Implementing IT Governance Using COBIT TM, ITIL & ISO 27001

The CobITTM project; using CobITTM as a tool for implementing governance can be done in different ways. Should you redefine the business or redefine CobITTM?

• The Gap Analysis using “Annex A”; comparing where are we now with where do we want to be is a standard project exercise but this relates it directly to identifying and meeting the business need for security and confidentiality of information
• The compliance project; where next after the Gap Analysis? Security implementation requires some special treatment as an essential part of your IT governance project
• Measuring compliance; security metrics can be complicated yet the degree to which you are achieving your objectives needs to be measured and reported

• BS7799 origin and development; another brief introduction to explain why a British standard became internationally recognized as the primary driver for information security
• Achieving ISO status; this did not just happen, but was a planned and managed project which is still ongoing
• ISO27001 components; where Part 1 (ISO17799) is guidelines. Part 2 is the specification on which the rest of this course, like your “security governance” project is based. This will be a look through the key components of the Standard as it should be implemented

• Identifying the risks to IT governance in changes to the IT environment: dealing with special risks including fraud.
• The change cycle: from the first ideas to the implementation of both hardware and software.
• Implementing change governance throughout the Cycle; some ideas for the management process CobITTM, ISO2700 and security management.

• Keeping the customer satisfied: providing the service to Business and maintaining IT as a key business support
• Service desk technology: what is needed in the computerised service desk environment
• Service desk responsibilities & functions: what the service desk should do and what it should not do Day

The benefits of service support; why ITIL Part 2 is equally useful in any IT environment whether or not part of a governance project

• Typical risks to IT Services; most businesses are dependent upon their IT services being there when they are needed. This is a look at common reasons why they might not be and how a variety of ‘disruptive incidents’ can be addressed
• Considering the scope: risks ‘in’ and ‘out’; continuity issues need to be addressed according to business risk as addressing them can be an expensive experience!
• CobITTM Statements; still fitting system availability as a key Governance issue

• Why (not how!); capacity management is a technical issue best left to the experts, but as a part of the IT Governance framework it is essential and must be managed as such
• Typical activities in capacity management; not the technical but the administration, making sure business objectives are achieved not just today, but in the future
• CobITTM statements; again, fitting capacity management into your IT governance CobITTM, ITIL and service support

• What does it mean to an IT department? Finance and IT is not always a ‘hand in glove’ relationship; perhaps it should be? Is IT a ‘black hole’ into which the business pours money?
• Developing an IT accounting system; helping IT to demonstrate its value to the business and helping everyone from the executives to the everyday user to understand IT costs.
• CobITTM statements; fitting financial management into governance.

• The IT infrastructure library; where ITIL came from and how it, in its own right, has become a global vehicle for delivering the IT service.
• The benefits of service management; why ITIL is so useful in any IT environment whether or not part of a governance project service level management.
• The importance of SLA’s to the IT department; internal service level agreements focus the mind of IT on the provision of a “quality product” to meet the needs of business.
• Planning and implementing the process; “it’s all in the planning” goes for any major project but with managing SLA’s it has a very special meaning, especially in governance.
• CobITTM statements as they relate to SLA’s; how managing service levels fits into the CobITTM governance framework.

• Summary of CobITTM history and origins; a brief look at where CobITTM came from to show why it is the globally respected framework for Governance
• CobIT'sTM component parts; different sections for different individuals, from the executive to the implementation team
• CobITTM, ITIL & ISO27001; an overview of the relationship between key elements of the CobITTM framework and the specific tools for adding the ‘meat’ onto CobIT'sTM ‘bones’.

• The case for IT and corporate governance; a look at some of the major issues which have shaken the world’ and the legislation that has directly resulted from highly-publicized business failures, including Sarbanes-Oxley in the USA and beyond
• Executive management in the global enterprise; responsibilities of executive management is being polarized by the recognized need for corporate governance. IT Governance is a key sub-set of this.