Integrating It Frameworks, Methodologies And Best Practices Into It Delivery And Operation
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Integrating It Frameworks, Methodologies And Best Practices Into It Delivery And Operation

on

  • 9,509 views

Integrating IT Frameworks, Methodologies and Best Practices Into IT Delivery and Operation

Integrating IT Frameworks, Methodologies and Best Practices Into IT Delivery and Operation

Statistics

Views

Total Views
9,509
Views on SlideShare
9,447
Embed Views
62

Actions

Likes
10
Downloads
1,311
Comments
1

5 Embeds 62

http://www.slideshare.net 46
http://entersys-rg.blogspot.com 8
http://www.ikdoeprojecten.nl 6
http://ikdoeprojecten.nl 1
http://www.health.medicbd.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Integrating It Frameworks, Methodologies And Best Practices Into It Delivery And Operation Presentation Transcript

  • 1. Integrating IT Frameworks, Methodologies and Best Practices Into IT Delivery and Operation Alan McSweeney
  • 2. Objectives • Contains notes on the integration of available frameworks and methodologies into a possible integrated approach to providing information technology services March 23, 2010 2
  • 3. Information Technology and Related Frameworks and Methodologies • Bewildering array of overlapping frameworks and methodologies across lifecycle of IT systems delivery and management • Frameworks and methodologies have benefits − Provide a short-cut to determining the optimum approach to address a business need − Contain collective learning and experience − Supported and enhanced − Useful but are a means to and end and not an end in themselves • But there are many (too many) competing individual frameworks and methodologies representing specific potential solutions to specific needs − Focussing on individual aspects of IT • Need for a higher view above the individual frameworks • A view that represents how an IT function needs to operate holistically March 23, 2010 3
  • 4. Suggested Integrated IT Solution and Operations Management Approach Integrated Solution and Operations Management Approach Architecture and Management and Realisation Processes Vision and Strategy Enterprise Management Programme and Portfolio Architecture Management Development, Customisation Project Management and Configuration Implementation and Service Management Deployment Operation and Control Architecture Management March 23, 2010 4
  • 5. Integrated IT Solution and Operations Management Approach • Every IT function has two pillars − Doing • Strategy • Design • Development • Implementation − Managing the doing • Business change • Programmes • Projects • Operations • Generalised approach that can integrate specific delivery frameworks as required • Provide an overarching approach on which any function can be built March 23, 2010 5
  • 6. Direction and Focus of IT Solution and Operations Management Approach – Three Layers Integrated Solution and Operations Management Approach Architecture and Management and Realisation Processes General Vision and Strategy Enterprise Management Fundamental Direction of Processes and Solution Competencies Programme and Portfolio Lifecycle Architecture Management From Design to Development, Customisation Implementation Operation Project Management of New Projects and Configuration and Services Implementation and Service Management Deployment Operation of Operation and Control Architecture Management Existing Services March 23, 2010 6
  • 7. Arrangement of Integrated IT Solution and Operations Management Approach Within Operational Context Architecture and Realisation Management and Processes Existing MANAGING THE DOING Programmes, Focus on management processes Focus on architecture and design Projects and associated with the operation and aspects of existing services Services delivery of existing services Focus on management processes DOING Focus on architecture, design, New associated with the architecture, selection, development and Programmes, design, selection, development delivery aspects of new projects Projects and and delivery aspects of new and services Services projects and services Focus on the prerequisites and Focus on the prerequisite and Fundamental foundations for strategy, foundation management Organisational Requirements architecture and design across IT processes across IT function and function and solution lifecycle solution lifecycle March 23, 2010 7
  • 8. Integrated IT Solution and Operations Management Approach • An practical and integrated solution and operations management approach consisting of two pillars: − Architecture and Realisation (“Doing”) • Concerned with enterprise vision, strategy, architecture, implementation, delivery and subsequent operation − Management and Processes (“Managing the Doing”) • Addresses the management of large-scale business and information technology initiatives and associated programmes and projects • Phases and processes within the two pillars can be integrated across a programme of work or the services can be delivered independently, depending on the requirements of the organisation • Generalised framework that can be applied across multiple environments March 23, 2010 8
  • 9. Expanded Integrated IT Solution and Operations Management Approach - Architecture and Realisation Pillar Architecture and Realisation Vision and Strategy Enterprise Transition and Information Technology Transformation Strategy Architecture Business Application Information Technology System Architecture Business Area Architecture Architecture Architecture Development, Customisation and Configuration Package Selection, Accelerated Application Customisation and Iterative Development Application Re-engineering Prototyping and Development Implementation Implementation and Deployment Readiness Assessment Pilot Deployment Preparation Deployment Operation and Control System Operations and Service System Support and Management Administration March 23, 2010 9
  • 10. Expanded Integrated IT Solution and Operations Management Approach - Management and Processes Pillar Management and Processes Enterprise Management Architecture and Systems Management Support Business Change Governance IT Management Management Framework Programme and Portfolio Management Portfolio Project Programme Management Management Project Management PMO Implementation Management of Projects and Operation Service Management Service Request Service Improvement Service Delivery Management Programme Architecture Management Business Architecture Information Architecture Technology Architecture Application Architecture Management Management Management Management March 23, 2010 10
  • 11. Integrated IT Solution and Operations Management Approach Within Operational Context Architecture and Realisation Management and Processes Existing Operation and Programmes, Control Projects and Services Service Management Implementation and Deployment New Programmes, Projects and Development, Customisation Services and Configuration Architecture Programme Enterprise Project Architecture and Portfolio Management Management Management Management Vision and Fundamental Strategy Organisational Requirements March 23, 2010 11
  • 12. Architecture and Realisation Pillar • Vision and Strategy − Creates the business vision defines the direction for subsequent information technology initiatives − Internal and external requirements and processes are analysed − Allows prioritisation of the business and information system areas that will addressed in subsequent stages − Ensures that all further work is aligned with the vision and strategy • Architecture − Designed to translate the Vision and Strategy into an implementable, operable and supportable structure − Architecture can encompass both enterprise and specific solution areas − Scope, requirements and functionality of the business processes and the associated information systems are specified − Architecture is concerned with both business and information technology in parallel − Constituent projects and changes to deliver the architecture are identified • Development, Customisation and Configuration − Selects, designs, builds, customises and tests the elements of the solution − Includes some or all of customised development, package customisation and system enhancement. − Development activities related to business change and technical infrastructure are addressed • Implementation and Deployment − Takes the solution components and creates a fully operable system, complete with data and business process changes − Includes integration testing, pilot, data conversion documented procedures, training, and operational readiness and acceptance • Operation and Control − Creates and implements practices for ensuring defined service levels for the operation, maintenance, and support of the new or modified systems March 23, 2010 12
  • 13. Management and Processes Pillar • Enterprise Management − Involves establishing business objectives, monitoring achievement against targets and making necessary corrections • Programme and Portfolio Management − Directs and manages programmes and portfolios of initiatives and undertakings offerings to balance benefits, costs, resources and risks in a strategic context and ensuring benefits realisation − Establish the competency within an organisation to provide this service internally or manage its provision by external agents • Project Management − Concentrates on the effective and efficient processes required to identify, coordinate, and continuously focus people and resources on achieving project objectives and commitment within time, cost, resource and quality controls − Enables organisations to deliver both the simple and complex initiatives and to perform projects capably • Service Management − Controls and manages the operational services phases of the overall initiative life cycle − Service request management handles requests from users − Manages their fulfilment and includes logging, performing initial analysis, monitoring, prioritising, measuring, and closing − Service delivery management directs and manages services to ensure that the end-user receives the agreed service • Architecture Management − Concerned with the business, technical, and operational procedures and processes needed to ensure and maintain integrated enterprise and solution architecture during the implementation of the solution and its subsequent operation March 23, 2010 13
  • 14. Groups of Information Technology and Related Frameworks, Methodologies and Toolsets • Multiple existing IT frameworks can be divided into groups − Service and Application Management, Provisioning and Sourcing − Program and Project Management − Enterprise Architecture − Software Lifecycle Management − Value and Investment Management − Data Management − Quality Management − Governance, Security and Risk Management − Business Management and Support − Business Analysis • Not an exhaustive list of frameworks or groups • Each exists as a point solution to a specific requirement • Frameworks need to be placed in context to allow most relevant and appropriate be selected March 23, 2010 14
  • 15. Groups of Information Technology and Related Frameworks, Methodologies and Toolsets Information Technology and Related Frameworks, Methodologies and Toolsets Service and Application Management, Quality Management Provisioning and Sourcing Governance, Security and Risk Program and Project Management Management Software Lifecycle Management Business Management and Support Value and Investment Management Business Analysis Data Management Enterprise Architecture March 23, 2010 15
  • 16. Framework Groups Within Integrated Solution and Operations Management Approach Architecture and Realisation Management and Processes Existing Programmes, Projects and Services Business Management and Support Software Lifecycle Service and New Application Management Governance, Program and Management, Security and Programmes, Provisioning Risk Project Management Management Projects and and Sourcing Services Business Value and Quality Data Analysis Enterprise Investment Management Management Architecture Management Fundamental Organisational Requirements March 23, 2010 16
  • 17. Organisations Need to Maintain Sets of Core Competencies That Cross All Functions • Core competencies that organisations need and which cross functional areas − Performance and Quality Management − Resource Management − Funding, Financial, Investment and Budget Management and Total Cost of Ownership − Human Capital and Resource Management − Organisation Design, Planning and Management − Usability and User Experience Design − Sourcing and Selection Management − Vendor and Supplier Management − Business Process Management − Benefits Assessment and Realisation − Capacity Planning, Forecasting and Demand and Supply Management • These are common sets of skills needed for both pillars and across solution and service lifecycles • Not specific to one area within integrated approach March 23, 2010 17
  • 18. Core Competencies That Cross All Functions Performance Solution and Management Integrated and Quality Operations Management Approach Resource Management Architecture and Management and Funding, Financial, Investment and Budget Management and Total Cost of Ownership Realisation Processes Human Capital and Resource Management Vision and Strategy Enterprise Management Organisation Design, Planning and Management Programme and Portfolio Architectureand User Experience Design Usability Management Sourcing and Selection Management Development, Customisation Project Management and Configuration Supplier Management Vendor and Implementation andProcess Management Business Service Management Deployment Benefits Assessment and Realisation Operation and Control Architecture Management Capacity Planning, Forecasting and Demand and Supply Management March 23, 2010 18
  • 19. Core Competencies • Frameworks can assist in quickly implementing some core competencies Performance and Quality Management ISO 9000, TickIT, TQM, Six Sigma Resource Management Funding, Financial, Investment and Budget ITIM, Val IT Management and Total Cost of Ownership Human Capital and Resource Management People CMM Organisation Design, Planning and Management Usability and User Experience Design Sourcing and Selection Management eSCM, ISPL Vendor and Supplier Management eSCM, ISPL Business Process Management Benefits Assessment and Realisation MSP, IT Balanced Scorecard, ITIM, Val IT Capacity Planning, Forecasting and Demand and Supply Management March 23, 2010 19
  • 20. Frameworks and Integrated Solution and Operations Management Approach - Architecture and Realisation High Level Function Components of Function Possible Methodology/Framework Toolset Vision and Strategy Enterprise Transition and Transformation Information Technology Strategy TOGAF, DODAF, MODAF, NASCIO EAMM Architecture System Architecture TOGAF, DODAF, MODAF, NASCIO EAMM Business Application Architecture TOGAF, DODAF, MODAF, NASCIO EAMM Information Technology Architecture TOGAF, DODAF, MODAF, NASCIO EAMM Business Area Architecture TOGAF, DODAF, MODAF, NASCIO EAMM Development, Customisation and Accelerated Application Prototyping and DSDM, RUP Configuration Development Package Selection, Customisation and ITIM, Val IT Implementation Iterative Development DSDM, RUP Application Re-engineering Implementation and Deployment Readiness Assessment Pilot Deployment Preparation Deployment Operation and Control System Operations and Service Management ITIL, ISO 20000, IT Service CMM, ISPL, eSCM, ASL, USMBOK System Support and Administration ITIL, ISO 20000, IT Service CMM, ISPL, eSCM, ASL, USMBOK March 23, 2010 20
  • 21. Frameworks and Integrated Solution and Operations Management Approach - Management and Processes High Level Function Components of Function Possible Methodology/Framework Toolset Enterprise Management Business Change Governance COBIT, ISO 38500, OCEG Architecture and Systems Management Management Support Framework MOF, BISL, ITIL, ISO 20000, IT Service CMM, ISPL, eSCM, ASL, USMBOK IT Management Programme and Portfolio Management Programme Management PRINCE2, PMBOK, MSP Portfolio Project Management PRINCE2, PMBOK, MSP Project Management PMO Implementation and Operation PRINCE2, PMBOK, MSP Management of Projects PRINCE2, PMBOK, MSP Service Management Service Delivery ITIL, ISO 20000, IT Service CMM, ISPL, eSCM, ASL, USMBOK Service Request Management ITIL, ISO 20000, IT Service CMM, ISPL, eSCM, ASL, USMBOK Service Improvement Programme ITIL, ISO 20000, IT Service CMM, ISPL, eSCM, ASL, USMBOK Architecture Management Business Architecture Management TOGAF, DODAF, MODAF, NASCIO EAMM Information Architecture Management TOGAF, DODAF, MODAF, NASCIO EAMM Technology Architecture Management TOGAF, DODAF, MODAF, NASCIO EAMM Application Architecture Management TOGAF, DODAF, MODAF, NASCIO EAMM March 23, 2010 21
  • 22. Service and Application Management, Provisioning and Sourcing Frameworks Information Technology and Related Frameworks Service and Application Management, Provisioning and Sourcing USMBOK ITIL IT Service ISPL eSCM ASL (Universal (Information ISO 20000 CMM (Information (eSourcing (Application Service Technology (ITSM (Capability Services Capability Services Management Infrastructure Standard) Maturity Procurement Maturity Library) Body of Library) Model) Library) Model) Knowledge) March 23, 2010 22
  • 23. ITIL (Information Technology Infrastructure Library) • Aims to improve the overall quality of service to the business within imposed constraints while improving the overall effectiveness and efficiency of IT • Consists of a series of books giving guidance on the provision of quality IT services, and on the accommodation and environmental facilities needed to support IT • Provides a framework of best practice guidance for IT service management that has become the most widely used and accepted approach to IT service management in the world • Developed in recognition of organisations' growing dependency on IT • Core of ITIL provides best practice guidance for service delivery, service support, IT infrastructure management, planning to implement service management, application management, the business perspective, and security management • Whole ITIL philosophy has grown up around the guidance contained within the ITIL books and the supporting professional qualification scheme March 23, 2010 23
  • 24. ISO 20000 (IT Service Management Standard) • Formal standard for IT service management • Management standard, addressing the establishment and maintenance of processes and the mechanism to ensure their relevance and improvement • Consists of service delivery processes, resolution processes, relationship processes, control processes, and the release process • Requires service providers to implement the PDCA( Plan-Do-Check- Act) cycle for service management processes • Achieve formal certification and thus demonstrate compliance to accepted best practices but ISO 20000 is primarily a measure of process conformance to be achieved rather than setting out a means of achieving this process conformance • Covers only core elements of the service management process and thus cannot describe the full set of processes for any specific service provider March 23, 2010 24
  • 25. IT Service CMM (Capability Maturity Model) • Maturity model for organisations that provide IT services such as management of hardware and software, operations, and software maintenance • Used to assess current IT organisation's maturity and to improve IT processes • Focus on process improvement but does not include specifications on how a specific maturity level should be reached • Does not distinguish between internal and external IT service providers March 23, 2010 25
  • 26. ISPL (Information Services Procurement Library) • Best practice library for the management of IT related acquisition processes • Focus on the relationship between the customer and supplier organisation and on the procurement of information services • Designed to professionalise customer-supplier relationships during an outsourcing initiative • Designed to help understand services to be acquired and delivered and structure their acquisition and delivery March 23, 2010 26
  • 27. eSCM (eSourcing Capability Maturity Model) • Two versions: − Sourcing partners (eSCM-SP) − Client companies availing of outsourcing function (eSCM-CL) • Sourcing partners − Defines sourcing capabilities that organisations should develop and improve in order to be viewed by their current and prospective customers as capable and reliable partners • Client companies availing of outsourcing function − Defines capabilities that organisations should develop and improve in order to select and manage outsourcing relationship • Covers the lifecycle of service provision from initiation to completion of a relationship March 23, 2010 27
  • 28. ASL (Application Services Library) • Describes a standard for processes for management, maintenance and enhancement/renovation of (business) applications • Aimed at managers and professionals loooking to improve maturity of the processes for delivering application management services • Can be used to improve a broad spectrum of aspects of application management, varying from cost control and quality of service to staff motivation and strategic alignment • Based on ITIL concepts March 23, 2010 28
  • 29. USMBOK (Universal Service Management Body of Knowledge) • New major and comprehensive service management framework • Driven by a single individual • Designed as an open body of knowledge on successful service management March 23, 2010 29
  • 30. Program and Project Management Frameworks Information Technology and Related Frameworks Program and Project Management PMBOK PRINCE2 MSP (Project (Projects in (Managing IT Balanced Management Controlled Successful Scorecard Body of Environments) Programmes) Knowledge) March 23, 2010 30
  • 31. PRINCE2 (Projects in Controlled Environments ) • Best practice project management standard in the UK and widely used elsewhere • Process-based method for project management - sets of processes that provide a controlled project start, controlled project, and controlled close • Covers management, control and organisation of a project and can be used for any project type and size • Concentrates on the work of project and team managers and management involved in decision-making within the project • Covered aspects of projects are business case, organisation, plans, controls, management of risks, quality in a project environment, configuration management and change control March 23, 2010 31
  • 32. PMBOK (Project Management Body of Knowledge) • Very widely used process-based project management guide and an internationally recognised standard that provides the fundamentals of project management as they apply to a wide range of projects • Recognised throughout the world as a standard for managing projects • Covers project knowledge areas: integration management, HR management, scope management, communications management, time management, risk management, cost management, procurement management and quality management March 23, 2010 32
  • 33. MSP (Managing Successful Programmes) • Best practice guide on programme management • Generic approach which can be used in all types of programmes • Contains a set of principles and a set of processes for use when managing a programme • Tool to manage strategic change in parts of an organisation • Can be used together with PRINCE2 March 23, 2010 33
  • 34. IT Balanced Scorecard • Planning and management tool used to align business activities to the vision and strategy of the organisation, improve internal and external communications and monitor organisation performance against strategic goals • Can be used to measure and manage IT performance and to enable alignment between business and IT • Covers four perspectives: perspective, internal business process, learning and growth and customer March 23, 2010 34
  • 35. Software Lifecycle Management Frameworks Information Technology and Related Frameworks Software Lifecycle Management ISO/IEC 12207 CMMI Systems And DSDM (Dynamic (Capability Software Systems RUP (Rational Maturity Model Engineering – Development Unified Process) Integration) Software Life Method) Cycle Processes) March 23, 2010 35
  • 36. CMMI (Capability Maturity Model Integration • Process improvement approach that provides with the essential elements of effective processes • Currently addresses three areas − Product and service development - CMMI for Development − Service establishment, management, and delivery - CMMI for Services − Product and service acquisition - CMMI for Acquisition March 23, 2010 36
  • 37. ISO/IEC 12207 Systems And Software Engineering – Software Life Cycle Processes) • Defines a common framework for software life cycle processes, with well-defined terminology that can be referenced by the software industry • Applies to the acquisition of systems and software products and services, to the supply, development, operation, maintenance, and disposal of software products and the software portion of a system, whether performed internally or externally to an organisation • Provides a process that can be employed for defining, controlling, and improving software life cycle processes March 23, 2010 37
  • 38. DSDM (Dynamic Systems Development Method) • Software development methodology originally based on and extends Rapid Application Development methodology • Iterative and incremental approach that emphasises continuous user involvement • Aims to deliver software systems on time and on budget while adjusting for changing requirements along the development process March 23, 2010 38
  • 39. RUP (Rational Unified Process) • Iterative software development process framework created by the Rational Software Corporation (IBM) • Can be tailored by the development organisations and software project teams who select the parts of the process that are appropriate • Consists of project lifecycle phases and engineering and supporting disciplines • Variants and extensions − Unified Process − Open Unified Process − Agile Unified Process − Enterprise Unified Process March 23, 2010 39
  • 40. Value and Investment Management Frameworks Information Technology and Related Frameworks Value and Investment Management ITIM (Information Gartner Total Technology Val IT Cost of Investment Ownership Management) March 23, 2010 40
  • 41. ITIM (Information Technology Investment Management) • Produced by the United States General Accounting Office (GAO) • Identifies and organises thirteen processes that are critical for successful investment into a framework of increasingly mature stages • Tool for internal and external evaluations of investment management process March 23, 2010 41
  • 42. Val IT • Framework for the governance of IT investments to get business value from IT investments • Provides guidance on different types of value (tangible and intangible) that can be considered and how to compare the tangible with intangibles benefits • Tightly integrated with and extends and complements COBIT with management processes required to get good value from IT investments March 23, 2010 42
  • 43. Gartner Total Cost of Ownership • Aims to be an industry standard TCO methodology • TCO models are available for contact centre, data network, distributed computing, enterprise operations centre, enterprise storage management, help desk, and voice telecom March 23, 2010 43
  • 44. Data Management Frameworks Information Technology and Related Frameworks Data Management DMBOK (Data Management Body of Knowledge) March 23, 2010 44
  • 45. DMBOK (Data Management Body of Knowledge) • Generalised and comprehensive framework for managing data across the entire lifecycle • rovides a detailed framework to assist development and implementation of data management processes and procedures and ensures all requirements are addressed • Enables effective and appropriate data management across the organisation • Provides awareness and visibility of data management issues and requirements March 23, 2010 45
  • 46. Quality Management Frameworks Information Technology and Related Frameworks Quality Management TQM (Total ISO 9000 TickIT/TickITplus Quality Six Sigma Management) March 23, 2010 46
  • 47. ISO 9000 • ISO 9000 is a family of standards for quality management systems • Developed to address the quality management systems within an organisation to demonstrate its capability to meet its customer's requirements • Certifies that an organisation has carried out the correct processes but does not provide a quality guarantee of the end product • Only standard that can be used for the certification of a quality management system March 23, 2010 47
  • 48. TickIT/TickITplus • Quality management certification for software • Mainly UK based • Aims to improve the quality of software and its application • Includes practical guidance for software development and services • TickITplus adds industry best practice with international IT standards with ISO 9001 accredited certification March 23, 2010 48
  • 49. TQM (Total Quality Management) • TQM is a management approach that seeks to integrate all organisational functions to focus on meeting customer needs and organisational objectives • All personnel become involved in the continuous improvement of the production of goods and services • Concerned with continuous improvement in all work from high level strategic planning and decision making to detailed execution of work elements • Many methodologies and techniques to implement TQM approach March 23, 2010 49
  • 50. Six Sigma • Data-driven approach and methodology for eliminating defects in any process • Originated in manufacturing but now widely used • Practical goal to increase profits by eliminating variability, defects, and waste that undermine customer loyalty • Two Six Sigma components − DMAIC - define, measure, analyse, improve and control for existing processes − DMADV define, measure, analyse, design and verify for new processes • Uses a set of quality management methods, including statistical methods, and creates a special infrastructure of people within the organisation who are experts in these methods March 23, 2010 50
  • 51. Governance, Security and Risk Management Frameworks Information Technology and Related Frameworks Governance, Security and Risk Management COBIT (Control ISO 38500 ISO 27000 / OCEG (Open Objectives for (Corporate (Information IT Baseline Compliance Information Governance of Security Protection and Ethics and Related Information Management Catalogs Group) Technology) Technology) System) March 23, 2010 51
  • 52. COBIT (Control Objectives for Information and Related Technology • Framework for IT management created by the Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI) • Enables clear policy development and good practice for IT control • Emphasises regulatory compliance, helps organisations to increase the value attained from IT March 23, 2010 52
  • 53. ISO 38500 (Corporate Governance of Information Technology) • Framework for governance of IT to assist senior management to understand and fulfill their legal, regulatory and ethical obligations in relation to the organisation’s use of IT • Based on Austrailian standard AS 8015 for corporate governance of information and communication technology • Encompasses establish responsibilities, plan to best support the organisation, acquire validly, ensure performance when required, ensure conformance with rules and ensure respect for human factors March 23, 2010 53
  • 54. ISO 27000 / (Information Security Management System) • Family of 27000 standards for information security • ISO 27001 specifies a management system to bring information security under management control • Examine information security risks, taking account of the threats, vulnerabilities and impacts • Design and implement information security controls to address those risks that are deemed unacceptable • Implement management process to ensure that the controls continue to meet information security requirements March 23, 2010 54
  • 55. Open Compliance and Ethics Group • OCEG Framework contains the GRC Capability Model – specified in the OCEG Red Book • Provides comprehensive and detailed practices for an integrated GRC system − Achieve business objectives − Enhance organisational culture − Increase stakeholder confidence − Prepare and protect the organisation − Prevent, detect and reduce adversity − Motivate and inspire desired conduct − Improve responsiveness and efficiency − Optimise economic and social value March 23, 2010 55
  • 56. IT Baseline Protection Catalogs • Collection of documents from the German Federal Office for Security in Information Technology • Includes standard security measures for typical IT systems with normal protection needs • Component catalog defines overall aspects of IT, infrastructure, IT systems, networks and IT applications • Threat catalog details potential threats to IT systems • measures catalog define measures necessary to achieve baseline protection March 23, 2010 56
  • 57. Business Management and Support Frameworks Information Technology and Related Frameworks Business Management and Support MOF (Microsoft BISL (Business Operations Information Framework) Service Library) March 23, 2010 57
  • 58. MOF (Microsoft Operations Framework) • Contains practices, principles, and activities that provide guidelines for achieving reliability for IT solutions and services • Provides question-based guidance that allows you to determine what is needed now as well as activities that will keep the IT organisation running efficiently and effectively in the future • Creates an environment where business and IT can work together toward operational maturity using a proactive model that defines processes and standard procedures to gain efficiency and effectiveness • Covers activities and processes involved in managing IT services: definition, development, operation, maintenance and retirement March 23, 2010 58
  • 59. BISL (Business Information Service Library) • Public domain standard for functional and and information management • Describes processes within business information management at the strategy, management, and operations level • Establishes a bridge between IT and business processes and between business information administrators and information managers • Identifies processes at three levels: operations, management, and strategic • Covers operations management, functionality management, change management and transition, planning and control, financial management, demand management, contract management, develop information strategy, develop information organisation strategy and information coordination March 23, 2010 59
  • 60. Business Analysis Frameworks Information Technology and Related Frameworks Business Analysis Structured Business Systems Analysis Body Analysis and of Knowledge Design (BABOK) Method (SSADM) March 23, 2010 60
  • 61. Business Analysis Body of Knowledge (BABOK) • Developed by the IIBA (International Institute of Business Analysis) • BABOK is the collection of knowledge within the profession of Business Analysis and reflects generally accepted practice • Describes business analysis areas of knowledge, their associated activities and tasks and the skills necessary to be effective in their execution • Identifies currently accepted practices • Recognises business analysis is not the same as software requirements • Defined and enhanced by the professionals who apply it • Captures the knowledge required for the practice of business analysis as a profession March 23, 2010 61
  • 62. Structured Systems Analysis and Design Method (SSADM) • Systems approach to the analysis and design of information systems • Waterfall approach incorporates document-led approach to system design • Includes − Logical Data Modelling − Data Flow Modelling − Entity Behaviour Modelling March 23, 2010 62
  • 63. Enterprise Architecture Frameworks Information Technology and Related Frameworks Enterprise Architecture NASCIO EAMM Department of Ministry of TOGAF (The Federal (NASCIO Defense Defence Open Group Enterprise Enterprise Architecture Architectural Zachman Architecture Architecture Architecture Framework Framework Framework) (FEA) Maturity (DoDAF) (MODAF) Model) March 23, 2010 63
  • 64. TOGAF (The Open Group Architecture Framework) • TOGAF is a framework - a detailed method and a set of supporting tools — for developing an enterprise architecture − TOGAF is not itself an architecture • Architecture design is a technically complex process and the design of mixed, multivendor architectures is particularly complex • TOGAF plays an important role in helping to demystify and reduce the risk in the architecture development process • TOGAF provides a platform for adding value and enables users to build genuinely open systems-based solutions to address their business issues and needs • Because TOGAF has a detailed implementation framework, the project to implement it and the associated time and cost can be defined more exactly • Framework can be customised to suit the requirements of the organisation • TOGAF has a broad coverage and a business focus and seeks to ensure that IT delivers what the business needs • TOGAF focuses on both the “what” and the “how” March 23, 2010 64
  • 65. Department of Defense Architecture Framework (DoDAF) • Framework for developing and representing architecture descriptions that ensure a common denominator for understanding, comparing, and integrating architectures • Establishes data element definitions, rules, and relationships and a baseline set of products for consistent development of systems, integrated or federated architectures March 23, 2010 65
  • 66. Ministry of Defence Architectural Framework (MODAF) • Framework defining a standardised way of creating enterprise architecture • Defines architectural views covering the strategic goals of the enterprise and the people, processes and systems that deliver those goals March 23, 2010 66
  • 67. Zachman • Zachman Framework for Enterprise Architecture defines a collection of perspectives involved in enterprise architecture • Provides a logical structure for classifying and organising the descriptive representations of an enterprise • High level framework March 23, 2010 67
  • 68. Federal Enterprise Architecture (FEA) • Methodology for information technology acquisition, use and disposal • Contains a set of reference models − Performance Reference Model − Business Reference Model − Service Component Reference Model − Data Reference Model − Technical Reference Model March 23, 2010 68
  • 69. NASCIO EAMM (NASCIO Enterprise Architecture Maturity Model) • Developed by National Association of State Chief Information Officers (NASCIO) • Provides a path for architecture and procedural improvements within an organisation • Framework combines business and environment processes and representations to allow planning and development of an architecture blueprint • Designed to improve information sharing across government boundaries, as well as to position government enterprises for the digital government age and the advantages and opportunities that technology presents March 23, 2010 69
  • 70. Summary • Large number of potentially very useful frameworks and methodologies existing as point solutions • Need to select the most appropriate framework to suit your needs • Need to integrate frameworks into IT operations and delivery structure March 23, 2010 70
  • 71. More Information Alan McSweeney alan@alanmcsweeney.com March 23, 2010 71