IT Policy
Define and maintain
an overall IT security plan that includes:
- A complete set of
security policies and standards in line with the established information
security policy framework.
- Procedures to
implement and enforce the policies and standards
- Roles and
responsibilities
- Staffing
requirements
- Security
awareness and training
- Enforcement
practices
- Investments in
required security resources
- Scope and
objectives of the security management function
- Responsibilities
of the security management function
- Compliance and
risk drivers
- Security
compliance policy
- Management risk
acceptance (security non-compliance acknowledgement)
- External
communications security policy
- Firewall policy
- E-mail security
policy
- An agreement to
comply with IS policies
- Laptop/desktop
computer security policy
- Internet usage
policy
- Ensure system
security
- Manage the
configuration, data, third-parties, operations, and problems or incidents.
- Install and
accredit solutions and changes
- End-user
computing
IT Strategy
- Plan and organize
- This domain
provides directions to solutions’ delivery and service delivery.
- Define a
Strategic IT Plan and Direction
- Define the
Information Architecture
- Determine
Technological Direction
- Define the IT
Processes, Organization and Relationships
- Manage IT
Investment
- Communicate
Management Aims and Direction
- Manage IT Human
Resources
- Manage Quality
- Assess and Manage
IT Risks
- Manage Projects
- Acquire and
Implement (AI)
- This domain provides
the solutions and passes them on to be turned into services in the next domain.
- Identify
Automated Solutions
- Acquire and
Maintain Application Software
- Acquire and
Maintain Technology Infrastructure
- Enable Operation
and Use
- Procure IT
Resources
- Manage Changes
- Install and
Accredit Solutions and Changes
IT Governance
- Deliver and
Support
- This domain
receives the solutions and makes them usable for end users.
- Manage Service
Levels
- Manage
Third-Party Services
- Manager
Performance and Capacity
- Manage Service
Desk and Incidents
- Manage the
Configuration
- Manage Problems
- Manage Data
- Manage the
Physical Environment
- Manage Operations
- Ensure Continuous
Service
- Ensure System
Security
- Identify and
Allocate Costs
- Educate and Train
Users
- Monitor and
Evaluate
- This domain
monitors all processes to ensure that the direction provided is followed.
- Monitor and
Evaluate IT Processes
- Monitor and
Evaluate Internal Control
-Ensure Regulatory
Compliance
- Provide IT
Governance