Page 97 - DCAP307_PLANNING_AND_MANAGING_IT_INFRASTRUCTURE
P. 97

Unit 5: Corporate Governance and IT




                                                                                               Notes
                                 Figure 5.1: COBIT Control Objectives

























          Source: http://i.bnet.com/whitepapers/051103656300.pdf
              “Application Management.” Application Management addresses the complex subject of
              managing applications from initial business requirements through the application
              management lifecycle, up to and including retirement. A strong emphasis is placed on
              ensuring that IT projects and strategies are tightly aligned with those of the business
              throughout the applications life cycle. Once an application is approved and funded, it is
              tracked throughout its life cycle by the software asset management function of ITIL.
          While COBIT takes the perspective of audit and control, ITIL takes the perspective of service
          management. The two frameworks are more complementary than competitive and components
          of both can be taken to build a governance framework.





             Task  Describe the best practices identified by ITIL.
          5.5.3 ISO 17799


          The International Organisation for Standardisation has developed the third major governance
          framework, ISO 17799, titled “Information Technology — Code of Practice for Information
          Security Management.”
           It was first released by the ISO in December 2000. However, it is based on British Standard 7799,
          which was finalised in 1999. The intent of the standard is to focus on security and aid an
          organisation in the creation of an effective IT security plan. The standard has the following high-
          level groupings: security policy, organisational security, asset classification and control,
          personnel security, physical and environmental security, communications and operations
          management, access control, systems development and maintenance, business continuity
          management, and compliance. The standard is very thorough and covers a great deal of material
          in a concise manner.
          ISO 17799’s relatively narrow focus on security makes it unsuitable as the sole basis for an IT
          governance framework, but since risk management is a component of IT governance, there is
          relevance to ISO 17799, and parts of it can be adopted in building an overall IT governance
          framework.


                                           LOVELY PROFESSIONAL UNIVERSITY                                   91
   92   93   94   95   96   97   98   99   100   101   102