As we all know the requirements of the federal government and enforcement of Information Assurance has hightened in the past years. With the incorporation of Gramm, Leach, Bliley Act (GLBA), the Sarbanes Oxley (SOX), and the Clinger-Cohen Act, it seems that we have multiple requirements with a mixture of standards. To couple the confusion [as some may see it] we have CoBit, ITIL, MOF, ISO, and other frameworks that our clients wish to incorporate into thier infrastructure.
Business Service Management (BSM) holds many challenges; CSCI approaches BSM in a little different light than most organizations by identifying the lowest common denominator, a piece of hardware or software, and applies that piece of equipment to the business model and its functions within the business. Asset Management involves budgetary requirements under the Information Technology Infrastructure Library (ITIL) and it coexists with Change, Release, and Configuration Management all of which require input into the management of an Information Technology (IT) system and cohesion with the Configuration Management Database (CMDB) so the organization can get on track and meet the
requirements of their governing headquarters. The three operations that are required for effective management is Portfolio Management (PM), Enterprise Architecture (EA), and Capital planning and investment Control (CPIC) each as a very important factor in relation to the Total Cost of Ownership (TCO) and the management of investments within the infrastructure. Although some of these management functions are called something else, they still equate to an ITIL, MOF, CoBit, or ISO requirement or process. For those of you that are not aware, these have all been part of the federal government and can be referenced at http://csrc.nist.gov/publications/PubsDrafts.html. Pick your subject area and you have expert levels of knowledge at your fingertips. The federal government has been doing this since the inception of the computer, some of that have been around for awhile remember the "Rainbow Series", "Common Criteria", "Earned Value management System" these are all federal standards that date back to 1960 (I know, before some of you were born!). When in doubt about incorporation of someones way of doing things in EA, PM, CPIC, or IA, reference NIST and your level of understanding will be raised 100%. Each process is just a means of management, operational, or some level of technical control.