WEBVTT 1 00:00:00.000 --> 00:00:01.230 In this lesson, 2 00:00:01.230 --> 00:00:04.350 we're going to learn about Governance Frameworks. 3 00:00:04.350 --> 00:00:06.750 Governance Frameworks are used to establish 4 00:00:06.750 --> 00:00:08.627 structured guidelines and best practices 5 00:00:08.627 --> 00:00:12.766 for managing and aligning information technology operations 6 00:00:12.766 --> 00:00:14.006 with business goals, 7 00:00:14.006 --> 00:00:18.330 while still ensuring proper risk management and compliance. 8 00:00:18.330 --> 00:00:20.247 In this lesson, we're going to explore 9 00:00:20.247 --> 00:00:22.350 two governance frameworks, 10 00:00:22.350 --> 00:00:24.420 the Control Objectives for Information 11 00:00:24.420 --> 00:00:26.910 and Related Technologies or COBIT, 12 00:00:26.910 --> 00:00:28.350 and the Information Technology 13 00:00:28.350 --> 00:00:31.475 Infrastructure Library or ITIL. 14 00:00:31.475 --> 00:00:34.346 COBIT focuses on information technology 15 00:00:34.346 --> 00:00:37.530 or IT governance and management 16 00:00:37.530 --> 00:00:39.420 from a manager's perspective. 17 00:00:39.420 --> 00:00:41.110 It helps managers align IT processes 18 00:00:41.110 --> 00:00:45.235 with business objectives, ensuring effective risk management 19 00:00:45.235 --> 00:00:48.215 and maintaining regulatory compliance. 20 00:00:48.215 --> 00:00:51.060 ITIL focuses on IT service management 21 00:00:51.060 --> 00:00:52.835 from an operational perspective, 22 00:00:52.835 --> 00:00:56.460 and is centered around how IT services are delivered. 23 00:00:56.460 --> 00:00:58.308 It provides employees best practices 24 00:00:58.308 --> 00:01:01.255 for delivering and managing IT services 25 00:01:01.255 --> 00:01:03.955 in a way that meets business requirements. 26 00:01:03.955 --> 00:01:06.030 Directly comparing the two, 27 00:01:06.030 --> 00:01:08.070 COBIT is a governance framework 28 00:01:08.070 --> 00:01:11.434 focused on aligning IT processes with business objectives, 29 00:01:11.434 --> 00:01:14.460 ensuring risk management and compliance. 30 00:01:14.460 --> 00:01:16.727 ITIL is a service management framework 31 00:01:16.727 --> 00:01:19.350 that provides best practices for delivering 32 00:01:19.350 --> 00:01:23.250 and optimizing IT services to meet business requirements. 33 00:01:23.250 --> 00:01:26.250 Let's look at both of these frameworks in more detail. 34 00:01:26.250 --> 00:01:27.715 First, we have COBIT. 35 00:01:27.715 --> 00:01:29.947 COBIT stands for the Control Objectives 36 00:01:29.947 --> 00:01:32.195 for Information and Related Technology. 37 00:01:32.195 --> 00:01:34.686 It's a security development framework 38 00:01:34.686 --> 00:01:38.730 that divides IT into four domains. 39 00:01:38.730 --> 00:01:41.460 These domains are Plan and Organize, 40 00:01:41.460 --> 00:01:44.370 Acquire and Implement, Deliver and Support, 41 00:01:44.370 --> 00:01:46.470 and Monitor and Evaluate. 42 00:01:46.470 --> 00:01:49.575 Each of these domains is then broken down into processes, 43 00:01:49.575 --> 00:01:51.993 such as defining a strategic plan 44 00:01:51.993 --> 00:01:54.055 and ensuring system security. 45 00:01:54.055 --> 00:01:56.940 Each of the four domains has between four 46 00:01:56.940 --> 00:02:00.156 and 13 processes associated with it, 47 00:02:00.156 --> 00:02:03.630 for a total of 34 processes. 48 00:02:03.630 --> 00:02:04.498 To use COBIT, 49 00:02:04.498 --> 00:02:07.896 an organization starts by defining its strategic goals 50 00:02:07.896 --> 00:02:10.255 and identifying key business objectives 51 00:02:10.255 --> 00:02:13.650 that its IT processes should support. 52 00:02:13.650 --> 00:02:17.452 Next, the organization evaluates its current IT practices, 53 00:02:17.452 --> 00:02:21.312 processes and systems to identify gaps in governance, 54 00:02:21.312 --> 00:02:24.160 risk management and compliance. 55 00:02:24.160 --> 00:02:28.260 COBIT provides detailed controls within its four domains 56 00:02:28.260 --> 00:02:30.800 to address gaps that are identified. 57 00:02:30.800 --> 00:02:34.260 Companies can then implement the recommended processes 58 00:02:34.260 --> 00:02:37.170 from COBIT to improve IT governance. 59 00:02:37.170 --> 00:02:38.710 This ensures its IT operations 60 00:02:38.710 --> 00:02:41.310 align with business objectives 61 00:02:41.310 --> 00:02:45.030 to manage risk and maintain regulatory compliance. 62 00:02:45.030 --> 00:02:47.573 Then, continuous monitoring and evaluation 63 00:02:47.573 --> 00:02:50.200 using COBIT's metrics takes place. 64 00:02:50.200 --> 00:02:52.530 This helps maintain effectiveness 65 00:02:52.530 --> 00:02:56.100 and drive ongoing improvements in IT governance. 66 00:02:56.100 --> 00:02:58.200 Second, we have ITIL. 67 00:02:58.200 --> 00:02:59.550 ITIL stands for 68 00:02:59.550 --> 00:03:02.610 Information Technology Infrastructure Library, 69 00:03:02.610 --> 00:03:04.753 and it is the world's most widely adopted 70 00:03:04.753 --> 00:03:07.380 IT service management framework. 71 00:03:07.380 --> 00:03:10.740 While ITIL is not strictly a security-focused framework, 72 00:03:10.740 --> 00:03:13.200 it includes information security management 73 00:03:13.200 --> 00:03:15.480 as one of its 34 practices, 74 00:03:15.480 --> 00:03:17.430 ensuring that security is integrated 75 00:03:17.430 --> 00:03:20.370 into broader IT service delivery. 76 00:03:20.370 --> 00:03:23.421 ITIL is primarily used by IT operations teams 77 00:03:23.421 --> 00:03:25.890 to improve service quality, 78 00:03:25.890 --> 00:03:28.056 align IT services with business needs, 79 00:03:28.056 --> 00:03:31.360 and ensure consistent, reliable service management. 80 00:03:31.360 --> 00:03:33.041 ITIL is particularly effective 81 00:03:33.041 --> 00:03:37.185 in organizations that use agile development processes, 82 00:03:37.185 --> 00:03:40.350 and it integrates smoothly with DevOps 83 00:03:40.350 --> 00:03:42.624 and DevSecOps environments, 84 00:03:42.624 --> 00:03:45.660 promoting collaboration between development, 85 00:03:45.660 --> 00:03:47.997 operations and security teams. 86 00:03:47.997 --> 00:03:52.500 In large enterprises, especially Fortune 500 companies, 87 00:03:52.500 --> 00:03:53.497 ITIL is a standard, 88 00:03:53.497 --> 00:03:56.475 and it would be rare to work in such an environment 89 00:03:56.475 --> 00:03:59.326 without encountering ITIL as a critical part 90 00:03:59.326 --> 00:04:02.190 of the IT operations management. 91 00:04:02.190 --> 00:04:04.650 Because ITIL is so often used, 92 00:04:04.650 --> 00:04:06.532 Dion Training teaches a full line 93 00:04:06.532 --> 00:04:08.700 of ITIL certification courses 94 00:04:08.700 --> 00:04:11.337 to help you earn certifications such as, 95 00:04:11.337 --> 00:04:13.893 ITIL 4 Foundation Certified Professional, 96 00:04:13.893 --> 00:04:18.210 ITIL Managing Professional, or ITIL Strategic Leader. 97 00:04:18.210 --> 00:04:20.529 If you're interested in learning more about these, 98 00:04:20.529 --> 00:04:24.330 just visit the website at diontraining.com. 99 00:04:24.330 --> 00:04:27.388 So, remember, governance frameworks help organizations 100 00:04:27.388 --> 00:04:31.895 manage IT operations to meet business goals, reduce risks, 101 00:04:31.895 --> 00:04:35.100 and ensure compliance with regulations. 102 00:04:35.100 --> 00:04:38.880 The two frameworks we have addressed are COBIT and ITIL. 103 00:04:38.880 --> 00:04:40.950 COBIT, or the Control Objectives 104 00:04:40.950 --> 00:04:42.990 for Information and Related Technologies 105 00:04:42.990 --> 00:04:46.351 focuses on aligning IT processes with business objectives, 106 00:04:46.351 --> 00:04:50.370 managing risks, and maintaining compliance. 107 00:04:50.370 --> 00:04:54.600 ITIL, or the Information Technology Infrastructure Library 108 00:04:54.600 --> 00:04:56.070 provides best practices 109 00:04:56.070 --> 00:04:57.755 for delivering and managing IT services 110 00:04:57.755 --> 00:05:00.270 to meet business needs. 111 00:05:00.270 --> 00:05:04.410 This is to say that COBIT emphasizes IT governance, 112 00:05:04.410 --> 00:05:08.070 while ITIL is centered on IT service management. 113 00:05:08.070 --> 00:05:10.249 In the end, both frameworks are crucial 114 00:05:10.249 --> 00:05:12.750 for improving IT operations, 115 00:05:12.750 --> 00:05:15.333 and ensuring they align with business goals.