Descripción de un modelo de indicadores de gestión de los servicios de tecnologías de la información (TI) proporcionados a una organización, basado en los indicadores de gestión tangibles e ...intangibles obtenidos de los 13 procesos que componen la norma ISO/IEC 20000 e ITIL (Information technology infrastructure library o marcos de trabajo de referencia de la gestión de TI). El modelo se ha contrastado empíricamente sobre los más de 90 servicios de TI que se prestan desde la Dirección de Sistemas Internos de Indra a los demás departamentos. Los resultados obtenidos ponen de manifiesto una vez más que para aportar valor a una organización los servicios de TI deben gestionar eficientemente la disponibilidad, continuidad y capacidad de los equipos, controlar los cambios, mejorar los tiempos de respuesta de resolución de los incidentes, y procurar la satisfacción del cliente.
An IT roadmap is a critical investment that can significantly affect future competitiveness and performance of a firm. This study presents a comprehensive framework for determining the predecessors ...and successors of each activity of a roadmap to manage and govern the IT. This paper discusses the result of integrating the COBIT as a well-known IT standard with a hybrid group decision-making method, which has not been yet extensively studied to prioritize the potential actions of an IT roadmap, in a real-world case in Iran to demonstrate the feasibility of the proposed framework. The proposed framework can systematically construct the objectives of IT portfolio building to support business goals and strategies of a firm, identify the proper attributes, and set up a consistent evaluation standard for facilitating a group decision process.The study findings will be interesting for academics, chief information officers, and IT planning practitioners and consultants.
The purpose of this study is to build the evaluation model of the Information Technology General Control (ITGC) for the certified public accountants (CPAs) under an Enterprise Risk Management (ERM) — ...Integrated Framework. First, this study investigates and sorts out the control objectives of ITGC over financial reporting under ERM. The control objectives were prioritized by Analytic Hierarchy Process (AHP) and then, the ITGC evaluation model was constructed accordingly. Finally, the study utilizes the case study approach to verify the CPAs' acceptance for the evaluation model of ITGC. According to case study and post hoc confirmations conducted with two experts, the evaluation model can be accepted by CPAs and employed to enhance the efficiency of ITGC assessment for CPAs to meet the challenges in a dynamic information technology environment.
This paper focuses on the synergy of business and security requirements to create a holistic methodology or approach. The integration revolves around the concept of total quality management to ...measure the security posture and is based on the premise that security requirements must be aligned and fused with the business' objectives. The postulated security methodology has extended the total quality management and business excellence philosophies to create a new security excellence approach. The American National Institute of Standards and Technology's metrics are used as benchmarks to determine the security areas that should be addressed while the European Framework for Quality Management is used to reflect the integration with the National Institute of Standards and Technology's metrics and to represent the domains in a business excellence approach. The fusion is then extended to the Control Objectives for Information and Related Technology and, finally, to the international Standard ISO/IEC 17799 (Information technology - security techniques - Code of practice for information security management) to depict the merger between security and business domains along a TQM approach and to be transferable to any standard or regulation by being able to incorporate acceptable security requirements into the underlying framework.
Practical guidance on COBIT®5 implementationCOBIT®5 (Control Objectives for Information and related Technology) is the latest release of the popular framework for the governance of enterprise IT. It ...links controls, technical issues and business risks, enabling managers to manage the risks associated with business goals.
Covers all key concepts of COBIT®5
Written for IT service managers, consultants and other practitioners in IT governance, risk and compliance, this practical book discusses all the key concepts of COBIT®5, and explains how to direct the governance of enterprise IT (GEIT) using the COBIT®5 framework. The book also covers the main frameworks and standards supporting GEIT, discusses the ideas of enterprise and governance, and shows the path from corporate governance to the governance of enterprise IT.
Drawing on more than 30 years of experience in the IT sector, the author explains crucial concepts, including:
the key elements of COBIT®5, the 5 principles, 7 enablers and the goals cascadethe structure of the 37 COBIT®5 processesthe implementation of GEIT using COBIT®5 and an implementation lifecyclethe COBIT®5 Process Assessment Model (PAM) - the approach to process assessment of COBIT®5 processes based on International Standard ISO/IEC 15504.
Prepare for the COBIT®5 Foundation exam
For those studying for the COBIT®5 qualifications,Governance of Enterprise IT based on COBIT®5covers all the material needed for the COBIT®5 Foundation course, making it invaluable to anyone planning to take the exam.
Read this book and get to grips with COBIT®5 today.
Web 2.0 applications are continuously moving into the corporate mainstream. Each new development brings its own threats or new ways to deliver old attacks. The objective of this study is to develop a ...framework to identify the security issues an organisation is exposed to through Web 2.0 applications, with specific focus on unauthorised access. An extensive literature review was performed to obtain an understanding of the technologies driving Web 2.0 applications. Thereafter, the technologies were mapped against Control Objectives for Information and related Technology and Trust Service Principles and Criteria and associated control objectives relating to security risks. These objectives were used to develop a framework which can be used to identify risks and formulate appropriate internal control measures in any organisation using Web 2.0 applications. Every organisation, technology and application is unique and the safeguards depend on the nature of the organisation, information at stake, degree of vulnerability and risks. A comprehensive security program should include a multi-layer approach comprising of a control framework, combined with a control model considering the control processes in order to identify the appropriate control techniques.
This paper analyses relevant IT governance and security frameworks/standards used in IT assurance and security to propose an integrated framework for ensuring effective PCI DSS implementation. ...Merchants dealing with credit cards have to comply with the Payment Card Industry Data Security Standards (PCI DSS) or face penalties for non-compliance. With more transactions based on credit cards, merchants are finding it costly and increasingly difficult to implement and interpret the PCI standard. One of the top reasons cited for merchants to fail PCI audit, and a leading factor in data theft, is the failure to adequately protect stored cardholder data. Although implementation of the PCI DSS is not a guarantee for perfect protection, effective implementation of the PCI standards can be ensured through the divergence of the PCI standard into wider information security governance to provide a comprehensive overview of information security based not only on security but also security audit and control. The contribution of this paper is the development of an integrated comprehensive security governance framework for ‘information security’ (rather than data protection) incorporating Control Objectives for Information and related Technology (COBIT), Information Technology Infrastructure Library (ITIL) and ISO 27002.
The COBIT - Control Objectives for Information and related Technology corresponds to a structure that embraces all the activities related to the "informatics" for the Information Technology (IT) ...governance, while the ITIL - Information Technology Infrastructure Library helps in the definition of the processes associated to the IT services which complements the initiative of businesses processes. In general, the ITIL is centered on the best practices in order to ensure the delivery and support of the IT services. These two frameworks (or guidelines) are widely recognized by their complementarity for the IT governance. In this context, after the applicability of the certification of quality services (in particular the ISO 9001 standard) in a Portuguese Private School of the basic and secondary levels, this work was centered in the study, implementation and use of ITIL and COBIT frameworks with the purpose of management and control the IT and in this way, ensure the IT and Information Systems (IS) governance in the institution. The implementation of these frameworks in the institution made possible the management and control of the IT and IS, bringing advantages in terms of performance and efficiency of the quality of the services, as well as a more efficient monitoring in the control of the technological infrastructure, namely through the reduction of 23% in the number of time spent on the accomplishment of tasks; in the reduction of 25% in the number of incidents that were solved and closed by the several information technology services, as well as in the reduction of 10% in the number of reopened incidents.
Nowadays, many organizations begin to implement internationally recognized frameworks or methodologies that are all aiming at optimizing the efficiency of IT: increasing speed, quality, benefits or ...reducing costs, they all pretend to be THE model to optimize the use of IT. But, which one to choose? Can an organization implement more than one framework/methodology? Are they complementary? What does the reality reflect? To answer those questions, we are going to briefly compare five of the most famous well-recognized frameworks/methodologies: IT Governance Framework; Capability Maturity Model (CMM); Control Objectives for Information and related Technology (COBIT); Information Technology Infrastructure Library (ITIL) and, finally the well known Total Quality Management (TQM). We will examine to what extent they are different, similar or complementary. As a conclusion, we will propose and design a model that could eventually be used to inderstand how these five frameworks complement or fit with each other.
Abstract
Objectives
In healthcare, a variety of quality management practices are used. Although they are important sources for quality improvement initiatives, they do not focus on each particular ...process. On the other hand, ‘Control Objectives for Information and Related Technologies’ (COBIT) offers a well-defined process representation structure for representing potential process improvements. The objective of this study was to adopt the COBIT structure for healthcare processes and assess the applicability of such process representations.
Design
A two-round Delphi technique was applied: in round 1, open-ended interviews were performed with the participants; in round 2, the participants responded to the web questionnaire.
Settings
The participants provided their opinion between 11 September 2018 and 26 June 2019.
Participants
It included 37 members of an expert panel from 8 European countries.
Intervention
N/A
Main Outcome Measures
In round 1, strengths, weaknesses, opportunities and threats indicators of using the proposed structure in healthcare were identified. These were evaluated on a 9-point Likert scale in round 2.
Results
All participants noted that elements of the COBIT process representation structure were suitable for representing healthcare processes. The consensus was reached only for strengths and opportunities indicators.
Conclusions
A set of processes represented with the suggested structure has the potential to become a valid reference in healthcare quality improvements initiatives, as COBIT in IT domain. Despite the fact that the expert panel members confirmed the applicability of the COBIT process representation structure for healthcare processes, the identified weaknesses and threats cannot be ignored.