1. Introduction to IT Governance
   1. IT and business alignment
   2. Security and privacy
   3. Measure of IT investments and gains
   4. New applications
      1. Customer portals
      2. Employee portals
      3. E business strategies
      4. Web services
      5. ...
   5. Focus on information technology systems
   6. IT governance needs to be aligned with corporate governance
      1. Implement IT governance with Business stake holders included
   7. Performance metrics
      1. Developement metrics
      2. service metrics
   8. Why IT governance is not successful
      1. Senior management is not engaging IT
      2. Poor strategic alignment
      3. Lack of project ownership
      4. Poor risk management
      5. Ineffective resource managment
   9. Conclusion
      1. IT is an integral part of organization programme delivery
      2. IT governance is an integral part of corporate governance
      3. IT governance ensures that IT goals are met and IT risks are mitigated
      4. IT governance strategies are aligned with business strategies
2. Information security standards
   1. ISO - 27000
      1. 27001 (ISMS)
         1. Plan, Do, Check, Act
            1. Plan- Establish the ISMS
            2. Do - Implement and Operate controls & measure
            3. Check - Monitor, Audit, Review
            4. Act - Maintain & improve ISMS
         2. ISMS - Information Security Management System
      2. 27002(Controles)
         1. Deterrent
         2. Preventive
         3. Detective
         4. Corrective
         5. Recovery
         6. Compensating
      3. 27003 (implementation guidance)
         1. Management approval
         2. Defining scope
         3. Objective
         4. Scope
         5. Processes
         6. Assets
         7. Risk assessment
      4. 27004 (measurements and metrics)
         1. Key performance indicators
         2. Chosing what to measure
         3. Collecting data
      5. 27005 (risk management)
         1. Risk analysis
         2. Risk identification
         3. Risk estimation
         4. Risk evaluation
         5. Risk reduction
         6. Risk retention
         7. Risk avoidance
         8. Risk transfer
         9. Risk acceptance
         10. Risk communication
   2. CIA
      1. Confidentiality
      2. Integrity
      3. Availability
   3. FACTS
      1. Information security is not IT security
      2. Information assets
         1. Electronic information
         2. Non-electronic information
         3. Infrastructure
         4. Hadrware
         5. Software
         6. People
         7. Services
3. Information technology service management
   1. ISO 20000-1
      1. Specification for Service management
      2. Requirements for service provider to deliver managed services
   2. ISO 20000-2
      1. Code of practice for Service management
      2. Industry consensus on quality standards for IT service management process
   3. Plan, Do, Check, Act
   4. Conclusion
      1. ISO 20000 effective and efficient implementation of an integrated service management program
4. ITIL (Information Technology Infrastructure library)
   1. ITIL service strategy
      1. Financial management
         1. show value. Responsible for accounting for the costs and returns on IT Service Investments (IT Portfolio management), and for any aspects of recovering costs from the customer (charging)
   2. ITIL service design
      1. Service Level management
         1. negotiate and review SLA’s and ensure internal and external support contracts are adequate with the customer
      2. Availability management
         1. Determine availability requirements from business. Monitor availability and reliability
      3. Capacity management
         1. Ensuring that there is adequate IT Capacity to meet required levels of Service
      4. IT Service continuity management
         1. recovery options must be understood, choose appropriate solution, Identify roles and responsibilities, get endorsement from upper mgt, align plans with BCM and review regularly
   3. ITIL service transition
      1. Change management
         1. Ensures changes are assessed, developed, tested, implemented and reviewed
      2. Configuration management
         1. provide a logical model of the infrastructure or a service by identifying, controlling, maintaining and verifying the versions of Configuration Items (CI) in existence
      3. Release management
         1. Plan and Oversee rollout of Hardware and Software
   4. ITIL service operation
      1. Incident management
         1. to make sure every incident logged, resolve as soon as possible
      2. Problem management
         1. Identify Problems, investigate problems, Develop/maintain problem control process, monitor progress, review efficiency/effectiveness of process, identify trends, prevent replication of problems to multiple systems
   5. ITIL continual service improvement
5. Business Continuity Management (BCM)
   1. BS 25999-1 - Code of practice
   2. BS 25999-2 - Specification
   3. BCM process model
      1. Project initiation
         1. Problem definition
         2. Policy statement
         3. Project sponsor
      2. Functional requirements
         1. Understanding business needs
         2. Business impact analysis
         3. Risk assessment
      3. Design & develop
         1. Definition
         2. Consideration
         3. Plan elements
         4. Plan framework structure
      4. implementation
         1. emergency responses
         2. Delegation/designation of authority
         3. Command, control & management operations center
         4. Vendor contracts
         5. escalation, notification plan activities
         6. Training & awareness program
         7. Scenario to execute plan
      5. Testing & executing
         1. Definition
         2. Why testing is important
         3. Types of tests
         4. Establishing testing plan
      6. maintain & update
         1. BCM process requires interaction with wide range of managers and operations people
         2. Identify & include changes to organization's processes
         3. Date of last & next review date
   4. BCM life cycle
   5. ISO 270001 chapter 14 is BCM
   6. Risk management
      1. Scope
      2. Assumptions
      3. Risk types
         1. Business risk
         2. Organizational risk
         3. IT risk
      4. Risk assessment approach
         1. Identify risk
         2. Analyze risk
         3. Manage risk
6. Disaster recovery
   1. Post-disaster phases
      1. Immediate response
      2. Near-term resumption
      3. Recovery toward normalization
      4. Restoration to pre-disaster state
   2. Disaster recovery plan (DRP)
      1. Define the process
         1. Actions before, during and after disaster
      2. Identify what supports process and its tolerance to interruptions
      3. Determine and implement strategies that would reduce the likelihood and co-sequences of interruptions
      4. Disaster recovery team
      5. Priorities to restore critical applications
   3. Host site and Cold site
7. COBIT
   1. Focus on information integrity, security and availability
   2. Control model
   3. Internal control process
      1. Criteria
      2. Test & Evaluate process and controls
      3. Recommend changes if needed
      4. Observe the process and controls
      5. Document the process and controls
   4. Control responsibilities
      1. Management
      2. Users
      3. Audit
8. Project implementation
   1. ISO 10006
      1. Quality management systems - Guidelines for quality management in projects
   2. ISO 27003
      1. Information technology - Security techniques - Information security management system implementation guidance
   3. Project workflow
      1. Getting approval for initiating an ISMS
      2. Defining ISMS scope
      3. Conducting business analyse
      4. Conducting risk assessment
      5. Designing the ISMS
      6. Implementing ISMS