A Survey of IT Governance Through COBIT, ITIL, and ISO 17799

Samantha Schreiner University of Illinois at Urbana Champaign BA 559 – Professor Michael Shaw December 15 th , 2008

IT Governance

  Institute on IT Governance defines as “integral part of enterprise governance that consists of the leadership and organizational structures and processes that ensure an organization’s IT sustains and extends the organization’s strategies and objects” Direct IT applications and make sure that IT performance meets:     Alignment of IT with enterprise Use of IT enables the enterprise to take advantage of all opportunities and maximize benefits IT resources are used responsibly IT related risks appropriately managed QuickTime™ and a TIFF (U ncompressed) decompressor are needed to see this picture.

Frameworks

    Top management’s strategy and goals must be effectively stated and brought down throughout the enterprise Framework is a key element in ensuring proper control and governance of IT 72% of all North American enterprise-class organizations use one or more formal IT control and process model COBIT * ITIL * ISO 17799  Most popular frameworks

COBIT

 Mission to “research, develop, publicize and promote an authoritative, up-to-date, internationally accepted IT governance control framework for adoption by enterprises and day-to-day business managers, IT professionals, and assurance professionals”     Business focused Process-oriented Control based Measurement driven

COBIT domains

 Plan and Organize  Acquire and Implement  Deliver and Support  Monitor and Evaluate QuickTime™ and a TIFF (U ncompressed) decompressor are needed to see this picture.

ITIL

 Defines organizational structure and requirements for an entity’s IT  Gives a standard set of operational management tasks  Latest version: v3

ITIL volumes

 Service Strategy  Service Design  Service Transition  Service Operation  Continual Service Improvement

ISO 17799

 Standard to assist companies is establishing risk assessment methods, policies, and controls  Establishes guidelines for certification, compliance, and audits  11 security control clauses with 39 main security categories

ISO 17799 steps

         Conduct risk assessments Establish a security policy Compile an asset inventory Define accountability Address physical security Document operating procedures Determine access controls Coordinate business activity Demonstrate compliance QuickTime™ and a TIFF (U ncompressed) decompressor are needed to see this picture.