © 2007 CA

Managing Ever-Increasing Complexity April 24, 2017 Copyright © 2007 CA

The Real World View? Black Box SAP Identity Manager PSFT Siebel Network Load Balancer Firewall Portal Mainframe Router Switch Database Web Servers Applications End User Web Services Databases 3rd Party applications April 24, 2017 Copyright © 2007 CA

The Cruel Reality Source: Gartner Screen Scrape Message Queue Sockets Download File Transaction ORB CICS Gateway APPC RPC Sockets Application Source: Gartner April 24, 2017 Copyright © 2007 CA

Addressing These Challenges: Improving Engagement and Efficiency WHAT IS ENGAGEMENT? Doing the Right Things WHAT IS EFFICIENCY? Doing Things Right IT’s ability to partner with the business to maintain alignment and maximize return from IT investments IT’s ability to make the best use of its people, budgets and assets April 24, 2017 Copyright © 2007 CA

Obstacles Prevent Effective Engagement $ $ $ Overwhelming Demand: Unstructured capture of requests and ideas No formal process for prioritization and trade-offs Reactive vs. proactive IT and Biz Divide Business thinks in IT services – IT delivers in technology terms Costs disassociated with services IT Seen as Black Box: Business lacks visibility Poor customer satisfaction April 24, 2017 Copyright © 2007 CA

Disparate Systems Reduce Efficiency No Single System of Record for Decision-Making IT Management systems siloed Relevant Metrics Hard to Obtain Disparate Systems Costly to Maintain and Upgrade April 24, 2017 Copyright © 2007 CA

IT Governance Landscape April 24, 2017 Copyright © 2007 CA

How to Improve Engagement? Structured IT Governance Process Integrated Demand Management Capture, catalog, and prioritize all demand Manage service requests from help desks Match resources to highest-value initiatives Comprehensive Portfolio Management Services, projects, assets, applications Systematic evaluation and prioritization Map controls to compliance requirements 100% visibility into strategic initiatives A single invoice to the customer for all services Business Intelligence for the BRM Visibility into all services that support LOB Detailed cost invoices April 24, 2017 Copyright © 2007 CA

How to Improve Efficiency? Comprehensive Management Empower the PMO Automate, enforce, and report on process compliance World-Class Project Execution Leverage best practices across entire project portfolio Rapid time to value Comprehensive Resource Management Drive maximum utilization of in-house and outsourced resources Capture time and allocate staff for any type of investment Advance Resource Mgmt capabilities Scalable, Transparent Status Capture Capture time and cost of all activities in a single repository for charge-backs and reporting Capture asset costs through integration with Asset Management Solution April 24, 2017 Copyright © 2007 CA

Approaches Currently In Use Business As Usual - “Firefighting” Legislation - “Forced” Best Practice Focused April 24, 2017 Copyright © 2007 CA

US Securities & Exchange Commission IT Governance Model COBIT® Sarbanes- Oxley US Securities & Exchange Commission Audit Models COSO Service Mgmt. App. Dev. (SDLC) Project Mgmt. IT Planning IT Security Quality System Quality Systems & Mgmt. Frameworks ISO CMMi Six Sigma ITIL® BS 15000 ISO 20000 ASL ISO 17799 PMI PMBOK PRINCE2 TSO IS Strategy IT OPERATIONS April 24, 2017 Copyright © 2007 CA

Best Practices Quality & Control Models ISO 900x COBIT® TQM EFQM Six Sigma COSO Deming etc.. Process Frameworks ITIL® Application Service Library Gartner CSD IBM Processes EDS Digital Workflow Microsoft MOF Telecom Ops Map etc.. •What is not defined cannot be controlled •What is not controlled cannot be measured •What is not measured cannot be improved April 24, 2017 Copyright © 2007 CA

ITIL® v2 to v3 Introduction to ITIL Planning To Implement Service Management Service Management Service Support Delivery T h e B u s i n The Business Perspective Application Management ICT Infrastructure Management T e c h n o l o g y Security Management Introduction to ITIL Software Asset Management Small-Scale Implementation April 24, 2017 Copyright © 2007 CA

ITIL Service Support Model The Business, Customers or Users Monitoring Tools Difficulties Queries Enquiries Communications Updates Work-arounds Incidents Incidents Service Desk Customer Survey reports Changes Incident Management Customer Survey reports Problem Management Releases Service reports Incident statistics Audit reports Change Management Problem statistics Problem reports Problem reviews Diagnostic aids Audit reports Change schedule CAB minutes Change statistics Change reviews Audit reports Release Management Release schedule Release statistics Release reviews Secure library’ Testing standards Audit reports Configuration Management CMDB reports CMDB statistics Policy standards Audit reports Problems Known Errors Cls Relationships Incidents Changes Releases CMDB April 24, 2017 Copyright © 2007 CA

ITIL Service Delivery Model Business, Customers and Users Queries Enquiries Communications Updates Reports Availability Management Service Level Management Availability plan AMDB Design criteria Targets/Thresholds Reports Audit reports Capacity Management SLAs, SLRs OLAs Service reports Service catalogue SIP Exception reports Audit reports Requirements Targets Achievements Capacity plan CDV Targets/thresholds Capacity reports Schedules Audit reports Financial Management For IT Services Financial plan Types and models Costs and charges Reports Budgets and forecasts Audit reports IT Service Continuity Management IT continuity plans BIS and risk analysis Requirements defined Control centers DR contracts Reports Audit reports Management Tools Alerts and Exceptions Changes April 24, 2017 Copyright © 2007 CA

COBIT® (Control Objectives for IT) Focused on IT Standards and Audit, CobIT is jointly “owned/maintained” by ITGI and ISACA (Information Systems Audit and Control Association) Based on over 40 International standards Supported by over 150 IT Governance Chapters www.itgi.org www.isaca.org Best Practices: Industry and CA best practices are applied to all of our solutions to maximize standardization and quality April 24, 2017 Copyright © 2007 CA

The COBIT® Cube 4 Domains 34 Processes 318 Control Objectives (Business Requirements) 4 Domains 34 Processes 318 Control Objectives ____ 215 in COBIT® 4.0 April 24, 2017 Copyright © 2007 CA

Acquisition & Implementation The Four COBIT® Domains Acquisition & Implementation (AI Process Domain) Planning & Organization (PO Process Domain) Monitoring (M Process Domain) Delivery & Support (DS Process Domain) April 24, 2017 Copyright © 2007 CA

Planning & Organization PO 1 Define a Strategic IT Plan PO 2 Define the Information Architecture PO 3 Determine the Technological Direction PO 4 Define the IT Organization and Relationships PO 5 Manage the IT Investment PO 6 Communicate Management Aims and Direction PO 7 Manage Human Resources PO 8 Ensure Compliance with External Requirements PO 9 Assess Risks PO 10 Manage Projects PO 11 Manage Quality April 24, 2017 Copyright © 2007 CA

Acquisition & Implementation The Four COBIT® Domains Acquisition & Implementation (AI Process Domain) Planning & Organization (PO Process Domain) Monitoring (M Process Domain) Delivery & Support (DS Process Domain) April 24, 2017 Copyright © 2007 CA

Acquisition & Implementation AI 1 Identify Solutions AI 2 Acquire and Maintain Application Software AI 3 Acquire and Maintain Technology Architecture AI 4 Develop and Maintain IT Procedures AI 5 Install and Accredit Systems AI 6 Manage Changes April 24, 2017 Copyright © 2007 CA

Acquisition & Implementation The Four COBIT® Domains Acquisition & Implementation (AI Process Domain) Planning & Organization (PO Process Domain) Monitoring (M Process Domain) Delivery & Support (DS Process Domain) April 24, 2017 Copyright © 2007 CA

Delivery and Support DS 1 Define Service Levels DS 2 Manage Third-Party Services DS 3 Manage Performance and Capacity DS 4 Ensure Continuous Service DS 5 Ensure Systems Security DS 6 Identify and Attribute Costs DS 7 Educate and Train Users DS 8 Assist and Advise IT Customers DS 9 Manage the Configuration DS 10 Manage Problems and Incidents DS 11 Manage Data DS 12 Manage Facilities DS 13 Manage Operations April 24, 2017 Copyright © 2007 CA

DS5 – Ensure Systems Security Manage Security Measures DS 5.2 Identification, Authentication and Access DS 5.3 Security of Online Access to Data DS 5.4 User Account Management DS 5.5 Management Review of User Accounts DS 5.6 User Control of User Accounts DS 5.7 Security Surveillance DS 5.8 Data Classification DS 5.9 Central Identification and Access Rights Management DS 5.10 Violation and Security Activity Reports DS 5.11 Incident Handling DS 5.12 Reaccreditation DS 5.13 Counterparty Trust DS 5.14 Transaction Authorization DS 5.15 Non-Repudiation DS 5.16 Trusted Path DS 5.17 Protection of Security Functions DS 5.18 Cryptographic Key Management DS 5.19 Malicious Software Prevention, Detection and Correction DS 5.20 Firewall Architectures and Connections with Public Networks DS 5.21 Protection of Electronic Value April 24, 2017 Copyright © 2007 CA

Acquisition & Implementation The Four COBIT® Domains Acquisition & Implementation (AI Process Domain) Planning & Organization (PO Process Domain) Monitoring (M Process Domain) Delivery & Support (DS Process Domain) April 24, 2017 Copyright © 2007 CA

Monitoring M 1 Monitor the Processes M 2 Assess Internal Control Adequacy M 3 Obtain Independent Assurance M 4 Provide for Independent Audit April 24, 2017 Copyright © 2007 CA

Acquisition & Implementation COBIT® Summary Acquisition & Implementation (AI Process Domain) Planning & Organization (PO Process Domain) Monitoring (M Process Domain) Delivery & Support (DS Process Domain) April 24, 2017 Copyright © 2007 CA

Theory – ITIL® / COBIT® / etc. Technology – CA and others How to Make IT a Reality? Key Success Factors Theory – ITIL® / COBIT® / etc. Process Guidelines for Best Practices Provides the theory but not always defines the process Education is an important component Convert theory to process that is applicable to the unique needs of the organization Training & Education Tool configuration Technology – CA and others Provide the technology that enables & automates the process Repeatability, compliance & notifications Implement processes impossible without technology April 24, 2017 Copyright © 2007 CA

Tools to Aid Success Maturity Model Solution Sheets Transitional Maturity ROI Tool Process Model Assessments Profilers Blueprints April 24, 2017 Copyright © 2007 CA

Governance: Meeting Customer Needs Leveraging Best Practices ITIL®, COBIT®, COSO, ITAM, ITSM, Six Sigma, etc. Best Practices: Industry and CA best practices are applied to all of our solutions to maximize standardization and quality April 24, 2017 Copyright © 2007 CA

IT Governance – Leveraging Best Practices for Success Greg Charles, Ph.D. Area Senior Technology Specialist Western U.S. ITIL & Best Practices Lead CA, Inc. December 2007

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.