Post on 19-Dec-2015
IT Governance – Leveraging ITIL® v2/v3 for Governance SuccessGreg Charles, Ph.D.VP and Senior Advisor, Global Customer Success GroupWestern U.S. ITIL, Governance & Best Practices LeadCA, Inc.
May 2008
April 18, 2023 Copyright © 2008 CA
IT Governance
Defined as: The management of risk & compliance.
“The overall methodology by which IT is directed, administered and controlled”
ComplianceGovernance
April 18, 2023 Copyright © 2008 CA
Three Pillars of IT Governance
IT Governance
InfrastructureManagement
IT Use/Demand Management
IT Project Management
April 18, 2023 Copyright © 2008 CA
Managing Ever-Increasing Complexity
April 18, 2023 Copyright © 2008 CA
Identity Manage
r
The Business World View
FirewallNetwork
Applications
Switch
Load Balancer Porta
l
SAP
PSFT
Siebel
Web Services
3rd Party applications
End User
Web Servers
Databases
Router
Mainframe
DatabaseBlack Box
April 18, 2023 Copyright © 2008 CA
The Cruel Reality
ScreenScrape
ScreenScrape
ScreenScrape
ScreenScrape
MessageQueue
MessageQueue
MessageQueue
DownloadFile
DownloadFile
DownloadFile
TransactionFile
TransactionFile
TransactionFile
ORB
ORB
CICS Gateway
CICS Gateway
APPC
APPCRPC
RPC
TransactionFile
Sockets
Sockets
Message
Message
Application
Application
Application
Application
Application
Application
Application
Application
Application
Application
Source: Gartner
April 18, 2023 Copyright © 2008 CA
Addressing These Challenges:Improving Engagement and Efficiency
WHAT IS ENGAGEMENT?
Doing the Right Things
IT’s ability to partner with the business to maintain alignment and maximize return from IT investments
WHAT IS EFFICIENCY?
Doing Things Right
IT’s ability to make the best use of its people, budgets and assets
April 18, 2023 Copyright © 2008 CA
IT Seen as Black Box:- Business lacks visibility
- Poor customer satisfaction
Overwhelming Demand:- Unstructured capture of requests and ideas
- No formal process for prioritization and trade-offs
- Reactive vs. proactive
IT and Biz Divide- Business thinks in IT services – IT
delivers in technology terms
- Costs disassociated with services
$
$ $
Obstacles Prevent Effective Engagement
April 18, 2023 Copyright © 2008 CA
Disparate Systems Reduce Efficiency
- No Single System of Record for Decision-Making
- IT Management systems siloed
- Relevant Metrics Hard to Obtain
- Disparate Systems Costly to Maintain and Upgrade
April 18, 2023 Copyright © 2008 CA
IT Governance Landscape
April 18, 2023 Copyright © 2008 CA
Comprehensive Portfolio Management- Services, projects, assets, applications
- Systematic evaluation and prioritization
- Map controls to compliance requirements
- 100% visibility into strategic initiatives
- A single invoice to the customer for all services
Integrated Demand Management- Capture, catalog, and prioritize all demand
- Manage service requests from help desks
- Match resources to highest-value initiatives
How to Improve Engagement?Structured IT Governance Process
Business Intelligence for the BRM- Visibility into all services that support LOB
- Detailed cost invoices
April 18, 2023 Copyright © 2008 CA
How to Improve Efficiency?Comprehensive Management
Comprehensive Resource Management- Drive maximum utilization of in-house
and outsourced resources
- Capture time and allocate staff for any type of investment
- Advance Resource Mgmt capabilities
Scalable, Transparent Status Capture- Capture time and cost of all activities in a
single repository for charge-backs and reporting
- Capture asset costs through integration with Asset Management Solution
World-Class Project Execution- Leverage best practices across
entire project portfolio
- Rapid time to value
Empower the PMO- Automate, enforce, and report on
process compliance
April 18, 2023 Copyright © 2008 CA
Approaches Currently In Use
> Business As Usual - “Firefighting”
> Legislation - “Forced”
> Best Practice Focused
April 18, 2023 Copyright © 2008 CA
Best Practices
•What is not defined cannot be controlled
•What is not controlled cannot be measured
•What is not measured cannot be improved
Quality & Control Models• ISO 900x• COBIT®
• TQM• EFQM• Six Sigma• COSO• Deming• etc..
Process Frameworks• ITIL®
• Application Service Library • Gartner CSD• IBM Processes• EDS Digital Workflow • Microsoft MOF• Telecom Ops Map• etc..
April 18, 2023 Copyright © 2008 CA
ITIL® v2 to v3
Planning To Implement Service Management
Service Management
ServiceSupport
ServiceDelivery
The
Business
The Business
Perspective
Application Management
ICTInfrastructureManagement
The
Technology
Security Management
Introduction to ITIL
Software Asset Management
Small-Scale Implementation
April 18, 2023 Copyright © 2008 CA
CMDB
IncidentsProblems
Known Errors Changes Releases
MonitoringTools
Incidents
Incidents
ChangeManagement
ReleaseManagement
Release scheduleRelease statisticsRelease reviewsSecure library’Testing standardsAudit reports
ConfigurationManagement
ProblemManagement
IncidentManagement
Customer Survey reports
CommunicationsUpdates
Work-arounds
Releases
DifficultiesQueries
Enquiries
CMDB reportsCMDB statisticsPolicy standardsAudit reports
Change scheduleCAB minutesChange statisticsChange reviewsAudit reports
Problem statisticsProblem reportsProblem reviewsDiagnostic aidsAudit reports
Service reportsIncident statisticsAudit reports
Changes
ClsRelationships
Service Desk
Customer Surveyreports
The Business, Customers or Users
ITIL® v2 Service Support Model
April 18, 2023 Copyright © 2008 CA
ITIL® V2 Service Delivery ModelBusiness, Customers and Users
QueriesEnquiries
Service LevelManagement
AvailabilityManagement
CapacityManagement
FinancialManagement
For IT Services
IT ServiceContinuity
Management
CommunicationsUpdatesReports
RequirementsTargets
Achievements
SLAs, SLRs OLAsService reportsService catalogueSIPException reportsAudit reports
IT continuity plansBIS and risk analysisRequirements definedControl centersDR contractsReportsAudit reports
Financial planTypes and modelsCosts and chargesReportsBudgets and forecastsAudit reports
Capacity planCDVTargets/thresholdsCapacity reportsSchedulesAudit reports
Availability planAMDBDesign criteriaTargets/ThresholdsReportsAudit reports
Alerts and ExceptionsChanges
ManagementTools
April 18, 2023 Copyright © 2008 CA
IT Governance and ITIL® Version 3
April 18, 2023 Copyright © 2008 CA
Service Strategies
> Service Strategy Process Strategy Generation
IT Financial Management
Service Portfolio Management
Demand Management
> Organizational Development & Design
> Implementing Service Strategy
April 18, 2023 Copyright © 2008 CA
Service DesignService Management Blueprint
> Service Design Principles
> Service Design Process Service Portfolio Design Service Catalogue Mgmt Service Level Mgmt Capacity Mgmt Availability Mgmt Service Continuity Mgmt Information Security Mgmt Supplier Mgmt
> Service Design Technology
> Service Design Implementation
April 18, 2023 Copyright © 2008 CA
Service Transition
> Service Transition Principles
> Service Transition Process Change Management Service Asset &
Configuration Mgmt Knowledge Management Service Release Planning Performance and Risk
evaluation Acquire Assets, Build and
Test Release Service Release
Acceptance Test and Pilot Deployment,
Decommission and Transfer
April 18, 2023 Copyright © 2008 CA
Service Operation
> Service Operation Principles
> Service Operation Process Event Management Incident Management Request Fulfillment Problem Management Access Management
> Common Service Operation Activities IT Operations (Console, Job
Scheduling etc.) Mainframe Support Server Mgmt and Support Desktop Support, Middleware Mgmt,
Internet/Web Mgmt Application Mgmt Activities
> IT Security
> Organization Service Operation Service Desk Technical Management IT Operations Management Application Management Service
Design Implementation
April 18, 2023 Copyright © 2008 CA
Continual Service Improvement
> Continual Service Improvement Principles
> Continual Service Improvement Process
Measurement and Control
Service Measurement
Service Assessment and Analysis
Service Level Management
> Organizing for Service Continual Improvement
April 18, 2023 Copyright © 2008 CA
Improvement actions & plans
Continual Service Improvement
Service Operation
Operational servicesOperational Plans
Service Transition
Transition PlansTested solutions
SMKS
Service Design
SolutionDesigns
ArchitecturesStandards
SDPs
Ser
vice
Po
rtfo
lioS
ervi
ce C
atal
og
ue
The Business / Customers
Service Strategy
StrategiesPolicies
Resource and constraints
Objectives from Requirements
Requirements
IT Governance
(New Product Development, Project Mgmt,
Resource Mgmt, Financial Mgmt,
and Demand Mgmt)
IT Governance
(New Product Development, Project Mgmt,
Resource Mgmt, Financial Mgmt,
and Demand Mgmt)
IT Governance
(Demand, Risk & Control, Service Portfolio,
Project Financial Mgmt, Business Relationship Mgmt,
and Process Management)
IT Governance
(Demand, Risk & Control, Service Portfolio,
Project Financial Mgmt, Business Relationship Mgmt,
and Process Management)
IT Governance
(Demand, Resource, Process Mgmt,
and Project Mgmt)
IT Governance
(Demand, Resource, Process Mgmt,
and Project Mgmt)
IT Governance
(Resource Mgmt, Project Mgmt,
and Process Management)
IT Governance
(Resource Mgmt, Project Mgmt,
and Process Management)
IT Governance
(Process Mgmt,
Project Mgmt, and
Bus Relationship Mgmt)
IT Governance
(Process Mgmt,
Project Mgmt, and
Bus Relationship Mgmt)
April 18, 2023 Copyright © 2008 CA
COBIT®
IT OPERATIONS
Audit Models
Quality Systems & Mgmt. Frameworks
Service M
gm
t.
Ap
p. D
ev. (SD
LC
)
Pro
ject Mg
mt.
IT P
lann
ing
IT S
ecurity
Qu
ality System
IT Governance Model
COSO
ISO17799
PMIPMBOK
PRINCE2
ISO
SixSigma
TSOIS
Strategy
ASL
CMMi
Sarbanes- Oxley
US Securities & Exchange Commission
ITIL®
BS 15000
ISO 20000
April 18, 2023 Copyright © 2008 CA
COBIT® (Control Objectives for IT)
> Focused on IT Standards and Audit, COBIT® is jointly “owned/maintained” by ITGI and ISACA (Information Systems Audit and Control Association)
> Based on over 40 International standards
> Supported by over 150 IT Governance Chapters
– www.itgi.org
– www.isaca.org
Best Practices:Industry and CA best practices are applied to all of our solutions to maximize standardization and quality
April 18, 2023 Copyright © 2008 CA
The COBIT® Cube
4 Domains
34 Processes
318 Control Objectives
(Business Requirements)
____
215 in COBIT® 4.0
April 18, 2023 Copyright © 2008 CA
Delivery & Support(DS Process Domain)
Delivery & Support(DS Process Domain)
Monitoring(M Process Domain)Monitoring
(M Process Domain)
Acquisition & Implementation(AI Process Domain)
Acquisition & Implementation(AI Process Domain)
Planning & Organization(PO Process Domain)
Planning & Organization(PO Process Domain)
COBIT® Domains - Summary
April 18, 2023 Copyright © 2008 CA
How to Make IT a Reality?
Key Success Factors
Theory – ITIL® / COBIT® / etc.Theory – ITIL® / COBIT® / etc.
Guidelines for Best Practices Provides the theory but not
always defines the process Education is an important
component
Guidelines for Best Practices Provides the theory but not
always defines the process Education is an important
component
Technology – CA and othersTechnology – CA and others
Provide the technology that enables & automates the process
Repeatability, compliance & notifications
Implement processes impossible without technology
Provide the technology that enables & automates the process
Repeatability, compliance & notifications
Implement processes impossible without technology
Process Process
Convert theory to process that is applicable to the unique needs of the organization
Training & Education Tool configuration
Convert theory to process that is applicable to the unique needs of the organization
Training & Education Tool configuration
April 18, 2023 Copyright © 2008 CA
Customer maturity isolates appropriate transition point, blueprint & ROI
Define Policy In Network Scanner
Discover Assets
Define Standard Builds
NetworkScan Group (scheduled)
Attack & Penetration Performed
Level 1
Ensure Backup of Critical Assets
New Asset?
YES
NO
Agent Based Scanning Initiated
Re-Test Notification to User
Population
Systems configuration changed and
rebooted
Verification - Rescan
Patch Needed?
Patches sent to Vulnerability Management
Group
NO
YES
Config.Change Needed?
NO
YES
Patch Available?
NO
Patch Tested?
NO
Document problems with incident ticket
YES YES
Requestfor
Change
Initiate Change Order and
complete Business Impact Analysis
YES
Level 2
NewIncidents
Detect Vulnerabilities
Assess Business Impact
Assign Priority
Fixed?
Document Post Scan Results
Audit Asset
Generate Report
UpdateCMDB
YES
NO
Software Delivery
YES
Restore ImageDocument
problems with incident ticket
NO
Level 3
IDSSecurityIncident
Computer Incident Response TeamInvestigation In
Progress
Security To Incident
Resolution
Vulnerability Identified?
YES
NO
Acceptable Use ViolationDenial Of ServiceInformation TheftProbeSocial EngineeringUnauthorized UseResource Modification
Level 4
Integrated SecurityEvent Priortization
Manual Process To Remove
Vulnerabiliteis
Network ScanPenetration Test
QuantitativeMetrics
Manual Process To Remove
Vulnerabiliteis
Making IT Easier4-Business-Driven
3-Responsive
2-Efficient
1-Active
Ability toshare yourIT resourcesthroughoutthe supplychain anddynamicallyreallocateresourcesbased uponchangingbusiness needs
Ability tomanageservice levelsand providethe services that areimportant tothe business
Ability toautomateresponses,streamlineprocesses,consolidateresources
Ability torespond toproblemsand faults
ROIROI
ROI
4-Business-Driven
3-Responsive
2-Efficient
1-Active
Ability toshare yourIT resourcesthroughoutthe supplychain anddynamicallyreallocateresourcesbased uponchangingbusiness needs
Ability tomanageservice levelsand providethe services that areimportant tothe business
Ability toautomateresponses,streamlineprocesses,consolidateresources
Ability torespond toproblemsand faults
ROIROI
ROI
Define Policy In Network Scanner
Discover Assets
Define Standard Builds
NetworkScan Group (scheduled)
Attack & Penetration Performed
Level 1
Ensure Backup of Critical Assets
New Asset?
YES
NO
Agent Based Scanning Initiated
Re-Test Notification to User
Population
Systems configuration changed and
rebooted
Verification - Rescan
Patch Needed?
Patches sent to Vulnerability Management
Group
NO
YES
Config.Change Needed?
NO
YES
Patch Available?
NO
Patch Tested?
NO
Document problems with incident ticket
YES YES
Requestfor
Change
Initiate Change Order and
complete Business Impact Analysis
YES
Level 2
NewIncidents
Detect Vulnerabilities
Assess Business Impact
Assign Priority
Fixed?
Document Post Scan Results
Audit Asset
Generate Report
YES
NO
Software Delivery
YES
Restore ImageDocument
problems with incident ticket
NO
Level 3
Manual Process To Remove
Vulnerabiliteis
Network ScanPenetration Test
Manual Process To Remove
Vulnerabiliteis
Define Policy In Network Scanner
Discover Assets
Define Standard Builds
NetworkScan Group (scheduled)
Attack & Penetration Performed
Level 1
Ensure Backup of Critical Assets
New Asset?
YES
NO
Agent Based Scanning Initiated
Re-Test Notification to User
Population
Systems configuration changed and
rebooted
Verification - Rescan
Patch Needed?
Patches sent to Vulnerability Management
Group
NO
YES
Config.Change Needed?
NO
YES
Patch Available?
NO
Patch Tested?
NO
Document problems with incident ticket
YES YES
Requestfor
Change
Initiate Change Order and
complete Business Impact Analysis
YES
Level 2
NewIncidents
Detect Vulnerabilities
Assess Business Impact
Assign Priority
Fixed?
YES
NO
Restore Image
Manual Process To Remove
Vulnerabiliteis
Manual Process To Remove
Vulnerabiliteis
April 18, 2023 Copyright © 2008 CA
Tools to Aid Success
CISOIncident Manager
IT Operations Manager
Customer / Partner
Business Manager
Facilities Security Manager
Application Manager
EmployeeCustomer Relationship
Manager
HR
NewHire
User BuildingAccess
Provisioned Automatically
Approve Access
Identity verified &Entered in HR
New Hire Has Access to Business
Applications
CustomerDefined
Incldent Opened (ifrequired by policy)
Authorized Customer /Partner
Employees haveAccess
Customer/PartnerChanges Business
Relationshipe.g. Buys New
Product/ServiceDelegated
Request Change inApplication Access
Request Change inApplication Access
for New ProjectWorkflow Approval
Change inApplication Access
Access NewApp Resource Access New
App Resource
Customer/PartnerForgets Password
Use NewPassword
Self-serveReset Password
Use NewPassword
Customer/PartnerUser No LongerNeeds Access Employee
Terminated/Retired
Employee removedfrom HR System
DelegatedRequest removal
of Access
AutomaticallyProvide List
of Employeesfrom HR System
User EntitlementsExceptions Report
Generated Automatically
Periodic Security Audit
Scheduled
AutomatedSynchronization
Process Compares Authoritative User & Role
List with LAN & AppUser accounts
Excess Entitlements /
Accounts?
[N]
Workflow toRequest
Remediation
[Y]
New App
Develop/AcquireApp
Produce OperationsManual for App
Customeraccess
removedEmployee
accessremoved
AuditReports
Completed
IncidentClosed
Obtain LAN/AppID & Passwords
User AccessReviewed /
Set-upIncident Closed
IncidentOpened
UserAccess
ChangedIncidentClosed
Self-serveSet New Password
IncidentClosed
Incident OpenedPassword Reset
Define Policies & Stds for IDProvisioning,
and Reporting
Define CorporateIdentity Directory
Entitlement Mgt, &Security Web Services
Define ID andPassword Stds
Workflow forSecurity Review
of Application
Validate App UsingDirectory Services
Define IAM Policies,Processes,
Workflows & Owners
Integration with ProductionDirectory & Security
Web Svcs
ManageApplication Security
IncidentOpened
ID AllocatedAutomatically
Periodic PolicyReview
New Customer
(or Partner)
Development Manager
Identity andAccess
AutomaticallyProvisioned to- LAN, - Email,
- Corporate Directory,
- AuthenticationTechnology,
- Security WebServices,- Security
Infrastructure,- Business Apps
- ExternalFederated Services
Define Role MgtStds
Validate App With Role Stds
User AccessEnabled
Automatically
Approve Access
AutomatedProcess to
Deprovision Userfrom Systems/Apps
User DeprovisionedIncident Closed
Incident OpenedAutomatedProcess to
Deprovision Userfrom Facilities
Access
Customer Entered in Customer/Partner
Relationship System
Define FederatedTrust Stds
Obtain Authoritative List ofAll Users/Roles Automatically
Delegated User
Creation
CMDB ChangeImpacting App deployment,
Ownership, Access etc
Reviewcurrent reports
Customer/Partner
EmployeeEnters Data
Via Self-ServeRegister
SPML Request
FromCustomer/
Partner
Validate App withProvisioning System
Validate App withID / Passwd Stds
Validate with SPML
Solution Sheets
Transitional MaturityROI Tool
Process Model
Profilers
4-Business-Driven
3-Responsive
2-Efficient
1-Active
Ability toshare yourIT resourcesthroughoutthe supplychain anddynamicallyreallocateresourcesbased uponchangingbusiness needs
Ability tomanageservice levelsand providethe services that areimportant tothe business
Ability toautomateresponses,streamlineprocesses,consolidateresources
Ability torespond toproblemsand faults
ROIROI
ROI
4-Business-Driven
3-Responsive
2-Efficient
1-Active
Ability toshare yourIT resourcesthroughoutthe supplychain anddynamicallyreallocateresourcesbased uponchangingbusiness needs
Ability tomanageservice levelsand providethe services that areimportant tothe business
Ability toautomateresponses,streamlineprocesses,consolidateresources
Ability torespond toproblemsand faults
ROIROI
ROI
Maturity Model
Blueprints
Assessments
0
Service Support
Service Delivery
Infrastructure MgmtApplication Mgmt
Implementing IT Svc Mgmt
Importance Capability
0
Service Support
Service Delivery
Infrastructure MgmtApplication Mgmt
Implementing IT Svc Mgmt
Importance Capability
Business-DrivenEfficient
• Dedicated Security Staff
• CISSP Training
• Security Awareness Training
• Certified Security Staff
• Security Awareness Training (IT, HR, Dev)
• Certified Security & IT Ops Staff
• Security Awareness Training (IT, HR, Dev)
• Staff trained in Threat Detection
• End User technology training in Anti-Spam prevention
Ser
vic
es a
nd
So
luti
on
sT
ech
nic
al C
apab
iliti
esO
rgan
izat
ion
al
Ch
ara
cter
isti
cs
Attack andPenetration
Testing
Basic SecurityPolicy
ResponsiveActive
Anti-VirusScanning
Identify & ClassifyAssets
Manual LoadOS Patches
Backup/Recovery
Business ImpactAnalysis
DevelopedStandard OSConfiguration
Integrated VMAnd Helpdesk
Agent-basedVulnerabilityManagement
Agent-basedConfigurationManagement
BusinessImpact Correlation
& Reporting
Integrated Forensics
Investigation
Compliance Management &
Reporting
IT GovernanceManagement
SecurityRoad Map
Assessment
eTrust VMService
Security Policies&
Procedures
CISSP TrainingAttack &
PenetrationAssessment
VulnerabilityAssessment
CERTTraining
ITIL TrainingeTrust VM
Service
BusinessCorrelation Rule
Development
Policy and Process
Monitoring
SecurityBusiness PortalDevelopment
ComplianceOriented
Architecture
Incident ResponseProgram
Development
ForensicInvestigation
Training
PeriodicVulnerabilityAssessments
Technology Design, Implementation,and Integration Services
(AV, VM, etc.)
Technology, Design, Implementation& Integration Services
(VM, Backup/Recovery, Service Desk, etc.)
Identify & ClassifyAssets
Tracking ofVulnerability
Activities
CERT & IncidentResolutionProcess
Tracking of Threat&
Forensics Events
BCP/DRManagement
ITIL Compliant ITOperations
Process
AutomatedSoftware Distribution
Patch Process
ComplianceManagement &
Reporting
Security Roadmap& Strategy
Development
Attack &PenetrationAssessment
ISO17799Program
Development
SecurityStandards
Development
ComplianceArchitectureDevelopment
Anti-SpywareMalwareSolutions
Technology, Design, Implementation& Integration Services
(Audit, SCC, Forensics, SCM, IDS, Pest Patrol.)
ConfigurationManagement
Process
Technology, Design, Implementation& Integration Services
(Compliance Oriented Architecture.)
Audit CollectorsIntegrated
Security Event Prioritization
Business-DrivenBusiness-DrivenEfficient Efficient
• Dedicated Security Staff
• CISSP Training
• Security Awareness Training
• Certified Security Staff
• Security Awareness Training (IT, HR, Dev)
• Certified Security & IT Ops Staff
• Security Awareness Training (IT, HR, Dev)
• Staff trained in Threat Detection
• End User technology training in Anti-Spam prevention
Ser
vic
es a
nd
So
luti
on
sT
ech
nic
al C
apab
iliti
esO
rgan
izat
ion
al
Ch
ara
cter
isti
cs
Attack andPenetration
Testing
Basic SecurityPolicy
ResponsiveActive
Anti-VirusScanning
Identify & ClassifyAssets
Manual LoadOS Patches
Backup/Recovery
Business ImpactAnalysis
DevelopedStandard OSConfiguration
Integrated VMAnd Helpdesk
Agent-basedVulnerabilityManagement
Agent-basedConfigurationManagement
BusinessImpact Correlation
& Reporting
Integrated Forensics
Investigation
Compliance Management &
Reporting
IT GovernanceManagement
SecurityRoad Map
Assessment
eTrust VMService
Security Policies&
Procedures
CISSP TrainingAttack &
PenetrationAssessment
VulnerabilityAssessment
CERTTraining
ITIL TrainingeTrust VM
Service
BusinessCorrelation Rule
Development
Policy and Process
Monitoring
SecurityBusiness PortalDevelopment
ComplianceOriented
Architecture
Incident ResponseProgram
Development
ForensicInvestigation
Training
PeriodicVulnerabilityAssessments
Technology Design, Implementation,and Integration Services
(AV, VM, etc.)
Technology, Design, Implementation& Integration Services
(VM, Backup/Recovery, Service Desk, etc.)
Identify & ClassifyAssets
Tracking ofVulnerability
Activities
CERT & IncidentResolutionProcess
Tracking of Threat&
Forensics Events
BCP/DRManagement
ITIL Compliant ITOperations
Process
AutomatedSoftware Distribution
Patch Process
ComplianceManagement &
Reporting
Security Roadmap& Strategy
Development
Attack &PenetrationAssessment
ISO17799Program
Development
SecurityStandards
Development
ComplianceArchitectureDevelopment
Anti-SpywareMalwareSolutions
Technology, Design, Implementation& Integration Services
(Audit, SCC, Forensics, SCM, IDS, Pest Patrol.)
ConfigurationManagement
Process
Technology, Design, Implementation& Integration Services
(Compliance Oriented Architecture.)
Audit CollectorsIntegrated
Security Event Prioritization
April 18, 2023 Copyright © 2008 CA
Governance: Meeting Customer Needs Leveraging Best Practices
Best Practices:Industry and CA best practices are applied to all of our solutions to maximize standardization and quality
Best Practices: ITIL®, COBIT®, COSO, ITAM, ITSM, Six Sigma, etc.
April 18, 2023 Copyright © 2008 CA
The Result Business-IT Integration
ITBusiness
IT Governance – Leveraging ITIL® v2/v3 for Governance SuccessGreg Charles, Ph.D.VP and Senior Advisor, Western U.S. ITIL, Governance & Best Practices Lead,Global Customer Success GroupCA, Inc.
May 2008