4 Mart 2016 Cuma

ITIL, COBIT AND ISO 27001


ITIL, COBIT AND ISO 27001

ITIL was designed as a service management framework to help you understand how you support processes, how you deliver services.
COBIT was designed as an IT governance model, particularly and initially with audit in mind to give you control objectives and control practices on how that process should behave.
The difference between the two is, COBIT tells you what you should be doing, while ITIL tells you how you should be doig it.
Put them together, and you have a very powerfull model of what you need to be doing and how you need to be doing it, when it comes to your process management.
None of these frameworks are in competition with each other, in fact, it is best if they are used together.
-ITIL, focuses on IT processes, not on security
-COBIT focuses on controls and metrics, not as much on security


ITIL( Information Technology Infrastructure Library)


ITIL is an enhanced service management methodology to manage the complete IT service and the best quality. ITIL was developed in 1987 by the British Ministry of Commerce. 

With the approach of ITIL business processes , customer, supplier , providing IT department and successfully establishing communication between users. " Best practices / experiences" which is built upon ITIL and IT Service Management and distribution processes are used widely in the world and is accepted as a recognized standard. 

ITIL version 2 was published in 2001 . The third version of ITIL was published in 2007 as an introduction and 5 basic book.
ITIL is the most appropriate reference for service management and provisioning processes.
 
Basically it consists of 5 phases associated with each other.
·         Service Strategy
·         Service Design
·         Service Transition
·         Service Operation
·         Continual Service Improvement
Processes can be designed , applied, the ability to be integrated and managed to spot that needed some main roles, and about the roles have been identified. These roles must be deployed after analyzing the organizational processes.
These tasks;
-Service Owner : A service of design, integration, performance, include the improvement and management .
Process Owner: A process of design, integration, performance, include the improvement and management .
Product Manager : Performance of the relevant service group involves improving and managed.
Service Manager : The performance of all the services involved in formation , it involves the improvement and management





















CobiT (Control Objectives for Information and Related Technology)
CobiT , Information Technology reveals the management objectives to be achieved . CobiT , ITIL , CMMI and ISO standards is the most important feature that separates provide a framework covering the entire IT function .Cobit covers the entire IT management . CobiT is focused on managing IT. It contains detailed solutions related to the implementation of the process.
 
Properties:
- Information Technologies stipulates that should serve the company's business objectives.
- It works to ensure compliance with the IT strategy of the business strategy.
- It includes accepted rules of modern IT management.
- There are 34 in process and covers nearly the entire IT function .
- Compatible with other IT management standards. (ISO, ITIL, CMMI , MOF , etc.)
- It used by companies of all sizes and from all sectors.
- Control , process improvement, process management, measurement , comparison and so have different purposes.
 
 
COBIT’S PROCESS
 
Planning and Organization
PO 1  Defining a strategic IT plan
PO 2  Defining the information architecture
PO 3  Determining the technological aspects
PO 4   Defining the organization and the relationship of IT processes
PO 5  Management of IT investments
PO 6  The objectives of the management transmitted
PO 7  IT human resources management
PO 8  IT Quality Management
PO 9  Evaluation and management of IT risks
PO 10  Project management

Service and Support
SS 1  identification and management of service levels
SS 2  Management of services received from third parties
SS 3  Performance and capacity management
SS 4  Ensuring continuity of service
SS 5  Ensuring system security
SS 6  Identification and dissemination of cost
SS 7  Training of users
SS 8  Service delivery management and event management
SS 9  Configuration management
SS 10  Problem management
SS 11  Data management
SS 12  Physical environmental management
SS 13  Operations management
 
Acquisition and Installation
A 1  Determination of solution
A 2  Development and maintenance of application software
A 3  The creation of technology infrastructure and maintenance
A 4  Providing operation and use
A 5  Purchases of IT resources
A 6  Change management
A 7  Solution and implementation of the changes and be accredited
 
 
 
 
Monitoring and Evaluation
M 1  Monitoring and evaluation of information systems performance
M 2  Monitoring and evaluation of internal control
M 3  Ensuring compliance with legislation
M 4  The supply of corporate governance related to information systems














 
 

 

 
There are in Cobit :
1. Definition of Process
2. Detailed control objectives
3. Management guides
4. Maturity Model (of a page )
 
 


 


 


ISO 27001 (Information Security Management System)


 


ISO 27001 Information Security Management System benefits of installing :


- Aware of their information assets: Organizations that which information assets are aware of the value.


- To preserve the assets owned : Determine controls and protection methods to setup and protect applying .


- Business Continuity : Guarantee business for many years . Also in case of a disaster , it has the capability to work on.


- Be in peace with related parties: suppliers , including in particular , information gained the confidence of the parties involved will be safeguarded .


- Information is protected by the system , not left to chance .


- If for customers, is considered better than its competitors.


- Increase the motivation of employees.


- Prevent legal track .


- It provides high prestige.




















 


 



 



 


 


ISO 27001 Information Security System Set Up Process:


- Classification of Assets


- Privacy , integrity and accessibility criteria based on the evaluation of the assets 


- Risk analysis


- Risk analysis to determine the controls to be applied on the output


-Create Documentation


- Controls apply


- Internal audit


- Keep records


- Reviewing Management


- Certification


 




















 


 


 



 



 


 


 


 


 



 



 


 


 


 


 



 



 


 






 


 


 


 


 


 
























Gönderen



zaman:







































1 yorum:








  1. RobertNelson26 Şubat 2021 10:05
    Very significant Information for us, I have think the representation of this Information is actually superb one. This is my first visit to your site. IT Services Berlin
    YanıtlaSil




























        

      









Kaydol:
Kayıt Yorumları (Atom)