版權(quán)說明:本文檔由用戶提供并上傳,收益歸屬內(nèi)容提供方,若內(nèi)容存在侵權(quán),請進行舉報或認領(lǐng)
文檔簡介
1、Source: 1Problem & Incident ManagementThe Control Objectives for Information and related Technology (COBIT) Delivery and Support (DS) domain focuses on the delivery aspects of IT. It covers areas such as the execution of the applicationswithin the IT system and its results, as well as, the suppo
2、rt processes that enable the effective and efficient execution of these IT systems. DS 10 identifies objectives for managing problems andincidents. The specific objectives listed here can be mapped onto relevant IT Infrastructure Library (ITIL) activities as shown below.”COBIT DS 10: Delivery Suppor
3、t - Manage Problems and IncidentsDS 10.1Management should define and implement a problem managementsystem to ensure that all non-standard operational events (incidents,errors and problems) are identified, recorded, analyzed and resolved.(DS 10.1)The lack of a problem management system may lead to no
4、n-standard operational events, such asincidents, errors and problems, that go unnoticed and/or are not resolved possibly causing critical ITsystems to become inefficient, ineffective or unavailable. -An understanding of problem management application.DS 10.2Management should define and implement pro
5、blem escalationprocedures to ensure that identified incidents, errors and problems aresolved in the most efficient way on a timely basis. (DS 10.2)The lack of problems escalation procedures may lead to non-standard operational events that are notresolved in a timely manner. - List of critical applic
6、ations that immediately escalate for senior management attention for a priorityresolution or are reportable as critical problems.DS 10.3The problem management system should provide for an adequate audittrail that allows tracing from incident to underlying cause and back.(DS 10.3)The lack of an adequ
7、ate audit trail may result in difficulties in identifying the cause of problems, whichmay lead to a more lengthy and costly resolution. - All reports used to track problems and incidents.-List of problems reported during representative period, including date of occurrence, date escalated (ifapplicab
8、le), date of resolution, and time frame to resolve.- Sample of problem tickets from the Problem Management System. DS 10.4The problem management system should ensure that emergency andtemporary access authorizations are documented, approved,communicated (to the necessary organizations), maintained,
9、andterminated as soon as the business need for access no longer exists.(DS 10.4)The lack of a formal plan regarding emergency and temporary IT system access for problem resolutionmay result in access to critical IT systems by an unauthorized user.- Policies and procedures for emergency and temporary
10、 access.- Sample of emergency and temporary access requests with appropriate management approval.DS 10.5The problem management system should establish emergencyprocessing priorities. (DS 10.5)The lack of formally established emergency processing priorities may result in emergency processingthat does
11、 not meet or reflect the needs of the organization. - Documentation of emergency processing priorities.DS 8.5Procedures should be in place that assure adequate reporting withregard to customer queries and resolution, response times and trendidentification. The reports should be adequately analyzed a
12、nd actedupon. (DS 8.5)The lack of trend analysis and reporting may result in an inefficient process for identifying repeatproblems and development of sustainable solutions.-Reports related to resolution of queries and performance statistics of help desk.-Any performance standards for help desk activ
13、ities.Control IDProcessITIL Key ActivityCOBIT DS 10.1COBIT DS 10.2COBIT DS 10.3COBIT DS 10.4COBIT DS 10.5COBIT DS 8.5Mitigated Risks XYZ Company Specific ControlTESTCompletedbyW/P RefIncident Management Checklist1.1Incident Detection and Recording (ITIL 5.6.1)Incidents are recorded by Service Desk a
14、nd/or event managementsystems and include a description of the incident, time of occurrenceand person or area affected.(ITIL Service Support, page 80)XXRecurring incidents are not identified or recorded. Management cannot obtainappropriate data to conduct trend analysis to determine if a problem is
15、evidentbased on the nature of multiple incidents.Source: 2Problem & Incident ManagementThe Control Objectives for Information and related Technology (COBIT) Delivery and Support (DS) domain focuses on the delivery aspects of IT. It covers areas such as the execution of the applicationswithin the
16、 IT system and its results, as well as, the support processes that enable the effective and efficient execution of these IT systems. DS 10 identifies objectives for managing problems andincidents. The specific objectives listed here can be mapped onto relevant IT Infrastructure Library (ITIL) activi
17、ties as shown below.”COBIT DS 10: Delivery Support - Manage Problems and IncidentsDS 10.1Management should define and implement a problem managementsystem to ensure that all non-standard operational events (incidents,errors and problems) are identified, recorded, analyzed and resolved.(DS 10.1)The l
18、ack of a problem management system may lead to non-standard operational events, such asincidents, errors and problems, that go unnoticed and/or are not resolved possibly causing critical ITsystems to become inefficient, ineffective or unavailable. -An understanding of problem management application.
19、DS 10.2Management should define and implement problem escalationprocedures to ensure that identified incidents, errors and problems aresolved in the most efficient way on a timely basis. (DS 10.2)The lack of problems escalation procedures may lead to non-standard operational events that are notresol
20、ved in a timely manner. - List of critical applications that immediately escalate for senior management attention for a priorityresolution or are reportable as critical problems.DS 10.3The problem management system should provide for an adequate audittrail that allows tracing from incident to underl
21、ying cause and back.(DS 10.3)The lack of an adequate audit trail may result in difficulties in identifying the cause of problems, whichmay lead to a more lengthy and costly resolution. - All reports used to track problems and incidents.-List of problems reported during representative period, includi
22、ng date of occurrence, date escalated (ifapplicable), date of resolution, and time frame to resolve.- Sample of problem tickets from the Problem Management System. DS 10.4The problem management system should ensure that emergency andtemporary access authorizations are documented, approved,communicat
23、ed (to the necessary organizations), maintained, andterminated as soon as the business need for access no longer exists.(DS 10.4)The lack of a formal plan regarding emergency and temporary IT system access for problem resolutionmay result in access to critical IT systems by an unauthorized user.- Po
24、licies and procedures for emergency and temporary access.- Sample of emergency and temporary access requests with appropriate management approval.DS 10.5The problem management system should establish emergencyprocessing priorities. (DS 10.5)The lack of formally established emergency processing prior
25、ities may result in emergency processingthat does not meet or reflect the needs of the organization. - Documentation of emergency processing priorities.DS 8.5Procedures should be in place that assure adequate reporting withregard to customer queries and resolution, response times and trendidentifica
26、tion. The reports should be adequately analyzed and actedupon. (DS 8.5)The lack of trend analysis and reporting may result in an inefficient process for identifying repeatproblems and development of sustainable solutions.-Reports related to resolution of queries and performance statistics of help de
27、sk.-Any performance standards for help desk activities.Control IDProcessITIL Key ActivityCOBIT DS 10.1COBIT DS 10.2COBIT DS 10.3COBIT DS 10.4COBIT DS 10.5COBIT DS 8.5Mitigated Risks XYZ Company Specific ControlTESTCompletedbyW/P Ref1.2Incident Detection andRecording (ITIL 5.6.1)Unresolved and critic
28、al incidents should be alerted to higher levels ofService Management to ensure the incident is addressed to meet SLArequirements.(ITIL Service Support, page 81)XCritical incidents are not resolved in a timely manner to meet SLA requirementsimpacting the ability to meet customer needs.1.3Incident Det
29、ection and Recording(ITIL 5.6.1)Unresolved and critical incidents should be alerted to higher levels ofService Management to ensure the incident is addressed to meet SLArequirements.(ITIL Service Support, page 81)XCritical incidents are not resolved in a timely manner to meet SLA requirementsimpacti
30、ng the ability to meet customer needs.Source: 3Problem & Incident ManagementThe Control Objectives for Information and related Technology (COBIT) Delivery and Support (DS) domain focuses on the delivery aspects of IT. It covers areas such as the execution of the applicationswithin the IT system
31、and its results, as well as, the support processes that enable the effective and efficient execution of these IT systems. DS 10 identifies objectives for managing problems andincidents. The specific objectives listed here can be mapped onto relevant IT Infrastructure Library (ITIL) activities as sho
32、wn below.”COBIT DS 10: Delivery Support - Manage Problems and IncidentsDS 10.1Management should define and implement a problem managementsystem to ensure that all non-standard operational events (incidents,errors and problems) are identified, recorded, analyzed and resolved.(DS 10.1)The lack of a pr
33、oblem management system may lead to non-standard operational events, such asincidents, errors and problems, that go unnoticed and/or are not resolved possibly causing critical ITsystems to become inefficient, ineffective or unavailable. -An understanding of problem management application.DS 10.2Mana
34、gement should define and implement problem escalationprocedures to ensure that identified incidents, errors and problems aresolved in the most efficient way on a timely basis. (DS 10.2)The lack of problems escalation procedures may lead to non-standard operational events that are notresolved in a ti
35、mely manner. - List of critical applications that immediately escalate for senior management attention for a priorityresolution or are reportable as critical problems.DS 10.3The problem management system should provide for an adequate audittrail that allows tracing from incident to underlying cause
36、and back.(DS 10.3)The lack of an adequate audit trail may result in difficulties in identifying the cause of problems, whichmay lead to a more lengthy and costly resolution. - All reports used to track problems and incidents.-List of problems reported during representative period, including date of
37、occurrence, date escalated (ifapplicable), date of resolution, and time frame to resolve.- Sample of problem tickets from the Problem Management System. DS 10.4The problem management system should ensure that emergency andtemporary access authorizations are documented, approved,communicated (to the
38、necessary organizations), maintained, andterminated as soon as the business need for access no longer exists.(DS 10.4)The lack of a formal plan regarding emergency and temporary IT system access for problem resolutionmay result in access to critical IT systems by an unauthorized user.- Policies and
39、procedures for emergency and temporary access.- Sample of emergency and temporary access requests with appropriate management approval.DS 10.5The problem management system should establish emergencyprocessing priorities. (DS 10.5)The lack of formally established emergency processing priorities may r
40、esult in emergency processingthat does not meet or reflect the needs of the organization. - Documentation of emergency processing priorities.DS 8.5Procedures should be in place that assure adequate reporting withregard to customer queries and resolution, response times and trendidentification. The r
41、eports should be adequately analyzed and actedupon. (DS 8.5)The lack of trend analysis and reporting may result in an inefficient process for identifying repeatproblems and development of sustainable solutions.-Reports related to resolution of queries and performance statistics of help desk.-Any per
42、formance standards for help desk activities.Control IDProcessITIL Key ActivityCOBIT DS 10.1COBIT DS 10.2COBIT DS 10.3COBIT DS 10.4COBIT DS 10.5COBIT DS 8.5Mitigated Risks XYZ Company Specific ControlTESTCompletedbyW/P Ref1.4Classification and Initial Support(ITIL 5.6.2)Incidents are classified and c
43、ategorized logically to help definecommon reasons for recurring incidents and to provide an organizedmechanism to match incidents to known errors or existing problems. (ITIL Service Support, page 81)XXIncidents are not categorized or logically organized, impacting the ability toeasily match incident
44、s to known errors or problems. Management cannotidentify problems if incidents are not categorized to depict common issues.Source: 4Problem & Incident ManagementThe Control Objectives for Information and related Technology (COBIT) Delivery and Support (DS) domain focuses on the delivery aspects
45、of IT. It covers areas such as the execution of the applicationswithin the IT system and its results, as well as, the support processes that enable the effective and efficient execution of these IT systems. DS 10 identifies objectives for managing problems andincidents. The specific objectives liste
46、d here can be mapped onto relevant IT Infrastructure Library (ITIL) activities as shown below.”COBIT DS 10: Delivery Support - Manage Problems and IncidentsDS 10.1Management should define and implement a problem managementsystem to ensure that all non-standard operational events (incidents,errors an
47、d problems) are identified, recorded, analyzed and resolved.(DS 10.1)The lack of a problem management system may lead to non-standard operational events, such asincidents, errors and problems, that go unnoticed and/or are not resolved possibly causing critical ITsystems to become inefficient, ineffe
48、ctive or unavailable. -An understanding of problem management application.DS 10.2Management should define and implement problem escalationprocedures to ensure that identified incidents, errors and problems aresolved in the most efficient way on a timely basis. (DS 10.2)The lack of problems escalatio
49、n procedures may lead to non-standard operational events that are notresolved in a timely manner. - List of critical applications that immediately escalate for senior management attention for a priorityresolution or are reportable as critical problems.DS 10.3The problem management system should prov
50、ide for an adequate audittrail that allows tracing from incident to underlying cause and back.(DS 10.3)The lack of an adequate audit trail may result in difficulties in identifying the cause of problems, whichmay lead to a more lengthy and costly resolution. - All reports used to track problems and
51、incidents.-List of problems reported during representative period, including date of occurrence, date escalated (ifapplicable), date of resolution, and time frame to resolve.- Sample of problem tickets from the Problem Management System. DS 10.4The problem management system should ensure that emerge
52、ncy andtemporary access authorizations are documented, approved,communicated (to the necessary organizations), maintained, andterminated as soon as the business need for access no longer exists.(DS 10.4)The lack of a formal plan regarding emergency and temporary IT system access for problem resoluti
53、onmay result in access to critical IT systems by an unauthorized user.- Policies and procedures for emergency and temporary access.- Sample of emergency and temporary access requests with appropriate management approval.DS 10.5The problem management system should establish emergencyprocessing priori
54、ties. (DS 10.5)The lack of formally established emergency processing priorities may result in emergency processingthat does not meet or reflect the needs of the organization. - Documentation of emergency processing priorities.DS 8.5Procedures should be in place that assure adequate reporting withreg
55、ard to customer queries and resolution, response times and trendidentification. The reports should be adequately analyzed and actedupon. (DS 8.5)The lack of trend analysis and reporting may result in an inefficient process for identifying repeatproblems and development of sustainable solutions.-Repo
56、rts related to resolution of queries and performance statistics of help desk.-Any performance standards for help desk activities.Control IDProcessITIL Key ActivityCOBIT DS 10.1COBIT DS 10.2COBIT DS 10.3COBIT DS 10.4COBIT DS 10.5COBIT DS 8.5Mitigated Risks XYZ Company Specific ControlTESTCompletedbyW
57、/P Ref1.5Classification and Initial Support (ITIL5.6.2)Incidents are classified and categorized logically to help definecommon reasons for recurring incidents and to provide an organizedmechanism to match incidents to known errors or existing problems. (ITIL Service Support, page 81)XXIncidents are
58、not categorized or logically organized, impacting the ability toeasily match incidents to known errors or problems. Management cannotidentify problems if incidents are not categorized to depict common issues.Source: 5Problem & Incident ManagementThe Control Objectives for Information and related
59、 Technology (COBIT) Delivery and Support (DS) domain focuses on the delivery aspects of IT. It covers areas such as the execution of the applicationswithin the IT system and its results, as well as, the support processes that enable the effective and efficient execution of these IT systems. DS 10 id
60、entifies objectives for managing problems andincidents. The specific objectives listed here can be mapped onto relevant IT Infrastructure Library (ITIL) activities as shown below.”COBIT DS 10: Delivery Support - Manage Problems and IncidentsDS 10.1Management should define and implement a problem managementsystem to e
溫馨提示
- 1. 本站所有資源如無特殊說明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請下載最新的WinRAR軟件解壓。
- 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請聯(lián)系上傳者。文件的所有權(quán)益歸上傳用戶所有。
- 3. 本站RAR壓縮包中若帶圖紙,網(wǎng)頁內(nèi)容里面會有圖紙預(yù)覽,若沒有圖紙預(yù)覽就沒有圖紙。
- 4. 未經(jīng)權(quán)益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
- 5. 人人文庫網(wǎng)僅提供信息存儲空間,僅對用戶上傳內(nèi)容的表現(xiàn)方式做保護處理,對用戶上傳分享的文檔內(nèi)容本身不做任何修改或編輯,并不能對任何下載內(nèi)容負責(zé)。
- 6. 下載文件中如有侵權(quán)或不適當(dāng)內(nèi)容,請與我們聯(lián)系,我們立即糾正。
- 7. 本站不保證下載資源的準確性、安全性和完整性, 同時也不承擔(dān)用戶因使用這些下載資源對自己和他人造成任何形式的傷害或損失。
最新文檔
- 2024年??诳瓦\駕駛員考試題及答案詳解
- 2024年江西考客運證需要什么條件
- 2024年廣東駕駛員客運從業(yè)資格證模擬考試題庫及答案
- 2024年數(shù)字減影血管造影X射線裝置(DSA)項目建議書
- 2024年注射穿刺器械項目發(fā)展計劃
- 《 蒙古語形容詞短語句子成分語法特征計量研究》范文
- 2024年合結(jié)鋼合作協(xié)議書
- 2024年船底防污漆項目發(fā)展計劃
- 西藏2017年監(jiān)理工程師合同管理:違約責(zé)任的概念模擬試題
- 2024年VOC治理項目合作計劃書
- 八年級體育與健康上冊《籃球(變向滑步變向運球)》教學(xué)設(shè)計
- 統(tǒng)編版語文四年級上冊 第二單元 習(xí)作:我的家人 課件
- 蘇教版三年級數(shù)學(xué)上冊教案(全冊)
- Unit 1 Section B 課件人教版2024七年級英語上冊
- 平安保險公司招聘筆試試題及答案
- 家庭教育案件分析報告(3篇模板)
- 2024-2034年中國高固含量丁苯膠乳行業(yè)發(fā)展監(jiān)測及投資前景展望報告
- 2024年3月青少年機器人技術(shù)等級-二級真題(試題及答案)
- 平面構(gòu)成(普通高等院校藝術(shù)設(shè)計專業(yè))全套教學(xué)課件
- 學(xué)術(shù)交流英語(學(xué)術(shù)寫作)智慧樹知到期末考試答案章節(jié)答案2024年哈爾濱工程大學(xué)
- 急診科安全隱患
評論
0/150
提交評論