University of California CoBIT 4.1 Analysis - Article Example

TITLE: 356537 - University of California CoBIT 4.1 analysis Dated: August 3, 2009 Successful organizations including educational institutes and universities understand the benefits and advantages of information technology (IT) through the maintenance and manipulation of this knowledge for their specific usage. Many of the businesses are associated with the safe and authentic utilization of the information and to get benefit in favor of all the stakeholders as on win- win basis. All these exercises are used with a primary objective in mind that is to drive their shareholders’ value in perfect manner. They have recognized the critical dependence of the organizations on the usage of information technology in a safe and secure mechanism for many of their business processes as are depending on IT for their effective disposal. University of California, Los Angeles (UCLA) has adopted an IT security plan for ensuring a safe and undiluted data for the execution of its business as to fulfill the objectives of the University. The security plan is primarily used by the organization for the preservation and promotion of the organizational culture as on IT oriented basis, to secure the interests of all the stakeholders including that of the academicians, scholars, students and other related organizations, for making and completing the planning tasks as on timely basis, educating the participants with a clear cut role to each member of the organization with an effective communication strategy (1). The objectives as are associated with the successful adoption of the IT security plan by UCLA is an effort to fulfill all the four domains and thirty four control objectives as are included in the checklist of CoBIT 4.1 and the procedures and mechanisms as used by the organization and are the guiding principles for designing and implementation of an effective IT security plan. The strategy as adopted by the UCLA is in a position that may be replicated by any other similar organization with minor adjustments as may be adjusted to achieve the objectives and mission of the organizations. The organizations like UCLA are successfully implementing their plans as in accordance with the guidelines as are included in the CoBIT 4.1. The four main domains as covered in the CoBIT 4.1 are listed as under: (a)Plan and Organize--- the UCLA has prepared its IT security plan for the effective utilization of relevant data in the shape of an organized plan so as to benefit from the authenticity and accuracy of the data with the utilization of all the available human and technological resources as on economical basis. The University has adopted a modern approach so as to acquire latest technology and knowledge for the storage and manipulation of the relevant data. The University has used a wireless technology so as to make an effective plan and to utilize the same for the benefit of all the stakeholders as on competitive basis. The strategy as adopted by the organization is a model for all other similar organizations and provides an authentic strategy for other similar organization in the field of instructions and education (2). (b)Acquire and Implement--- the strategy as to benefit the organization with the implementation of the acquired strategy with all its details and segments. The University has adopted a strategy to enhance the capacity of all the stakeholders as to benefit from the implementation of the strategy as on competitive basis. The strategy as used by the UCLA includes benefits as it provides an effective and authentic data for its further utilization and manipulation as required by the top management of the University(3). (c)Deliver and Support--- deliver and support mechanism as a third domain of the adopted IT security plan for the University is authentic and has resulted in the manipulations of the advantages as in favor of the administrations. The timely acquisition of the security plan by the administration of the University has resulted in the availability of an authentic mechanism for the maintenance and storage of all the relevant data relating to the students, teachers and the academicians. (d)Monitor and Evaluate--- the monitoring and evaluation of the security plan as relating to the UCLA is a pivotal step in the overall in the IT security plan. The tool as in the shape of monitoring and evaluation is a step for the evaluation of the overall strategy as used by the organization for effective implementation of the IT security plan by the UCLA. The data as achieved through the monitoring process is a significant tool for making necessary amendments and changes as to fulfill the regulatory compliances as are associated with the CoBIT 456.1 for the IT security plan. A list of thirty four (34) objectives and their existing position in the UCLA is given in the following table. The position as indicated in third column of the table reflects the position as included in the IT security plan as adopted by the management of the UCLA. The position of thirty four objectives is divided into four major domains and is listed below: (a) Plan and Organize PO1 Define a Strategic IT Plan and direction The objective in the UCLA achieved. PO2 Define the Information Architecture The objective in the UCLA achieved. PO3 Determine Technological Direction The objective in the UCLA achieved. PO4 Define the IT Processes, Organization and Relationships The objective in the UCLA achieved. PO5 Manage the IT Investment The objective in the UCLA achieved. PO6 Communicate Management Aims and Direction The objective in the UCLA achieved. PO7 Manage IT Human Resources The objective in the UCLA achieved. PO8 Manage Quality The objective in the UCLA achieved. PO9 Assess and Manage IT Risks The objective in the UCLA achieved. PO10 Manage Projects The objective in the UCLA achieved. b) Acquire and Implement AI1 Identify Automated Solutions The automated solution have not so far achieved by the UCLA. AI2 Acquire and Maintain Application Software Technology acquired and maintained by the UCLA. AI3 Acquire and Maintain Technology Infrastructure Technology acquired and maintained by the UCLA. AI4 Enable Operation and Use The operations are being carried out by the UCLA. AI5 Procure IT Resources IT resources procured. AI6 Manage Changes The system has the capacity to manage the changes. AI7 Install and Accredit Solutions and Changes The changes are effective and are adopted by the UCLA. (c) Deliver and Support DS1 Define and Manage Service Levels The services level has been maintained by the UCLA. DS2 Manage Third-party Services The tool has not yet been utilized. DS3 Manage Performance and Capacity Achieved. DS4 Ensure Continuous Service Yes. DS5 Ensure Systems Security Yes. DS6 Identify and Allocate Costs The costs have been calculated. DS7 Educate and Train Users Adopted. DS8 Manage Service Desk and Incidents Yes. DS9 Manage the Configuration Yes. DS10 Manage Problems Yes. DS11 Manage Data Yes. DS12 Manage the Physical Environment Slightly managed. DS13 Manage Operations Yes. (d) Monitor and Evaluate ME1 Monitor and Evaluate IT Processes UCLA has adopted an effective strategy for monitoring and evaluation of the IT processes. ME2 Monitor and Evaluate Internal Control Internal control mechanism is adopted ME3 Ensure Regulatory Compliance Regulatory compliances are being ensured by UCLA. ME4 Provide IT Governance Governance mechanism is being provided for the maintenance and expansion of the IT security plan by the UCLA. CoBIT regulations and frameworks are used by the organizations for their effective implementation, execution and monitoring of the results as are associated with the IT security plan (4). These mechanisms are implemented in a systematic and cyclic pattern and can be shown with the help of the following CoBIT wheel diagram: COBIT 4.1 domains are moving in a circular pattern with all their thirty four objectives, the organizations including the UCLA are trying their best for the achievement of the four domains as are listed in the above diagram for the achievement of the objectives as are attached with the IT security plan in an IT governance framework(5). The successful implementation of the plan provides an opportunity for all other similar organizations to replicate the framework as in the shape of CoBIT 4.1 along with all its domains and objectives with minor adjustments as to achieve their targets through the adoption of the IT security plan as per the objectives of the developmental projects(6). References: 1. Adelman, C. (2000). A Parallel Postsecondary Universe: The Certification System in Information Technology. Washington, D.C.: U.S. Department of Education. 2. Shelly, Gary, Cashman, Thomas, Vermaat, Misty, and Walker, Tim. (1999). Discovering Computers 2000: Concepts for a Connected World. Cambridge, Massachusetts: Course Technology. 3. Michelle Chase (2008). "Prof. Howard A. Schmidt Appointed First President of the Information Security Forum". Retrieved on 2008-11-25. 4. Jelliffe, Rick (2007-08-01). "Where to get ISO Standards on the Internet free". oreillynet.com. Retrieved on 2008-04-26. "The lack of free online availability has effectively made ISO standard irrelevant to the (home/hacker section of the) Open Source community" 5. Computer Technology Review (2007-10-17). "ISF launches new standard of good practices (sic) 6. Ted Klastorin (2003). Project Management: Tools and Trade-offs (3rd ed.). Wiley. ISBN 978-0471413844. Read More