Business & Finance
News
12/6/2007
01:15 PM
Connect Directly
RSS
E-Mail
50%
50%

Standards For IT Governance

ITIL, COBIT, and ISO 17799 provide a blueprint for managing IT services.

It's long been accepted that constant change is fundamental to IT. While most IT pros understand that change is part of the game, the organizations they support often resist it or have a hard time understanding why IT operates under the strictures it does. CIOs must be prepared to overturn accepted norms in the pursuit of innovation. Finessing those changes means more than just leadership skills or charisma. It calls for having a clear blueprint as to the direction of the organization and its goals.

Many organizations struggle with that blueprint. It's not simple for IT to define its goals, position services and the need for constant evolution, and then communicate its capabilities and services to its line-of-business customers. The good news is that a lot of thinking has already gone into the problem.

InformationWeek Reports

The answer for many has been to follow the models set down in ITIL 2.0 (Information Technology Infrastructure Library), the 10-book set of best practices for IT service management that's gained wide popularity among international organizations and the vendor community. While ITIL will go far, skeptics contend that it's too specific. IT needs to think more broadly, they say, and blend ITIL with other, broader specifications. COBIT, or Control Objectives for Information and Related Technology, and ISO 17799, which is more specific to security, along with ITIL form the basis of a blueprint for IT governance.

COBIT, ITIL, AND ISO 17799

Cobit's Pentagon
COBIT'S PENTAGON
Cobit's goal is to help IT understand the needs of the business and to put practices in place to meet them as efficiently as possible. Strategic alignment keeps IT and more general enterprise planning in sync. Value delivery takes that strategic value proposition and delivers on it. Resource management helps IT put its money and other assets where they'll do the most good, while risk management establishes a conversation between corporate officers and IT executives so that systems reflect the enter- prise's aversion to risk. Performance management monitors IT's implementation efforts, providing measures for success and constant improvement.
Attempting to mix the three management specifications--COBIT, ITIL, and ISO 17799--can be daunting, and much work has been done to harmonize them. You can think of the three this way: COBIT tells you what to monitor and control. ITIL describes how to go about implementing the processes for doing that. ISO/IEC 17799:2000 lays out a process for securing those services and addressing legal requirements.

COBIT was published by the IT Governance Institute and is positioned as a high-level governance and control framework. The framework specifies 34 high-level control objectives for IT processes. Corresponding to these 34 control objectives are 318 recommended detailed control objectives to provide management assurance and advice for improvement.

ISO/IEC 17799:2000 is a framework for information security management published by the International Organization for Standardization and the International Electrotechnical Commission. The standard was first published in 2000 and updated in June 2005. It specifies best practices for security in 12 areas and offers guidance on such topics as protecting personal data, internal information, and intellectual property.

ITIL was developed by the U.K. government starting in the '80s and provides best practices for delivering IT services. The first version was a 48-book collection that was subsequently reduced to 10 books focusing solely on IT process. ITIL 3, released this year, is condensed into five books and refines the notion of IT service. Previously, core tenants were divided between service support and service delivery; these are now combined.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July10, 2014
When selecting servers to support analytics, consider data center capacity, storage, and computational intensity.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join InformationWeek’s Lorna Garey and Mike Healey, president of Yeoman Technology Group, an engineering and research firm focused on maximizing technology investments, to discuss the right way to go digital.
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.