Information management
Standardy řízení podnikové informatiky
Name and surname of author:
Petr Doucek, Ota Novotný
Keywords:
enterprise informatics management, information management, informatics manage-ment effectivenes
DOI (& full text):
Anotation:
A boom of information and communication technology (ICT) causes an increasing dependence of all organizations on these technologies. ICT improvement in organizations of all types influen-ces majority of their preformed processes. Essential importance of ICT could be also derived from general amount of annually realized ICT investments in all types of organizations.There are presented following standards for enterprise informatics management in this article - COBIT, CMMI, ISO/IEC 9000 group, ITIL, National Awards, Six Sigma and TVO. Relevance of using these standards in enterprise practice is also discussed and evaluated. The second set of standards presented here are enterprise standards for ICT security management. Main base for corporate ICT security management and it’s improvement is formed by Deming’s PDCA model. Selected ICT security standards (article is especially focused on ISO/IEC standards) are related to each phase of the Deming’s model (life cycle) of the corporate security management system. Key standards presented in the area of ICT security management system are BS 7799-2:2002 and ISO/IEC 17799. These two documents define corporate ICT security management system - its improvement, controlling, auditing and the feedback process. The relevance of above presented standards (general and security as well) and their implemen-tation in different types of organizations is discussed in the third part of this contribution. The first criterion for standard relevance is the original purpose, for what were these standards intended to be used (Figure. 2). The second criterion is a type of organization, where they are expected to be implemented. We have selected two main organization types:• large enterprises,• public and state administration organizations.General conclusion of above described discussion is that international standards could be implemented in all types of organizations – private and public as well. But there are differences for public and state…
A boom of information and communication technology (ICT) causes an increasing dependence of all organizations on these technologies. ICT improvement in organizations of all types influen-ces majority of their preformed processes. Essential importance of ICT could be also derived from general amount of annually realized ICT investments in all types of organizations.There are presented following standards for enterprise informatics management in this article - COBIT, CMMI, ISO/IEC 9000 group, ITIL, National Awards, Six Sigma and TVO. Relevance of using these standards in enterprise practice is also discussed and evaluated. The second set of standards presented here are enterprise standards for ICT security management. Main base for corporate ICT security management and it’s improvement is formed by Deming’s PDCA model. Selected ICT security standards (article is especially focused on ISO/IEC standards) are related to each phase of the Deming’s model (life cycle) of the corporate security management system. Key standards presented in the area of ICT security management system are BS 7799-2:2002 and ISO/IEC 17799. These two documents define corporate ICT security management system - its improvement, controlling, auditing and the feedback process. The relevance of above presented standards (general and security as well) and their implemen-tation in different types of organizations is discussed in the third part of this contribution. The first criterion for standard relevance is the original purpose, for what were these standards intended to be used (Figure. 2). The second criterion is a type of organization, where they are expected to be implemented. We have selected two main organization types:• large enterprises,• public and state administration organizations.General conclusion of above described discussion is that international standards could be implemented in all types of organizations – private and public as well. But there are differences for public and state administration in the Czech Republic. More obligatory standards for these organizations are valid at our territory. Additional standards were issued by Ministry for Informatics of the Czech Republic. These standards are obligatory not only for public and state administration organizations, but also for all their suppliers. International standards for ICT management and ICT security management could be recom-mended for use in any enterprise or state and public organization. All standards need to be deeply analyzed and customized according to rules, conditions and goals of the organization where have to be implemented. Each ICT manager has to combine different standards together, having the final goal to manage ICT in effective and efficient way.
Section:
Information management