| Preface |
|
xiii | |
|
PART I IT GOVERNANCE CONCEPTS |
|
|
|
Chapter 1 Importance of IT Governance for All Enterprises |
|
|
3 | (6) |
|
Chapter 2 Fundamental Governance Concepts and Sarbanes-Oxley Rules |
|
|
9 | (28) |
|
|
|
10 | (8) |
|
Other SOx Rules---Title II: Auditor Independence |
|
|
18 | (4) |
|
SOx Title III: Corporate Responsibility |
|
|
22 | (2) |
|
Title IV: Enhanced Financial Disclosures |
|
|
24 | (4) |
|
|
|
28 | (9) |
|
|
|
35 | (2) |
|
Chapter 3 Enterprise Governance and GRC Tools |
|
|
37 | (12) |
|
The Road to Effective GRC Principles |
|
|
38 | (1) |
|
Importance of GRC Governance |
|
|
39 | (1) |
|
Risk Management Component of GRC |
|
|
40 | (2) |
|
GRC and Enterprise Compliance |
|
|
42 | (3) |
|
Importance of Effective GRC Practices and Principles |
|
|
45 | (4) |
|
PART II FRAMEWORKS TO SUPPORT EFFECTIVE IT GOVERNANCE |
|
|
|
Chapter 4 IT Governance and COSO Internal Controls |
|
|
49 | (18) |
|
Importance of Effective Internal Controls and COSO |
|
|
50 | (15) |
|
COSO Internal Control Systems Monitoring Guidance |
|
|
65 | (1) |
|
Wrapping It Up: Importance of COSO Internal Controls |
|
|
66 | (1) |
|
|
|
66 | (1) |
|
Chapter 5 COBIT and the IT Governance Institute |
|
|
67 | (20) |
|
An Executive's Introduction to COBIT |
|
|
68 | (2) |
|
The COBIT Framework and Its Drivers |
|
|
70 | (11) |
|
COBIT Principle 1 Establish an Integrated IT Architecture Framework |
|
|
72 | (2) |
|
COBIT Principle 2 Stakeholder Value Drivers |
|
|
74 | (1) |
|
COBIT Principle 3 Focus on Business Context |
|
|
75 | (3) |
|
COBIT Principle 4 Governance and Risk Management Enablers |
|
|
78 | (2) |
|
COBIT Principle 5 Governance and Management Performance Measurement Structures |
|
|
80 | (1) |
|
Putting It Together: Matching COBIT Processes and IT Goals |
|
|
81 | (3) |
|
Using COBIT in a SOx Environment |
|
|
84 | (1) |
|
|
|
85 | (2) |
|
|
|
86 | (1) |
|
Chapter 6 ITIL and IT Service Management Guidance |
|
|
87 | (22) |
|
|
|
88 | (3) |
|
ITIL Service Strategy Components |
|
|
91 | (3) |
|
|
|
94 | (5) |
|
ITIL Service Transition Management Processes |
|
|
99 | (3) |
|
ITIL Service Operation Processes |
|
|
102 | (4) |
|
IT Governance and ITIL Service Delivery Best Practices |
|
|
106 | (1) |
|
|
|
107 | (2) |
|
Chapter 7 IT Governance Standards: ISO 9001, 27002, and 38500 |
|
|
109 | (16) |
|
|
|
110 | (2) |
|
ISO 9000 Quality Management Standards |
|
|
112 | (3) |
|
ISO IT Security Standards: ISO 27002 and 27001 |
|
|
115 | (3) |
|
ISO 38500 IT Governance Standard |
|
|
118 | (7) |
|
|
|
123 | (2) |
|
Chapter 8 IT Governance Issues: Risk Management, COSO ERM, and OCEG Guidance |
|
|
125 | (36) |
|
Risk Management Fundamentals |
|
|
126 | (8) |
|
COSO ERM Definitions and Objectives: A Portfolio View of Risk |
|
|
134 | (2) |
|
|
|
136 | (16) |
|
Other Dimensions of the COSO ERM Framework |
|
|
152 | (1) |
|
The OCEG GRC "Red Book," Risk Management, and IT Governance |
|
|
153 | (8) |
|
|
|
157 | (4) |
|
PART III TOOLS AND TECHNOLOGIES TO MANAGE THE IT GOVERNANCE INFRASTRUCTURE |
|
|
|
Chapter 9 Cloud Computing, Virtualization, and Portable, Mobility Computing |
|
|
161 | (16) |
|
Understanding Cloud Computing |
|
|
162 | (6) |
|
IT Systems and Storage Management Virtualization |
|
|
168 | (7) |
|
Smartphone and Handheld IT Device Governance Issues |
|
|
175 | (1) |
|
|
|
176 | (1) |
|
Chapter 10 Governance, IT Security, and Continuity Management |
|
|
177 | (18) |
|
Importance of an Effective IT Security Environment |
|
|
177 | (1) |
|
Enterprise IT Security Principles: Generally Accepted Security Standards |
|
|
178 | (7) |
|
Importance of an Effective, Enterprise-Wide Security Strategy |
|
|
185 | (1) |
|
|
|
186 | (2) |
|
The Business Continuity Plan and IT Governance |
|
|
188 | (7) |
|
|
|
193 | (2) |
|
Chapter 11 PCI DSS Standards and Other IT Governance Rules |
|
|
195 | (22) |
|
PCI DSS Background and Standards |
|
|
196 | (7) |
|
Gramm-Leach-Bliley Act IT Governance Rules |
|
|
203 | (5) |
|
HIPAA: Health Care and Much More |
|
|
208 | (9) |
|
|
|
216 | (1) |
|
Chapter 12 IT Service Catalogs: Realizing Greater Value from IT Operations |
|
|
217 | (14) |
|
Importance of IT Service Catalogs |
|
|
219 | (2) |
|
Role of a Service Catalog in the IT Service Provider Organization |
|
|
221 | (2) |
|
An IT Service Catalog's Content and Features |
|
|
223 | (1) |
|
IT Service Catalog Management |
|
|
224 | (7) |
|
PART IV BUILDING AND MONITORING EFFECTIVE IT GOVERNANCE SYSTEMS |
|
|
|
Chapter 13 Importance of IT Service-Oriented Architecture for IT Governance Systems |
|
|
231 | (16) |
|
SOA Applications and Service-Driven IT Applications |
|
|
232 | (3) |
|
SOA Governance, Internal Control Issues, and Risks |
|
|
235 | (1) |
|
Planning and Building an SOA Implementation Blueprint |
|
|
236 | (6) |
|
|
|
242 | (5) |
|
|
|
245 | (2) |
|
Chapter 14 IT Configuration and IT Portfolio Management |
|
|
247 | (16) |
|
IT Configuration Management Concepts |
|
|
248 | (2) |
|
ITIL Best Practices for IT Configuration Management |
|
|
250 | (4) |
|
The Configuration Management Database: An Often Difficult Concept |
|
|
254 | (1) |
|
Establishing an Enterprise CMDB |
|
|
255 | (4) |
|
|
|
259 | (4) |
|
Chapter 15 Application Systems Implementations and IT Governance |
|
|
263 | (12) |
|
The Systems Development Life Cycle: A Basic Application Development Technique |
|
|
264 | (2) |
|
IT Rapid Development Processes: Prototyping |
|
|
266 | (2) |
|
Enterprise Resource Planning and IT Governance Processes |
|
|
268 | (7) |
|
Chapter 16 IT Governance Issues: Project and Program Management |
|
|
275 | (12) |
|
The Project Management Process |
|
|
275 | (2) |
|
|
|
277 | (3) |
|
Another Project Management Standard: PRINCE2 |
|
|
280 | (1) |
|
IT Systems Portfolio and Program Management |
|
|
280 | (4) |
|
The Program Management Office (PMO), a Strong Governance Resource |
|
|
284 | (2) |
|
Project Management, the PMO, and IT Governance |
|
|
286 | (1) |
|
|
|
286 | (1) |
|
Chapter 17 Service Level Agreements, itSMF, Val IT, and Maximizing IT Investments |
|
|
287 | (22) |
|
ITIL Service Management Best Practices and the itSMF |
|
|
288 | (4) |
|
Open Compliance and Ethics Group (OCEG) Standards |
|
|
292 | (6) |
|
Val IT: Enhancing the Value of IT Investments |
|
|
298 | (11) |
|
|
|
305 | (4) |
|
PART V MONITORING AND MEASURING ENTERPRISE MANAGEMENT AND BOARD GOVERNANCE |
|
|
|
Chapter 18 Enterprise Content Management |
|
|
309 | (10) |
|
ECM Characteristics and Key Components in the Enterprise Today |
|
|
310 | (1) |
|
ECM Processes and IT Governance |
|
|
310 | (4) |
|
Creating an Effective ECM Environment in the Enterprise |
|
|
314 | (5) |
|
Chapter 19 Internal Audit's Governance Role |
|
|
319 | (18) |
|
Internal Auditing History and Background |
|
|
320 | (3) |
|
Internal Auditing and the IT Auditor |
|
|
323 | (1) |
|
Internal Audit's IT Governance Activities and Responsibilities |
|
|
323 | (6) |
|
Internal Audit IT Governance Standards |
|
|
329 | (1) |
|
Internal Audit IT Governance Procedures |
|
|
329 | (5) |
|
|
|
334 | (3) |
|
PART VI IT GOVERNANCE AND ENTERPRISE OBJECTIVES |
|
|
|
Chapter 20 Creating and Sustaining an Ethical Workplace Culture |
|
|
337 | (18) |
|
Importance of Mission Statements |
|
|
337 | (3) |
|
Enterprise Codes of Conduct |
|
|
340 | (7) |
|
Whistleblower and Hotline Functions |
|
|
347 | (5) |
|
Launching an Ethics Program and Improving Enterprise Governance Practices |
|
|
352 | (1) |
|
|
|
353 | (2) |
|
Chapter 21 Impact of Social Media Computing |
|
|
355 | (16) |
|
What Is Social Media Computing? |
|
|
356 | (2) |
|
|
|
358 | (7) |
|
Enterprise Social Media Computing Risks and Vulnerabilities |
|
|
365 | (2) |
|
|
|
367 | (4) |
|
|
|
370 | (1) |
|
Chapter 22 IT Governance and the Audit Committee's IT Role |
|
|
371 | (6) |
|
The Enterprise Audit Committee and IT Governance |
|
|
371 | (3) |
|
Audit Committee IT Governance Responsibilities |
|
|
374 | (1) |
|
Audit Committee Briefings and IT Governance Issues |
|
|
375 | (2) |
| About the Author |
|
377 | (2) |
| Index |
|
379 | |
