2. Objectives
• Contains notes on the integration of available frameworks
and methodologies into a possible integrated approach to
providing information technology services
March 23, 2010 2
3. Information Technology and Related Frameworks
and Methodologies
• Bewildering array of overlapping frameworks and methodologies
across lifecycle of IT systems delivery and management
• Frameworks and methodologies have benefits
− Provide a short-cut to determining the optimum approach to address a
business need
− Contain collective learning and experience
− Supported and enhanced
− Useful but are a means to and end and not an end in themselves
• But there are many (too many) competing individual frameworks
and methodologies representing specific potential solutions to
specific needs
− Focussing on individual aspects of IT
• Need for a higher view above the individual frameworks
• A view that represents how an IT function needs to operate
holistically
March 23, 2010 3
4. Suggested Integrated IT Solution and Operations
Management Approach
Integrated Solution and Operations
Management Approach
Architecture and Management and
Realisation Processes
Vision and Strategy Enterprise Management
Programme and Portfolio
Architecture
Management
Development, Customisation
Project Management
and Configuration
Implementation and
Service Management
Deployment
Operation and Control Architecture Management
March 23, 2010 4
5. Integrated IT Solution and Operations Management
Approach
• Every IT function has two pillars
− Doing
• Strategy
• Design
• Development
• Implementation
− Managing the doing
• Business change
• Programmes
• Projects
• Operations
• Generalised approach that can integrate specific delivery
frameworks as required
• Provide an overarching approach on which any function can be built
March 23, 2010 5
6. Direction and Focus of IT Solution and Operations
Management Approach – Three Layers
Integrated Solution and Operations
Management Approach
Architecture and Management and
Realisation Processes
General Vision and Strategy Enterprise Management Fundamental
Direction of Processes and
Solution Competencies
Programme and Portfolio
Lifecycle Architecture
Management
From
Design to Development, Customisation Implementation
Operation Project Management of New Projects
and Configuration
and Services
Implementation and
Service Management
Deployment
Operation of
Operation and Control Architecture Management Existing Services
March 23, 2010 6
7. Arrangement of Integrated IT Solution and Operations
Management Approach Within Operational Context
Architecture and Realisation Management and Processes
Existing
MANAGING THE DOING
Programmes, Focus on management processes
Focus on architecture and design
Projects and associated with the operation and
aspects of existing services
Services delivery of existing services
Focus on management processes
DOING
Focus on architecture, design,
New associated with the architecture,
selection, development and
Programmes, design, selection, development
delivery aspects of new projects
Projects and and delivery aspects of new
and services
Services projects and services
Focus on the prerequisites and Focus on the prerequisite and
Fundamental
foundations for strategy, foundation management
Organisational
Requirements architecture and design across IT processes across IT function and
function and solution lifecycle solution lifecycle
March 23, 2010 7
8. Integrated IT Solution and Operations Management
Approach
• An practical and integrated solution and operations
management approach consisting of two pillars:
− Architecture and Realisation (“Doing”)
• Concerned with enterprise vision, strategy, architecture, implementation,
delivery and subsequent operation
− Management and Processes (“Managing the Doing”)
• Addresses the management of large-scale business and information
technology initiatives and associated programmes and projects
• Phases and processes within the two pillars can be
integrated across a programme of work or the services can
be delivered independently, depending on the
requirements of the organisation
• Generalised framework that can be applied across multiple
environments
March 23, 2010 8
9. Expanded Integrated IT Solution and Operations
Management Approach - Architecture and Realisation Pillar
Architecture and Realisation
Vision and Strategy
Enterprise Transition and Information Technology
Transformation Strategy
Architecture
Business Application Information Technology
System Architecture Business Area Architecture
Architecture Architecture
Development, Customisation
and Configuration
Package Selection,
Accelerated Application
Customisation and Iterative Development Application Re-engineering
Prototyping and Development
Implementation
Implementation and
Deployment
Readiness Assessment Pilot Deployment Preparation Deployment
Operation and Control
System Operations and Service System Support and
Management Administration
March 23, 2010 9
10. Expanded Integrated IT Solution and Operations
Management Approach - Management and Processes Pillar
Management and Processes
Enterprise Management
Architecture and Systems Management Support
Business Change Governance IT Management
Management Framework
Programme and Portfolio
Management
Portfolio Project
Programme Management
Management
Project Management
PMO Implementation
Management of Projects
and Operation
Service Management
Service Request Service Improvement
Service Delivery
Management Programme
Architecture
Management
Business Architecture Information Architecture Technology Architecture Application Architecture
Management Management Management Management
March 23, 2010 10
11. Integrated IT Solution and Operations Management
Approach Within Operational Context
Architecture and Realisation Management and Processes
Existing
Operation and
Programmes, Control
Projects and
Services Service
Management
Implementation and
Deployment
New
Programmes,
Projects and Development,
Customisation
Services and
Configuration
Architecture Programme
Enterprise Project Architecture
and Portfolio Management
Management Management
Management
Vision and
Fundamental Strategy
Organisational
Requirements
March 23, 2010 11
12. Architecture and Realisation Pillar
• Vision and Strategy
− Creates the business vision defines the direction for subsequent information technology initiatives
− Internal and external requirements and processes are analysed
− Allows prioritisation of the business and information system areas that will addressed in subsequent stages
− Ensures that all further work is aligned with the vision and strategy
• Architecture
− Designed to translate the Vision and Strategy into an implementable, operable and supportable structure
− Architecture can encompass both enterprise and specific solution areas
− Scope, requirements and functionality of the business processes and the associated information systems are
specified
− Architecture is concerned with both business and information technology in parallel
− Constituent projects and changes to deliver the architecture are identified
• Development, Customisation and Configuration
− Selects, designs, builds, customises and tests the elements of the solution
− Includes some or all of customised development, package customisation and system enhancement.
− Development activities related to business change and technical infrastructure are addressed
• Implementation and Deployment
− Takes the solution components and creates a fully operable system, complete with data and business process
changes
− Includes integration testing, pilot, data conversion documented procedures, training, and operational readiness
and acceptance
• Operation and Control
− Creates and implements practices for ensuring defined service levels for the operation, maintenance, and
support of the new or modified systems
March 23, 2010 12
13. Management and Processes Pillar
• Enterprise Management
− Involves establishing business objectives, monitoring achievement against targets and making necessary
corrections
• Programme and Portfolio Management
− Directs and manages programmes and portfolios of initiatives and undertakings offerings to balance benefits,
costs, resources and risks in a strategic context and ensuring benefits realisation
− Establish the competency within an organisation to provide this service internally or manage its provision by
external agents
• Project Management
− Concentrates on the effective and efficient processes required to identify, coordinate, and continuously focus
people and resources on achieving project objectives and commitment within time, cost, resource and quality
controls
− Enables organisations to deliver both the simple and complex initiatives and to perform projects capably
• Service Management
− Controls and manages the operational services phases of the overall initiative life cycle
− Service request management handles requests from users
− Manages their fulfilment and includes logging, performing initial analysis, monitoring, prioritising, measuring,
and closing
− Service delivery management directs and manages services to ensure that the end-user receives the agreed
service
• Architecture Management
− Concerned with the business, technical, and operational procedures and processes needed to ensure and
maintain integrated enterprise and solution architecture during the implementation of the solution and its
subsequent operation
March 23, 2010 13
14. Groups of Information Technology and Related
Frameworks, Methodologies and Toolsets
• Multiple existing IT frameworks can be divided into groups
− Service and Application Management, Provisioning and Sourcing
− Program and Project Management
− Enterprise Architecture
− Software Lifecycle Management
− Value and Investment Management
− Data Management
− Quality Management
− Governance, Security and Risk Management
− Business Management and Support
− Business Analysis
• Not an exhaustive list of frameworks or groups
• Each exists as a point solution to a specific requirement
• Frameworks need to be placed in context to allow most relevant and
appropriate be selected
March 23, 2010 14
15. Groups of Information Technology and Related
Frameworks, Methodologies and Toolsets
Information Technology and Related
Frameworks, Methodologies and Toolsets
Service and Application Management,
Quality Management
Provisioning and Sourcing
Governance, Security and Risk
Program and Project Management
Management
Software Lifecycle Management Business Management and Support
Value and Investment Management Business Analysis
Data Management Enterprise Architecture
March 23, 2010 15
16. Framework Groups Within Integrated Solution and
Operations Management Approach
Architecture and Realisation Management and Processes
Existing
Programmes,
Projects and
Services
Business
Management
and Support Software
Lifecycle
Service and
New Application
Management Governance,
Program and
Management, Security and
Programmes, Provisioning Risk Project
Management Management
Projects and and Sourcing
Services
Business Value and Quality
Data
Analysis Enterprise Investment Management
Management
Architecture Management
Fundamental
Organisational
Requirements
March 23, 2010 16
17. Organisations Need to Maintain Sets of Core
Competencies That Cross All Functions
• Core competencies that organisations need and which cross
functional areas
− Performance and Quality Management
− Resource Management
− Funding, Financial, Investment and Budget Management and Total Cost of
Ownership
− Human Capital and Resource Management
− Organisation Design, Planning and Management
− Usability and User Experience Design
− Sourcing and Selection Management
− Vendor and Supplier Management
− Business Process Management
− Benefits Assessment and Realisation
− Capacity Planning, Forecasting and Demand and Supply Management
• These are common sets of skills needed for both pillars and across
solution and service lifecycles
• Not specific to one area within integrated approach
March 23, 2010 17
18. Core Competencies That Cross All Functions
Performance Solution and Management
Integrated and Quality Operations
Management Approach
Resource Management
Architecture and Management and
Funding, Financial, Investment and Budget Management and Total Cost of Ownership
Realisation Processes
Human Capital and Resource Management
Vision and Strategy Enterprise Management
Organisation Design, Planning and Management
Programme and Portfolio
Architectureand User Experience Design
Usability
Management
Sourcing and Selection Management
Development, Customisation
Project Management
and Configuration Supplier Management
Vendor and
Implementation andProcess Management
Business Service Management
Deployment
Benefits Assessment and Realisation
Operation and Control Architecture Management
Capacity Planning, Forecasting and Demand and Supply Management
March 23, 2010 18
19. Core Competencies
• Frameworks can assist in quickly implementing some core
competencies
Performance and Quality Management ISO 9000, TickIT, TQM, Six Sigma
Resource Management
Funding, Financial, Investment and Budget ITIM, Val IT
Management and Total Cost of Ownership
Human Capital and Resource Management People CMM
Organisation Design, Planning and Management
Usability and User Experience Design
Sourcing and Selection Management eSCM, ISPL
Vendor and Supplier Management eSCM, ISPL
Business Process Management
Benefits Assessment and Realisation MSP, IT Balanced Scorecard, ITIM, Val IT
Capacity Planning, Forecasting and Demand and
Supply Management
March 23, 2010 19
20. Frameworks and Integrated Solution and Operations
Management Approach - Architecture and Realisation
High Level Function Components of Function Possible Methodology/Framework
Toolset
Vision and Strategy Enterprise Transition and Transformation
Information Technology Strategy TOGAF, DODAF, MODAF, NASCIO EAMM
Architecture System Architecture TOGAF, DODAF, MODAF, NASCIO EAMM
Business Application Architecture TOGAF, DODAF, MODAF, NASCIO EAMM
Information Technology Architecture TOGAF, DODAF, MODAF, NASCIO EAMM
Business Area Architecture TOGAF, DODAF, MODAF, NASCIO EAMM
Development, Customisation and Accelerated Application Prototyping and DSDM, RUP
Configuration Development
Package Selection, Customisation and ITIM, Val IT
Implementation
Iterative Development DSDM, RUP
Application Re-engineering
Implementation and Deployment Readiness Assessment
Pilot
Deployment Preparation
Deployment
Operation and Control System Operations and Service Management ITIL, ISO 20000, IT Service CMM, ISPL, eSCM,
ASL, USMBOK
System Support and Administration ITIL, ISO 20000, IT Service CMM, ISPL, eSCM,
ASL, USMBOK
March 23, 2010 20
21. Frameworks and Integrated Solution and Operations
Management Approach - Management and Processes
High Level Function Components of Function Possible Methodology/Framework
Toolset
Enterprise Management Business Change
Governance COBIT, ISO 38500, OCEG
Architecture and Systems Management
Management Support Framework MOF, BISL, ITIL, ISO 20000, IT Service CMM,
ISPL, eSCM, ASL, USMBOK
IT Management
Programme and Portfolio Management Programme Management PRINCE2, PMBOK, MSP
Portfolio Project Management PRINCE2, PMBOK, MSP
Project Management PMO Implementation and Operation PRINCE2, PMBOK, MSP
Management of Projects PRINCE2, PMBOK, MSP
Service Management Service Delivery ITIL, ISO 20000, IT Service CMM, ISPL, eSCM,
ASL, USMBOK
Service Request Management ITIL, ISO 20000, IT Service CMM, ISPL, eSCM,
ASL, USMBOK
Service Improvement Programme ITIL, ISO 20000, IT Service CMM, ISPL, eSCM,
ASL, USMBOK
Architecture Management Business Architecture Management TOGAF, DODAF, MODAF, NASCIO EAMM
Information Architecture Management TOGAF, DODAF, MODAF, NASCIO EAMM
Technology Architecture Management TOGAF, DODAF, MODAF, NASCIO EAMM
Application Architecture Management TOGAF, DODAF, MODAF, NASCIO EAMM
March 23, 2010 21
22. Service and Application Management, Provisioning
and Sourcing Frameworks
Information
Technology
and Related
Frameworks
Service and
Application
Management,
Provisioning
and Sourcing
USMBOK
ITIL IT Service ISPL eSCM
ASL (Universal
(Information ISO 20000 CMM (Information (eSourcing
(Application Service
Technology (ITSM (Capability Services Capability
Services Management
Infrastructure Standard) Maturity Procurement Maturity
Library) Body of
Library) Model) Library) Model)
Knowledge)
March 23, 2010 22
23. ITIL (Information Technology Infrastructure Library)
• Aims to improve the overall quality of service to the business within imposed
constraints while improving the overall effectiveness and efficiency of IT
• Consists of a series of books giving guidance on the provision of quality IT services,
and on the accommodation and environmental facilities needed to support IT
• Provides a framework of best practice guidance for IT service management that
has become the most widely used and accepted approach to IT service
management in the world
• Developed in recognition of organisations' growing dependency on IT
• Core of ITIL provides best practice guidance for service delivery, service support, IT
infrastructure management, planning to implement service management,
application management, the business perspective, and security management
• Whole ITIL philosophy has grown up around the guidance contained within the ITIL
books and the supporting professional qualification scheme
March 23, 2010 23
24. ISO 20000 (IT Service Management Standard)
• Formal standard for IT service management
• Management standard, addressing the establishment and
maintenance of processes and the mechanism to ensure their
relevance and improvement
• Consists of service delivery processes, resolution processes,
relationship processes, control processes, and the release process
• Requires service providers to implement the PDCA( Plan-Do-Check-
Act) cycle for service management processes
• Achieve formal certification and thus demonstrate compliance to
accepted best practices but ISO 20000 is primarily a measure of
process conformance to be achieved rather than setting out a means
of achieving this process conformance
• Covers only core elements of the service management process and
thus cannot describe the full set of processes for any specific service
provider
March 23, 2010 24
25. IT Service CMM (Capability Maturity Model)
• Maturity model for organisations that provide IT services
such as management of hardware and software,
operations, and software maintenance
• Used to assess current IT organisation's maturity and to
improve IT processes
• Focus on process improvement but does not include
specifications on how a specific maturity level should be
reached
• Does not distinguish between internal and external IT
service providers
March 23, 2010 25
26. ISPL (Information Services Procurement
Library)
• Best practice library for the management of IT related
acquisition processes
• Focus on the relationship between the customer and
supplier organisation and on the procurement of
information services
• Designed to professionalise customer-supplier
relationships during an outsourcing initiative
• Designed to help understand services to be acquired and
delivered and structure their acquisition and delivery
March 23, 2010 26
27. eSCM (eSourcing Capability Maturity Model)
• Two versions:
− Sourcing partners (eSCM-SP)
− Client companies availing of outsourcing function (eSCM-CL)
• Sourcing partners
− Defines sourcing capabilities that organisations should develop
and improve in order to be viewed by their current and
prospective customers as capable and reliable partners
• Client companies availing of outsourcing function
− Defines capabilities that organisations should develop and
improve in order to select and manage outsourcing relationship
• Covers the lifecycle of service provision from initiation to
completion of a relationship
March 23, 2010 27
28. ASL (Application Services Library)
• Describes a standard for processes for management,
maintenance and enhancement/renovation of (business)
applications
• Aimed at managers and professionals loooking to improve
maturity of the processes for delivering application
management services
• Can be used to improve a broad spectrum of aspects of
application management, varying from cost control and
quality of service to staff motivation and strategic
alignment
• Based on ITIL concepts
March 23, 2010 28
29. USMBOK (Universal Service Management Body of
Knowledge)
• New major and comprehensive service management
framework
• Driven by a single individual
• Designed as an open body of knowledge on successful
service management
March 23, 2010 29
30. Program and Project Management Frameworks
Information
Technology
and Related
Frameworks
Program and
Project
Management
PMBOK
PRINCE2 MSP
(Project
(Projects in (Managing IT Balanced
Management
Controlled Successful Scorecard
Body of
Environments) Programmes)
Knowledge)
March 23, 2010 30
31. PRINCE2 (Projects in Controlled Environments )
• Best practice project management standard in the UK and widely
used elsewhere
• Process-based method for project management - sets of processes
that provide a controlled project start, controlled project, and
controlled close
• Covers management, control and organisation of a project and can
be used for any project type and size
• Concentrates on the work of project and team managers and
management involved in decision-making within the project
• Covered aspects of projects are business case, organisation, plans,
controls, management of risks, quality in a project environment,
configuration management and change control
March 23, 2010 31
32. PMBOK (Project Management Body of Knowledge)
• Very widely used process-based project management
guide and an internationally recognised standard that
provides the fundamentals of project management as they
apply to a wide range of projects
• Recognised throughout the world as a standard for
managing projects
• Covers project knowledge areas: integration management,
HR management, scope management, communications
management, time management, risk management, cost
management, procurement management and quality
management
March 23, 2010 32
33. MSP (Managing Successful Programmes)
• Best practice guide on programme management
• Generic approach which can be used in all types of
programmes
• Contains a set of principles and a set of processes for use
when managing a programme
• Tool to manage strategic change in parts of an
organisation
• Can be used together with PRINCE2
March 23, 2010 33
34. IT Balanced Scorecard
• Planning and management tool used to align business
activities to the vision and strategy of the organisation,
improve internal and external communications and
monitor organisation performance against strategic goals
• Can be used to measure and manage IT performance and
to enable alignment between business and IT
• Covers four perspectives: perspective, internal business
process, learning and growth and customer
March 23, 2010 34
35. Software Lifecycle Management Frameworks
Information
Technology and
Related
Frameworks
Software
Lifecycle
Management
ISO/IEC 12207
CMMI Systems And DSDM (Dynamic
(Capability Software Systems RUP (Rational
Maturity Model Engineering – Development Unified Process)
Integration) Software Life Method)
Cycle Processes)
March 23, 2010 35
36. CMMI (Capability Maturity Model Integration
• Process improvement approach that provides with the
essential elements of effective processes
• Currently addresses three areas
− Product and service development - CMMI for Development
− Service establishment, management, and delivery - CMMI for
Services
− Product and service acquisition - CMMI for Acquisition
March 23, 2010 36
37. ISO/IEC 12207 Systems And Software Engineering –
Software Life Cycle Processes)
• Defines a common framework for software life cycle
processes, with well-defined terminology that can be
referenced by the software industry
• Applies to the acquisition of systems and software
products and services, to the supply, development,
operation, maintenance, and disposal of software products
and the software portion of a system, whether performed
internally or externally to an organisation
• Provides a process that can be employed for defining,
controlling, and improving software life cycle processes
March 23, 2010 37
38. DSDM (Dynamic Systems Development Method)
• Software development methodology originally based on
and extends Rapid Application Development methodology
• Iterative and incremental approach that emphasises
continuous user involvement
• Aims to deliver software systems on time and on budget
while adjusting for changing requirements along the
development process
March 23, 2010 38
39. RUP (Rational Unified Process)
• Iterative software development process framework
created by the Rational Software Corporation (IBM)
• Can be tailored by the development organisations and
software project teams who select the parts of the process
that are appropriate
• Consists of project lifecycle phases and engineering and
supporting disciplines
• Variants and extensions
− Unified Process
− Open Unified Process
− Agile Unified Process
− Enterprise Unified Process
March 23, 2010 39
40. Value and Investment Management Frameworks
Information
Technology
and Related
Frameworks
Value and
Investment
Management
ITIM
(Information Gartner Total
Technology Val IT Cost of
Investment Ownership
Management)
March 23, 2010 40
41. ITIM (Information Technology Investment
Management)
• Produced by the United States General Accounting Office
(GAO)
• Identifies and organises thirteen processes that are critical
for successful investment into a framework of increasingly
mature stages
• Tool for internal and external evaluations of investment
management process
March 23, 2010 41
42. Val IT
• Framework for the governance of IT investments to get
business value from IT investments
• Provides guidance on different types of value (tangible and
intangible) that can be considered and how to compare
the tangible with intangibles benefits
• Tightly integrated with and extends and complements
COBIT with management processes required to get good
value from IT investments
March 23, 2010 42
43. Gartner Total Cost of Ownership
• Aims to be an industry standard TCO methodology
• TCO models are available for contact centre, data network,
distributed computing, enterprise operations centre,
enterprise storage management, help desk, and voice
telecom
March 23, 2010 43
45. DMBOK (Data Management Body of Knowledge)
• Generalised and comprehensive framework for managing
data across the entire lifecycle
• rovides a detailed framework to assist development and
implementation of data management processes and
procedures and ensures all requirements are addressed
• Enables effective and appropriate data management
across the organisation
• Provides awareness and visibility of data management
issues and requirements
March 23, 2010 45
46. Quality Management Frameworks
Information
Technology and
Related
Frameworks
Quality
Management
TQM (Total
ISO 9000 TickIT/TickITplus Quality Six Sigma
Management)
March 23, 2010 46
47. ISO 9000
• ISO 9000 is a family of standards for quality management
systems
• Developed to address the quality management systems
within an organisation to demonstrate its capability to
meet its customer's requirements
• Certifies that an organisation has carried out the correct
processes but does not provide a quality guarantee of the
end product
• Only standard that can be used for the certification of a
quality management system
March 23, 2010 47
48. TickIT/TickITplus
• Quality management certification for software
• Mainly UK based
• Aims to improve the quality of software and its application
• Includes practical guidance for software development and
services
• TickITplus adds industry best practice with international IT
standards with ISO 9001 accredited certification
March 23, 2010 48
49. TQM (Total Quality Management)
• TQM is a management approach that seeks to integrate all
organisational functions to focus on meeting customer
needs and organisational objectives
• All personnel become involved in the continuous
improvement of the production of goods and services
• Concerned with continuous improvement in all work from
high level strategic planning and decision making to
detailed execution of work elements
• Many methodologies and techniques to implement TQM
approach
March 23, 2010 49
50. Six Sigma
• Data-driven approach and methodology for eliminating defects in
any process
• Originated in manufacturing but now widely used
• Practical goal to increase profits by eliminating variability, defects,
and waste that undermine customer loyalty
• Two Six Sigma components
− DMAIC - define, measure, analyse, improve and control for existing processes
− DMADV define, measure, analyse, design and verify for new processes
• Uses a set of quality management methods, including statistical
methods, and creates a special infrastructure of people within the
organisation who are experts in these methods
March 23, 2010 50
51. Governance, Security and Risk Management
Frameworks
Information
Technology
and Related
Frameworks
Governance,
Security and
Risk
Management
COBIT (Control ISO 38500 ISO 27000 /
OCEG (Open
Objectives for (Corporate (Information IT Baseline
Compliance
Information Governance of Security Protection
and Ethics
and Related Information Management Catalogs
Group)
Technology) Technology) System)
March 23, 2010 51
52. COBIT (Control Objectives for Information and
Related Technology
• Framework for IT management created by the Information
Systems Audit and Control Association (ISACA) and the IT
Governance Institute (ITGI)
• Enables clear policy development and good practice for IT
control
• Emphasises regulatory compliance, helps organisations to
increase the value attained from IT
March 23, 2010 52
53. ISO 38500 (Corporate Governance of Information
Technology)
• Framework for governance of IT to assist senior
management to understand and fulfill their legal,
regulatory and ethical obligations in relation to the
organisation’s use of IT
• Based on Austrailian standard AS 8015 for corporate
governance of information and communication technology
• Encompasses establish responsibilities, plan to best
support the organisation, acquire validly, ensure
performance when required, ensure conformance with
rules and ensure respect for human factors
March 23, 2010 53
54. ISO 27000 / (Information Security Management
System)
• Family of 27000 standards for information security
• ISO 27001 specifies a management system to bring
information security under management control
• Examine information security risks, taking account of the
threats, vulnerabilities and impacts
• Design and implement information security controls to
address those risks that are deemed unacceptable
• Implement management process to ensure that the
controls continue to meet information security
requirements
March 23, 2010 54
55. Open Compliance and Ethics Group
• OCEG Framework contains the GRC Capability Model –
specified in the OCEG Red Book
• Provides comprehensive and detailed practices for an
integrated GRC system
− Achieve business objectives
− Enhance organisational culture
− Increase stakeholder confidence
− Prepare and protect the organisation
− Prevent, detect and reduce adversity
− Motivate and inspire desired conduct
− Improve responsiveness and efficiency
− Optimise economic and social value
March 23, 2010 55
56. IT Baseline Protection Catalogs
• Collection of documents from the German Federal Office
for Security in Information Technology
• Includes standard security measures for typical IT systems
with normal protection needs
• Component catalog defines overall aspects of IT,
infrastructure, IT systems, networks and IT applications
• Threat catalog details potential threats to IT systems
• measures catalog define measures necessary to achieve
baseline protection
March 23, 2010 56
57. Business Management and Support Frameworks
Information
Technology and
Related
Frameworks
Business
Management
and Support
MOF (Microsoft BISL (Business
Operations Information
Framework) Service Library)
March 23, 2010 57
58. MOF (Microsoft Operations Framework)
• Contains practices, principles, and activities that provide guidelines
for achieving reliability for IT solutions and services
• Provides question-based guidance that allows you to determine
what is needed now as well as activities that will keep the IT
organisation running efficiently and effectively in the future
• Creates an environment where business and IT can work together
toward operational maturity using a proactive model that defines
processes and standard procedures to gain efficiency and
effectiveness
• Covers activities and processes involved in managing IT services:
definition, development, operation, maintenance and retirement
March 23, 2010 58
59. BISL (Business Information Service Library)
• Public domain standard for functional and and information
management
• Describes processes within business information management at the
strategy, management, and operations level
• Establishes a bridge between IT and business processes and
between business information administrators and information
managers
• Identifies processes at three levels: operations, management, and
strategic
• Covers operations management, functionality management, change
management and transition, planning and control, financial
management, demand management, contract management,
develop information strategy, develop information organisation
strategy and information coordination
March 23, 2010 59
61. Business Analysis Body of Knowledge (BABOK)
• Developed by the IIBA (International Institute of Business Analysis)
• BABOK is the collection of knowledge within the profession of
Business Analysis and reflects generally accepted practice
• Describes business analysis areas of knowledge, their associated
activities and tasks and the skills necessary to be effective in their
execution
• Identifies currently accepted practices
• Recognises business analysis is not the same as software
requirements
• Defined and enhanced by the professionals who apply it
• Captures the knowledge required for the practice of business
analysis as a profession
March 23, 2010 61
62. Structured Systems Analysis and Design Method
(SSADM)
• Systems approach to the analysis and design of
information systems
• Waterfall approach incorporates document-led approach
to system design
• Includes
− Logical Data Modelling
− Data Flow Modelling
− Entity Behaviour Modelling
March 23, 2010 62
63. Enterprise Architecture Frameworks
Information
Technology
and Related
Frameworks
Enterprise
Architecture
NASCIO EAMM
Department of Ministry of
TOGAF (The Federal (NASCIO
Defense Defence
Open Group Enterprise Enterprise
Architecture Architectural Zachman
Architecture Architecture Architecture
Framework Framework
Framework) (FEA) Maturity
(DoDAF) (MODAF)
Model)
March 23, 2010 63
64. TOGAF (The Open Group Architecture Framework)
• TOGAF is a framework - a detailed method and a set of supporting tools — for
developing an enterprise architecture
− TOGAF is not itself an architecture
• Architecture design is a technically complex process and the design of mixed,
multivendor architectures is particularly complex
• TOGAF plays an important role in helping to demystify and reduce the risk in the
architecture development process
• TOGAF provides a platform for adding value and enables users to build genuinely
open systems-based solutions to address their business issues and needs
• Because TOGAF has a detailed implementation framework, the project to
implement it and the associated time and cost can be defined more exactly
• Framework can be customised to suit the requirements of the organisation
• TOGAF has a broad coverage and a business focus and seeks to ensure that IT
delivers what the business needs
• TOGAF focuses on both the “what” and the “how”
March 23, 2010 64
65. Department of Defense Architecture Framework
(DoDAF)
• Framework for developing and representing architecture
descriptions that ensure a common denominator for
understanding, comparing, and integrating architectures
• Establishes data element definitions, rules, and
relationships and a baseline set of products for consistent
development of systems, integrated or federated
architectures
March 23, 2010 65
66. Ministry of Defence Architectural Framework
(MODAF)
• Framework defining a standardised way of creating
enterprise architecture
• Defines architectural views covering the strategic goals of
the enterprise and the people, processes and systems that
deliver those goals
March 23, 2010 66
67. Zachman
• Zachman Framework for Enterprise Architecture defines a
collection of perspectives involved in enterprise
architecture
• Provides a logical structure for classifying and organising
the descriptive representations of an enterprise
• High level framework
March 23, 2010 67
68. Federal Enterprise Architecture (FEA)
• Methodology for information technology acquisition, use
and disposal
• Contains a set of reference models
− Performance Reference Model
− Business Reference Model
− Service Component Reference Model
− Data Reference Model
− Technical Reference Model
March 23, 2010 68
69. NASCIO EAMM (NASCIO Enterprise Architecture
Maturity Model)
• Developed by National Association of State Chief
Information Officers (NASCIO)
• Provides a path for architecture and procedural
improvements within an organisation
• Framework combines business and environment processes
and representations to allow planning and development of
an architecture blueprint
• Designed to improve information sharing across
government boundaries, as well as to position government
enterprises for the digital government age and the
advantages and opportunities that technology presents
March 23, 2010 69
70. Summary
• Large number of potentially very useful frameworks and
methodologies existing as point solutions
• Need to select the most appropriate framework to suit
your needs
• Need to integrate frameworks into IT operations and
delivery structure
March 23, 2010 70
71. More Information
Alan McSweeney
alan@alanmcsweeney.com
March 23, 2010 71