samantha schreiner university of illinois at urbana- champaign ba 559 – professor michael shaw...

9
Samantha Schreiner University of Illinois at Urbana-Champaign BA 559 – Professor Michael Shaw December 15 th , 2008 A Survey of IT Governance Through COBIT, ITIL, and ISO 17799

Upload: brice-ward

Post on 13-Dec-2015

222 views

Category:

Documents


3 download

TRANSCRIPT

Page 1: Samantha Schreiner University of Illinois at Urbana- Champaign BA 559 – Professor Michael Shaw December 15 th, 2008 A Survey of IT Governance Through COBIT,

Samantha Schreiner

University of Illinois at Urbana-Champaign

BA 559 – Professor Michael Shaw

December 15th, 2008

A Survey of IT Governance Through COBIT, ITIL, and ISO

17799

Page 2: Samantha Schreiner University of Illinois at Urbana- Champaign BA 559 – Professor Michael Shaw December 15 th, 2008 A Survey of IT Governance Through COBIT,

IT Governance Institute on IT Governance defines as “integral part of enterprise governance

that consists of the leadership and organizational structures and processes that ensure an organization’s IT sustains and extends the organization’s strategies and objects”

Direct IT applications and make sure that IT performance meets: Alignment of IT with enterprise Use of IT enables the enterprise to take advantage of all opportunities and

maximize benefits IT resources are used responsibly IT related risks appropriately managed

QuickTime™ and aTIFF (Uncompressed) decompressor

are needed to see this picture.

Page 3: Samantha Schreiner University of Illinois at Urbana- Champaign BA 559 – Professor Michael Shaw December 15 th, 2008 A Survey of IT Governance Through COBIT,

Frameworks Top management’s strategy and goals must

be effectively stated and brought down throughout the enterprise

Framework is a key element in ensuring proper control and governance of IT

72% of all North American enterprise-class organizations use one or more formal IT control and process model

COBIT * ITIL * ISO 17799 Most popular frameworks

Page 4: Samantha Schreiner University of Illinois at Urbana- Champaign BA 559 – Professor Michael Shaw December 15 th, 2008 A Survey of IT Governance Through COBIT,

COBIT Mission to “research, develop, publicize and

promote an authoritative, up-to-date, internationally accepted IT governance control framework for adoption by enterprises and day-to-day business managers, IT professionals, and assurance professionals” Business focused Process-oriented Control based Measurement driven

Page 5: Samantha Schreiner University of Illinois at Urbana- Champaign BA 559 – Professor Michael Shaw December 15 th, 2008 A Survey of IT Governance Through COBIT,

COBIT domains Plan and Organize Acquire and Implement Deliver and Support Monitor and Evaluate

QuickTime™ and aTIFF (Uncompressed) decompressor

are needed to see this picture.

Page 6: Samantha Schreiner University of Illinois at Urbana- Champaign BA 559 – Professor Michael Shaw December 15 th, 2008 A Survey of IT Governance Through COBIT,

ITIL Defines organizational structure and

requirements for an entity’s IT Gives a standard set of operational

management tasks Latest version: v3

Page 7: Samantha Schreiner University of Illinois at Urbana- Champaign BA 559 – Professor Michael Shaw December 15 th, 2008 A Survey of IT Governance Through COBIT,

ITIL volumes Service Strategy Service Design Service Transition Service Operation Continual Service Improvement

Page 8: Samantha Schreiner University of Illinois at Urbana- Champaign BA 559 – Professor Michael Shaw December 15 th, 2008 A Survey of IT Governance Through COBIT,

ISO 17799 Standard to assist companies is

establishing risk assessment methods, policies, and controls

Establishes guidelines for certification, compliance, and audits

11 security control clauses with 39 main security categories

Page 9: Samantha Schreiner University of Illinois at Urbana- Champaign BA 559 – Professor Michael Shaw December 15 th, 2008 A Survey of IT Governance Through COBIT,

ISO 17799 steps Conduct risk assessments Establish a security policy Compile an asset inventory Define accountability Address physical security Document operating procedures Determine access controls Coordinate business activity Demonstrate compliance

QuickTime™ and aTIFF (Uncompressed) decompressor

are needed to see this picture.