| |
| |
| Preface | |
| |
| |
| |
| It Governance Concepts | |
| |
| |
| |
| Importance of IT Governance for All Enterprises | |
| |
| |
| |
| Fundamental Governance Concepts and Sarbanes-Oxley Rules | |
| |
| |
| Sarbanes-Oxley Act | |
| |
| |
| Other SOx Rules-Title II: Auditor Independence | |
| |
| |
| SOx Title III: Corporate Responsibility | |
| |
| |
| Title IV: Enhanced Financial Disclosures | |
| |
| |
| What Is IT Governance? | |
| |
| |
| Notes | |
| |
| |
| |
| Enterprise Governance and GRC Tools | |
| |
| |
| The Road to Effective GRC Principles | |
| |
| |
| Importance of GRC Governance | |
| |
| |
| Risk Management Component of GRC | |
| |
| |
| GRC and Enterprise Compliance | |
| |
| |
| Importance of Effective GRC Practices and Principles | |
| |
| |
| |
| Frameworks to Support Effective it Governance | |
| |
| |
| |
| IT Governance and COSO Internal Controls | |
| |
| |
| Importance of Effective Internal Controls and COSO | |
| |
| |
| COSO Internal Control Systems Monitoring Guidance | |
| |
| |
| Wrapping It Up: Importance of COSO Internal Controls | |
| |
| |
| Notes | |
| |
| |
| |
| COBIT and the IT Governance Institute | |
| |
| |
| An Executive's Introduction to COBIT | |
| |
| |
| The COBIT Framework and Its Drivers | |
| |
| |
| COBIT Principle 1: Establish an Integrated IT Architecture Framework | |
| |
| |
| COBIT Principle 2: Stakeholder Value Drivers | |
| |
| |
| COBIT Principle 3: Focus on Business Context | |
| |
| |
| COBIT Principle 4: Governance and Risk Management Enablers | |
| |
| |
| COBIT Principle 5: Governance and Management Performance Measurement Structures | |
| |
| |
| Putting It Together: Matching COBIT Processes and IT Goals | |
| |
| |
| Using COBIT in a SOx Environment | |
| |
| |
| COBIT in Perspective | |
| |
| |
| Notes | |
| |
| |
| |
| ITIL and IT Service Management Guidance | |
| |
| |
| ITIL Fundamentals | |
| |
| |
| ITIL Service Strategy Components | |
| |
| |
| ITIL Service Design | |
| |
| |
| ITIL Service Transition Management Processes | |
| |
| |
| ITIL Service Operation Processes | |
| |
| |
| IT Governance and ITIL Service Delivery Best Practices | |
| |
| |
| Note | |
| |
| |
| |
| IT Governance Standards: ISO 9001, 27002, and 38500 | |
| |
| |
| ISO Standards Background | |
| |
| |
| ISO 9000 Quality Management Standards | |
| |
| |
| ISO IT Security Standards: ISO 27002 and 27001 | |
| |
| |
| ISO 38500 IT Governance Standard | |
| |
| |
| Notes | |
| |
| |
| |
| IT Governance Issues: Risk Management, COSO ERM, and OCEG Guidance | |
| |
| |
| Risk Management Fundamentals | |
| |
| |
| COSO ERM Definitions and Objectives: A Portfolio View of Risk | |
| |
| |
| COSO ERM Framework | |
| |
| |
| Other Dimensions of the COSO ERM Framework | |
| |
| |
| The OCEG GRC "Red Book," Risk Management, and IT Governance | |
| |
| |
| Notes | |
| |
| |
| |
| Tools and Technologies to Manage the it Governance Infrastructure | |
| |
| |
| |
| Cloud Computing, Virtualization, and Portable, Mobility Computing | |
| |
| |
| Understanding Cloud Computing | |
| |
| |
| IT Systems and Storage Management Virtualization | |
| |
| |
| Smartphone and Handheld IT Device Governance Issues | |
| |
| |
| Note | |
| |
| |
| |
| Governance, IT Security, and Continuity Management | |
| |
| |
| Importance of an Effective IT Security Environment | |
| |
| |
| Enterprise IT Security Principles: Generally Accepted Security Standards | |
| |
| |
| Importance of an Effective, Enterprise-Wide Security Strategy | |
| |
| |
| IT Continuity Planning | |
| |
| |
| The Business Continuity Plan and IT Governance | |
| |
| |
| Notes | |
| |
| |
| |
| PCI DSS Standards and Other IT Governance Rules | |
| |
| |
| PCI DSS Background and Standards | |
| |
| |
| Gramm-Leach-Bliley Act IT Governance Rules | |
| |
| |
| HIPAA: Health Care and Much More | |
| |
| |
| Notes | |
| |
| |
| |
| IT Service Catalogs: Realizing Greater Value from IT Operations | |
| |
| |
| Importance of IT Service Catalogs | |
| |
| |
| Role of a Service Catalog in the IT Service Provider Organization | |
| |
| |
| An IT Service Catalog's Content and Features | |
| |
| |
| IT Service Catalog Management | |
| |
| |
| |
| Building and Monitoring Effective it Governance Systems | |
| |
| |
| |
| Importance of IT Service-Oriented Architecture for IT Governance Systems | |
| |
| |
| SOA Applications and Service-Driven IT Applications | |
| |
| |
| SOA Governance, Internal Control Issues, and Risks | |
| |
| |
| Planning and Building an SOA Implementation Blueprint | |
| |
| |
| SOA and IT Governance | |
| |
| |
| Notes | |
| |
| |
| |
| IT Configuration and IT Portfolio Management | |
| |
| |
| IT Configuration Management Concepts | |
| |
| |
| ITIL Best Practices for IT Configuration Management | |
| |
| |
| The Configuration Management Database: An Often Difficult Concept | |
| |
| |
| Establishing an Enterprise CMDB | |
| |
| |
| IT Portfolio Management | |
| |
| |
| |
| Application Systems Implementations and IT Governance | |
| |
| |
| The Systems Development Life Cycle: A Basic Application Development Technique | |
| |
| |
| IT Rapid Development Processes: Prototyping | |
| |
| |
| Enterprise Resource Planning and IT Governance Processes | |
| |
| |
| |
| IT Governance Issues: Project and Program Management | |
| |
| |
| The Project Management Process | |
| |
| |
| PMBOK Standards | |
| |
| |
| Another Project Management Standard: PRINCE2 | |
| |
| |
| IT Systems Portfolio and Program Management | |
| |
| |
| The Program Management Office (PMO), a Strong Governance Resource | |
| |
| |
| Project Management, the PMO, and IT Governance | |
| |
| |
| Note | |
| |
| |
| |
| Service Level Agreements, itSMF, Val IT, and Maximizing IT Investments | |
| |
| |
| ITIL Service Management Best Practices and the itSMF | |
| |
| |
| Open Compliance and Ethics Group (OCEG) Standards | |
| |
| |
| Val IT: Enhancing the Value of IT Investments | |
| |
| |
| Notes | |
| |
| |
| |
| Monitoring and Measuring Enterprise Management and Board Governance | |
| |
| |
| |
| Enterprise Content Management | |
| |
| |
| ECM Characteristics and Key Components in the Enterprise Today | |
| |
| |
| ECM Processes and IT Governance | |
| |
| |
| Creating an Effective ECM Environment in the Enterprise | |
| |
| |
| |
| Internal Audit's Governance Role | |
| |
| |
| Internal Auditing History and Background | |
| |
| |
| Internal Auditing and the IT Auditor | |
| |
| |
| Internal Audit's IT Governance Activities and Responsibilities | |
| |
| |
| Internal Audit IT Governance Standards | |
| |
| |
| Internal Audit IT Governance Procedures | |
| |
| |
| Note | |
| |
| |
| |
| It Governance and Enterprise Objectives | |
| |
| |
| |
| Creating and Sustaining an Ethical Workplace Culture | |
| |
| |
| Importance of Mission Statements | |
| |
| |
| Enterprise Codes of Conduct | |
| |
| |
| Whistleblower and Hotline Functions | |
| |
| |
| Launching an Ethics Program and Improving Enterprise Governance Practices | |
| |
| |
| Note | |
| |
| |
| |
| Impact of Social Media Computing | |
| |
| |
| What Is Social Media Computing? | |
| |
| |
| Social Media Examples | |
| |
| |
| Enterprise Social Media Computing Risks and Vulnerabilities | |
| |
| |
| Social Media Policies | |
| |
| |
| Notes | |
| |
| |
| |
| IT Governance and the Audit Committee's IT Role | |
| |
| |
| The Enterprise Audit Committee and IT Governance | |
| |
| |
| Audit Committee IT Governance Responsibilities | |
| |
| |
| Audit Committee Briefings and IT Governance Issues | |
| |
| |
| About the Author | |
| |
| |
| Index | |