IT Governance: Implementing Frameworks and Standards for the Corporate Governance of IT

IT Governance: Implementing Frameworks and Standards for the Corporate Governance of IT

By: Alan Calder (author)Paperback

4 - 6 days availability

£29.05 RRP £29.95  You save £0.90 (3%) With FREE Saver Delivery

Description

Corporate governance increasingly provides the context within which twenty-first century organisations have to assess and deal with their investments in, and risks to, their corporate information assets and the Information and Communications Technology (ICT, or just IT) infrastructure within which those information assets are collected, manipulated, stored and deployed. But what is corporate governance, and why is it important to the IT professional? Why is IT governance important to the company director, and what do directors of companies both quoted and unquoted need to know? This book aims to do two things; The first is to set out for managers, executives and IT professionals the practical steps necessary to meet today s corporate and IT governance requirements. The second is to provide practical guidance on how board executives and IT professionals can navigate and deploy to best corporate and commercial advantage the numerous IT management and IT governance frameworks and standards particularly ISO/IEC 38500 that have been published over the course of the last 10 years. Each of these standards and frameworks has a potentially valuable role to play in the organisation; the challenge lies in integrating them so that each can deliver what it was designed to do, and do this within the context of an overarching framework (a super framework , or meta-framework ) that enables each organisation to design IT governance to meet its own needs.

Create a review

About Author

Alan Calder is a leading author on information security and IT governance issues. He is Chief Executive of IT Governance Limited, the oneA ]stopA ]shop for books, tools, training and consultancy on governance, risk management and compliance. He is also Chairman of the Board of Directors of CEME, a public-private sector skills partnership. Alan is an international authority on IT Governance and, with Steve Moir, originated the innovative Calder-Moir IT Governance Framework. He is also an international expert on ISO27001 (formerly BS7799), the international security standard, about which he wrote with colleague Steve Watkins the definitive compliance guide, IT Governance: A Manager's Guide to Data Security and BS7799/ISO17799. This work is based on his experience of leading the world's first successful implementation of BS7799 (with the fourth edition published in May 2008) and is the basis for the UK Open University's postgraduate course on information security. Other books written by Alan include The Case for ISO27001, ISO27001 - Nine Steps to Success, IT Governance: Guidelines for Directors, IT Governance Today: a Practitioner's Handbook and IT Regulatory Compliance in the UK. Alan is a frequent media commentator on information security and IT governance issues, and has contributed articles and expert comment to a wide range of trade, national and online news outlets. Alan was previously CEO of Wide Learning, a supplier of eA ]learning; of Focus Central London, a training and enterprise council; and of Business Link London City Partners, a government agency focused on helping growing businesses to develop. He was a member of the Information Age Competitiveness Working Group of the UK Government's Department for Trade & Industry, and was until recently a member of the DNV Certification Services Certification Committee, which certifies compliance with international standards including ISO27001.

Contents

Introduction: Corporate Governance Context 1 Background 1 Governance 3 Fiduciary duties 5 Governance frameworks 7 Emergence of IT governance 8 Chapter 1: IT Governance Defined 11 Chapter 2: Intellectual Capital and the Information Economy 15 Chapter 3: Strategy: The Search for Competitive Advantage 19 Development of IT strategy 21 IT strategy 27 The six-step IT strategy process 30 Measurement and quality 32 Chapter 4: Governance and Risk Management 37 Enterprise risk management 38 Operational risk management 39 IT risk management 39 Chapter 5: IT Regulatory Compliance 41 Information security law: the emerging standard for corporate compliance 43 Chapter 6: Information and Continuity Risk 47 Information risks and ISO27001 47 Continuity risks and BS25999, ISO/IEC 24762 49 Civil contingencies and business continuity planning 51 Chapter 7: Internal Control Frameworks 53 UK Combined Code and Turnbull Guidance 53 Sarbanes-Oxley 54 COSO and internal control 54 COBIT 57 Val IT 58 Chapter 8: Project Governance 61 Project failure 62 Project governance objectives 62 Execution risk 63 Executive-level project governance 63 Board-level project governance 64 Project management frameworks 66 Agile project management 66 OPM3(R) 68 Conclusions 69 Chapter 9: Components of IT Governance 71 Key decision areas 71 Chapter 10: ISO/IEC 38500 75 Scope 75 Application 76 Objectives 76 Benefits 76 Definitions 77 The six principles of IT governance 78 The IT governance model in ISO/IEC38500 80 Accountability 82 Applying the six principles 82 Alignment between ISO/IEC 38500 and the Calder-Moir Framework 87 Chapter 11: IT Governance Frameworks and Standards 89 Frameworks 89 Conformance 93 Convergence 94 IT governance starting point 97 End-to-end IT governance process 97 Chapter 12: The Calder-Moir Framework 99 Navigating the framework 101 Evaluate, direct, monitor 104 Plan, Do, Check, Act 105 Some subtleties 107 Chapter 13: Implementing IT Governance 109 Maturity models 109 The IT governance implementation process 113 Issues that must be resolved 115 Obtaining the board's buy-in 118 Conclusions 124 Chapter 14: Decision Making and the IT Organisation 125 The CEO 126 The CIO 129 IT management structure 135 IT organisational structure 137 Outsourcing 138 Chapter 15: IT Steering Committee and Executive Committee 145 IT steering committee 145 Executive IT committee 147 Chapter 16: Enterprise IT Architecture Committee 149 Centralised or decentralised IT? 149 Enterprise IT architecture committee 151 The Zachman Framework 154 The Open Group Architecture Framework 157 Service-oriented architecture 158 Conclusion 159 Chapter 17: IT Audit 161 Chapter 18: The ITIL/COBIT/ISO27002 Joint Framework 163 New Joint Framework 165 Benefits of using the Joint Framework 166 Chapter 19: The IT Management System of Tomorrow 169 PAS 99 170 The integrated management system 172 A single PDCA model 173 What are the differences between the two PDCA models? 175 Aspects of integrating ISO/IEC 27001 and ISO/IEC 20000 176 Chapter 20: Calder-Moir Implementation - a 15-Step Process 189 1. Initial IT governance assessment 190 2. IT governance road map 190 3. Principles - drawing on ISO38500 191 4. Develop organisational momentum (commitment, governance mandate) 191 5. Initial risk assessment 191 6. Plan changes 192 7. Build on existing capabilities 192 8. Business strategy 193 9. Risk, governance and compliance framework 193 10. IT architecture and strategy 195 11. Change 195 12. Information and technology lifecycles 196 13. IT operations 196 14. Reporting 197 15. Evolution and management of IT governance 197 The Calder-Moir IT Governance Framework Toolkit 197 Chapter 21: Making the Business Case for IT Governance 199 ITG Resources 201

Product Details

  • publication date: 26/02/2009
  • ISBN13: 9781905356904
  • Format: Paperback
  • Number Of Pages: 202
  • ID: 9781905356904
  • weight: 316
  • ISBN10: 1905356900

Delivery Information

  • Saver Delivery: Yes
  • 1st Class Delivery: Yes
  • Courier Delivery: Yes
  • Store Delivery: Yes

Prices are for internet purchases only. Prices and availability in WHSmith Stores may vary significantly

Close