MIS 488 IT Governance
Instructor: Bilgin Metin, PhD
In this course, contemporary issues about IT Governance will be discussed. However, major concentration is upon quality management systems, IT infrastructure, information security and business continuity management standards. By focusing on business requirements and business-technology alignment; well-applied best practices, assessment methodologies, process maturity and IT risks will be examined in the light of IT infrastructure library (ITIL) and control objectives for information and related technology (COBIT). Besides experiencing the technology impact and its leverage on business world, the protection & control of information & information assets will be the common perspective of this lecture.
ISO 9001 is an internationally recognized quality management system standard. ISO 9001:2008 (current version of ISO 9001) provides a set of standardized requirements for a quality management system (QMS).
ISO 20000-1 is a standard to promote the adoption of an integrated process approach to the effective delivery of IT services. It offers a set of controls against which an organization can be assessed for effective IT Service Management processes. The standard has become a basic business requirement, similar to ISO 9001 and allows the organization using the standard to operate in line with international best practice to minimize risks associated with the delivery of the service.
The most successful way to manage risks to information security is to implement an Information Security Management system in line with best practice. The recognized standard for this is ISO 27001. To demonstrate that you are meeting best practice, a company needs to have its achievement independently validated – this process is called certification.
In today’s unpredictable environment, Business Continuity Management (BCM) is one of the most sought-after and essential management standards available. One of the world’s most sought after management standards, BS 25999 is the industry benchmark when defining best-practice.
As IT systems are increasingly becoming part of all walks of life, information security is becoming more and more important. The security of current IT systems is not satisfactory, while security solutions are difficult and overcomplicated. International standards and regulations are being drafted to classify security systems and to certify compliance with standards (e.g. Common Criteria). Besides technical approaches, organizational level approaches are also gaining ground (COBIT, ISO27001). Quality and quality assurance are no exception to this, as in addition to ISO 9001, other ISO certifications such as ISO 27001 (Information security management standard) and ISO 20000 (IT infrastructure management stand.) are also becoming increasingly popular.