It Governance Framework: Cobit, BS7799, ITIL: EITRM: Group 7 - Section A
It Governance Framework: Cobit, BS7799, ITIL: EITRM: Group 7 - Section A
BS7799, ITIL
Submitted By:
Aditya Dogra | Chandraboli Roy Choudhary | Dharani Dharan | Himal Vaghela |
Portia Khan
INTRODUCTION - COBIT
Control Objectives for Information and Related Technology (CobiT) is a set of best practices
for Information Technology management developed by ISACA (Information Systems Audit &
Control Association) and IT Governance Institute
It is a comprehensive framework that helps enterprises to create optimal value from IT by
maintaining a balance between realizing benefits and optimizing risk levels and resource
use.
It enables information and related technology to be governed and managed in a holistic
manner for the whole enterprise, taking in the full end to end business and functional areas
of responsibility, considering the IT-related interests of internal and external stakeholders.
The principles and enablers are generic and useful for enterprises of all sizes, whether
DISADVANTAGES OF COBIT
internal control.
Implementation and use of COBIT for IT Governance in the Viana do Castelo Polytechnic
Institute in Portugal
It constitutes of six organic units or schools
Technology and High School Administrati
Agrarian High School
Education High School
Difficulty of distance
processes
Existence of several
dispersed
information systems
Difficulty of
monitoring the
services
performance
Difficulty in
controlling the
backups
Organic set of IS
secured and
managed by the
Information
Department (ID) of
each Organic Unit
creates problems
Align the
business
objectives
with the IT
objectives
Elaborate an
IT strategic
plan
Elaborate a
tactical plan
for the IT
Implementatio
n of IT
Projects
Output
IT strategic
plan
IT quality
plan
Procedures
to manage
projects
infrastructure
Install
Reinstall
Configure components in the technological
infrastructure
Maintenance of the technological infrastructure
components
INDICATORS
INDICATORS
Average time to configure
infrastructure components
# of infrastructure components that
THE IMPROVEMENTS
Improved the quality of care by the administrative services
Controlled and managed the IS more efficiently
Reduced about 90% of the number of failures in
communication between services and user
Reduced the execution time of tasks by about 25%
Set policies and plans for managing the IT
Defined indicators to evaluate the performance of the
services in IT field
Efficient in monitoring and controlling the technological
infrastructure components
like
surrounding that asset, better decisions can be made to protect the business
BS7799 framework offers guidance to ask the pertinent questions about the business and
malicious software
Disadvantages
Only adhering to the standard doesnt secure the system, a lot is dependent on the implementation
Perceived cost
1.
2.
3.
Achieving
Accreditation
Security policy
A documented information security policy
Security Organisation
A documented information security policy
Assets classification and control
Allocation of information security responsibilities within
the organisation
4.
Personnel Security
Manage Identified
Risks
To minimize potential
damage of assets, manage
technology and people
Manage security issues
such as security locks and
CCTV systems
ISMS IMPLEMENTATION
Business
continuity
planning
Identify objectives,
policies and critical
success factors
In bank, existence
of remote
journaling and
mirroring systems
in event of disaster
Example: Barclays
payments
received 5 days
late
Selecting
objectives and
controls to be
implemented
Choose most
appropriate
controls to
manage identified
risks
In bank, consider
other criterias
apart from that
mentioned in
BS7799
Controls such as
cost effective, fit
for purpose and
consistent with
associated
business risk were
Preparing
statement of
applicability
COBRA
compliance
product
In bank, adapt or
disregard controls
listed in favour of
their own controls
Its a knowledge
based software for
risk assessment
qand management
Customized set of
questions for bank
to provide a
customized
solution
Focus on
strategy
Business and
IT strategy
integrated
IBM
Business and
IT strategy
alignment
BCG
Gartner
Primary
objective
IT process
performance controls
and metrics
Focus on
operations
IT services
management
Giga Group
Structure of
global IT
organizations
KPMG
COBIT
ISO
17799
ITIL
ITIL
IT focus
Implementation
of IT governance
using CobiT, ITIL
Company
individual
De facto
standard
IT security
management
Content
Business/IT alignment
WHYADOPTITIL?
ITILITInfrastructureLibrary, Systematic approach to high quality IT service delivery
ItalignswithITbusinessgoalsandserviceobjectives
Itisprocessdriven,scaleableandflexible
ReduceITcostyetprovidingoptimalservices
Increaserelationshipandcommunicationamongdifferentdepartments,employees,customersandusers
SuccessfullyadaptedbyHP,IBM,PG,ShellOil,Boeing,Microsoft,ProctorandGamble,StateofCA
WHY ITIL ?
ITIL TERMINOLOGY
ITIL
ITIL v3
v3 Library
Library
The first three are primarily
concerned with bringing new or
improved services to the service
catalog.
Service
Strategy
Service
Design
Service
Transition
Service
Operation
Continual
Service
Improvement
0%
The case focuses on a European IS organization. It has more than 300 IS staff, started its two-year program in 2001 and has spent around
2.6 million euros on it.
Results included a savings of nearly 3.5 million euros a year (approximately 7 percent of IS operating costs) through the identification of
unused or underutilized resources like software licenses. This represented about 90 percent of the tangible savings formally identified to
date.
The IS organization is now billing around 1 million euros (approximately 2 percent of total billings) for services that were being delivered but
were not being charged for.
The IS organization's customer satisfaction rating went up from 6.8 to 7.6 out of 10 .
REFERENCES
IT Governance using COBIT implemented in a High Public Educational Institution A Case
THANK YOU