Information Technology Reference
In-Depth Information
ITIL is a best-practice set of guidelines for operational control.
Because of the level of detail in the ITIL, it can produce revolution-
ary change—with all of the benefits and costs that entails. Without
strong management commitment, care in training and specifying
each ITIL process, and planning for a three- to five-year implemen-
tation effort, this methodology can be a bit hard to handle. As a
living document, the ITIL continues to evolve to meet new chal-
lenges that follow emergent technology standards and options and
is widely used in large enterprises such as governmental and multi-
national corporations.
• Control Objectives for Information Technology (CobIT).
This
detailed governance model produced by the Information Systems
Audit and Control Association (ISACA) grew from an audit and
control methodology and is also widely recognized, with a strong
community supporting its continued evolution. Its sponsoring
agency, together with the IT Governance Institute, produce a large
number of focused-compliance guides to help CobIT apply more
specifically to individual guidelines that may apply to specific indus-
tries and business sectors (Sarbanes-Oxley, COSO) and to specific
technologies (zOS, Linux, SAP).
• ISO/IEC 27002.
The British governmental 7799 standard was
adopted by the International Standards Organization as ISO 17799,
which enjoys wide use throughout many business sectors—although
it is often found combined with other governance methodologies
due to the large number of translation guides that exist to bind this
standard's elements with those of the other methodologies. The ISO/
IEC 27002 standard has since replaced the older ISO 17799 stan-
dard, reflecting changes and more recently emergent requirements.
Many other formal systems exist for information technology gover-
nance, and any sufficiently detailed system with a strong community of
support and regular updates to its standards could benefit the architec-
tural process. Control objects from the ITIL, CobIT, ISO 17799, and
other similar standards are aligned in many different studies, allowing
organizations to use elements of those that fit best. It is vital that enter-
prise architects include an understanding of information technology
governance in their planning and vision. Few organizations of signifi-
cant size will find that a single governance or control standard meets all
