| |
| |
Preface | |
| |
| |
| |
It Governance Concepts | |
| |
| |
| |
Importance of IT Governance for All Enterprises | |
| |
| |
| |
Fundamental Governance Concepts and Sarbanes-Oxley Rules | |
| |
| |
Sarbanes-Oxley Act | |
| |
| |
Other SOx Rules-Title II: Auditor Independence | |
| |
| |
SOx Title III: Corporate Responsibility | |
| |
| |
Title IV: Enhanced Financial Disclosures | |
| |
| |
What Is IT Governance? | |
| |
| |
Notes | |
| |
| |
| |
Enterprise Governance and GRC Tools | |
| |
| |
The Road to Effective GRC Principles | |
| |
| |
Importance of GRC Governance | |
| |
| |
Risk Management Component of GRC | |
| |
| |
GRC and Enterprise Compliance | |
| |
| |
Importance of Effective GRC Practices and Principles | |
| |
| |
| |
Frameworks to Support Effective it Governance | |
| |
| |
| |
IT Governance and COSO Internal Controls | |
| |
| |
Importance of Effective Internal Controls and COSO | |
| |
| |
COSO Internal Control Systems Monitoring Guidance | |
| |
| |
Wrapping It Up: Importance of COSO Internal Controls | |
| |
| |
Notes | |
| |
| |
| |
COBIT and the IT Governance Institute | |
| |
| |
An Executive's Introduction to COBIT | |
| |
| |
The COBIT Framework and Its Drivers | |
| |
| |
COBIT Principle 1: Establish an Integrated IT Architecture Framework | |
| |
| |
COBIT Principle 2: Stakeholder Value Drivers | |
| |
| |
COBIT Principle 3: Focus on Business Context | |
| |
| |
COBIT Principle 4: Governance and Risk Management Enablers | |
| |
| |
COBIT Principle 5: Governance and Management Performance Measurement Structures | |
| |
| |
Putting It Together: Matching COBIT Processes and IT Goals | |
| |
| |
Using COBIT in a SOx Environment | |
| |
| |
COBIT in Perspective | |
| |
| |
Notes | |
| |
| |
| |
ITIL and IT Service Management Guidance | |
| |
| |
ITIL Fundamentals | |
| |
| |
ITIL Service Strategy Components | |
| |
| |
ITIL Service Design | |
| |
| |
ITIL Service Transition Management Processes | |
| |
| |
ITIL Service Operation Processes | |
| |
| |
IT Governance and ITIL Service Delivery Best Practices | |
| |
| |
Note | |
| |
| |
| |
IT Governance Standards: ISO 9001, 27002, and 38500 | |
| |
| |
ISO Standards Background | |
| |
| |
ISO 9000 Quality Management Standards | |
| |
| |
ISO IT Security Standards: ISO 27002 and 27001 | |
| |
| |
ISO 38500 IT Governance Standard | |
| |
| |
Notes | |
| |
| |
| |
IT Governance Issues: Risk Management, COSO ERM, and OCEG Guidance | |
| |
| |
Risk Management Fundamentals | |
| |
| |
COSO ERM Definitions and Objectives: A Portfolio View of Risk | |
| |
| |
COSO ERM Framework | |
| |
| |
Other Dimensions of the COSO ERM Framework | |
| |
| |
The OCEG GRC "Red Book," Risk Management, and IT Governance | |
| |
| |
Notes | |
| |
| |
| |
Tools and Technologies to Manage the it Governance Infrastructure | |
| |
| |
| |
Cloud Computing, Virtualization, and Portable, Mobility Computing | |
| |
| |
Understanding Cloud Computing | |
| |
| |
IT Systems and Storage Management Virtualization | |
| |
| |
Smartphone and Handheld IT Device Governance Issues | |
| |
| |
Note | |
| |
| |
| |
Governance, IT Security, and Continuity Management | |
| |
| |
Importance of an Effective IT Security Environment | |
| |
| |
Enterprise IT Security Principles: Generally Accepted Security Standards | |
| |
| |
Importance of an Effective, Enterprise-Wide Security Strategy | |
| |
| |
IT Continuity Planning | |
| |
| |
The Business Continuity Plan and IT Governance | |
| |
| |
Notes | |
| |
| |
| |
PCI DSS Standards and Other IT Governance Rules | |
| |
| |
PCI DSS Background and Standards | |
| |
| |
Gramm-Leach-Bliley Act IT Governance Rules | |
| |
| |
HIPAA: Health Care and Much More | |
| |
| |
Notes | |
| |
| |
| |
IT Service Catalogs: Realizing Greater Value from IT Operations | |
| |
| |
Importance of IT Service Catalogs | |
| |
| |
Role of a Service Catalog in the IT Service Provider Organization | |
| |
| |
An IT Service Catalog's Content and Features | |
| |
| |
IT Service Catalog Management | |
| |
| |
| |
Building and Monitoring Effective it Governance Systems | |
| |
| |
| |
Importance of IT Service-Oriented Architecture for IT Governance Systems | |
| |
| |
SOA Applications and Service-Driven IT Applications | |
| |
| |
SOA Governance, Internal Control Issues, and Risks | |
| |
| |
Planning and Building an SOA Implementation Blueprint | |
| |
| |
SOA and IT Governance | |
| |
| |
Notes | |
| |
| |
| |
IT Configuration and IT Portfolio Management | |
| |
| |
IT Configuration Management Concepts | |
| |
| |
ITIL Best Practices for IT Configuration Management | |
| |
| |
The Configuration Management Database: An Often Difficult Concept | |
| |
| |
Establishing an Enterprise CMDB | |
| |
| |
IT Portfolio Management | |
| |
| |
| |
Application Systems Implementations and IT Governance | |
| |
| |
The Systems Development Life Cycle: A Basic Application Development Technique | |
| |
| |
IT Rapid Development Processes: Prototyping | |
| |
| |
Enterprise Resource Planning and IT Governance Processes | |
| |
| |
| |
IT Governance Issues: Project and Program Management | |
| |
| |
The Project Management Process | |
| |
| |
PMBOK Standards | |
| |
| |
Another Project Management Standard: PRINCE2 | |
| |
| |
IT Systems Portfolio and Program Management | |
| |
| |
The Program Management Office (PMO), a Strong Governance Resource | |
| |
| |
Project Management, the PMO, and IT Governance | |
| |
| |
Note | |
| |
| |
| |
Service Level Agreements, itSMF, Val IT, and Maximizing IT Investments | |
| |
| |
ITIL Service Management Best Practices and the itSMF | |
| |
| |
Open Compliance and Ethics Group (OCEG) Standards | |
| |
| |
Val IT: Enhancing the Value of IT Investments | |
| |
| |
Notes | |
| |
| |
| |
Monitoring and Measuring Enterprise Management and Board Governance | |
| |
| |
| |
Enterprise Content Management | |
| |
| |
ECM Characteristics and Key Components in the Enterprise Today | |
| |
| |
ECM Processes and IT Governance | |
| |
| |
Creating an Effective ECM Environment in the Enterprise | |
| |
| |
| |
Internal Audit's Governance Role | |
| |
| |
Internal Auditing History and Background | |
| |
| |
Internal Auditing and the IT Auditor | |
| |
| |
Internal Audit's IT Governance Activities and Responsibilities | |
| |
| |
Internal Audit IT Governance Standards | |
| |
| |
Internal Audit IT Governance Procedures | |
| |
| |
Note | |
| |
| |
| |
It Governance and Enterprise Objectives | |
| |
| |
| |
Creating and Sustaining an Ethical Workplace Culture | |
| |
| |
Importance of Mission Statements | |
| |
| |
Enterprise Codes of Conduct | |
| |
| |
Whistleblower and Hotline Functions | |
| |
| |
Launching an Ethics Program and Improving Enterprise Governance Practices | |
| |
| |
Note | |
| |
| |
| |
Impact of Social Media Computing | |
| |
| |
What Is Social Media Computing? | |
| |
| |
Social Media Examples | |
| |
| |
Enterprise Social Media Computing Risks and Vulnerabilities | |
| |
| |
Social Media Policies | |
| |
| |
Notes | |
| |
| |
| |
IT Governance and the Audit Committee's IT Role | |
| |
| |
The Enterprise Audit Committee and IT Governance | |
| |
| |
Audit Committee IT Governance Responsibilities | |
| |
| |
Audit Committee Briefings and IT Governance Issues | |
| |
| |
About the Author | |
| |
| |
Index | |