Inhaltsverzeichnis
Handbuch IT-Management
Konzepte, Methoden, Lösungen und Arbeitshilfen für die Praxis
Herausgegeben von Ernst Tiemeyer
ISBN: 978-3-446-42751-8
Weitere Informationen oder Bestellungen unter
http://www.hanser.de/978-3-446-42751-8
sowie im Buchhandel.
© Carl Hanser Verlag, München
Inhalt V
Inhalt
1 IT-Management – Herausforderungen und Rollenverständnis heute 1Ernst Tiemeyer
1.1 Managementtätigkeit im Gesamtkontext von Unternehmen und Verwaltung ............ 21.1.1 Visionen, Leitbilder und Zielsysteme von Unternehmen ................................. 31.1.2 Vom Denken in Funktionen zum Denken in Prozessen .................................... 61.1.3 Strategische versus operative Managementfunktionen .................................... 7
1.2 Die IT im Unternehmensumfeld – Entwicklungstrends und Konsequenzen ............... 81.2.1 Informations und Kommunikationstechnologien im Wandel der Zeit ............ 81.2.2 Der Wandel der IT zum kundenorientierten Dienstleister ............................... 101.2.3 Beitrag der IT zum Unternehmenserfolg ........................................................... 111.2.4 Die Integration der IT in die Unternehmensstrategie ....................................... 13
1.3 ITManagement – Rollenverständnis und Kernaufgaben .............................................. 151.3.1 Positionierung des ITManagements im Unternehmen .................................... 151.3.2 Partner für das ITManagement und die Rolle der IT ........................................ 151.3.3 Strategisches und operatives ITManagement ................................................... 17
1.4 Typische Aufgaben und Anforderungen an das ITManagement .................................. 181.5 ITManagement – Orientierungen für die Zukunft ........................................................ 351.6 Literatur ............................................................................................................................. 40
2 IT-Strategien entwickeln und umsetzen .................................................. 41Walter Wintersteiger, Ernst Tiemeyer
2.1 Rahmenbedingungen für die ITStrategieentwicklung .................................................. 422.1.1 Strategische Unternehmensführung .................................................................. 422.1.2 Zweck und Grundsätze der ITStrategieentwicklung ........................................ 442.1.3 Inhalte einer ITStrategie ..................................................................................... 462.1.4 Einschlägige Methoden und Techniken .............................................................. 48
2.2 ITStrategien entwickeln – Wesentliche Teilschritte ...................................................... 502.2.1 Analyse der Unternehmensstrategie und Ermittlung der strategischen
Erfolgsfaktoren ..................................................................................................... 522.2.2 Situationsanalysen ............................................................................................... 542.2.3 Umfeldanalyse ...................................................................................................... 592.2.4 Zielfindung ........................................................................................................... 602.2.5 Strategische Grundsätze zur ITAusrichtung ..................................................... 622.2.6 ITTeilstrategien definieren ................................................................................. 632.2.7 ITApplikationsArchitektur planen .................................................................... 652.2.8 SollDatenArchitektur dokumentieren .............................................................. 66
Inhalt
Handbuch
ITManagemeent ..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... III
Inhalt ..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... V
Vorwort.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. XV
IT-Management – Herausforderungen und Rollenverständnis heute ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 1
1.1 Managementtätigkeit im Gesamtkontext von Unternehmen und Verwaltung................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 2
1.1.1 Visionen, Leitbilder und Zielsysteme von Unternehmen .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 3
1.1.2 Vom Denken in Funktionen zum Denken in Prozessen ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 6
1.1.3 Strategische versus operative Managementfunktionen ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 7
1.2 Die IT im Unternehmensumfeld – Entwicklungstrends und Konsequenzen ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 8
1.2.1 Informations und Kommunikationstechnologien im Wandel der Zeit ......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 8
1.2.2 Der Wandel der IT zum kundenorientierten Dienstleister............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 10
1.2.3 Beitrag der IT zum Unternehmenserfolg ...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 11
1.2.4 Die Integration der IT in die Unternehmensstrategie ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 13
1.3 ITManagement – Rollenverständnis und Kernaufgaben ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 15
1.3.1 Positionierung des ITManagements im Unternehmen................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 15
1.3.2 Partner für das ITManagement und die Rolle der IT.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 15
1.3.3 Strategisches und operatives ITManagement .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 17
1.4 Typische Aufgaben und Anforderungen an das ITManagement..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 18
1.5 ITManagement – Orientierungen für die Zukunft .......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 35
1.6 Literatur ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 40
IT-Strategien entwickeln und umsetzen ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 41
2.1 Rahmenbedingungen für die ITStrategieentwicklung..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 42
2.1.1 Strategische Unternehmensführung ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 42
2.1.2 Zweck und Grundsätze der ITStrategieentwicklung .................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 44
2.1.3 Inhalte einer ITStrategie............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 46
2.1.4 Einschlägige Methoden und Techniken......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 48
2.2 ITStrategien entwickeln – Wesentliche Teilschritte ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 50
2.2.1 Analyse der Unternehmensstrategie und Ermittlung der strategischen Erfolgsfaktoren ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 52
2.2.2 Situationsanalysen ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 54
2.2.3 Umfeldanalyse............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 59
2.2.4 Zielfindung .................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 60
2.2.5 Strategische Grundsätze zur ITAusrichtung ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 62
2.2.6 ITTeilstrategien definieren ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 63
2.2.7 ITApplikationsArchitektur planen .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 65
2.2.8 SollDatenArchitektur dokumentieren ......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 66
2.2.9 SollTechnologieArchitektur entwickeln....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 67
2.2.10 Sicherheitsarchitektur................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 67
2.2.11 ITProzesse vereinbaren und ITProzesslandschaft weiterentwickeln......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 68
2.2.12 Ausrichtung und Gestaltung der ITOrganisation ....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 69
2.2.13 Vorhabensplanung aus ITStrategien ableiten............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 71
2.2.14 Projektportfolio ableiten und im ITMasterplan dokumentieren................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 73
2.3 Eine ITStrategie umsetzen............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 74
2.3.1 ITStrategie kommunizieren .......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 74
2.3.2 (IT)Projekte realisieren ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 75
2.3.3 Sonstige ITEntwicklungsmaßnahmen umsetzen.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 75
2.3.4 Umsetzung der ITStrategie prüfen ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 75
2.4 Literatur ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 83
Enterprise Architecture Management (EAM) – IT-Architekturen erfolgreich planen und steuern ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 85
3.1 Ausgangssituation und Herausforderungen .................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 86
3.2 Ordnungsrahmen und Grundausrichtungen für das Architekturmanagement .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 91
3.2.1 Grundelemente einer Enterprise bzw. ITArchitektur.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 92
3.2.2 Zielsetzungen und Handlungsprinzipien für das ITArchitekturmanagement ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 94
3.3 Dokumentation der Architekturen – Beschreibungsmodelle und Praxis beispiele .......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 97
3.3.1 Dokumentationsformen für ITArchitekturen ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 99
3.3.2 TechnologieArchitektur................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 100
3.3.3 ApplikationsArchitektur .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 102
3.3.4 Geschäftsarchitektur ..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 103
3.3.5 Datenarchitektur ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 104
3.4 ITArchitekturen planen und ausgestalten....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 105
3.4.1 Generelle Vorgehensweise zur Architekturplanung .................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 106
3.4.2 Architekturlandschaften bewerten................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 110
3.4.3 SollITArchitekturlandschaft entwickeln und darstellen.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 111
3.5 Organisation der Einführung und Optimierung von Enterprise Architecture Management (EAM) ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 113
3.5.1 Aufgaben und Rollenkonzept im Architekturmanagement ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 113
3.5.2 Prozesse im Architekturmanagement........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 116
3.6 Projektierungen von ITLandschaften – ITKonsolidierungsprojekte............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 123
3.6.1 HardwareKonsolidierung ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 124
3.6.2 SoftwareKonsolidierung (Applikationskonsolidierung) ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 128
3.6.3 Datenkonsolidierung ..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 130
3.6.4 Projektmäßige Umsetzung von ITKonsolidierungen.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 130
3.7 Projektbeispiel „SOAEinführung“ ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 132
3.8 Framework TOGAF im Architektur management nutzen ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 134
3.9 Nutzen eines ITArchitekturmanagements ...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 136
3.10 Literatur ......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 138
IT-Servicemanagement ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 139
4.1 Effizientes ITServicemanagement – eine permanente Herausforderung........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 139
4.1.1 ITServicemanagement – begriffliche Orientierung...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 140
4.1.2 Grundlagen eines professionellen ITServicemanagements ......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 141
4.1.3 ITServicequalität definieren – ein wichtiger Produktivitätsfaktor............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 143
4.1.4 Erfolge durch professionelles Management der IT und ihrer Services ......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 144
4.2 ITServicemanagement – Konzepte und Standards.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 145
4.2.1 Die Vielfalt der Lösungen – Überblick über vorhandene Konzepte .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 145
4.2.2 Servicemanagement nach ITIL...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 148
4.3 ITIL unter der Lupe .......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 153
4.3.1 ServiceSupportProzesse.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 153
4.3.2 ServiceDeliveryProzesse ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 159
4.3.3 Neue ITIL 3Prozesse..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 164
4.4 Fahrplan zu einem optimalen ITServicemanagement..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 170
4.4.1 Kritische Erfolgsfaktoren für die Einführung ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 170
4.4.2 Einführung von ITServicemanagement – eine Vorgehensweise .................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 171
4.4.3 Einführungsaspekte bei ITIL 3...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 175
4.4.4 Aufbau einer Servicekultur in der IT ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 178
4.4.5 ITServicemanagement in der Praxis ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 181
4.5 IT Services verrechnen und überwachen......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 182
4.5.1 ITServices verrechnen.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 182
4.5.2 ITServices überwachen ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 188
4.5.3 ITServicemanagement und Wirtschaftlichkeit............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 192
4.6 Toolauswahl für das ITService management.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 194
4.6.1 Die richtigen Werkzeuge wählen – eine Vorgehensweise ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 194
4.6.2 Funktionsvielfalt und Produktkategorisierung............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 200
4.7 Literatur ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 202
IT-Projektmanagement......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 207
5.1 Von der Projektinitiative zum Projektantrag ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 208
5.1.1 ITProjekttypen und ihre Besonderheiten ..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 208
5.1.2 Auslöser für ITProjekte ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 210
5.1.3 Wichtige Voraussetzungen für erfolgreiche Projektarbeit ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 212
5.1.4 Die Projektskizze........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 213
5.1.5 Der Projektantrag.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 214
5.2 Vereinbarung eines Projektauftrages............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 218
5.2.1 Bewertungskriterien für ITProjekte und Priorisierungsverfahren .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 218
5.2.2 Wirtschaftlichkeitsbeurteilung von ITProjekten .......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 221
5.2.3 Der Projektauftrag als Grundlage für die Projektarbeit ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 223
5.2.4 Projektaufträge erfolgreich umsetzen........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 223
5.3 ITProjekte starten............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 225
5.3.1 StartupWorkshop/KickoffMeeting............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 225
5.3.2 ProjektVisionen entwickeln ......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 226
5.3.3 Stakeholderanalyse und Stakeholdermanagement ....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 228
5.3.4 Projektziele präzisieren ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 231
5.3.5 Phasengliederung und Meilensteine festlegen ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 231
5.4 Projektbeteiligte und Projektorganisation ....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 234
5.4.1 Der ITProjektleiter – Aufgaben, Anforderungen und Befugnisse................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 235
5.4.2 Das Projektteam – Rollenkonzept und Teambildung .................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 236
5.4.3 ProjektAuftraggeber und unterstützende Gremien...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 238
5.4.4 Kooperation mit externen Fachkräften ......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 242
5.5 Planungsaufgaben in ITProjekten ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 243
5.5.1 Rahmenbedingungen moderner Projektplanung .......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 243
5.5.2 Projektstrukturplan und Arbeitspakete ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 246
5.5.3 Projektablauf und Terminplanung ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 250
5.5.4 Ressourcenbedarfsplan und Ressourceneinsatzplan .................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 256
5.5.5 ProjektKostenplanung .................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 259
5.5.6 ProjektQualitätsplanung .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 261
5.5.7 ProjektRisikoplanung................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 264
5.5.8 Nutzung von ProjektmanagementSoftware für die Projektplanung............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 266
5.6 Kontrolle und Steuerung von ITProjekten....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 267
5.6.1 Varianten der Projektüberwachung .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 268
5.6.2 Statuserfassung für Projektvorgänge ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 269
5.6.3 PlanIstVergleiche und Reviews ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 272
5.6.4 Kostencontrolling in Projekten...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 273
5.6.5 Projektreporting............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 274
5.6.6 ClaimManagement ....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 275
5.6.7 ProjektMarketing ......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 277
5.6.8 Nutzung von ProjektmanagementSoftware für die Projektsteuerung.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 278
5.7 Multiprojektmanagement und Projektportfoliomanagement........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 280
5.7.1 Zielsetzungen und Erfolgsfaktoren im MultiProjektmanagement ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 281
5.7.2 Projektauswahl mittels ITPortfolioanalyse................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 283
5.7.3 Planungsaktivitäten im Multiprojektmanagement ....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 284
5.7.4 Steuerung des ITProjektPortfolios............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 285
5.8 ITProjekte abschließen .................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 286
5.8.1 Projektabnahme und Produktübergabe ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 287
5.8.2 Projektabschlussanalyse durchführen – Evaluierung und Auswertung der Projektarbeit........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 288
5.8.3 ProjektAbschlussbericht und ProjektGesamtdokumentation erstellen ...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 289
5.8.4 Projekterfahrungen sichern .......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 290
5.9 Literatur ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 293
Organisation und Führung im IT-Bereich ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 295
6.1 Organisation und Führung – Basis für den Erfolg der ITAbteilung ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 295
6.2 Elemente und Einflussfaktoren moderner ITOrganisation.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 296
6.3 Grundausrichtung und Konzepte zur Organisation der IT............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 299
6.3.1 Gestaltung und Optimierung der ITProzesslandschaft................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 299
6.3.2 Aufbauorganisatorische Ausrichtung............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 301
6.4 Rollen und Aufgabenstellungen im ITBereich................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 303
6.4.1 Typische Rollen im ITBereich....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 304
6.4.2 Stellenbildung und Personalbemessung ....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 310
6.5 Outsourcing von ITLeistungen ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 312
6.5.1 Entscheidung über ITOutsourcing................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 312
6.5.2 Projektierung von ITOutsourcing................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 315
6.6 Information und Kommunikation mittels Kennzahlen und Reporting ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 317
6.6.1 Informationsbedarf der ITFührung .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 317
6.6.2 Reporting im ITBereich ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 318
6.7 Führung im ITBereich als Herausforderung ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 320
6.7.1 Führungsaufgaben – Einordnung und Teilaktivitäten .................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 322
6.7.2 Führungsstile ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 325
6.7.3 Ausgewählte Führungsinstrumente .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 328
6.8 Führung von Teams – Teambildung und Teammanagement ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 332
6.8.1 Teamentwicklungsprozesse identifizieren .................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 332
6.8.2 Teamkultur aufbauen und zielorientiert weiterentwickeln........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 335
6.9 Literatur ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 338
IT-Controlling......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 339
7.1 Begriff des ITControllings und konzeptionelle Aspekte.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 339
7.1.1 Funktionsbegriff und Institutionenbegriff .................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 340
7.1.2 Organisatorische Einbindung des ITControllings ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 341
7.2 Ziele, Objekte und Aufgaben des ITControllings............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 344
7.2.1 Ziele und Objekte für ein ITControlling ....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 344
7.2.2 Aufgaben im ITControlling........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 345
7.3 Methoden, Instrumente und Werkzeuge im ITControlling ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 354
7.3.1 ITBalanced Scorecard ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 355
7.3.2 ITKennzahlensysteme .................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 356
7.3.3 Benchmarking ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 359
7.3.4 ServiceLevelAgreements (SLA)................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 360
7.3.5 Leistungsverrechnung................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 363
7.4 Umsetzung von ITControlling ......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 368
7.5 Literatur ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 371
Herausforderung Lizenzmanagement – vom Risiko zum Wert ......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 373
8.1 Potenzial und Nutzen des Lizenzmanagements ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 373
8.2 Was ist eine Softwarelizenz? ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 378
8.3 Der SoftwareLifeCycleProzess und seine Bestandteile.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 383
8.4 Der Lizenzmanager und verwandte Rollen ...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 386
8.5 Welche Daten sind für das Lizenzmanagement erforderlich? .......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 388
8.6 Komplexitätstreiber im Lizenzmanagement .................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 392
8.7 Der Einfluss der ITArchitektur auf das Lizenzmanagement ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 394
8.8 Auswahl des LizenzmanagementTools............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 396
8.9 Einführung einer LizenzmanagementLösung ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 400
8.10 Literatur und weiteres Informationsmaterial................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 402
Qualitätsmanagement für IT-Lösungen .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 403
9.1 Begründungen und Ansätze für umfas sende QualitätsmanagementLösungen ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 403
9.1.1 Warum ist Qualitätssicherung bzw. Qualitätsmanagement im ITBereich so wichtig? ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 403
9.1.2 Wie funktioniert Qualitätsmanagement? ...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 405
9.1.3 Das Dilemma des Qualitätsmanagements ..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 405
9.2 Grundlagen und Begriffe des ITQualitätsmanagements ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 406
9.2.1 Qualität.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 407
9.2.2 Qualitätsverbesserung .................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 409
9.2.3 Qualitätsmanagement und Qualitätssicherung als Teil eines Managementsystems .................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 410
9.2.4 Konsequenzen für den Aufbau von QualitätsmanagementSystemen .......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 411
9.3 Sequenzielle versus iterative Entwicklungsmodelle: RisikoStrategie ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 413
9.3.1 Sequenzielle Entwicklung: das VModell ...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 414
9.3.2 Iterative Entwicklung .................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 416
9.3.3 Schlussfolgerungen zum Vorgehensmodell in der SoftwareEntwicklung unter Qualitätsaspekten ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 420
9.4 Qualität von Produkten .................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 422
9.4.1 Brauchbarkeit und Wartbarkeit..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 422
9.4.2 Qualität der Anforderungen .......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 424
9.4.3 Qualität der Lösung ....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 427
9.5 Qualität des Projekts ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 429
9.5.1 Qualität in der Projektplanung...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 429
9.5.2 Qualität in der Projektlenkung...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 433
9.6 Qualität der Prozesse ....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 434
9.6.1 Prozessmodellierung..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 434
9.6.2 ReferenzProzessmodelle............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 434
9.6.3 ProzessreifegradModelle .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 436
9.6.4 Prozessqualität in agilen Prozessen.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 439
9.7 Qualitätssicherung ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 441
9.7.1 Organisatorische Qualitätsmaßnahmen ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 441
9.7.2 Konstruktive Qualitätsmaßnahmen .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 441
9.7.3 Analytische Qualitätsmaßnahmen ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 442
9.7.4 Reviews ......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 444
9.8 Relevante Qualitätsmanagement Standards..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 448
9.8.1 Die Normenreihe ISO 9000ff ......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 448
9.8.2 Standards für SoftwareProduktqualität........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 450
9.8.3 ProzessreifegradModelle (CMMI & SPICE/ISO15504) ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 454
9.8.4 ReferenzProzessmodelle in der IT................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 458
9.9 Literatur ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 461
IT-Governance ....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 463
10.1 Merkmale und Bedeutung von ITGovernance ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 464
10.1.1 Zielsetzungen und Rahmenbedingungen für eine erfolgreiche ITGovernance .......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 465
10.1.2 ITGovernanceProzesse und Corporate Governance................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 468
10.2 KernAufgabenbereiche zentraler ITSteuerung............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 470
10.2.1 Ganzheitliche ITStrategieentwicklung ....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 472
10.2.2 ITAnforderungsmanagement ..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 474
10.2.3 ITArchitekturmanagement und Enterprise Architecture Management ..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 477
10.2.4 Multiprojektsteuerung für ITProjekte ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 482
10.2.5 ITRisikomanagement ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 484
10.2.6 Compliance Management............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 486
10.2.7 ITInvestitionsmanagement und ValueManagement.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 487
10.3 Zentrale ITGovernance einführen ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 490
10.3.1 Die Ansätze ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 490
10.3.2 Vorgehen ..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 492
10.4 Performance Management für ITGovernance ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 494
10.5 Fazit................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 496
10.6 Literatur ......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 499
IT-Security-Management ...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 501
11.1 Ausgangssituation und Bedeutung von ITSecurityManagement.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 502
11.1.1 Problemlage ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 502
11.1.2 Ermittlung der Sicherheitsrelevanz............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 503
11.1.3 ITSecurityManagement als Erfolgsfaktor .................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 505
11.1.4 Rechtlicher Rahmen für die ITSecurity ...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 506
11.1.5 Anforderungen an ein hochwertiges ITSecurityManagement................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 511
11.2 Sicherheitsorganisation für die ITSecurity.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 514
11.2.1 Möglichkeiten für die Einordnung in die Organisation ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 514
11.2.2 Rollen im ITSecurityManagement............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 516
11.2.3 Organisationsmodelle.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 518
11.2.4 Zusammenspiel mit anderen Sicherheitsbereichen .................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 521
11.3 Aufbau des ITSecurityManagements............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 522
11.3.1 Sicherheitsrichtlinien .................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 523
11.3.2 Schutzbedarfsanalyse.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 523
11.3.3 Sicherheitskonzepte und Sicherheitslösungen............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 524
11.3.4 ITSecurity Reporting .................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 524
11.3.5 Information Security Circle......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 527
11.3.6 Notfallmanagement ..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 528
11.4 Einsatz von Sicherheitsstandards................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 528
11.4.1 ISO/IEC 2700x (International) .................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 529
11.4.2 ITGrundschutz (Deutschland) .................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 530
11.4.3 Informationssicherheitshandbuch (Österreich) .......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 530
11.4.4 Informatiksicherheit in der Bundesverwaltung (Schweiz).......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 531
11.5 Sicherheit als Sollzustand vorgeben............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 531
11.5.1 ITSicherheitskriterien ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 531
11.5.2 Sicherheitsgrad und Sicherheitsklassen ..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 535
11.5.3 Sicherheitsstrategien................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 536
11.5.4 Sicherheitspolitik und Corporate ITSecurity Policy ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 537
11.5.5 Security Policy Management....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 540
11.5.6 ITSecurity Auditing .................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 541
11.5.7 Sicherheit in externen Partnerschaften ...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 542
11.6 Literatur ......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 545
IT-Risikomanagement........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 547
12.1 Risiko und Gefahr........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 548
12.1.1 Der Gefahrenbegriff..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 548
12.1.2 Der Risikobegriff ......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 548
12.1.3 Risikowahrnehmung ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 551
12.2 Entstehung von Risiken und RisikoIdentifikation......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 552
12.2.1 Schwachstelle .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 552
12.2.2 Angriffspfad ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 553
12.2.3 Auslöser....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 554
12.2.4 Bedrohung ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 554
12.3 Risikoszenario ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 555
12.3.1 Sicherheitsrelevantes Ereignis .................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 555
12.3.2 Wirkungsszenario ....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 556
12.4 ITRisikoanalyse ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 557
12.4.1 Kernbestandteile der ITRisikoanalyse ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 557
12.4.2 Arten von ITRisikoanalysen ....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 557
12.4.3 ISTAufnahme.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 558
12.4.4 Schwachstellenanalyse................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 560
12.4.5 Bedrohungsanalyse ..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 561
12.4.6 Risikofeststellung und bewertung.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 562
12.4.7 Risikodarstellung und Risikodokumentation .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 568
12.5 Risikoentscheidung ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 573
12.5.1 Risikotragfähigkeit ...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 574
12.5.2 Risikobereitschaft........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 574
12.5.3 Risikoakzeptanz .......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 574
12.5.4 Risikopriorisierung ..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 575
12.5.5 Risikobewältigungsstrategien ..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 575
12.5.6 Restrisikodeklaration .................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 577
12.6 ITRisikosituation managen............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 578
12.6.1 Risikokorridor ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 578
12.6.2 Risikofrüherkennung .................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 580
12.6.3 ITRisikomanagementprozess ..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 580
12.7 Literatur ......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 583
IT-Compliance ....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 585
13.1 Begriff und Aktualität von Compliance.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 585
13.1.1 Begriffliche Grundlagen .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 586
13.1.2 Beispiele von ComplianceVerstößen........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 589
13.2 ITCompliance ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 591
13.2.1 Begriffliche Grundlagen .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 591
13.2.2 ITCompliance als Verhalten........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 594
13.2.3 Compliance der ITFunktion vs. ITgestützte Corporate Compliance .......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 595
13.2.4 „Governance – Risk – Compliance“ und ITCompliance.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 598
13.3 ITCompliance nach COBIT............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 600
13.3.1 COBIT als ITGovernance Framework.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 600
13.3.2 Compliance als allgemeine Geschäftsanforderung...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 601
13.3.3 Der COBITProzess zur Sicherstellung von Compliance.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 603
13.4 Nutzen von ITCompliance ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 605
13.5 Beteiligte und Interessenlagen ....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 608
13.6 ITrelevante Regelwerke ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 610
13.6.1 Klassifikation der Regelwerke..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 610
13.6.2 Rechtliche Vorgaben.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 612
13.6.3 Verträge....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 615
13.6.4 Unternehmensexterne Regelwerke ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 615
13.6.5 Unternehmensinterne Regelwerke.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 618
13.7 Kernbereiche der Legal ITCompliance .......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 619
13.7.1 Buchführung und steuerliche Anforderungen ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 619
13.7.2 Dokumentenmanagement ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 621
13.7.3 Datenschutz................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 623
13.7.4 Webpräsenz................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 624
13.7.5 Personalwesen............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 627
13.7.6 ITBeschaffung............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 628
13.8 Management der ITCompliance .................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 629
13.9 Organisatorische Verankerung von ITCompliance........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 633
13.10 Literatur ....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 638
Rechtliche Rahmenbedingungen für das IT-Management................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 641
14.1 ITGovernance und ITCompliance ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 642
14.1.1 Vorsorge gegen Gesetzesverstöße und Risikomanagement......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 642
14.1.2 Reporting..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 645
14.1.3 Persönliche Haftung des Managements ...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 645
14.1.4 Strafrechtliche Verantwortung des Compliance Officer und anderer Funktionsträger mit besonderen Aufgaben..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 651
14.1.5 Unterstützung der Corporate Compliance durch die ITOrganisation......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 651
14.2 ITBeschaffung................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 654
14.2.1 Ausschreibung von Beschaffungsvorhaben................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 654
14.2.2 Voraussetzungen für die Ausschreibungspflicht......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 657
14.2.3 Weitere Fragestellungen.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 658
14.3 Allgemeine Geschäftsbedingungen................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 661
14.3.1 Grundlagen.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 661
14.3.2 Weitere Fragestellungen.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 663
14.4 Mängel und Garantie beim Hardwarekauf..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 667
14.4.1 Rechte bei Mängeln ..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 667
14.4.2 Vorgehen in der Praxis................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 668
14.4.3 Weitere Fragestellungen.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 668
14.5 SoftwareLizenzierung ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 670
14.5.1 Grundlagen.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 670
14.5.2 Das sollten Sie beachten.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 671
14.5.3 Weitere Fragestellungen.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 672
14.6 Das Lizenzaudit.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 676
14.7 Externe SoftwareEntwicklung....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 677
14.8 Software aus der Eigenentwicklung............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 679
14.9 Verträge in der Vorbereitung eines ITProjekts.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 680
14.10 Verträge für schlüsselfertige ITSysteme...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 682
14.10.1 Grundlagen................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 683
14.10.2 Vorgehen in der Praxis .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. 684
14.11 Verträge über Cloud Services....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 686
14.12 Literatur ....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 690
Index ...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 695
VI Inhalt Inhalt VII
2.2.9 SollTechnologieArchitektur entwickeln ........................................................... 672.2.10 Sicherheitsarchitektur ......................................................................................... 672.2.11 ITProzesse vereinbaren und ITProzesslandschaft weiterentwickeln ............. 682.2.12 Ausrichtung und Gestaltung der ITOrganisation ............................................. 692.2.13 Vorhabensplanung aus ITStrategien ableiten ................................................... 712.2.14 Projektportfolio ableiten und im ITMasterplan dokumentieren ..................... 73
2.3 Eine ITStrategie umsetzen .............................................................................................. 742.3.1 ITStrategie kommunizieren ................................................................................ 742.3.2 (IT)Projekte realisieren ....................................................................................... 752.3.3 Sonstige ITEntwicklungsmaßnahmen umsetzen .............................................. 752.3.4 Umsetzung der ITStrategie prüfen ..................................................................... 75
2.4 Literatur ............................................................................................................................. 83
3 Enterprise Architecture Management (EAM) – IT-Architekturen erfolgreich planen und steuern .................................. 85Ernst Tiemeyer
3.1 Ausgangssituation und Herausforderungen ................................................................... 863.2 Ordnungsrahmen und Grundausrichtungen für das Architekturmanagement ......... 91
3.2.1 Grundelemente einer Enterprise bzw. ITArchitektur ..................................... 923.2.2 Zielsetzungen und Handlungsprinzipien für das
ITArchitekturmanagement ................................................................................. 943.3 Dokumentation der Architekturen – Beschreibungsmodelle und Praxis beispiele ........ 97
3.3.1 Dokumentationsformen für ITArchitekturen .................................................... 993.3.2 TechnologieArchitektur ...................................................................................... 1003.3.3 ApplikationsArchitektur ..................................................................................... 1023.3.4 Geschäftsarchitektur ............................................................................................ 1033.3.5 Datenarchitektur .................................................................................................. 104
3.4 ITArchitekturen planen und ausgestalten ..................................................................... 1053.4.1 Generelle Vorgehensweise zur Architekturplanung ........................................ 1063.4.2 Architekturlandschaften bewerten ..................................................................... 1103.4.3 SollITArchitekturlandschaft entwickeln und darstellen ................................. 111
3.5 Organisation der Einführung und Optimierung von Enterprise Architecture Management (EAM) .......................................................................................................... 1133.5.1 Aufgaben und Rollenkonzept im Architekturmanagement .............................. 1133.5.2 Prozesse im Architekturmanagement ................................................................ 116
3.6 Projektierungen von ITLandschaften – ITKonsolidierungsprojekte ........................... 1233.6.1 HardwareKonsolidierung ................................................................................... 1243.6.2 SoftwareKonsolidierung (Applikationskonsolidierung) ................................... 1283.6.3 Datenkonsolidierung ............................................................................................ 1303.6.4 Projektmäßige Umsetzung von ITKonsolidierungen ........................................ 130
3.7 Projektbeispiel „SOAEinführung“ .................................................................................. 1323.8 Framework TOGAF im Architektur management nutzen ............................................... 1343.9 Nutzen eines ITArchitekturmanagements ..................................................................... 1363.10 Literatur ............................................................................................................................. 138
Inhalt VII
4 IT-Servicemanagement .............................................................................. 139Dietmar Kopperger, Jörg Kunsmann, Anette Weisbecker
4.1 Effizientes ITServicemanagement – eine permanente Herausforderung ................... 1394.1.1 ITServicemanagement – begriffliche Orientierung .......................................... 1404.1.2 Grundlagen eines professionellen ITServicemanagements ............................. 1414.1.3 ITServicequalität definieren – ein wichtiger Produktivitätsfaktor ................. 1434.1.4 Erfolge durch professionelles Management der IT und ihrer Services ........... 144
4.2 ITServicemanagement – Konzepte und Standards ....................................................... 1454.2.1 Die Vielfalt der Lösungen – Überblick über vorhandene Konzepte ................. 1454.2.2 Servicemanagement nach ITIL ........................................................................... 148
4.3 ITIL unter der Lupe ........................................................................................................... 1534.3.1 ServiceSupportProzesse .................................................................................... 1534.3.2 ServiceDeliveryProzesse ................................................................................... 1594.3.3 Neue ITIL 3Prozesse ........................................................................................... 164
4.4 Fahrplan zu einem optimalen ITServicemanagement .................................................. 1704.4.1 Kritische Erfolgsfaktoren für die Einführung .................................................... 1704.4.2 Einführung von ITServicemanagement – eine Vorgehensweise ..................... 1714.4.3 Einführungsaspekte bei ITIL 3 ............................................................................ 1754.4.4 Aufbau einer Servicekultur in der IT ................................................................. 1784.4.5 ITServicemanagement in der Praxis ................................................................. 181
4.5 IT Services verrechnen und überwachen ....................................................................... 1824.5.1 ITServices verrechnen ........................................................................................ 1824.5.2 ITServices überwachen ....................................................................................... 1884.5.3 ITServicemanagement und Wirtschaftlichkeit ................................................. 192
4.6 Toolauswahl für das ITService management .................................................................. 1944.6.1 Die richtigen Werkzeuge wählen – eine Vorgehensweise ................................ 1944.6.2 Funktionsvielfalt und Produktkategorisierung ................................................. 200
4.7 Literatur ............................................................................................................................. 202
5 IT-Projektmanagement ............................................................................ 207Ernst Tiemeyer
5.1 Von der Projektinitiative zum Projektantrag .................................................................. 2085.1.1 ITProjekttypen und ihre Besonderheiten .......................................................... 2085.1.2 Auslöser für ITProjekte ....................................................................................... 2105.1.3 Wichtige Voraussetzungen für erfolgreiche Projektarbeit ................................ 2125.1.4 Die Projektskizze ................................................................................................. 2135.1.5 Der Projektantrag ................................................................................................. 214
5.2 Vereinbarung eines Projektauftrages .............................................................................. 2185.2.1 Bewertungskriterien für ITProjekte und Priorisierungsverfahren ................. 2185.2.2 Wirtschaftlichkeitsbeurteilung von ITProjekten .............................................. 2215.2.3 Der Projektauftrag als Grundlage für die Projektarbeit .................................... 2235.2.4 Projektaufträge erfolgreich umsetzen ................................................................ 223
5.3 ITProjekte starten ............................................................................................................ 2255.3.1 StartupWorkshop/KickoffMeeting .................................................................. 2255.3.2 ProjektVisionen entwickeln ............................................................................... 226
VIII Inhalt Inhalt IX
5.3.3 Stakeholderanalyse und Stakeholdermanagement ........................................... 2285.3.4 Projektziele präzisieren ....................................................................................... 2315.3.5 Phasengliederung und Meilensteine festlegen .................................................. 231
5.4 Projektbeteiligte und Projektorganisation ...................................................................... 2345.4.1 Der ITProjektleiter – Aufgaben, Anforderungen und Befugnisse ................... 2355.4.2 Das Projektteam – Rollenkonzept und Teambildung ........................................ 2365.4.3 ProjektAuftraggeber und unterstützende Gremien .......................................... 2385.4.4 Kooperation mit externen Fachkräften ............................................................... 242
5.5 Planungsaufgaben in ITProjekten .................................................................................. 2435.5.1 Rahmenbedingungen moderner Projektplanung .............................................. 2435.5.2 Projektstrukturplan und Arbeitspakete ............................................................. 2465.5.3 Projektablauf und Terminplanung ..................................................................... 2505.5.4 Ressourcenbedarfsplan und Ressourceneinsatzplan ........................................ 2565.5.5 ProjektKostenplanung ........................................................................................ 2595.5.6 ProjektQualitätsplanung ..................................................................................... 2615.5.7 ProjektRisikoplanung ......................................................................................... 2645.5.8 Nutzung von ProjektmanagementSoftware für die Projektplanung ............... 266
5.6 Kontrolle und Steuerung von ITProjekten ..................................................................... 2675.6.1 Varianten der Projektüberwachung .................................................................... 2685.6.2 Statuserfassung für Projektvorgänge ................................................................. 2695.6.3 PlanIstVergleiche und Reviews ......................................................................... 2725.6.4 Kostencontrolling in Projekten ........................................................................... 2735.6.5 Projektreporting ................................................................................................... 2745.6.6 ClaimManagement .............................................................................................. 2755.6.7 ProjektMarketing ................................................................................................ 2775.6.8 Nutzung von ProjektmanagementSoftware für die Projektsteuerung .............. 278
5.7 Multiprojektmanagement und Projektportfoliomanagement ........................................ 2805.7.1 Zielsetzungen und Erfolgsfaktoren im MultiProjektmanagement .................. 2815.7.2 Projektauswahl mittels ITPortfolioanalyse ....................................................... 2835.7.3 Planungsaktivitäten im Multiprojektmanagement ........................................... 2845.7.4 Steuerung des ITProjektPortfolios .................................................................... 285
5.8 ITProjekte abschließen .................................................................................................... 2865.8.1 Projektabnahme und Produktübergabe ............................................................. 2875.8.2 Projektabschlussanalyse durchführen – Evaluierung und Auswertung
der Projektarbeit .................................................................................................. 2885.8.3 ProjektAbschlussbericht und ProjektGesamtdokumentation erstellen ......... 2895.8.4 Projekterfahrungen sichern ................................................................................ 290
5.9 Literatur ............................................................................................................................. 293
6 Organisation und Führung im IT-Bereich .............................................. 295Ernst Tiemeyer
6.1 Organisation und Führung – Basis für den Erfolg der ITAbteilung ............................ 2956.2 Elemente und Einflussfaktoren moderner ITOrganisation ........................................... 2966.3 Grundausrichtung und Konzepte zur Organisation der IT ............................................ 299
6.3.1 Gestaltung und Optimierung der ITProzesslandschaft .................................... 2996.3.2 Aufbauorganisatorische Ausrichtung ................................................................. 301
Inhalt IX
6.4 Rollen und Aufgabenstellungen im ITBereich ............................................................... 3036.4.1 Typische Rollen im ITBereich ............................................................................ 3046.4.2 Stellenbildung und Personalbemessung ............................................................ 310
6.5 Outsourcing von ITLeistungen ........................................................................................ 3126.5.1 Entscheidung über ITOutsourcing ..................................................................... 3126.5.2 Projektierung von ITOutsourcing ...................................................................... 315
6.6 Information und Kommunikation mittels Kennzahlen und Reporting ......................... 3176.6.1 Informationsbedarf der ITFührung ................................................................... 3176.6.2 Reporting im ITBereich ....................................................................................... 318
6.7 Führung im ITBereich als Herausforderung .................................................................. 3206.7.1 Führungsaufgaben – Einordnung und Teilaktivitäten ...................................... 3226.7.2 Führungsstile ....................................................................................................... 3256.7.3 Ausgewählte Führungsinstrumente ................................................................... 328
6.8 Führung von Teams – Teambildung und Teammanagement ........................................ 3326.8.1 Teamentwicklungsprozesse identifizieren ......................................................... 3326.8.2 Teamkultur aufbauen und zielorientiert weiterentwickeln .............................. 335
6.9 Literatur ............................................................................................................................. 338
7 IT-Controlling ............................................................................................ 339Helmut Krcmar, Andreas Roland Schwertsik
7.1 Begriff des ITControllings und konzeptionelle Aspekte ............................................... 3397.1.1 Funktionsbegriff und Institutionenbegriff ......................................................... 3407.1.2 Organisatorische Einbindung des ITControllings ............................................. 341
7.2 Ziele, Objekte und Aufgaben des ITControllings ........................................................... 3447.2.1 Ziele und Objekte für ein ITControlling ............................................................ 3447.2.2 Aufgaben im ITControlling ................................................................................. 345
7.3 Methoden, Instrumente und Werkzeuge im ITControlling ........................................... 3547.3.1 ITBalanced Scorecard ......................................................................................... 3557.3.2 ITKennzahlensysteme ......................................................................................... 3567.3.3 Benchmarking ...................................................................................................... 3597.3.4 ServiceLevelAgreements (SLA) ........................................................................ 3607.3.5 Leistungsverrechnung ......................................................................................... 363
7.4 Umsetzung von ITControlling ......................................................................................... 3687.5 Literatur ............................................................................................................................. 371
8 Herausforderung Lizenzmanagement – vom Risiko zum Wert ........... 373Torsten Groll
8.1 Potenzial und Nutzen des Lizenzmanagements ............................................................. 3738.2 Was ist eine Softwarelizenz? ............................................................................................ 3788.3 Der SoftwareLifeCycleProzess und seine Bestandteile ............................................... 3838.4 Der Lizenzmanager und verwandte Rollen ..................................................................... 3868.5 Welche Daten sind für das Lizenzmanagement erforderlich? ....................................... 3888.6 Komplexitätstreiber im Lizenzmanagement ................................................................... 3928.7 Der Einfluss der ITArchitektur auf das Lizenzmanagement ........................................ 394
X Inhalt Inhalt XI
8.8 Auswahl des LizenzmanagementTools ........................................................................... 3968.9 Einführung einer LizenzmanagementLösung ............................................................... 4008.10 Literatur und weiteres Informationsmaterial ................................................................. 402
9 Qualitätsmanagement für IT-Lösungen ................................................. 403Andreas Nehfort
9.1 Begründungen und Ansätze für umfas sende QualitätsmanagementLösungen ........ 4039.1.1 Warum ist Qualitätssicherung bzw. Qualitätsmanagement im
ITBereich so wichtig? .......................................................................................... 4039.1.2 Wie funktioniert Qualitätsmanagement? ........................................................... 4059.1.3 Das Dilemma des Qualitätsmanagements .......................................................... 405
9.2 Grundlagen und Begriffe des ITQualitätsmanagements ............................................... 4069.2.1 Qualität ................................................................................................................. 4079.2.2 Qualitätsverbesserung ......................................................................................... 4099.2.3 Qualitätsmanagement und Qualitätssicherung als Teil eines
Managementsystems ........................................................................................... 4109.2.4 Konsequenzen für den Aufbau von QualitätsmanagementSystemen ............. 411
9.3 Sequenzielle versus iterative Entwicklungsmodelle: RisikoStrategie ......................... 4139.3.1 Sequenzielle Entwicklung: das VModell ........................................................... 4149.3.2 Iterative Entwicklung .......................................................................................... 4169.3.3 Schlussfolgerungen zum Vorgehensmodell in der SoftwareEntwicklung
unter Qualitätsaspekten ...................................................................................... 4209.4 Qualität von Produkten .................................................................................................... 422
9.4.1 Brauchbarkeit und Wartbarkeit .......................................................................... 4229.4.2 Qualität der Anforderungen ................................................................................ 4249.4.3 Qualität der Lösung .............................................................................................. 427
9.5 Qualität des Projekts ........................................................................................................ 4299.5.1 Qualität in der Projektplanung ........................................................................... 4299.5.2 Qualität in der Projektlenkung ........................................................................... 433
9.6 Qualität der Prozesse ........................................................................................................ 4349.6.1 Prozessmodellierung ........................................................................................... 4349.6.2 ReferenzProzessmodelle ..................................................................................... 4349.6.3 ProzessreifegradModelle .................................................................................... 4369.6.4 Prozessqualität in agilen Prozessen ................................................................... 439
9.7 Qualitätssicherung ............................................................................................................ 4419.7.1 Organisatorische Qualitätsmaßnahmen ............................................................. 4419.7.2 Konstruktive Qualitätsmaßnahmen .................................................................... 4419.7.3 Analytische Qualitätsmaßnahmen ...................................................................... 4429.7.4 Reviews ................................................................................................................. 444
9.8 Relevante Qualitätsmanagement Standards ................................................................... 4489.8.1 Die Normenreihe ISO 9000ff ............................................................................... 4489.8.2 Standards für SoftwareProduktqualität ............................................................. 4509.8.3 ProzessreifegradModelle (CMMI & SPICE/ISO15504) ..................................... 4549.8.4 ReferenzProzessmodelle in der IT ..................................................................... 458
9.9 Literatur ............................................................................................................................. 461
Inhalt XI
10 IT-Governance ........................................................................................ 463Robert Bergmann, Ernst Tiemeyer
10.1 Merkmale und Bedeutung von ITGovernance ............................................................. 46410.1.1 Zielsetzungen und Rahmenbedingungen für eine erfolgreiche
ITGovernance .................................................................................................. 46510.1.2 ITGovernanceProzesse und Corporate Governance .................................... 468
10.2 KernAufgabenbereiche zentraler ITSteuerung .......................................................... 47010.2.1 Ganzheitliche ITStrategieentwicklung .......................................................... 47210.2.2 ITAnforderungsmanagement ......................................................................... 47410.2.3 ITArchitekturmanagement und Enterprise Architecture Management ....... 47710.2.4 Multiprojektsteuerung für ITProjekte ........................................................... 48210.2.5 ITRisikomanagement ..................................................................................... 48410.2.6 Compliance Management ............................................................................... 48610.2.7 ITInvestitionsmanagement und ValueManagement ................................... 487
10.3 Zentrale ITGovernance einführen ................................................................................ 49010.3.1 Die Ansätze ...................................................................................................... 49010.3.2 Vorgehen .......................................................................................................... 492
10.4 Performance Management für ITGovernance ............................................................. 49410.5 Fazit ................................................................................................................................. 49610.6 Literatur .......................................................................................................................... 499
11 IT-Security-Management ....................................................................... 501Klaus Schmidt
11.1 Ausgangssituation und Bedeutung von ITSecurityManagement ............................. 50211.1.1 Problemlage ..................................................................................................... 50211.1.2 Ermittlung der Sicherheitsrelevanz ............................................................... 50311.1.3 ITSecurityManagement als Erfolgsfaktor .................................................... 50511.1.4 Rechtlicher Rahmen für die ITSecurity ........................................................ 50611.1.5 Anforderungen an ein hochwertiges ITSecurityManagement ................... 511
11.2 Sicherheitsorganisation für die ITSecurity .................................................................. 51411.2.1 Möglichkeiten für die Einordnung in die Organisation ................................ 51411.2.2 Rollen im ITSecurityManagement ................................................................ 51611.2.3 Organisationsmodelle ..................................................................................... 51811.2.4 Zusammenspiel mit anderen Sicherheitsbereichen ..................................... 521
11.3 Aufbau des ITSecurityManagements .......................................................................... 52211.3.1 Sicherheitsrichtlinien ...................................................................................... 52311.3.2 Schutzbedarfsanalyse ..................................................................................... 52311.3.3 Sicherheitskonzepte und Sicherheitslösungen ............................................. 52411.3.4 ITSecurity Reporting ...................................................................................... 52411.3.5 Information Security Circle ............................................................................ 52711.3.6 Notfallmanagement ......................................................................................... 528
11.4 Einsatz von Sicherheitsstandards ................................................................................. 52811.4.1 ISO/IEC 2700x (International) ....................................................................... 52911.4.2 ITGrundschutz (Deutschland) ....................................................................... 53011.4.3 Informationssicherheitshandbuch (Österreich) ............................................ 53011.4.4 Informatiksicherheit in der Bundesverwaltung (Schweiz) .......................... 531
XII Inhalt Inhalt XIII
11.5 Sicherheit als Sollzustand vorgeben ............................................................................. 53111.5.1 ITSicherheitskriterien .................................................................................... 53111.5.2 Sicherheitsgrad und Sicherheitsklassen ....................................................... 53511.5.3 Sicherheitsstrategien ...................................................................................... 53611.5.4 Sicherheitspolitik und Corporate ITSecurity Policy .................................... 53711.5.5 Security Policy Management .......................................................................... 54011.5.6 ITSecurity Auditing ........................................................................................ 54111.5.7 Sicherheit in externen Partnerschaften ......................................................... 542
11.6 Literatur .......................................................................................................................... 545
12 IT-Risikomanagement ............................................................................ 547Klaus Schmidt
12.1 Risiko und Gefahr ........................................................................................................... 54812.1.1 Der Gefahrenbegriff ........................................................................................ 54812.1.2 Der Risikobegriff ............................................................................................. 54812.1.3 Risikowahrnehmung ....................................................................................... 551
12.2 Entstehung von Risiken und RisikoIdentifikation ...................................................... 55212.2.1 Schwachstelle ................................................................................................... 55212.2.2 Angriffspfad ..................................................................................................... 55312.2.3 Auslöser ........................................................................................................... 55412.2.4 Bedrohung ........................................................................................................ 554
12.3 Risikoszenario ................................................................................................................ 55512.3.1 Sicherheitsrelevantes Ereignis ....................................................................... 55512.3.2 Wirkungsszenario ........................................................................................... 556
12.4 ITRisikoanalyse .............................................................................................................. 55712.4.1 Kernbestandteile der ITRisikoanalyse .......................................................... 55712.4.2 Arten von ITRisikoanalysen ........................................................................... 55712.4.3 ISTAufnahme .................................................................................................. 55812.4.4 Schwachstellenanalyse .................................................................................... 56012.4.5 Bedrohungsanalyse ......................................................................................... 56112.4.6 Risikofeststellung und bewertung ................................................................. 56212.4.7 Risikodarstellung und Risikodokumentation ................................................ 568
12.5 Risikoentscheidung ........................................................................................................ 57312.5.1 Risikotragfähigkeit .......................................................................................... 57412.5.2 Risikobereitschaft ............................................................................................ 57412.5.3 Risikoakzeptanz ............................................................................................... 57412.5.4 Risikopriorisierung ......................................................................................... 57512.5.5 Risikobewältigungsstrategien ........................................................................ 57512.5.6 Restrisikodeklaration ...................................................................................... 577
12.6 ITRisikosituation managen ........................................................................................... 57812.6.1 Risikokorridor .................................................................................................. 57812.6.2 Risikofrüherkennung ...................................................................................... 58012.6.3 ITRisikomanagementprozess ......................................................................... 580
12.7 Literatur .......................................................................................................................... 583
Inhalt XIII
13 IT-Compliance ......................................................................................... 585Michael Klotz
13.1 Begriff und Aktualität von Compliance ........................................................................ 58513.1.1 Begriffliche Grundlagen .................................................................................. 58613.1.2 Beispiele von ComplianceVerstößen ............................................................. 589
13.2 ITCompliance ................................................................................................................. 59113.2.1 Begriffliche Grundlagen .................................................................................. 59113.2.2 ITCompliance als Verhalten ........................................................................... 59413.2.3 Compliance der ITFunktion vs. ITgestützte Corporate Compliance .......... 59513.2.4 „Governance – Risk – Compliance“ und ITCompliance .............................. 598
13.3 ITCompliance nach COBIT ............................................................................................ 60013.3.1 COBIT als ITGovernance Framework ............................................................ 60013.3.2 Compliance als allgemeine Geschäftsanforderung ....................................... 60113.3.3 Der COBITProzess zur Sicherstellung von Compliance ............................... 603
13.4 Nutzen von ITCompliance ............................................................................................. 60513.5 Beteiligte und Interessenlagen ...................................................................................... 60813.6 ITrelevante Regelwerke ................................................................................................. 610
13.6.1 Klassifikation der Regelwerke ........................................................................ 61013.6.2 Rechtliche Vorgaben ........................................................................................ 61213.6.3 Verträge ............................................................................................................ 61513.6.4 Unternehmensexterne Regelwerke ................................................................ 61513.6.5 Unternehmensinterne Regelwerke ................................................................ 618
13.7 Kernbereiche der Legal ITCompliance ......................................................................... 61913.7.1 Buchführung und steuerliche Anforderungen .............................................. 61913.7.2 Dokumentenmanagement ............................................................................... 62113.7.3 Datenschutz ..................................................................................................... 62313.7.4 Webpräsenz ...................................................................................................... 62413.7.5 Personalwesen ................................................................................................. 62713.7.6 ITBeschaffung ................................................................................................. 628
13.8 Management der ITCompliance ................................................................................... 62913.9 Organisatorische Verankerung von ITCompliance ..................................................... 63313.10 Literatur .......................................................................................................................... 638
14 Rechtliche Rahmenbedingungen für das IT-Management ................. 641Werner Bachmann
14.1 ITGovernance und ITCompliance ................................................................................ 64214.1.1 Vorsorge gegen Gesetzesverstöße und Risikomanagement ......................... 64214.1.2 Reporting .......................................................................................................... 64514.1.3 Persönliche Haftung des Managements ........................................................ 64514.1.4 Strafrechtliche Verantwortung des Compliance Officer und anderer
Funktionsträger mit besonderen Aufgaben ................................................... 65114.1.5 Unterstützung der Corporate Compliance durch die ITOrganisation ......... 651
14.2 ITBeschaffung ................................................................................................................ 65414.2.1 Ausschreibung von Beschaffungsvorhaben ................................................... 654
XIV Inhalt Inhalt XV
14.2.2 Voraussetzungen für die Ausschreibungspflicht .......................................... 65714.2.3 Weitere Fragestellungen ................................................................................. 658
14.3 Allgemeine Geschäftsbedingungen ............................................................................... 66114.3.1 Grundlagen ...................................................................................................... 66114.3.2 Weitere Fragestellungen ................................................................................. 663
14.4 Mängel und Garantie beim Hardwarekauf ................................................................... 66714.4.1 Rechte bei Mängeln ......................................................................................... 66714.4.2 Vorgehen in der Praxis ................................................................................... 66814.4.3 Weitere Fragestellungen ................................................................................. 668
14.5 SoftwareLizenzierung ................................................................................................... 67014.5.1 Grundlagen ...................................................................................................... 67014.5.2 Das sollten Sie beachten ................................................................................. 67114.5.3 Weitere Fragestellungen ................................................................................. 672
14.6 Das Lizenzaudit .............................................................................................................. 67614.7 Externe SoftwareEntwicklung ...................................................................................... 67714.8 Software aus der Eigenentwicklung .............................................................................. 67914.9 Verträge in der Vorbereitung eines ITProjekts ........................................................... 68014.10 Verträge für schlüsselfertige ITSysteme ...................................................................... 682
14.10.1 Grundlagen ...................................................................................................... 68314.10.2 Vorgehen in der Praxis ................................................................................... 684
14.11 Verträge über Cloud Services ........................................................................................ 68614.12 Literatur .......................................................................................................................... 690
Die Autoren ...................................................................................................... 691
Index ................................................................................................................. 695