Upload
lhtaconi
View
446
Download
23
Tags:
Embed Size (px)
Citation preview
Security intelligence Security intelligence
“ISO/IEC 20000-1”
Anan Sony
/
Anan SonyCISSP, CISASection Manager, ACIS Professional Center Co., Ltd.Section Manager, ACIS Professional Center Co., Ltd.
Security intelligence
Security intelligence
What is ISO/IEC 20000?What is ISO/IEC 20000?
• Worldwide standard for IT Service Management• 200+ requirements to be able to demonstrate compliance• Certification for Quality Management• => Like “ISO 9001” in “IT Service Management”
3
Security intelligence
What is ISO/IEC 20000? (Cont )What is ISO/IEC 20000? (Cont.)
• ISO 20000 => IT Service Management System
4
Security intelligence
ISO/IEC 20000 vs. ITIL and why not / yISO 9001?
WHAT? HOW?
5
WHAT? HOW?
Security intelligence
AgendaWhy Should we care ?Why Should we care ?
1 W ld id St d d f IT S i M t1. Worldwide Standard for IT Service Management2. International Certification against standard3 P f th t ITIL b t ti h d b3. Proof that ITIL best practices had been
implemented4 ITIL (IT I f t t Lib ) i lib f b t4. ITIL (IT Infrastructure Library) is a library of best
practices, not a standard5 “ITIL is a set of g idance” “ISO 20000 is5. “ITIL is a set of guidance” , “ISO 20000 is
requirement” 6 Certification for “Quality Management”6. Certification for “Quality Management”
Security intelligence
ISO/IEC 20000 vs ITILISO/IEC 20000 vs. ITIL
7
Security intelligence
ISO/IEC 20000 vs. ITILISO/IEC 20000 vs. ITIL
8Ref: http://www.isaca.org
Security intelligence
What IT Strategies are Being Implemented?What IT Strategies are Being Implemented?
› ITIL is, by far, the most n 616 common strategy
being implemented
– Users are significantly
n = 616
Users are significantly more likely to be implementing ITIL (85%) and BSM (26%)(26%)
– Americas respondents are significantly more likely to be i l i Siimplementing Six Sigma (28%)
– Larger companies are significantly more g ylikely to be implementing Six Sigma (33%) and CMI (20%)
9
(20%)
Ref: BMC
Security intelligence
ITIL Processes AdoptedITIL Processes Adoptedn = 209
› Incident Management, Service Desk and Change Management are most likely to have been adopted alreadyp y
– Larger companies are significantly more likely to have already adopted releaseadopted release management, change management, capacity management, and problem managementproblem management best practices
10Ref: BMC
Security intelligence
ITIL Processes in ISO 20000ITIL Processes in ISO 20000
11
Security intelligence
ISO/IEC 20000 and AEC 2015ISO/IEC 20000 and AEC 2015
• There are more competitor in IT Service Management Industries
• How organization prove that they are better than the others
• ISO/IEC 20000-1 certified is the answers!
12
Security intelligence
How to Becomes ISO/IEC 20000-1:2011 Certified
13
Ref: http://www.bureauveritas.com/
Security intelligence
ISO/IEC 20000 BenefitsISO/IEC 20000 Benefits
Guarantee your IT Service Management Competitive Advantage for IT Service Providerp g Improve brand image from customer perspective Business-IT Alignment Business IT Alignment Customer Satisfaction
Eff ti d Effi i f IT S i Effectiveness and Efficiency for IT Service
14
Security intelligence
How to find certified organization gand scope?
15
Ref: http://www.isoiec20000certification.com/home/ISOCertifiedOrganizations/ISOCountryListings-TH.aspx
Security intelligence
Security intelligence
ISO 20000 & ITIL Timeline
ITIL 20112007
ITSMF
2001
ITIL Concept
2011
2007
1991
2001
1980s
1989
ITIL V3
GITIMM / ITIL V1
ITIL V3ITIL V2
ISO/IEC 20000-1ISO/IEC 20000-2
ISO/IEC 20000-4ISO/IEC 20000-5
BS 15000 12002
ISO/IEC 20000 2
2005
2009
2010
2011BS 15000-1
2000
17
BS 15000-1:2002BS 15000-2:2002
2005
ISO/IEC TR 20000-3
2010
ISO/IEC 20000-1:2011ISO/IEC 20000-2:2011
2000
Security intelligence
ITIL Historical HighlightsITIL Historical Highlights 1986 – CCTA starts the GITIMM project To gain control of IT costs; particularly in procurement
and operations To promote use of “best practice” CCTA later renamed OGC GITIMM later renamed “ITIL”
1989 – ITIL V1 44 books published
1991 – itSMF founded originally named “itIMF”
18
Security intelligence
ITIL Historical Highlights (Cont.)ITIL Historical Highlights (Cont.) 2001 – ITIL V2 7 books published
2007 – ITIL V3 5 books published
2011 – ITIL 2011 5 books revised
19
Security intelligence
ISO 20000 Historical HighlightsISO 20000 Historical Highlights
Was originally a BS standard. BS 15000 was the world’s first standard for IT service
t d i iti ll bli h d i 2000management, and was initially published in 2000 In 2002 a second part was added to the standard set,
BS15000 2 A formal certification scheme was alsoBS15000-2. A formal certification scheme was also introduced.
In December 2005 ISO 20000 itself was published based In December 2005, ISO 20000 itself was published, based almost entirely on the above predecessors.
20
Security intelligence
Security intelligence
ISO/IEC 20000 & IT AuditISO/IEC 20000 & IT Audit
• One of CISA domain!
22
Security intelligence
1st 2nd 3rd party audit1st, 2nd, 3rd party audit
• 1st party audit: Internal auditOrganization/
• 2nd party audit: Customer audit (External audit)
Company
2 party audit: Customer audit (External audit)
Organization/ Company CustomersAudit
• 3rd party audit: Certification audit (External audit)
Company
Organization/ Company
Certification bodiesAudit
23
Certification
Security intelligence
Philosophy of AuditPhilosophy of Audit
Audit Criteria
Effectiveness Conform
Seek
Execute Audit Evidences
Exist
24
Security intelligence
How to develop checklist?How to develop checklist?
Standard clauses
Transform“Don’t make two or
Transform more topics in a question”
Yes/No Questions/ Q
© Copyright, ACIS Professional Center Company Limited, All rights reserved 25
Security intelligence
Checklists ExampleChecklists Example
© Copyright, ACIS Professional Center Company Limited, All rights reserved 26
Security intelligence
How to get ready to audit?How to get ready to audit?
• Knowledge & Skills!!!– IT Background ITIL Certification, CISA– ISO/IEC 20000-1:2011 understanding IRCA Course– Business Sector Knowledge
• Company products/services• IT service process• Financing and Budgeting• Stakeholders• Suppliers and customers relationship
© Copyright, ACIS Professional Center Company Limited, All rights reserved 27
Security intelligence
www irca orgwww.irca.org
© Copyright, ACIS Professional Center Company Limited, All rights reserved 28
Security intelligence
The 10 CSFs for SMS ImplementationThe 10 CSFs for SMS Implementation
1. Management Support2. Balancing between ITIL and organization culture3. Staff Awareness and Organization Change4. ITSM Tools5. Good Consultant6. Staff Competency7. Implementation Scope8. Continuous Monitoring9. Continual Service Improvement10.Beliefs Attitudes Behaviors
29Ref: itSMF Thailand Conference 2011
Security intelligence
Q&AQ&A
30
Security intelligence
You can follow us!You can follow us!
www.facebook.com/itsmfthailandwww.twitter.com/itsmfthailand
© Copyright, ACIS Professional Center Company Limited, All rights reserved 31