Bridging Gape between ITSM, IT-governance and Information Security to Meet Business Needs

: To achieve organizational and business specific goals, IT plays a very important and crucial role. IT Services Management increases the efficiency of the IT Department to provide standardized and effective services to the organization stakeholders and it leads to a better IT Governance for the organization. IT Governance helps the organization to achieve its goals with the help of acclaimed best IT practices in the industry. This and explores how mapping of Information Technology Service Management (ITSM), IT Governance and Information Security helps to meet organization and business specific goals and needs.


INTRODUCTION
The IT Service Management (ITSM) is defining as the implementation and management of quality IT services that fulfil the needs of the business (John, 2004).ITSM focuses on the alignment of IT services with business objectives and trying to improve the performance of entire business organization.In the current competitive business environment, ITSM is the key to the development of any Business.ITSM provide high level service and support to organization.ITSM increase the customer satisfaction which ultimately valued to the business.ITSM focus on over the years, different types of ITSM frameworks, for example, Information Technology Infrastructure Library (ITIL) and Microsoft Operations Framework (MOF), have been proposed and developed for the implementation of IT service management.No doubt each framework has its own characteristics and limitation.ITSM like ITIL and MOF are powerful frameworks to support the delivery of IT-services and COBIT is a use for IT governance, Control and IT audit.But security issues are more important for products as well a service, where a combination of ITSM (ITIL, MOF) and ISO 27002 will provide a strong toolkit to enable delivery of high quality IT-services.
ITIL and MOF are the collection of best practices for the management of IT services.ITIL helps organizations to become aware of the business value of their IT services provide to internal and external stakeholders.ISO/IEC 27001 is a set of guidelines, which can be used by an organization to design, deploy and maintain Information Security Management System (Razieh and Nasser, 2012).COBIT is a high-level IT governance and management framework.It focuses on the broader decisions in IT management and does not dwell into technical details.It is a framework of best practices in managing resources, infrastructure, processes, responsibilities and controls (Varun, 2008).IT best practices need to be aligned to business requirements and integrated with one another and with internal procedures.At the same time we need better IT services, good IT governance and security of information.This and explores that how ITIL and MOF align and integrate with COBIT and ISO/IEC 27001 to meet the business challenges we face in today's critical IT environment.(Alison et al., 2007;Jack et al., 2007).MOF illustrates proven team structures and operational processes and implement best Information Technology (IT) practices to improve the capability and quality of IT operations (David et al., 2008).MOF is a collection of best practices, principles and models that provide comprehensive technical guidance for achieving mission critical production system reliability, availability, supportability and manageability for solutions and services built on Microsoft products and technologies (Jan et al., 2009).MOF provides the fundamentals of operations methodology and a framework for IT operations.

It
It governance: IT Governance is defined as "an integral part of enterprise governance and consists of the leadership and organizational structures and processes that ensure that the organization's IT sustains and extends the organization's strategies and objectives".It is the alignment of organizations IT strategy with business strategy, ensuring that companies remains on proper track in order to achieve their strategies and goals and employing best ways to measure IT performance.There are five major focus area that make IT governance are, Strategic alignment, value delivery, resource management, risk management and performance management.Numbers of framework available for the implementation of IT governance, among them are COBIT and ISO 27002 (Craig, 2005;Efrim Boritz, 2007;Bryn, 2008).
COBIT stands for "Control Objectives for Information and Related Technology", is an IT governance framework and supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks.Information Systems Audit and Control Association (ISACA) is the founder for the COBIT framework, which is use for Information Technology (IT) Management and IT governance.The COBIT is the most famous IT governance framework available nowadays.It must be the first choice for the implementation of IT governance in any organization.The latest edition of ISACA's that is globally accepted framework is COBIT5.It provides business view of the governance of Enterprise IT that shows the central role of IT in creating value for enterprise.The COBIT is based on four domains Publish in 6 different publications.For each domain, sub domain has been defined to describe requirements and tools to monitor the IT-process.The COBIT domains cover (John, 2004;Anthony, 2012): • Planning and organization • Acquisition and implementation • Delivery and support

• Monitoring
The ISO 27002 standard is the new name of the ISO 17799 standard and is international standard organization code of practice for information security.ISO 27002 is the enhanced version of ISO 17799.The goal of ISO/IEC 27002 has been to provide information to the parities responsible for the implementation of information security within the organization.ISO 27002 provides Security standards for different IT Services.The standard "established guidelines and general principles for initiating, implementing, maintaining and improving information security management within an organization".It can be seen as a basis for developing security standards and management practices within an organization to improve reliability on information security in interorganizational relationships.According to ISO "Information Security governance has become an Established and recognized component of Corporate Governance and specifically Information Technology governance".This standard is a globally accepted code of practice for information security management.It is controls based standard for organizations to manage their information security according to thirteen domains The ISO 27002 contents sections are: ISO 27002 defines information as an asset that may exist in many forms and has value to an organization.The goal of information security is to properly protect this asset and to ensure business continuity, decrease business damage and increase return on investments that is done in the business.As defined by ISO 27002, information security is explained as the preservation of (John, 2004;Daminda, 2008).
Confidentiality: This is to Ensuring that information is accessible only to those authorized and have rights to access it.
Integrity: This is to ensure that information is accurate and no one has to modify it and safe guarding the accuracy and completeness of information and processing methods.
Availability: This is to ensure that authorized users have access to information and associated Assets when needed.When taking a closer look to them, it is very much clear that they successfully can be aligned.To implement a process to deliver IT-services without properly defining measures for monitoring the process will lead to a higher risk and it will not be more efficient and effective.This is one argument to align ITIL with COBIT.Also it is much clear that security is a major concern nowadays, so for any process of ITIL or MOF there must be ISO security standard implementation, Table 1.

RESULTS AND DISCUSSION
Mapping of ITSM, IT governance and IT security: Table 2 will describe the ITIL alignment with COBIT and ISO 27002 and Table 3 will describe MOF alignment with COBIT and ISO 27002 (John, 2004;Robert, 2012;Rene, 2005).

CONCLUSION
In every organization, it is must to deliver IT services in a cost efficient manner, mitigating security risks and comply with legal requirements.The equation is difficult to handle and in some cases it seems like a mission impossible.To be able to survive in this environment a Combination of ITIL or MOF, COBIT and ISO 27002 can be valuable for organization.Organization may use ITIL and MOF to define processes, use COBIT IT audit, benchmarks IT governance and use ISO 27002 to address security issues to mitigate possible risks.It will lead to a better IT service management with a strong IT governance and secured information in the organization.

Table 1 :
ITSM and IT governance matrix IT governance frameworks