2005 Presentation - Annual ITAM Conference
•Download as PPT, PDF•
2 likes•531 views
I created and delivered this presentation as a speaker at the 2005 Information Technology Asset Management Annual Conference
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (15)
Similar to 2005 Presentation - Annual ITAM Conference
Similar to 2005 Presentation - Annual ITAM Conference (20)
Recently uploaded
Recently uploaded (20)
2005 Presentation - Annual ITAM Conference
- 1. <Category> <Track> The Role of ITAM in Information Security Presented by Steve Gerick CISA, CISM, CITAM, PMP Associate Director - Protiviti
- 2. <Category> <Track> Industry Trends & Drivers People Mergers and Acquisitions Regulatory Compliance Reduction of Organizational Silos Centralized Model (consolidation and standardization) Technology Increased computing complexity Need for “Active Asset Management” Electronic software distribution & Patch Management Move to suites instead of point products Vendor Consolidation Process Real-time process model Interest in ITIL and CobiT Driven more by compliance needs
- 3. <Category> <Track> Top Five IT Issues* Strategic Alignment Need to align IT with the business and its goals - providing a flexible, integrated information infrastructure to support business strategy. Value Delivery Places the focus on expenses and proof of value and concerns itself with cost-optimization, with ensuring a favorable return on investment for IT and a positive bottom-line impact. IT Assets Targets knowledge and infrastructure. Deals with the selective outsourcing of non-core processes to trusted suppliers, to leverage knowledge and skills internally and externally Risk Management Concerns itself with safeguarding assets and preparing for disaster. Performance Measurement Necessary for any of the other four to be managed appropriately in a complex economic and geopolitical environment. ISACA Journal Volume 4, 2002 Erik Guldentops - ITGI
- 4. <Category> <Track> Typical ITAM Lifecycle
- 5. <Category> <Track> IT Security Management Lifecycle * NIST Guide to Information Technology Security Services
- 6. <Category> <Track> ITAM & Infosec Linkages Configuration Management Patch Management Vulnerability Management Data Protection Property Accounting Active – Inactive Assets Asset Disposal Theft Prevention Move to suites instead of point products Compliance Software License Compliance SOX, GLBA, HIPAA, Basel Software Piracy
- 7. <Category> <Track> ITAM & The ITIL Framework Planning to Implement Service Management T T h h Service Management e e ICT The Business Service T B Infrastructure Support e u Perspective Management s c i h n n Service o e Delivery Security l s s Management o g y Application Management Suppliers * ITIL Best Practices Services Software Asset Management
- 8. <Category> <Track> Relationship between ITAM & Security Overall Management Overall management Processes Competence, awareness and training responsibility Performance metrics and continuous improvement Risk assessment Service continuity and availability management Policies and procedures Core Asset Management Asset identification Processes management Database Asset control Financial management Status accounting Logistics Verification and Relationship Processes Compliance Processes Processes Requirements definition (Governance) Contract management Design Supplier management Evaluation Verification and audit License compliance Internal business relationship Procurement management Build Security compliance Other compliance (software standards) Outsourcing management Deployment Operation Optimization * ITIL Best Practices Services Retirement Software Asset Management
Editor's Notes
- These are the industry trends I have seen from industry pundits and supported by what I ’ve been seeing in the field over the past two years working with over 50 different clients. People Mergers and acquisitions are placing severe strain on operations (IT, HR, Facilities, Finance) functions in organizations since this is an area that is usually cut deeply to help accelerate the financial benefits derived from consolidating operations. Regulatory compliance is placing tremendous burdens of public companies and in the health care sector with privacy concerns. Organizations have put a great deal of effort in promoting HR efforts that have focused on getting different groups within a company to break down organizational barriers. Technology Many organizations have multiple operating systems that drive platforms for business and productivity applications. UNIX, LINUX, Microsoft, OS/400, MVS, etc. Vendors have begun to offer real-time asset configuration and management solutions. Electronic software distribution and patch management solutions had proliferated. Altiris, SMS, Peregrine, CA, etc. Vendor consolidation. Process Technology model processes more closely now – ITIL-compliant ICT Management applications for example IT world more mature. Maturation typically migrates to standard frameworks that help organization integrate ICT functions. SOX, GLBA, HIPAA, Basel, etc.
- 1. strategic alignment , refers to aligning IT with the business and collaborative solutions. Alignment is best achieved when cross-functional, collaborative information systems are instituted. This allows IT to be an agent of change, enabling business transformation in a robust and nimble manner. Finally, strategically aligned IT helps educate and connect the c-suite (CIOs, CEOs, COOs, CPOs, CTOs, etc.) while enabling effective communication with information systems users. In other market analysts' lists, the issue of strategic alignment is referred to through terms such as "increasing business demands on IT infrastructure," "integration of processes," "systems integration," "IT serving as an agent of change" and "IT bridging the disconnect with the c-suite. “ 2. value delivery , places the focus on expenses and proof of value. Value delivery concerns itself with cost-optimization, with ensuring a favorable return on investment for IT and a positive bottom-line impact. It takes into account the total cost of ownership of IT services and the quality and effectiveness of enterprise wide service delivery. Most important, it emphasizses keeping users and managers satisfied, thus proving the value of IT. Accountants and auditors traditionally have looked at emerging technology issues from the risk and control point of view. Value, on the other hand, is a more important driver for management. Auditors and accountants should be aware of, and deal with, the management priority. In other market analysts' lists, the value delivery concept is alluded to by the use of such terms as "IT service delivery," "trust," "quality of service" and "proving the value of IT. “ 3. IT assets , targets knowledge and infrastructure. Specifically, this issue deals with the selective outsourcing of non-core processes to trusted suppliers, thereby enabling the enterprise to leverage knowledge and skills internally and externally. IT assets ensures that an integrated, economical IT infrastructure is provided, wherein new technology is introduced judiciously and obsolete systems are updated or replaced. It recognizes the importance of people, in addition to hardware and software, and therefore focuses on maintaining availability, providing training, promoting retention and ensuring competence of key IT personnel. Other market analysts make reference to the IT assets issue in terms such as "outsourcing," "trusted suppliers," "resource management, "training and competency" and "skills retention. “ 4. risk management , concerns itself with safeguarding assets and preparing for disaster. Risk management establishes IT security to protect assets and enable business recovery from IT failures. It ensures privacy for users and builds resilience into systems. Risk management knows the importance of establishing trust in the enterprise's services and among its partners. It manages internal and external threats--internal from misuse and errors and external from deliberate attacks, market volatility and the pace of change. Other market analysts' lists include the risk management concept by referring to "safeguarding business assets," "disaster recovery," "security" and "resilience. “ 5. performance measurement , is simply, in the opinion of the IT Governance Institute, necessary for any of the other four to be managed appropriately in a complex economic and geopolitical environment. Other analysts include "improving SDLC" in this category.
- META recently estimated that some companies are over-licensed by as much as 40% and that the average is 15%
- ITAM Relationship to ITIL Framework Software Asset Management is depicted in the framework model. The keys are:
- Overview of ITIL Processes Planning to Implement Service Management covers the planning of Service Management Processes, together with the development of organizational and ICT cultures. Service Management consists of two guides: Service Delivery covers the processes associated with the development and improvement of the quality of ICT services such as SLM, Financial Mgt., Capacity Mgt., IT Service Continuity and Availability Management. Service Support describes the function and processes involved in the day-to-day support and maintenance of the ICT services such as Incident Mtg., Problem Mgt. Configuration Mgt., Change and Release Mgt. and the Service Desk function. ICT Infrastructure Management describes all of the processes associated with the management of the OCT infrastructure including overall management, Design and Planning, Deployment, Operations and Technical Support. Application Management includes all of the processes and issues associated with the development and management of applications and software lifecycles. Security Management covers all of the processes and issues associated with the security of ICT services and systems. Business Perspective focuses on the processes of business alignment and communication associated with the ICT systems and services.