samantha schreiner university of illinois at urbana- champaign ba 559 – professor michael shaw...
TRANSCRIPT
Samantha Schreiner
University of Illinois at Urbana-Champaign
BA 559 – Professor Michael Shaw
December 15th, 2008
A Survey of IT Governance Through COBIT, ITIL, and ISO
17799
IT Governance Institute on IT Governance defines as “integral part of enterprise governance
that consists of the leadership and organizational structures and processes that ensure an organization’s IT sustains and extends the organization’s strategies and objects”
Direct IT applications and make sure that IT performance meets: Alignment of IT with enterprise Use of IT enables the enterprise to take advantage of all opportunities and
maximize benefits IT resources are used responsibly IT related risks appropriately managed
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
Frameworks Top management’s strategy and goals must
be effectively stated and brought down throughout the enterprise
Framework is a key element in ensuring proper control and governance of IT
72% of all North American enterprise-class organizations use one or more formal IT control and process model
COBIT * ITIL * ISO 17799 Most popular frameworks
COBIT Mission to “research, develop, publicize and
promote an authoritative, up-to-date, internationally accepted IT governance control framework for adoption by enterprises and day-to-day business managers, IT professionals, and assurance professionals” Business focused Process-oriented Control based Measurement driven
COBIT domains Plan and Organize Acquire and Implement Deliver and Support Monitor and Evaluate
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
ITIL Defines organizational structure and
requirements for an entity’s IT Gives a standard set of operational
management tasks Latest version: v3
ITIL volumes Service Strategy Service Design Service Transition Service Operation Continual Service Improvement
ISO 17799 Standard to assist companies is
establishing risk assessment methods, policies, and controls
Establishes guidelines for certification, compliance, and audits
11 security control clauses with 39 main security categories
ISO 17799 steps Conduct risk assessments Establish a security policy Compile an asset inventory Define accountability Address physical security Document operating procedures Determine access controls Coordinate business activity Demonstrate compliance
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.