A model for bridging the information security gap between IT governance and IT service management.

Today, organisations rely on IT systems which are constantly expected to improve return on investment without an increase in costs. These expectations have resulted in greater importance of the use and management of IT resources. In light of this increased importance of IT management, organisations turned towards frameworks, such as COBIT and ITIL, to better manage their IT resources. Although both frameworks have gained remarkable popularity, there is a lack of detailed information regarding their interrelation within an organisation. This creates a problem where an organisation that has implemented ITIL is unable to determine the level of COBIT compliance. Without being able to determine the level of compliance, it is not possible to ensure that the business requirements for information are being met therefore preventing an organisation from ensuring that their business objectives are achieved. The goal of this dissertation is to establish, from a security perspective, a Model that links COBIT and ITIL together on a detailed level to show their interrelation within an organisation and to provide a means of determining COBIT compliance through the use of the ITIL framework. This will effectively bridge the gap between IT Governance and IT Service Management. Before being able to develop such a Model, it was necessary to first link the COBIT and ITIL frameworks to show that such a Model can be developed. It was possible to establish such a link between COBIT and ITIL as both frameworks are based on a similar process. This is followed by determining the overlap between the security components of COBIT and ITIL. The results indicate that ITIL is insufficient to address all the security aspects of COBIT and additional control measures were required. These control measures werefound in an external framework and integrated into ITIL to complete the overlap. The completed overlap allowed for full COBIT compliance through the use of the ITIL with the additional control measures. The complete overlap between COBIT and ITIL allowed for the development of a framework that showed the interrelation between the security aspects of COBIT and ITIL within an organisation. This framework was then used as a foundation to develop a process of determining COBIT compliance using ITIL. This process of determining COBIT compliance was validated through the development of a software prototype. The framework and the process of determining COBIT compliance constitute the required Model which can be used to solve the identified problem. This dissertation also provides a strong platform for further research involving the areas of IT Governance and IT Service Management. It provides research topics into linking other parts of COBIT and ITIL that are not security related. The process of determining COBIT compliance can also be extended to function with other operational frameworks. This dissertation has also discovered an interesting relationship that exists within the COBIT frameworks. / Prof. Labuschagne

Identiferoai:union.ndltd.org:netd.ac.za/oai:union.ndltd.org:uj/uj:2463
Date29 May 2008
CreatorsDa Cruz, Eduardo Miguel
Source SetsSouth African National ETD Portal
Detected LanguageEnglish
TypeThesis

Page generated in 0.0024 seconds