IT Service Management
What you should be aware of
| IT Service Delivery | Availability Management | Service Asset Management |
| IT Service Support | Capacity Management | Configuration Management |
| ITIL Framework | Change Management | Service Catalogue Management |
| ITIL Processes | Demand Management | Service Design |
| ITIL Best Practices | Event Management | Service Desk |
| Supplier Management | Financial Management | Service Level Management |
| Access Management | Incident Management | Service Operation |
| ITIL Metrics | Technology Management | Service Portfolio Management |
| Quality Management | Problem Management | Service Strategy |
| Supplier Management | Problem Management | Service Transition |
| IT Service Continuity Management | Release Management | Continual Service Improvement |
| Information Security Management | Deployment Management | Request Fulfilment |
Suggested certifications: ITIL, ISO 20000
Certifying organizations: APMG, IRCA
Information Systems Audit
What you should be aware of
| IS Acquisition and Development | BCP / DR | IT Architecture |
| IS Implementation and Operations | Business Impact Analysis | IT Strategy |
| IS Maintenance and Support | Data Backup / Storage | IT Policy |
| IS Audit Requirements | Database Administration | IT Procedures |
| Sampling Methodologies | System Resilience | IT Standards |
| Audit Framework | Logical Access Controls | IT Governance |
| Audit Project Management | Physical Access Controls | Internal Controls |
| Audit Report | Encryption | Risk Assessment |
| Quality Assurance | Public Key Infrastructure | Enterprise Risk Management |
| Service Level Management | Security Protocols | Maturity Models |
| Third Party Compliance | Network and Internet Security | Process Optimization |
| Protection of Information Assets | Patch Management | IT Service Management |
Suggested certifications: ITIL, CISA
Certifying organizations: APMG, ISACA
Governance, Risk & Compliance
What you should be aware of
| Governance Framework | IT Governance Controls | Risk Identification |
| Control Objectives | IT Governance Implementation | Risk Classification |
| Control Practices | IT Governance Model | Risk Assessment |
| Internal Controls | ITGC Audit | Risk Analysis |
| Control Models | ITIL Framework | Risk Mitigation |
| Controls Self Assessment | ISO 20000 Process | Risk Control Matrix |
| Response Strategy | ISO 27001 Process | Risk Identification |
| COBIT Framework | Process Capability | Monitoring |
| SOX Requirements | Process Controls | Performance Measurement |
| Attestation Standards | Process Governance | Balanced Scorecard |
| IT Service Management | Process Optimization | Maturity Models |
| Enterprise Risk Management | Continual Improvement of IT Value | CMMI |
Suggested certifications: ITIL, CISA, COBIT, CRISC
Certifying organizations: APMG, ISACA
For specific information on various certifications and their pre requisites visit our training synopsis on Governance, Risk & Compliance.
The first step to choosing a career in Governance, Risk & Compliance (GRC) is to determine the area of interest.
- Do you want to focus on information systems audit?
- Or is your interest more in quality and service management?
- Or in implementing IT controls to manage processes?
- Maybe, a risk management professional responsible for ERM?
- Or a BCMS consultant who implements international standards such as ISO 22301?
Certifications can be a great help, since you will learn a lot about GRC and also validate your knowledge of the domain.
Those interested in GRC should pursue certifications that will help them gain skills in defining IT controls, auditing information systems and processes and managing business risk across the enterprise.
Entry level certifications such as the Information Technology Infrastructure Library (ITIL) certification from the APM Group (APMG), the Official Accreditor of the Office of Government Commerce, UK will help provide a good foundation for process and service management guidelines.
The Information Systems Audit and Control Association (ISACA) offers training and certifications for those interested in auditing. Its Certified Information Systems Auditor (CISA) certification is one of the most popular certification for auditors.
For those interested in more-specific IT governance certifications, ISACA in association with Information Technology Governance Institute (ITGI) has certifications like Control Objectives for Information & related Technology (COBIT).
ISACA also has the Certified in Risk and Information Systems Control (CRISC), a certification for those responsible for managing business risk for enterprises and capable of implementing appropriate IS controls.
A good understanding of how to implement international standards such as ISO 20000 for Information Technology Service Management, BS 25999 Business Continuity Management Systems, PCI DSS Payment Card Industry Data Security Standard is considered quite important for those aspiring for a career in GRC.