SlideShare a Scribd company logo

Comparison of it governance framework-COBIT, ITIL, BS7799

Meghna Verma
Meghna Verma
Technology
1 of 26
Comparative Analysis of IT Governance Frameworks Kanika Vyas | Meghna Verma | Mounica Janupala | Navanita
® COBIT is a Road Map to Good IT Governance • • • • • COBIT originally stood for "Control Objectives for Information and Related Technology," Created by IT Governance Institute and the Information Systems Audit and Control Association (ISACA) in 1994 Framework and knowledge repository Provides common language to communicate goals, objectives and expected results to all stakeholders Based on, and integrates, industry standards and good practices in: – – – – – Strategic alignment of IT with business goals Value delivery of services and new projects Risk management Resource management Performance measurement
Features of COBIT Business Oriented Process Oriented Control Objectives Measurement Driven Note: I don’t own the rights of images used
Harmonizing the Elements of IT Governance IT Governan ce Resource Management
The COBIT Framework Source: COBIT website
The COBIT Framework Plan and Organize (PO) Acquire and Implement (AI) Deliver and Support (DS) Monitor and Evaluate (ME) • Provides direction to solution delivery (AI) and service delivery (DS) • Provides the solutions and passes them to be turned into services • Receives the solutions and makes them usable for end users • Monitors all processes to ensure that the direction provided is followed
The COBIT Framework – 34 processes
COBIT Defines Processes, Goals and Metrics-Example Relationship Amongst Process, Goa ls and Metrics (DS5) Source: COBIT website
Information Technology Infrastructure Library(ITIL) • • • The Information Technology Infrastructure Library (ITIL) is a set of guidance developed by the United Kingdom’s Office Of Government Commerce (OGC) The guidance describes an integrated, process based, best practice framework for managing IT services. ITIL consists of 5 core strategies Service Strategy Service Design Service Transition Service Operation •This strategy looks at the overall business aims and expectations, ensuring that the IT strategy are mapped appropriately •Service Design begins with a set of new or changed business requirements and ends with a solution designed to meet the documented needs of the business •Looks at managing change, risk and quality assurance during the deployment of service designs so that service operations can manage the services and supporting infrastructure in a controlled manner •Service Operation is concerned with business-as-usual activities of keeping services going once they transition into the production environment Continual Service Operation •Continual Service Improvement (CSI) provides an overall view of all the elements from the other books and looks for ways to improve the overall process and service provision
Service Lifecycle & Positioning
SOA-ITIL Governance Synergy
ITIL Core Service Management Functions and Processes • Core of ITIL comprises six service support processes and five service delivery processes • Service support processes are used by the operational level of the organization whereas the service delivery processes are tactical in nature
Benefits of ITIL • • • • • • • • • • • • Improve Resource Utilization Be More Competitive Decrease Rework Eliminate Redundant Work Improve upon project deliverables and time Improve availability, reliability and security of mission critical IT services Justify the cost of service quality Provide services that meet business, customer and user demands Integrate central processes Document and communicate roles and responsibilities in service provision Learn from previous experience Provide demonstrable performance indicators
BS7799 1993 - 1995 Consultation COP Becomes BS7799:1995 (Implementation, Audit, Programme) ISO/IEC 17799: 2000 Recognition as a suitable platform for ISM BS7799: PART 2 ISMS
BS7799  “A comprehensive set of controls comprising best practices in information security”  Comprises TWO parts - a code of practice (ISO 17799) and a specification for an information security management system (ISO 27001)  Basically… an internationally recognized generic information security standard Key Terminology  Policy – General regulations everyone must follow; should be short, clear  Standard – Collection of system-specific requirements that must be met  Guidelines – Collection of system-specific suggestions for best practice. They are not required, but are strongly recommended  Procedures – A series of steps to accomplish a task
Why is it needed • “It is intended to serve as a single reference point for identifying a range of controls needed for most situations where information systems are used in industry and commerce” • Framework for comprehensive IT security program • International standard • Meshes well with EDUCAUSE/I2 direction • Certification for institution available
Sections (Clauses) • • • • • • • • • • • Security Policy Organizing Information Security Asset Management Human Resources Security Physical and Environmental Security Communications and Operations Management Access Control Information Systems Acquisition, Development, and Maintenance Information Security Incident Management Business Continuity Management Compliance Control in each clause •Control objective stating what is to be achieved •One or more controls to achieve the objective •Each control contains: Control statement Implementation guidance (the details) Other information
BS7799 Part 1 is now ISO/IEC 17799:2000 – Incorporates good security practice, with 127 security guidelines (which can be drilled down to provide over 600 other controls) BS7799 Part 2 – A framework for an ISMS, which is the means by which Senior Management monitor and control their security, minimise risk and ensures compliance
Management Framework: ISMS Policy Document Step 1 Define the Policy Step 2 Define Scope of ISMS Step 3 Undertake RA Scope of ISMS Information Assets Risk Assessment Results & Conclusions Step 4 Manage Risk Step 5 Select Controls Select Control Objectives Additional Controls Step 6 Statement of Applicability Statement
Other Benefits:  Enables ISM to be addressed in practical, cost-effective, realistic and comprehensive manner  Establishes mutual trust between networked sites  Enhances Quality Assurance  Demonstrates a high, and appropriate, standard of security  Increases the ability to manage and survive a disaster
Benefits • Define responsibilities, assess risk, cheaper Insurance premiums; • Higher quality of service to LIC as processes thought through with risk assessments; • Continuous assessment and more efficient operations • Higher staff moral and greater sense of knowing what to do in the event of a crisis • Is it necessary to seek ISO17799 Accreditation? – some Registries have done it but it is not essential to be accredited but useful to follow the guidelines
Companies Using BS7799 • Financial Service Sector • Management of Medical Organization Information Security • Newcastle Building Society
Comparison AREA COBIT ITIL ISO27001 Function Mapping IT Process Mapping IT ServiceLevel Management Information Security Framework Area 4 Process and 34 Domain 9 Process 10 Domain Issuer ISACA OGC ISO Board Implementation Information System Audit Manage Service Level Compliance to securitystandard Consultant Accounting Firm, IT Consulting Firm IT Consulting firm IT Consulting firm, Security Firm, Network Consultant
COBIT vs ITIL [In Conjunction] • ITIL was designed as a service management framework to help you understand how you support processes, how you deliver services • COBIT was designed as an IT governance model, particularly and initially with audit in mind to give you control objectives and control practices on how that process should behave • The difference between the two is, COBIT tells you what you should be doing, while ITIL tells you how you should be doing it • Put them together, and you have a very powerful model of what you need to be doing and how you need to be doing it, when it comes to your process management
None of these frameworks are in competition with each other, in fact, it is best if they are used together. – ISO 17799 outlines security controls, but does not focus on how to integrate them into business processes – ITIL focuses on IT processes, not on security – COBIT focuses on controls and metrics, not as much on security So, a combination of all three is usually the best approach. COBIT can be used to determine if the company's needs (including security) are being properly supported by IT. ISO 17799 can be used to determine and improve upon the company's security posture. And ITIL can be used to improve IT processes to meet the company's goals (including security).
Comparison of it governance framework-COBIT, ITIL, BS7799

Recommended

Cobit 2019 framework by ISACA
Cobit 2019 framework by ISACACobit 2019 framework by ISACA
Cobit 2019 framework by ISACA
MDFazlaRabbiAbir
 
Next Generation IT Operating Models and IT4IT
Next Generation IT Operating Models and IT4ITNext Generation IT Operating Models and IT4IT
Next Generation IT Operating Models and IT4IT
Sukumar Daniel
 
IT Service management for non-IT managers (CEO and others)
IT Service management for non-IT managers (CEO and others)IT Service management for non-IT managers (CEO and others)
IT Service management for non-IT managers (CEO and others)
IE Private Consulting in PM & ITSM
 
Cobit presentation
Cobit presentationCobit presentation
Cobit presentation
Fran Rodriguez
 
Fundamentals of Business Process Management - Tutorial at CAiSE'2018
Fundamentals of Business Process Management - Tutorial at CAiSE'2018Fundamentals of Business Process Management - Tutorial at CAiSE'2018
Fundamentals of Business Process Management - Tutorial at CAiSE'2018
Marlon Dumas
 
IT4IT - The Full Story for Digital Transformation - Part 1
IT4IT - The Full Story for Digital Transformation - Part 1IT4IT - The Full Story for Digital Transformation - Part 1
IT4IT - The Full Story for Digital Transformation - Part 1
Mohamed Zakarya Abdelgawad
 
Schema directeur et urbanisation du si
Schema directeur et urbanisation du siSchema directeur et urbanisation du si
Schema directeur et urbanisation du si
Abdeslam Menacere
 
Building an IT Roadmap (C.Hanckowiak)
Building an IT Roadmap (C.Hanckowiak)Building an IT Roadmap (C.Hanckowiak)
Building an IT Roadmap (C.Hanckowiak)
Christophe Hanckowiak, MBA, MS
 

Recommended

Cobit 2019 framework by ISACA
Cobit 2019 framework by ISACACobit 2019 framework by ISACA
Cobit 2019 framework by ISACA
MDFazlaRabbiAbir
 
Next Generation IT Operating Models and IT4IT
Next Generation IT Operating Models and IT4ITNext Generation IT Operating Models and IT4IT
Next Generation IT Operating Models and IT4IT
Sukumar Daniel
 
IT Service management for non-IT managers (CEO and others)
IT Service management for non-IT managers (CEO and others)IT Service management for non-IT managers (CEO and others)
IT Service management for non-IT managers (CEO and others)
IE Private Consulting in PM & ITSM
 
Cobit presentation
Cobit presentationCobit presentation
Cobit presentation
Fran Rodriguez
 
Fundamentals of Business Process Management - Tutorial at CAiSE'2018
Fundamentals of Business Process Management - Tutorial at CAiSE'2018Fundamentals of Business Process Management - Tutorial at CAiSE'2018
Fundamentals of Business Process Management - Tutorial at CAiSE'2018
Marlon Dumas
 
IT4IT - The Full Story for Digital Transformation - Part 1
IT4IT - The Full Story for Digital Transformation - Part 1IT4IT - The Full Story for Digital Transformation - Part 1
IT4IT - The Full Story for Digital Transformation - Part 1
Mohamed Zakarya Abdelgawad
 
Schema directeur et urbanisation du si
Schema directeur et urbanisation du siSchema directeur et urbanisation du si
Schema directeur et urbanisation du si
Abdeslam Menacere
 
Building an IT Roadmap (C.Hanckowiak)
Building an IT Roadmap (C.Hanckowiak)Building an IT Roadmap (C.Hanckowiak)
Building an IT Roadmap (C.Hanckowiak)
Christophe Hanckowiak, MBA, MS
 
Define an IT Strategy and Roadmap
Define an IT Strategy and RoadmapDefine an IT Strategy and Roadmap
Define an IT Strategy and Roadmap
Andrew Byers
 
ITIL-4-Framework-2021.pptx
ITIL-4-Framework-2021.pptxITIL-4-Framework-2021.pptx
ITIL-4-Framework-2021.pptx
Exlit
 
ITIL4 and ServiceNow
ITIL4 and ServiceNowITIL4 and ServiceNow
ITIL4 and ServiceNow
ITSM Academy, Inc.
 
Itil4 itsmf
Itil4 itsmfItil4 itsmf
Itil4 itsmf
itSMF Belgium
 
Guide iso 20000
Guide iso 20000Guide iso 20000
Guide iso 20000
ORSYP France
 
Itil,cobit and ıso27001
Itil,cobit and ıso27001Itil,cobit and ıso27001
Itil,cobit and ıso27001
Burcu Pelin TELLİ
 
Itil v4-mindmap
Itil v4-mindmapItil v4-mindmap
Itil v4-mindmap
Ismail aboulezz
 
Whole-of-enterprise architecture
Whole-of-enterprise architectureWhole-of-enterprise architecture
Whole-of-enterprise architecture
Tetradian Consulting
 
CapellaDays2022 | ThermoFisher - ESI TNO | A method for quantitative evaluati...
CapellaDays2022 | ThermoFisher - ESI TNO | A method for quantitative evaluati...CapellaDays2022 | ThermoFisher - ESI TNO | A method for quantitative evaluati...
CapellaDays2022 | ThermoFisher - ESI TNO | A method for quantitative evaluati...
Obeo
 
ITIL v3 vs v4
ITIL v3 vs v4ITIL v3 vs v4
ITIL v3 vs v4
BITIL.COM
 
Developing IT strategy
Developing IT strategyDeveloping IT strategy
Developing IT strategy
Anurag Purohit
 
ServiceNow Paris Release - Our favorite new features
ServiceNow Paris Release - Our favorite new featuresServiceNow Paris Release - Our favorite new features
ServiceNow Paris Release - Our favorite new features
Plat4mation
 
manufacturingoperationmanagement-ISA 95.ppt
manufacturingoperationmanagement-ISA 95.pptmanufacturingoperationmanagement-ISA 95.ppt
manufacturingoperationmanagement-ISA 95.ppt
Raul Gonzalez
 
Smart erp solutions oracle cloud services overview - 2021 - 2022
Smart erp solutions oracle cloud services overview - 2021 - 2022Smart erp solutions oracle cloud services overview - 2021 - 2022
Smart erp solutions oracle cloud services overview - 2021 - 2022
Smart ERP Solutions, Inc.
 
A tailored enterprise architecture maturity model
A tailored enterprise architecture maturity modelA tailored enterprise architecture maturity model
A tailored enterprise architecture maturity model
Paul Sullivan
 
Togaf
TogafTogaf
Togaf
Zakaria Haddadi
 
Gouvernance ITIL:2011 - ISO/CEI 20000
Gouvernance ITIL:2011 - ISO/CEI 20000Gouvernance ITIL:2011 - ISO/CEI 20000
Gouvernance ITIL:2011 - ISO/CEI 20000
ISACA Chapitre de Québec
 
Sirius Web Advanced : Customize and Extend the Platform
Sirius Web Advanced : Customize and Extend the PlatformSirius Web Advanced : Customize and Extend the Platform
Sirius Web Advanced : Customize and Extend the Platform
Obeo
 
IT Governance
IT GovernanceIT Governance
IT Governance
Carlos Chalico
 
Les guides d'audit TI de l'ISACA
Les guides d'audit TI de l'ISACALes guides d'audit TI de l'ISACA
Les guides d'audit TI de l'ISACA
Yann Riviere CCSK, CISSP, CRISC, CISM
 
Frameworks For Predictability
Frameworks For PredictabilityFrameworks For Predictability
Frameworks For Predictability
tlknecht
 
20180530123152_PPT8-TOPIK8-R0-IT Governance Instruments.pptx
20180530123152_PPT8-TOPIK8-R0-IT Governance Instruments.pptx20180530123152_PPT8-TOPIK8-R0-IT Governance Instruments.pptx
20180530123152_PPT8-TOPIK8-R0-IT Governance Instruments.pptx
BambangEkoSantoso
 

More Related Content

What's hot

CapellaDays2022 | ThermoFisher - ESI TNO | A method for quantitative evaluati...
CapellaDays2022 | ThermoFisher - ESI TNO | A method for quantitative evaluati...CapellaDays2022 | ThermoFisher - ESI TNO | A method for quantitative evaluati...
CapellaDays2022 | ThermoFisher - ESI TNO | A method for quantitative evaluati...
Obeo
 

What's hot (20)

Define an IT Strategy and Roadmap
Define an IT Strategy and RoadmapDefine an IT Strategy and Roadmap
Define an IT Strategy and Roadmap
 
ITIL-4-Framework-2021.pptx
ITIL-4-Framework-2021.pptxITIL-4-Framework-2021.pptx
ITIL-4-Framework-2021.pptx
 
ITIL4 and ServiceNow
ITIL4 and ServiceNowITIL4 and ServiceNow
ITIL4 and ServiceNow
 
Itil4 itsmf
Itil4 itsmfItil4 itsmf
Itil4 itsmf
 
Guide iso 20000
Guide iso 20000Guide iso 20000
Guide iso 20000
 
Itil,cobit and ıso27001
Itil,cobit and ıso27001Itil,cobit and ıso27001
Itil,cobit and ıso27001
 
Itil v4-mindmap
Itil v4-mindmapItil v4-mindmap
Itil v4-mindmap
 
Whole-of-enterprise architecture
Whole-of-enterprise architectureWhole-of-enterprise architecture
Whole-of-enterprise architecture
 
CapellaDays2022 | ThermoFisher - ESI TNO | A method for quantitative evaluati...
CapellaDays2022 | ThermoFisher - ESI TNO | A method for quantitative evaluati...CapellaDays2022 | ThermoFisher - ESI TNO | A method for quantitative evaluati...
CapellaDays2022 | ThermoFisher - ESI TNO | A method for quantitative evaluati...
 
ITIL v3 vs v4
ITIL v3 vs v4ITIL v3 vs v4
ITIL v3 vs v4
 
Developing IT strategy
Developing IT strategyDeveloping IT strategy
Developing IT strategy
 
ServiceNow Paris Release - Our favorite new features
ServiceNow Paris Release - Our favorite new featuresServiceNow Paris Release - Our favorite new features
ServiceNow Paris Release - Our favorite new features
 
manufacturingoperationmanagement-ISA 95.ppt
manufacturingoperationmanagement-ISA 95.pptmanufacturingoperationmanagement-ISA 95.ppt
manufacturingoperationmanagement-ISA 95.ppt
 
Smart erp solutions oracle cloud services overview - 2021 - 2022
Smart erp solutions oracle cloud services overview - 2021 - 2022Smart erp solutions oracle cloud services overview - 2021 - 2022
Smart erp solutions oracle cloud services overview - 2021 - 2022
 
A tailored enterprise architecture maturity model
A tailored enterprise architecture maturity modelA tailored enterprise architecture maturity model
A tailored enterprise architecture maturity model
 
Togaf
TogafTogaf
Togaf
 
Gouvernance ITIL:2011 - ISO/CEI 20000
Gouvernance ITIL:2011 - ISO/CEI 20000Gouvernance ITIL:2011 - ISO/CEI 20000
Gouvernance ITIL:2011 - ISO/CEI 20000
 
Sirius Web Advanced : Customize and Extend the Platform
Sirius Web Advanced : Customize and Extend the PlatformSirius Web Advanced : Customize and Extend the Platform
Sirius Web Advanced : Customize and Extend the Platform
 
IT Governance
IT GovernanceIT Governance
IT Governance
 
Les guides d'audit TI de l'ISACA
Les guides d'audit TI de l'ISACALes guides d'audit TI de l'ISACA
Les guides d'audit TI de l'ISACA
 

Similar to Comparison of it governance framework-COBIT, ITIL, BS7799

Integrating sms and isms
Integrating sms and ismsIntegrating sms and isms
Integrating sms and isms
Septafiansyah P
 
How Your Organization Can Become ISO Certified...It's easier than you think
How Your Organization Can Become ISO Certified...It's easier than you thinkHow Your Organization Can Become ISO Certified...It's easier than you think
How Your Organization Can Become ISO Certified...It's easier than you think
ITSM Academy, Inc.
 
02. cobit 41 dan iso 17799
02. cobit 41 dan iso 1779902. cobit 41 dan iso 17799
02. cobit 41 dan iso 17799
Mulyadi Yusuf
 
Allstate- Cathy Kirch- Release -Final
Allstate- Cathy Kirch- Release -FinalAllstate- Cathy Kirch- Release -Final
Allstate- Cathy Kirch- Release -Final
Cathy Kirch
 

Similar to Comparison of it governance framework-COBIT, ITIL, BS7799 (20)

Frameworks For Predictability
Frameworks For PredictabilityFrameworks For Predictability
Frameworks For Predictability
 
20180530123152_PPT8-TOPIK8-R0-IT Governance Instruments.pptx
20180530123152_PPT8-TOPIK8-R0-IT Governance Instruments.pptx20180530123152_PPT8-TOPIK8-R0-IT Governance Instruments.pptx
20180530123152_PPT8-TOPIK8-R0-IT Governance Instruments.pptx
 
Integrating sms and isms
Integrating sms and ismsIntegrating sms and isms
Integrating sms and isms
 
Msp It Goverance And Service Delivery Process
Msp It Goverance And Service Delivery ProcessMsp It Goverance And Service Delivery Process
Msp It Goverance And Service Delivery Process
 
Diskusi buku: Securing an IT Organization through Governance, Risk Management...
Diskusi buku: Securing an IT Organization through Governance, Risk Management...Diskusi buku: Securing an IT Organization through Governance, Risk Management...
Diskusi buku: Securing an IT Organization through Governance, Risk Management...
 
Cobit 4.1 indri
Cobit 4.1 indriCobit 4.1 indri
Cobit 4.1 indri
 
Virtualization infrastructure governance policies Gargee S Hiray
Virtualization infrastructure governance policies Gargee S HirayVirtualization infrastructure governance policies Gargee S Hiray
Virtualization infrastructure governance policies Gargee S Hiray
 
Taming the DCIM Wave with ITIL
Taming the DCIM Wave with ITILTaming the DCIM Wave with ITIL
Taming the DCIM Wave with ITIL
 
CISSPills #3.02
CISSPills #3.02CISSPills #3.02
CISSPills #3.02
 
COBIT Approach to Maintain Healthy Cyber Security Status Using NIST - CSF
COBIT Approach to Maintain Healthy Cyber Security Status Using NIST - CSF COBIT Approach to Maintain Healthy Cyber Security Status Using NIST - CSF
COBIT Approach to Maintain Healthy Cyber Security Status Using NIST - CSF
 
Chapter 1 Security Framework
Chapter 1 Security FrameworkChapter 1 Security Framework
Chapter 1 Security Framework
 
How Your Organization Can Become ISO Certified...It's easier than you think
How Your Organization Can Become ISO Certified...It's easier than you thinkHow Your Organization Can Become ISO Certified...It's easier than you think
How Your Organization Can Become ISO Certified...It's easier than you think
 
standards1.pdf
standards1.pdfstandards1.pdf
standards1.pdf
 
Donna Febriani
Donna FebrianiDonna Febriani
Donna Febriani
 
ITIL version 2: Foundation Training
ITIL version 2: Foundation TrainingITIL version 2: Foundation Training
ITIL version 2: Foundation Training
 
IT Governance Framework
IT Governance FrameworkIT Governance Framework
IT Governance Framework
 
Co5bit
Co5bitCo5bit
Co5bit
 
02. cobit 41 dan iso 17799
02. cobit 41 dan iso 1779902. cobit 41 dan iso 17799
02. cobit 41 dan iso 17799
 
Allstate- Cathy Kirch- Release -Final
Allstate- Cathy Kirch- Release -FinalAllstate- Cathy Kirch- Release -Final
Allstate- Cathy Kirch- Release -Final
 
IT Management Toolkit - ITIL Is Not Enough
IT Management Toolkit - ITIL Is Not EnoughIT Management Toolkit - ITIL Is Not Enough
IT Management Toolkit - ITIL Is Not Enough
 

More from Meghna Verma

Global Talent Crisis
Global Talent CrisisGlobal Talent Crisis
Global Talent Crisis
Meghna Verma
 
Book Review-Blue Ocean Strategy
Book Review-Blue Ocean StrategyBook Review-Blue Ocean Strategy
Book Review-Blue Ocean Strategy
Meghna Verma
 
Study on the organizational design of bharti airtel
Study on the organizational design of bharti airtelStudy on the organizational design of bharti airtel
Study on the organizational design of bharti airtel
Meghna Verma
 
Strategic analysis of apple
Strategic analysis of appleStrategic analysis of apple
Strategic analysis of apple
Meghna Verma
 
Ibm mentorship program analysis
Ibm mentorship program analysisIbm mentorship program analysis
Ibm mentorship program analysis
Meghna Verma
 
Cross Cultural Analysis- Canada
Cross Cultural Analysis- CanadaCross Cultural Analysis- Canada
Cross Cultural Analysis- Canada
Meghna Verma
 

More from Meghna Verma (6)

Global Talent Crisis
Global Talent CrisisGlobal Talent Crisis
Global Talent Crisis
 
Book Review-Blue Ocean Strategy
Book Review-Blue Ocean StrategyBook Review-Blue Ocean Strategy
Book Review-Blue Ocean Strategy
 
Study on the organizational design of bharti airtel
Study on the organizational design of bharti airtelStudy on the organizational design of bharti airtel
Study on the organizational design of bharti airtel
 
Strategic analysis of apple
Strategic analysis of appleStrategic analysis of apple
Strategic analysis of apple
 
Ibm mentorship program analysis
Ibm mentorship program analysisIbm mentorship program analysis
Ibm mentorship program analysis
 
Cross Cultural Analysis- Canada
Cross Cultural Analysis- CanadaCross Cultural Analysis- Canada
Cross Cultural Analysis- Canada
 

Recently uploaded

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 

Recently uploaded (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 

Comparison of it governance framework-COBIT, ITIL, BS7799

  • 1. Comparative Analysis of IT Governance Frameworks Kanika Vyas | Meghna Verma | Mounica Janupala | Navanita
  • 2. ® COBIT is a Road Map to Good IT Governance • • • • • COBIT originally stood for "Control Objectives for Information and Related Technology," Created by IT Governance Institute and the Information Systems Audit and Control Association (ISACA) in 1994 Framework and knowledge repository Provides common language to communicate goals, objectives and expected results to all stakeholders Based on, and integrates, industry standards and good practices in: – – – – – Strategic alignment of IT with business goals Value delivery of services and new projects Risk management Resource management Performance measurement
  • 3. Features of COBIT Business Oriented Process Oriented Control Objectives Measurement Driven Note: I don’t own the rights of images used
  • 4. Harmonizing the Elements of IT Governance IT Governan ce Resource Management
  • 6. The COBIT Framework Plan and Organize (PO) Acquire and Implement (AI) Deliver and Support (DS) Monitor and Evaluate (ME) • Provides direction to solution delivery (AI) and service delivery (DS) • Provides the solutions and passes them to be turned into services • Receives the solutions and makes them usable for end users • Monitors all processes to ensure that the direction provided is followed
  • 7. The COBIT Framework – 34 processes
  • 8. COBIT Defines Processes, Goals and Metrics-Example Relationship Amongst Process, Goa ls and Metrics (DS5) Source: COBIT website
  • 9. Information Technology Infrastructure Library(ITIL) • • • The Information Technology Infrastructure Library (ITIL) is a set of guidance developed by the United Kingdom’s Office Of Government Commerce (OGC) The guidance describes an integrated, process based, best practice framework for managing IT services. ITIL consists of 5 core strategies Service Strategy Service Design Service Transition Service Operation •This strategy looks at the overall business aims and expectations, ensuring that the IT strategy are mapped appropriately •Service Design begins with a set of new or changed business requirements and ends with a solution designed to meet the documented needs of the business •Looks at managing change, risk and quality assurance during the deployment of service designs so that service operations can manage the services and supporting infrastructure in a controlled manner •Service Operation is concerned with business-as-usual activities of keeping services going once they transition into the production environment Continual Service Operation •Continual Service Improvement (CSI) provides an overall view of all the elements from the other books and looks for ways to improve the overall process and service provision
  • 10. Service Lifecycle & Positioning
  • 12. ITIL Core Service Management Functions and Processes • Core of ITIL comprises six service support processes and five service delivery processes • Service support processes are used by the operational level of the organization whereas the service delivery processes are tactical in nature
  • 13. Benefits of ITIL • • • • • • • • • • • • Improve Resource Utilization Be More Competitive Decrease Rework Eliminate Redundant Work Improve upon project deliverables and time Improve availability, reliability and security of mission critical IT services Justify the cost of service quality Provide services that meet business, customer and user demands Integrate central processes Document and communicate roles and responsibilities in service provision Learn from previous experience Provide demonstrable performance indicators
  • 14. BS7799 1993 - 1995 Consultation COP Becomes BS7799:1995 (Implementation, Audit, Programme) ISO/IEC 17799: 2000 Recognition as a suitable platform for ISM BS7799: PART 2 ISMS
  • 15. BS7799  “A comprehensive set of controls comprising best practices in information security”  Comprises TWO parts - a code of practice (ISO 17799) and a specification for an information security management system (ISO 27001)  Basically… an internationally recognized generic information security standard Key Terminology  Policy – General regulations everyone must follow; should be short, clear  Standard – Collection of system-specific requirements that must be met  Guidelines – Collection of system-specific suggestions for best practice. They are not required, but are strongly recommended  Procedures – A series of steps to accomplish a task
  • 16. Why is it needed • “It is intended to serve as a single reference point for identifying a range of controls needed for most situations where information systems are used in industry and commerce” • Framework for comprehensive IT security program • International standard • Meshes well with EDUCAUSE/I2 direction • Certification for institution available
  • 17. Sections (Clauses) • • • • • • • • • • • Security Policy Organizing Information Security Asset Management Human Resources Security Physical and Environmental Security Communications and Operations Management Access Control Information Systems Acquisition, Development, and Maintenance Information Security Incident Management Business Continuity Management Compliance Control in each clause •Control objective stating what is to be achieved •One or more controls to achieve the objective •Each control contains: Control statement Implementation guidance (the details) Other information
  • 18. BS7799 Part 1 is now ISO/IEC 17799:2000 – Incorporates good security practice, with 127 security guidelines (which can be drilled down to provide over 600 other controls) BS7799 Part 2 – A framework for an ISMS, which is the means by which Senior Management monitor and control their security, minimise risk and ensures compliance
  • 19. Management Framework: ISMS Policy Document Step 1 Define the Policy Step 2 Define Scope of ISMS Step 3 Undertake RA Scope of ISMS Information Assets Risk Assessment Results & Conclusions Step 4 Manage Risk Step 5 Select Controls Select Control Objectives Additional Controls Step 6 Statement of Applicability Statement
  • 20. Other Benefits:  Enables ISM to be addressed in practical, cost-effective, realistic and comprehensive manner  Establishes mutual trust between networked sites  Enhances Quality Assurance  Demonstrates a high, and appropriate, standard of security  Increases the ability to manage and survive a disaster
  • 21. Benefits • Define responsibilities, assess risk, cheaper Insurance premiums; • Higher quality of service to LIC as processes thought through with risk assessments; • Continuous assessment and more efficient operations • Higher staff moral and greater sense of knowing what to do in the event of a crisis • Is it necessary to seek ISO17799 Accreditation? – some Registries have done it but it is not essential to be accredited but useful to follow the guidelines
  • 22. Companies Using BS7799 • Financial Service Sector • Management of Medical Organization Information Security • Newcastle Building Society
  • 23. Comparison AREA COBIT ITIL ISO27001 Function Mapping IT Process Mapping IT ServiceLevel Management Information Security Framework Area 4 Process and 34 Domain 9 Process 10 Domain Issuer ISACA OGC ISO Board Implementation Information System Audit Manage Service Level Compliance to securitystandard Consultant Accounting Firm, IT Consulting Firm IT Consulting firm IT Consulting firm, Security Firm, Network Consultant
  • 24. COBIT vs ITIL [In Conjunction] • ITIL was designed as a service management framework to help you understand how you support processes, how you deliver services • COBIT was designed as an IT governance model, particularly and initially with audit in mind to give you control objectives and control practices on how that process should behave • The difference between the two is, COBIT tells you what you should be doing, while ITIL tells you how you should be doing it • Put them together, and you have a very powerful model of what you need to be doing and how you need to be doing it, when it comes to your process management
  • 25. None of these frameworks are in competition with each other, in fact, it is best if they are used together. – ISO 17799 outlines security controls, but does not focus on how to integrate them into business processes – ITIL focuses on IT processes, not on security – COBIT focuses on controls and metrics, not as much on security So, a combination of all three is usually the best approach. COBIT can be used to determine if the company's needs (including security) are being properly supported by IT. ISO 17799 can be used to determine and improve upon the company's security posture. And ITIL can be used to improve IT processes to meet the company's goals (including security).