Embed Size (px)
Citation preview
IT GOVERNANC
�������������� � �����������������������������
Sources: http://www.merriam-webster.com/dictionary/process and http://www.merriam-webster.com/dictionary/compliance
IT SERVICE IT SERVICE MANAGEMEMANAGEMENT GOALSNT GOALS
BusinessBusiness
•• Realize value of the IT investmenRealize value of the IT investmen
•• Ensure IT governance, risk, and Ensure IT governance, risk, and
•• Adapt to everAdapt to ever--changing needs changing needs of the organizationof the organization
Datacenter Datacenter
•• Reduce downtime, lower time toReduce downtime, lower time to
•• Improve reliability Improve reliability
•• Simplify the management of comSimplify the management of comriskrisk
Driving Service Management OutcomesDriving Service Management Outcomes
End UserEnd User
•• Provide choice and flexibility Provide choice and flexibility
•• Deliver efficient support, Deliver efficient support, anywhere, anytimeanywhere, anytime
•• Increase responsiveness andIncrease responsiveness andsatisfactionsatisfaction
4
How do we interpret and test IT compliance across a vast
enterprise?
System Operations
Audit Requirements & Design
Business Objectives & Policies
Regulatory Requirements Regulatory Certification
Requirement Definition
AuditorReports
System Management
Review Log Files, Confirm settings
“Each business change brings new IT compliance requirements.
80% are duplicative, but we review it all, delaying response and
increasing cost.
“Configuring and monitoring local and distributed servers and
PCs for compliance is so time consuming”
“Make sure that we comply so that we can focus on the business
…without an obscene cost”
“It’s too hard to interpret new regulations and sort out overlaps to
set policy across functions “
“Based on a bewildering collection of reports, I must certify if we
are compliant. It’s my butt on the line”
“Every quarter I learn how non-compliant we have been last month
– it’s like ‘whack a mole’, how do I get ahead of these issues and
risk”
“Checking log files, re-confirming settings, documenting processes
is a waste of time when I have truly critical things to do”
“System changes require regulation specific procedures slowing
our response …Do we need more software to manage IT
compliance?”
“These periodic audits kill me. What detail will the auditor want to
check up on this time?”
Audit CommitteeAudit CommitteeBoard of Board of Dir./CEODir./CEO
AA
IT ProIT Pro
Microsoft Control libraryMicrosoft Control libraryBusiness Objectives Business Objectives
& Policies& Policies
System System OperationsOperations
System ManagementSystem Management
Non-
Microsoft
(Partner)
Control ObjectivesControl Objectives
Compliance RequirementsCompliance Requirements���� ����
��������SOX PCI
COBIT
EUDPP
InternalPoliciesISO
Comply/Authority Reports
Incident/Issue Reports
Residual Risk
Active Directory
CIO/CSOCIO/CSO
AudAud
Control ActivitiesControl Activities
Control Testing ProceduresControl Testing Procedures
Audit CommitteeAudit Committee
CMDBCMDB
DWDW
Board of Board of Dir./CEODir./CEO
SYSTEM CENTER SOLUTIONS FOR ENTERPRISE DATACENTERS
ProblemProblemChange Incident
AssetCompliance&
Risk
PortalPortal
WorkflowWorkflowss
Knowledge BaseKnowledge BaseData WarehouseData Warehouse
CMDB
AuthoringAuthoring
CLOUD SERVICESCLOUD SERVICES
Federated
Organizations
Federated
Organizations
AccessAccess DatacenterDatacenter EndpointEndpoint
BitLockeDevice Control
GRC Program Manager
Operations EngineerCorrectiveCorrectiveActionsActions
www.microsoft.com/forefront
http://technet.microsoft.com/en-us/solutionaccelerators/dd229342.aspx
www.microsoft.com/systemcenter
http://technet.microsoft.com/en-us/library/cc506049.aspx
http://www.isaca.org/Knowledge-Center/COBIT/Pages/Overview.aspx
http://www.itil-officialsite.com/home/home.asp
