Search
Topics
  Create an account Home  ·  Topics  ·  Downloads  ·  Your Account  ·  Submit News  ·  Top 10  
Modules
· Home
· Content
· FAQ
· Feedback
· Forums
· Search
· Statistics
· Surveys
· Top
· Topics
· Web Links
· Your_Account

Current Membership

Latest: ACantu
New Today: 46
New Yesterday: 76
Overall: 142341

People Online:
Visitors: 76
Members: 6
Total: 82 .

Languages
Select Interface Language:


Major ITIL Portals
For general information and resources, ITIL and ITSM World is the most well known for both ITIL and ITIL Books. A shorter snapshot approach can be found at ITIL Zone

Related Resources
Service related resources
Service Level Agreement
Outsourcing

Note: ITIL is a registered trademark of OGC. This portal is totally independent and is in no way related to them. See our Feedback Page for more information.


The Itil Community Forum: Forums

ITIL :: View topic - ITIL + Operational Risk Management
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

ITIL + Operational Risk Management

 
Post new topic   Reply to topic    ITIL Forum Index -> Related Topics
View previous topic :: View next topic  
Author Message
LWaugh
Newbie
Newbie


Joined: Feb 27, 2007
Posts: 6
Location: Newcastle, UK

PostPosted: Tue Feb 27, 2007 11:36 pm    Post subject: ITIL + Operational Risk Management Reply with quote

I am looking for some help on how to approach the re-write of our department Risk maps so they have an ITIL look and feel.

I have looked at our Information Security Risk maps and they have been written to conform with ISO27001 which has a list of controls all documented for you which makes it easy for writing up but with ITIL, it only gives you a framework to work to and therefore i have no idea where to start!

Anyone else had to re-write risk maps and if so, how did you approach it?

thanks in advance...
Back to top
View user's profile
UKVIKING
Senior Itiler


Joined: Sep 16, 2006
Posts: 3299
Location: London, UK

PostPosted: Wed Feb 28, 2007 3:46 am    Post subject: Reply with quote

I ' m sorry but the definitive standard for Information Security is ISO 270001.

ITIL and its security management piece more likely refers to the old BS 7799 in most of its attributations.

Also ... look at COBIT
_________________
John Hardesty
ITSM Manager's Certificate (Red Badge)

Change Management is POWER & CONTROL. /....evil laughter
Back to top
View user's profile
LWaugh
Newbie
Newbie


Joined: Feb 27, 2007
Posts: 6
Location: Newcastle, UK

PostPosted: Thu Mar 01, 2007 8:41 pm    Post subject: Reply with quote

thanks for your reply John, I've had a look on the web and i've noticed a few companies have implemented ITIL alongside COBIT. Just wanted to see if anyone used any other control defined frameworks other than COBIT and how they went about doing Risk maps / controls to work them alongside ITIL.
Back to top
View user's profile
UKVIKING
Senior Itiler


Joined: Sep 16, 2006
Posts: 3299
Location: London, UK

PostPosted: Thu Mar 01, 2007 10:06 pm    Post subject: Reply with quote

LWaugh

The company that are using cobit and itil are using them in a layered effect

the cobit framework is used in the higher level and the itil model is used to lower level

cobit what needs doing
itil what to do to get the doing done
_________________
John Hardesty
ITSM Manager's Certificate (Red Badge)

Change Management is POWER & CONTROL. /....evil laughter
Back to top
View user's profile
itilimp
Senior Itiler


Joined: Jan 20, 2006
Posts: 172
Location: England

PostPosted: Fri Mar 02, 2007 10:30 am    Post subject: Reply with quote

Hi,

Are you solely concerned with information security, or are you concerned with the operational risks, i.e. documenting IT Business Continuity risks. If the latter, there is a new standard that may include some guidance for you, see [pas56.standardsdirect.org. Otherwise, you may find some of the following helpful (links provided but if removed google for them):

Calder-Moir Framework (guides you to which standards/frameworks that may be appropriate for the purpose you require), COBIT v4 - see PO9 Assess and Manage IT Risks (as John said, looking at the controls will tell you what you should be assessing but not how. Just to add, I'd say that COBIT is widely recognised as the best guidance for IT Governance, although as the Calder-Moir framework shows, it isn't exhaustive, although old, techniques still relevant today)

I do wonder if there will be an ITIL v3 supplementary book on managing risks for an IT environment.
Back to top
View user's profile Visit poster's website
LWaugh
Newbie
Newbie


Joined: Feb 27, 2007
Posts: 6
Location: Newcastle, UK

PostPosted: Fri Mar 02, 2007 6:50 pm    Post subject: Reply with quote

Thanks for your comments itilimp..

I am looking for ideas on how to re-write our current Risk maps (which cover the whole of IT not just security). Our risk maps are currently in a COBIT format but was looking to give them an ITIL look now that we are in the process of implimenting ITIL - just to bring everything together so it makes it easier when risk events are raised they link back to the high level risks.

We have ISO27001 in place and risk maps on Info Security all relate to the controls within ISO27001 which is quite straight forward until ITIL which is all process based.
Back to top
View user's profile
itilimp
Senior Itiler


Joined: Jan 20, 2006
Posts: 172
Location: England

PostPosted: Fri Mar 02, 2007 9:49 pm    Post subject: Reply with quote

Ah okay. Well v2 ITIL doesn't prescribe any formats (actually it dosn't prescribe anything at all but that's a whole other discussion) for risk. In v3 more awareness of risk is built into every book and every process (old and new) - but again, no templates that I am aware of. So I'd suggest you carry on with the format you are using if it fits the need, and just use ITIL to help you brainstorm other operational risks that you may not yet have considered. One approach you might take is to brainstorm the risks of each process defined in your IT organisation not being followed and the impact of that together with ways in which to mitigate/eliminate that risk.

Good luck Smile
Back to top
View user's profile Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    ITIL Forum Index -> Related Topics All times are GMT + 10 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Powered by phpBB 2.0.8 © 2001 phpBB Group
phpBB port v2.1 based on Tom Nitzschner's phpbb2.0.6 upgraded to phpBB 2.0.4 standalone was developed and tested by:
ArtificialIntel, ChatServ, mikem,
sixonetonoffun and Paul Laudanski (aka Zhen-Xjell).

Version 2.1 by Nuke Cops 2003 http://www.nukecops.com

Forums ©

 

Logos/trademarks property of respective owner. Comments property of poster. Rest 2004 Itil Community for Service Management & Foundation Certification. SV
Site source copyright (c)2003, and is Free Software under the GNU / GPL licence. All Rights Are Reserved.