A) IT Management Standards

A) IT Management Standards ISO 20000: Service Management Part 1: Specification Part 2: Code of practice Defines an integrated and process-oriented method that can be used for the effective planning and
of 20
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Related Documents
A) IT Management Standards ISO 20000: Service Management Part 1: Specification Part 2: Code of practice Defines an integrated and process-oriented method that can be used for the effective planning and implementation of IT Services ISO 19770: Software Asset Management Specifies the requirementsthatare to be met by software asset management (SAM) for deployed software products and applies in conjunction with ISO (Software Lifecycle Management) and ISO (IT Service Management). ISO 17799: Security Techniques Code of practice for information security management ISO 27001: Security techniques Information security management systems requirements ISO 27002: Security Techniques Code of practice for information security management Replaces ISO Standard 17799:2005 ISO 27005: Security Techniques Information security risk management Addresses risk management Springer Fachmedien Wiesbaden 2015 L. Pilorget, Implementing IT Processes, DOI / 218 A) IT Management Standards ISO 27006: Security Techniques Requirements for bodies that audit and certify information security management systems Regulates IT fallback and recovery mechanisms ISO 15408: Security Techniques Evaluation criteria for IT security Common criteria for the testing and evaluation of IT security ISO 15504: Process Assessment Standard for process models and testing procedures SSE-CMM: IT Security Management British Standard BS (replaced by ISO 2000) ITIL COBIT Framework IT Service CMM: CMM for IT Service Management CMMI (Capability Maturity Model Integration) Software Engineering Institute, Carnegie Mellon IT Grundschutz Standards (basic standards issued by the German Federal Office for Information Security) KBSt (Advisory Agency to the German Federal Government for Information Technology), including the V Model Documents on tendering and evaluating IT services A) IT Management Standards 219 PRINCE 2 Project management methods Project Management Body of Knowledge (PMBOK) Management of Risk (M_o_R) esourcing Capability Model for Service Providers (escm-sp) B) COBIT 4.0 PO: Plan and Organize The PO domain encompasses 10 processes and a total of 74 criteria. Processes and Criteria PO Plan and Organise 74 PO1 Define a strategic IT plan 6 PO1.1 IT value management 1 PO1.2 Business-IT alignment 1 PO1.3 Assessment of current performance 1 PO1.4 IT strategic plan 1 PO1.5 IT tactical plans 1 PO1.6 IT portfolio management 1 PO2 Define the information architecture 4 PO2.1 Information architecture model 1 PO2.2 Enterprise data dictionary and data syntax rules 1 PO2.3 Data classification scheme 1 PO2.4 Integrity Management 1 PO3 Determine technological direction 5 PO3.1 Technological direction planning 1 PO3.2 Technical infrastructure plan - scope and coverage 1 PO3.3 Monitoring of future trends and regulations 1 PO3.4 Technology standards 1 PO3.5 IT architecture board 1 PO4 Define the IT processes, organisation and relationships 15 PO4.1 IT process framework 1 PO4.2 IT strategy committee 1 PO4.3 IT steering committee 1 PO4.4 Organisational placement of the IT function 1 221 222 B) COBIT 4.0 PO4.5 IT organisational structure 1 PO4.6 Roles and responsibilities 1 PO4.7 Responsibility for IT quality assurance 1 PO4.8 Responsibilty for risk, security and compliance 1 PO4.9 Data and system ownership 1 PO4.10 Supervision 1 PO4.11 Segregation of duties 1 PO4.12 IT staffing 1 PO4.13 Key IT personnel 1 PO4.14 Contracted staff policies and procedures 1 PO4.15 Relationships 1 PO5 Manage the IT investment 5 PO5.1 Financial management framework 1 PO5.2 Priorisation wihtin IT budget 1 PO5.3 IT budgeting process 1 PO5.4 Cost management 1 PO5.5 Benefit management 1 PO6 Communicate management aims and direction 5 P6.1 IT policy and control environment 1 P6.2 Enterprise IT risk and internal control framework 1 P6.3 IT policies management 1 P6.4 Policy rollout 1 P6.5 Communication of IT objectives and direction 1 PO7 Manage IT human resources 8 PO7.1 Personnel recruitment and retention 1 PO7.2 Personnel competencies 1 PO7.3 Staffing of roles 1 PO7.4 Personnel training 1 PO7.5 Dependence upon individuals 1 PO7.6 Personnel clearance procedures 1 PO7.7 Employee job performance evaluation 1 PO7.8 Job change and termination 1 PO8 Manage quality 6 PO8.1 Quality management system 1 PO8.2 IT standards and quality practices 1 PO8.3 Development and acquisition standards 1 PO8.4 Customer focus 1 PO8.5 Continuous improvement 1 PO8.6 Quality measurement, monitoring and review 1 B) COBIT PO9 Assess and manage IT risks 6 PO9.1 IT and business risk management alignment 1 PO9.2 Establishment of risk context 1 PO9.3 Event identification 1 PO9.4 Risk assessment 1 PO9.5 Risk response 1 PO9.6 Maintenance and monitoring of a risk action plan 1 PO10 Manage projects 14 PO10.1 Programme management framework 1 PO10.2 Project management framework 1 PO10.3 Project management approach 1 PO10.4 Stakeholder commitment 1 PO10.5 Project scope statement 1 PO10.6 Project phase initiation 1 PO10.7 Integrated project plan 1 PO10.8 Project resources 1 PO10.9 Project risk management 1 PO10.10 Project quality plan 1 PO10.11 Project change control 1 PO10.12 Project planning of assurance methods 1 PO10.13 Project performance measurement, reporting and monitoring 1 PO10.14 Project closure 1 224 B) COBIT 4.0 AI: Acquire and Implement The AI domain encompasses 7 processes and a total of 45 criteria. Processes and Criteria AI Acquire and Implement 45 AI1 Identify automated solutions 4 AI1.1 Definition and maintenance of business functional and technical requirements 1 AI1.2 Risk analysis report 1 AI1.3 Feasibility study and formulation of alternative courses of action 1 AI1.4 Requirements and feasibility decision and approval 1 AI2 Acquire and maintain application software 10 AI2.1 High-level design 1 AI2.2 Detailed design 1 AI2.3 Application control and auditability 1 AI2.4 Application security and availability 1 AI2.5 Configuration and implementation of acquired application software 1 AI2.6 Major upgrades to existing systems 1 AI2.7 Development of application software 1 AI2.8 Software quality assurance 1 AI2.9 Application requirements management 1 AI2.10 Application software maintenance 1 AI3 Acquire and maintain technology infrastructure 4 AI3.1 Technological infrastructure acquisition plan 1 AI3.2 Infrastructure resource protection and availability 1 AI3.3 Infrastructure maintenance 1 AI3.4 Feasibility test environment 1 AI4 Enable operation and use 4 AI4.1 Planning for operational solutions 1 AI4.2 Knowledge transfer to business management 1 AI4.3 Knowledge transfer to end users 1 AI4.4 Knowledge transfer to operations and support staff 1 AI5 Procure IT resources 6 AI5.1 Procurement control 1 AI5.2 Supplier contract management 1 AI5.3 Supplier selection 1 AI5.4 Software acquisition 1 AI5.5 Acquisition of development resources 1 AI5.6 Acquisition of infrastructure, facilities and related services 1 B) COBIT AI6 Manage changes 5 AI6.1 Change standards and procedures 1 AI6.2 Impact assessment, prioritisation and authorisation 1 AI6.3 Emergency changes 1 AI6.4 Change status tracking and reporting 1 AI6.5 Change closure and documentation 1 AI7 Install and accredit solutions and changes 12 AI7.1 Training 1 AI7.2 Test plan 1 AI7.3 Implementation plan 1 AI7.4 Test environment 1 AI7.5 System and data conversion 1 AI7.6 Testing of changes 1 AI7.7 Final acceptance test 1 AI7.8 Promotion to production 1 AI7.9 Software release 1 AI7.10 System distribution 1 AI7.11 Recording and tracking of changes 1 AI7.12 Post-implementation review 1 226 B) COBIT 4.0 DS: Deliver and Support The DS domain encompasses 13 processes and a total of 71 criteria. Processes and Criteria DS Deliver and Support 71 DS1 Define and manage service levels 6 DS1.1 Service level agreement framework 1 DS1.2 Definition of services 1 DS1.3 Service level agreements 1 DS1.4 Operating level agreements 1 DS1.5 Monitoring and reporting of service level achievements 1 DS1.6 Review of service level agreements and contracts 1 DS2 Manage third-party services 4 DS2.1 Identification of all aupplier relationships 1 DS2.2 Supplier relationship management 1 DS2.3 Supplier risk management 1 DS2.4 Supplier performance monitoring 1 DS3 Manage performance and capacity 5 DS3.1 Performance and capacity planning 1 DS3.2 Current capacity and performance 1 DS3.3 Future capacity and performance 1 DS3.4 IT resources availability 1 DS3.5 Monitoring and reporting 1 DS4 Ensure continuous service 10 DS4.1 IT continuity framework 1 DS4.2 IT continuity plans 1 DS4.3 Critical IT resources 1 DS4.4 Maintenance of the IT continuity plan 1 DS4.5 Testing of the IT continuity plan 1 DS4.6 IT continuity plan training 1 DS4.7 Distribution of the IT continuity plan 1 DS4.8 IT-Services recovery and resumption 1 DS4.9 Offsite backup storage 1 DS4.10 Post-resumption review 1 B) COBIT DS5 Ensure systems security 11 DS5.1 Management of IT security 1 DS5.2 IT security plan 1 DS5.3 Identity management 1 DS5.4 User account management 1 DS5.5 Security testing, surveillance and monitoring 1 DS5.6 Security incident definition 1 DS5.7 Protection of security technology 1 DS5.8 Cryptographic key management 1 DS5.9 Malicious software prevention, detection and correction 1 DS5.10 Network security 1 DS5.11 Exchange of sensitive data 1 DS6 Identify and allocate costs 4 DS6.1 Definition of services 1 DS6.2 IT accounting 1 DS6.3 Cost modelling and charging 1 DS6.4 Cost model maintenance 1 DS7 Educate and train users 3 DS7.1 Identification of education and training needs 1 DS7.2 Delivery of training and education 1 DS7.3 Evaluation of training received 1 DS8 Manage service desk and incidents 5 DS8.1 Service desk 1 DS8.2 Registration of customer queries 1 DS8.3 Incident escalation 1 DS8.4 Incident closure 1 DS8.5 Trend analysis 1 DS9 Manage the configuration 3 DS9.1 Configuration Repository and Baseline 1 DS9.2 Identification and maintenance of configuration items 1 DS9.3 Configuration Integrity Review 1 DS10 Manage problems 4 DS10.1 Identification and classification of problems 1 DS10.2 Problem tracking and resolution 1 DS10.3 Problem closure 1 DS10.4 Integration of change, configuration and problem management 1 228 B) COBIT 4.0 DS11 Manage data 6 DS11.1 Business requirements for data management 1 DS11.2 Storage and retention arrangements 1 DS11.3 Media library management system 1 DS11.4 Disposal 1 DS11.5 Backup and Restoration 1 DS11.6 Security requirements for data management 1 DS12 Manage the physical environment 5 DS12.1 Site selection and layout 1 DS12.2 Physical security measures 1 DS12.3 Physical access 1 DS12.4 Protection against environmental factors 1 DS12.5 Physical facility management 1 DS13 Manage operations 5 DS13.1 Operations procedures and instructions 1 DS13.2 Job scheduling 1 DS13.3 IT infrastructure monitoring 1 DS13.4 Sensitive documents and ouput devices 1 DS13.5 Preventive maintenance for hardware 1 B) COBIT M: Monitor and Evaluate The ME domain encompasses 4 processes and a total of 25 criteria. Processes and Activities ME Monitor and Evaluate 25 ME1 Monitor and evaluate IT performance 6 ME1.1 Monitoring approach 1 ME1.2 Definition and collection of monitoring data 1 ME1.3 Monitoring method 1 ME1.4 Performance assessment 1 ME1.5 Board and executive reporting 1 ME1.6 Remedial actions 1 ME2 Monitor and evaluate internal control 7 ME2.1 Monitoring of internal control framework 1 ME2.2 Supervisory review 1 ME2.3 Control exceptions 1 ME2.4 Control self-assessment 1 ME2.5 Assurance of internal control 1 ME2.6 Internal control at third parties 1 ME2.7 Remedial Actions 1 ME3 Ensure regulatory compliance 5 ME3.1 Identification of laws and regulations having potential impact on IT 1 ME3.2 Optimisation of response to regulatory requirements 1 ME3.3 Evaluation of compliance with regulatory requirements 1 ME3.4 Positive assurance of compliance 1 ME3.5 Integrated Reporting 1 ME4 Provide IT-governance 7 ME4.1 Establishment of an IT governance framework 1 ME4.2 Strategic alignment 1 ME4.3 Value delivery 1 ME4.4 Ressource management 1 ME4.5 Risk management 1 ME4.6 Performance measurement 1 ME4.7 Independent assurance 1 Glossary 2nd & 3rd-level support The purpose of 2nd-level support is to resolve the more complex issues that cannot be resolved by 1st-level support. In some cases, it will even be necessary to report problems to specialists or the manufacturers of certain software products. This is then referred to as 3rd-level support. Acceptance Defined procedure that concludes when a client or customer declares that the delivered products or services appear to meet the relevant specifications. Acceptance testing Acceptance testing is carried out as a final phase before the commissioning of a newly installed system. The various tests include: User acceptance test: This test is used to determine whether the system covers all of the specified business functions and generates accurate output. Regression test: This test is used to determine whether software changes (e.g., hotfixes) have an adverse effect on previously acceptable functions. IT operation readiness test: This test is used to determine whether the system can be introduced, operated, monitored, and maintained without exposing the enterprise to unacceptable quality and security risks. Application Collection of programs implemented as a self-contained whole and used to support or automate business unit functions. Backup window Backup window is the interval of time during which it is possible to back up data from a system without degrading system performance. The backup window for production servers generally takes place during off-peak hours. Tools that are used to continuously monitor performance can provide historical data indicating when the offpeak hours occur so that the backup window falls during that time. Balanced scorecard The balanced scorecard (BSC) is a strategy performance management tool that is used extensively in business and industry to align business activities to the vision and strategy of the enterprise, improve internal and external communications, and monitor organization performance in relation to strategic goals. Instead of financial data, the focus is on the efficiency of the internal process. The BSC takes equal account of the perspective of the customer and the enterprise s learning and growth. Business case A business case captures the reasoning for initiating a project. It is often presented in a well-structured document, but may also come in the form of a concise 231 232 Glossary verbal argument or presentation. The logic of the business case is that, whenever resources are consumed, they should be in support of a specific business need. Business impact The business impact for the customer can be derived from various factors: importance of the business processes affected, number of affected users or employees, influence on normal work activities (including possible interruptions). Call All reports and queries that are directed (e.g., via telephone, , or fax) to the service desk (single point of contact = SPOC). Change The addition, modification, or removal of released or supported hardware, networks, software, applications, environments, systems, computer workstations, or accompanying documentation. Concept A concept is a blueprint for a software product. Configuration item Documented infrastructure components that involve hardware, software, or communication. The components are controlled in the configuration management process. Contract Agreement on services that are to be provided by external suppliers. Customer Client or receiver of IT services (e.g., an external enterprise or the management of an internal business unit). Cutover plan Term used to describe a formal outline of the activities that will be necessary to realize the migration of an existing IT system to a new one. Failover A failover is one of various options for securing a higher level of availability in case of service interruptions. A failover involves an automatic switching of operations to a redundant or standby computer server, system, hardware component, or network upon the failure or abnormal termination of the previously active application, server, system, hardware component, or network. Help desk The help desk is an important aspect of customer service that is based on the SPOC concept and includes employees and equipment to handle incidents and other matters reported by users. Incident A service interruption whose cause is known and for which a workaround or a lasting solution has been established (e.g., reset password ). Incidents (e.g., interruptions, restricted quality, partial outages, etc.) do not belong to normal service operation and are generally triggered by specific events and are reported as such to the help desk. Incident ticket Element in a help desk tool that enables one to keep track of reported incidents or issues. Information security The protection of data in accordance with confidentiality, availability, and integrity requirements. Data security consists of the following four categories: Confidentiality: Assurance that access to the information can only be gained by authorized individuals in the permissible manner (classification of personal and relevant data). Availability: Assurance that the information will be available at all times and in the specified form. Integrity: Assurance that the available information is complete and undistorted. Glossary 233 Reliability: Assurance that the information is up to date (e.g., latest valid version) and in alignment with the relevant history. Integration testing Integration testing focuses on the integration of various software components across all platforms. The individual tests include: End-to-end test: This test is used to determine whether the defined functions and interfaces work together in as many user scenarios as possible. Installation test: This test is a dress rehearsal for the installation of a new software product with live tools and processes. Performance test: This test is used to estimate operational behavior based on the existing volumes of data. IT system All of the existing technical and organizational means consisting of hardware, software, middleware, and operating systems that are used for the independent fulfillment of a bundle of tasks. Knowledge database Systematic and structured collection of electronic data whose purpose is to enable the efficient analysis and management of an enterprise s store of relevant information. Known error An incident or problem whose root cause has been identified and for which a temporary workaround has also been identified. Known errors retain their status until they are eliminated by a change. Maintenance window A maintenance window is a defined period of time during which planned interruptions and changes to production services and systems may occur. The purpose of maintenance windows is to allow clients of the service to prepare for a possible disruption or change. Minor order Order involving a maximum cost of USD 10,000 and typically processed on the basis of an SLA. Minor project Project whose cost ranges from USD 10,000 to USD 50,000 and whose completion is typically broken down into four or fewer phases. Problem Interruption whose cause is unknown and that has led to one or more incidents. Problems are usually categorized as such in the context of internal analysis or incident response. Attempts to determine their cause are based on their descriptions. One can generally assume that the cause will be identified and the problem eliminated. Problem ticket Problem report that is tracked and processed with the help of a problem management tool. Process Procedure or set of procedures carried out within an organization or in the context of a project with the aim of planning, administering, executing, controlling, documenting, and improving business activities. Product testing Tests that are conducted by software developers: Module test: This
Similar documents
Related Search
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks