Ludek Novk

1
Integrated Information Management Systems

• Ludek Novák

Ludek.Novak_at_anect.com
May, 05, 2005
2
Scope

• Information management requirements
• Information added value
• Integrated management system
• Quality Management System
• IT Service Management System
• Information Security Management System
• Common principles
• PDCA Model
• New challenges to ISMS

3
ICT Management Requirements

• Business is highly dependent on ICT
• ICT should bring defined and measurable values
• Different methodologies based on best practice
• New approaches to control environment
• BASEL II regulation for banking and financial
  companies
• Sarbanes-Oxley regulation for financial
  reporting of Joint Stock Companies
• ICT is a key point for any success

4
Information added value

• Increase automation
• Align ICT with business to enlarge production
• Do good things
• Decrease costs
• Use resources responsible
• Do things well
• Manage risks
• Minimize incidents and damages
• Know risks

5
Information management components

• Quality Management System
• ISO 9001
• ISO/IEC 90003
• IT Service Management System
• BS 15000
• ISO/IEC 20000
• Information Security Management System
• BS 7799-2
• ISO/IEC 17799

6
Quality management

• Quality is the totality of characteristics of a
  product or service that bear on the ability to
  satisfy stated and implied needs.
• QMS is well-known process-based approach
• Using existing principles and resources for ICT
  management
• Tools for communication with manages and users
• Basic and general requirements on ICT management
• ISO/IEC 90003 Application of ISO 90012000 to
  software

7
IT Service Management

• IT service is a described set of facilities, IT
  and non-IT, supported by the IT service provider
  that fulfils one or more needs of the customer
  and that is perceived by the customer as a
  coherent whole.
• ITSM standards
• System requirements BS 15000-1 (ISO 20000-1)
• Code of practice BS 15000-2 (ISO20000-2)
• Other methodologies
• ITIL IT Infrastructure Library
• MOF Microsoft Operations Framework
• HP, IBM, SUN,

8
IT Service Management
9
Information Security Management

• Information security is preservation of
  confidentiality, integrity and availability of
  information in addition, other properties, such
  as authenticity, accountability, non-repudiation,
  and reliability can also be involved.
• Key element of any ISMS is a risk analysis and
  treatment process
• ISMS standards
• System requirements BS 7799-22005 (ISO/IEC
  24743)
• Code of Practice ISO/IEC 177992005
• Metrics and Measurements ISO/IEC 24742 (draft)

10
Information Security Management
11
Common principles

• Key success factors
• Management responsibility
• Management of resources, documents and records
• Competence, awareness, training
• Management reviews
• Continual improvement
• All systems follow PDCA cycle
• Plan Do Check Act

12
PDCA Model
13
New challenges to ISMS

• Quality management experiences
• Using existing culture, tools, procedures, etc.
• Using implementation know-how
• IT service management framework
• IT services as a primary point for risk analysis
• ITSM methods offer more details on ICT processes
• Information security should be a part of service
  reporting
• Availability and continuity is the same for both
• Harmonize incident/problem management and
  security incident management (ISO/IEC TR
  180442004)

14
Conclusions

• Aim is to draw the attention on QMS, ITSM and
  ISMS as a tools for ICT management
• There is a lot of shared features
• There is a big place for synergies (ITSM ISMS)
• Its not possible to separate operations and
  security
• There is necessary to have basic knowledge about
  all management systems to used their advantages
• The aim was to brief you on security
  neighbourhood

15
(No Transcript)