The ITSM Practice: Elevating ITSM and IT Security Knowledge

• What Is the AICM Framework for AI Compliance?

  AI is transforming banking, but so are the rules. In this episode, Luigi Ferri explores how the Artificial Intelligence Control Matrix (AICM) helps financial institutions navigate complex compliance frameworks like ISO 42001, NIST AI RMF, and the EU AI Act, while staying secure and cost-efficient. Discover how to simplify AI governance, reduce audit fatigue, and protect your organization from model poisoning and adversarial risks.In this episode, we answer to:How can banks use AI while managing overlapping regulations and compliance frameworks?What new AI threats (like model poisoning and adversarial inputs) are traditional controls missing?How does the Artificial Intelligence Control Matrix (AICM) simplify compliance and strengthen AI security?Resources Mentioned in this Episode:Alphasec website, article "CSA AI Controls Matrix: A Sneak Preview", link https://alphasec.io/csa-ai-controls-matrix-a-sneak-preview/ Clarendon Partners website, whitepaper "AI Controls in Financial Services", link https://www.clarendonptrs.com/s/05_03_24_AI_Controls_in_Financial_Services_Clarendon_Partners_GRC_Ebook_Compressed.pdf Bank for International Settlements website, whitepaper "Regulating AI in the financial sector: recent developments and main challenges", link https://www.bis.org/fsi/publ/insights63.htm Cloud Security Alliance website, whitepaper "AICM mapping to NIST 600-1", link https://cloudsecurityalliance.org/artifacts/aicm-mapping-to-nist-600-1 Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

  --------  

  9:06

  --------

  9:06
• Process Mining in ITSM: Hidden Workflows Revealed

  Discover how Luigi Ferri explains how Process Mining in ITSM transforms service delivery by revealing real workflows hidden behind your dashboards. Learn how to eliminate bottlenecks, prevent SLA breaches, and align your Service Catalogue with reality. Turn ITSM data into actionable insights for compliance, automation, and continuous improvement.In this episode, we answer to:What’s the real difference between Process Mining and Task Mining in ITSM?How can Process Mining prevent SLA breaches and improve service performance?How does Process Mining enhance Service Catalogue accuracy and ensure compliance with ISO standards?Resources Mentioned in this Episode: Process Science website, article "Process Mining in IT services", link https://www.process-science.com/use-cases/it-servicesMindzie website, article "Top Benefits of Process Mining: Optimize, Analyze, Automate", link https://mindzie.com/process-mining-software/process-mining-benefits/Celonis website, article "5 Benefits of Using Process Mining for IT Service Management", link https://www.celonis.com/blog/5-benefits-of-using-process-mining-for-it-service-management/ Atlassian website, article "Process Mining Analyze and Optimize Jira Workflows and Processes", link https://community.atlassian.com/forums/App-Central-articles/Process-Mining-Analyze-and-Optimize-Jira-Workflows-and-Processes/ba-p/2768242 Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

  --------  

  9:40

  --------

  9:40
• How to Build IT Accountability with SoD (ISO 27001 Control 5.3)

  In this episode of The ITSM Practice, Luigi Ferri explores ISO/IEC 27001:2022 Control 5.3 – Segregation of Duties (SoD). Learn how to reduce risk, design accountability, and strengthen your ISMS with actionable SoD strategies, especially in ITIL 4 environments. Master RBAC, role clarity, and audit readiness to build trust into your IT processes by design.In this episode, we answer to:How does ISO 27001:2022 Control 5.3 define and implement Segregation of Duties?What are effective ways to apply RBAC and SoD in small or resource-limited teams?How can organizations monitor, log, and prove SoD compliance for audits?Resources Mentioned in this Episode:ISMS-Online, article "ISO 27001:2022 Annex A 5.3 – Segregation of duties", link https://de.isms.online/iso-27001/annex-a/5-3-segregation-of-duties-2022/ Morgan Hill website, template "ISO/IEC 27002:2022 | 5.3 - Segregation of Duties Policy Template", link https://morganhillcg.com/blog/item/iso-iec-27002-2022-5-3-segregation-of-duties-policy-template-2 HighTable, article "The Ultimate Guide to ISO 27001:2022 Clause 5.3: Organisational Roles, Responsibilities and Authorities", link https://hightable.io/iso-27001-clause-5-3-organisational-roles-responsibilities-and-authorities/ Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

  --------  

  10:31

  --------

  10:31
• The VMO in ITIL 4: Aligning Work with Strategy and Value

  The Value Management Office: Moving from Work to Worth. Is your IT team busy… but not sure if it’s delivering real value? In this episode, we uncover how a Value Management Office (VMO) helps organizations shift from tracking activity to measuring true business outcomes. Learn how ITIL 4, value stream mapping, and outcome-based metrics transform IT into a strategic value partner.Maximize value. Align strategy. Prove impact.In this episode, we answer to:What is a Value Management Office (VMO) and how does it differ from a PMO?How does ITIL 4 enable a modern, outcome-focused VMO?What value-based metrics should you track to align IT with business goals?Resources Mentioned in this Episode:Axelos / PeopleCert, article "The Service Management Office and ITIL 4", link https://www.axelos.com/resource-hub/blog/the-service-management-office-and-itil-4 ITSM Tools, article "ITIL 4 Service Value System (SVS) Explained: Guiding Principles, Practices, and Service Value Chain", link https://itsm.tools/the-itil-4-service-value-system-explained/ Simpliaxis, article "Four Dimensions of ITIL Service Management", link https://www.simpliaxis.com/resources/four-dimensions-of-itil-service-management Pink Elephant, guide "The IT Service Management Office", link https://www.pinkelephant.com/uploadedfiles/Resources/PinkPapers/The-IT-Service-Management-Office.pdf BMC, guide "VMO Vendor Management Office", link https://blogs.bmc.com/vmo-vendor-management-office/?print-posts=pdf ITSM Group, article "Value Stream Mapping", link https://www.itsmgroup.com/en/topics/value-stream-mapping Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

  --------  

  9:44

  --------

  9:44
• ISO 31000: Building Risk-Aware Culture Through Smarter Decisions

  Discover how ISO 31000 transforms risk from a compliance task into a shared decision-making mindset. In just 8 minutes, learn how to embed risk-aware thinking across IT, business continuity, cybersecurity, and operations—boosting confidence, clarity, and adaptability in every decision.In this episode, we answer to:What makes ISO 31000 different from other risk management standards?How can organizations embed risk thinking into daily decisions?How does ISO 31000 integrate with ISO 27005, ISO 22301, and ISO 31010?Resources Mentioned in this Episode:ISO 31000 Standard, link https://www.iso.org/standard/65694.htmlPirani, article "ISO 31000 Simplified: Elevate Your Risk Strategy", link https://www.piranirisk.com/blog/iso-31000 ISO, guide "ISO 31000 Risk Management", link https://thaiindustrialoffice.files.wordpress.com/2016/02/iso_31000_for_smes.pdf Global Suite, article "ISO 31000: The standard that helps you manage risks", link https://www.globalsuitesolutions.com/what-is-iso-31000-standard-and-what-is-its-purpose/ Ideagen, article "Principles of risk management explained", link https://www.ideagen.com/thought-leadership/blog/principles-of-risk-management-explained Advisera, article "What is ISO 31000?", link https://advisera.com/articles/what-is-iso-31000/ Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

  --------  

  10:49

  --------

  10:49

More Technology podcasts

Trending Technology podcasts

About The ITSM Practice: Elevating ITSM and IT Security Knowledge

The ITSM Practice: Elevating ITSM and IT Security Knowledge: Podcasts in Family