Apr 18 2014

Pragmatic Application of Service Management

Category: IT GovernanceDISC @ 11:50 am
English: ITIL Service Desk

English: ITIL Service Desk (Photo credit: Wikipedia)

Enhanced IT Service Management though integrated management frameworks

Learn how to integrate COBITĀ®, ITILĀ® and ISO/IEC 20000 for better IT Service Management

With the increasing popularity of ITILĀ® as a framework for IT Service Management (ITSM), a number of organizations have realized that this approach is sometimes not enough on its own. As a result, service managers are looking for ways to enhance their ITIL-based ITSM without having to throw it away and start again. Many are already working towards compliance with ISO/IEC 20000 ā€” the International Standard for IT Service Management. With the recent release of COBITĀ®5, service management practitioners have even more options. However, until now, there has been little guidance on how to merge these frameworks, standards and methodologies to develop best practice across the ITSM function and produce a robust enterprise philosophy for service delivery.

Guidance on creating an integrated system

Written by service management gurus Suzanne D. Van Hove and Mark Thomas, Pragmatic Application of Service Management is the first book to provide guidance on creating an integrated system based on the three leading service management approaches: COBITĀ®5, ISO/IEC 20000 and ITIL and, to provide a unique mapping to assist service management practitioners in their information gathering. This practical book presents a holistic view of the three and enables service managers to immediately adapt and deploy the guidance, quickly improving their ITSM function.

Create a stronger, more robust Service Management System

Packed with instructive illustrations and helpful tables, this book is ideal for service managers, consultants, auditors and anyone who is considering adopting, adapting or merging COBITĀ®5, ISO/IEC 20000 and ITIL. Through mini case studies, the authors apply their unique Five Anchor Approach to demonstrate how the improvement aspects of COBITĀ®5, ISO/IEC 20000 and ITIL can help identify and deal with common problems faced by todayā€™s organizations. Read this book to learn how to merge COBITĀ®5, ISO/IEC 20000 and ITIL for better service management

About the Authors

Dr Suzanne D. Van Hove is the founder and CEO of SED-IT. A prior Board member of itSMF USA and recipient of the Industry Knowledge Award as well as Lifetime Achievement, she is an advocate for professionalism within Service Management.

Mark Thomas is the founder and President of Escoute, LLC, an IT Governance consultant as well as the previous President of the itSMF USA Kansas City LIG and COBITĀ® SIG. As a well- known ITIL and COBITĀ® expert with over 20 years of professional experience, Markā€™s background spans leadership roles from datacenter CIO to Management and IT Consulting. Mark has led large teams in outsourced IT arrangements, conducted PMO, Service Management and governance activities for major project teams and managed enterprise applications implementations across multiple industries.

Download and read ITGP’s latest publications:

PragmaticApp

Pragmatic Application of Service Management



To know more on related Pragmatic Security Metrics

Pragmatic Security Metrics


Download ITIL – ITSM Toolkit


Related articles

Tags: COBIT, COBIT5, ISO 20000, ITIL, Service Management System

Mar 07 2011

Manager’s Guide to Compliance

Category: Security ComplianceDISC @ 1:45 pm

Manager’s Guide to Compliance: Sarbanes-Oxley, COSO, ERM, COBIT, IFRS, BASEL II, OMB’s A-123, ASX 10, OECD Principles, Turnbull Guidance, Best Practices, and Case Studies (Manager’s Guide Series)




A Wall Street Journal/Harris poll revealed that two thirds of investors express doubts in the ability of corporate boards of directors to provide effective oversight. In the shadow of recent global scandals involving businesses such as Parmalat and WorldCom- Manager’s Guide to Compliance: Best Practices and Case Studies is essential reading for you- whether your organization is a major corporation or a small business.

This timely handbook places U.S. and global regulatory information- as well as critical compliance guidance- in an easy-to-access format and helps you make sense of all the complex issues connected with fraud and compliance.

‘Wide perspectives and best practices combined deliver a punch that will knock your “SOX” off! The author has blended together a critical mix necessary for effectively handling the requirements of SOX.’
Rob Nance- Publisher- AccountingWEB- Inc.

‘Robust compliance and corporate governance is an absolute necessity in today’s business environment. This new book by Anthony Tarantino is an authoritative guide to understanding and implementing compliance and regulatory requirements in the United States and around the world. From SOX to COSO to ERM- this book covers them all.’
Martin T. Biegelman- Certified Fraud Examiner- Fellow and Regent Emeritus of the Association of Certified Fraud Examiners- and coauthor of Executive Roadmap to Fraud Prevention and Internal Control: Creating a Culture of Compliance

‘If compliance wasn’t difficult enough- now companies are faced with a barrage of technology vendors claiming to automate compliance as if it were a project. In his new book- Dr. Tarantino paints the reality of the situation: companies need to embrace the broader tenets of governance and use technology to embed governance policies and controls into their daily business processes. Only then can they gain business value from their compliance investments.’
Chris Capdevila- CEO and cofounder- LogicalApps

Here is a link to this book: Manager’s Guide to Compliance: Sarbanes-Oxley, COSO, ERM, COBIT, IFRS, BASEL II, OMB’s A-123, ASX 10, OECD Principles, Turnbull Guidance, Best Practices, and Case Studies (Manager’s Guide Series)

Tags: ASX 10, BASEL II, Best Practices, COBIT, COSO, ERM, IFRS, OECD Principles, OMB's A-123, Sarbanes-Oxley, Turnbull Guidance

Dec 10 2009

What is a risk assessment framework

Category: Information Security,Risk AssessmentDISC @ 5:46 pm

Computer security is an ongoing threat?!?
Image by Adam Melancon via Flickr

The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments

Definition – A risk assessment framework (RAF) is a strategy for prioritizing and sharing information about the security risks to an information technology (IT) infrastructure.

A good RAF organizes and presents information in a way that both technical and non-technical personnel can understand. It has three important components: a shared vocabulary, consistent assessment methods and a reporting system.

The common view an RAF provides helps an organization see which of its systems are at low risk for abuse or attack and which are at high risk. The data an RAF provides is useful for addressing potential threats pro-actively, planning budgets and creating a culture in which the value of data is understood and appreciated.

There are several risk assessment frameworks that are accepted as industry standards including:

Risk Management Guide for Information Technology Systems (NIST guide) from the National Institute of Standards.

Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) from the Computer Emergency Readiness Team.

Control Objectives for Information and related Technology (COBIT) from the Information Systems Audit and Control Association.

To create a risk management framework, an organization can use or modify the NIST guide, OCTAVE or COBIT or create a framework inhouse that fits the organization’s business requirements. However the framework is built, it should:

1. Inventory and categorize all IT assets.
Assets include hardware, software, data, processes and interfaces to external systems.

2. Identify threats.
Natural disasters or power outages should be considered in addition to threats such as malicious access to systems or malware attacks.

3. Identify corresponding vulnerabilities.
Data about vulnerabilities can be obtained from security testing and system scans. Anecdotal information about known software and/or vendor issues should also be considered.

4. Prioritize potential risks.
Prioritization has three sub-phases: evaluating existing security controls, determining the likelihood and impact of a breach based on those controls, and assigning risk levels.

5. Document risks and determine action.
This is an on-going process, with a pre-determined schedule for issuing reports. The report should document the risk level for all IT assests, define what level of risk an organization is willing to tolerate and accept and identify procedures at each risk level for implementing and maintaining security controls.

Related articles by Zemanta

Tags: Business, COBIT, Computer security, Data, Fire and Security, Information Technology, iso 27001, iso 27002, National Institute of Standards and Technology, NIST, OCTAVE, Risk management, Security, security controls, Technology