Global ETD Search

91	Cloud computing : COBIT-mapped benefits, risks and controls for consumer enterprises Enslin, Zacharias 03 1900 (has links) Thesis (MComm)--Stellenbosch University, 2012. / ENGLISH ABSTRACT: Cloud computing has emerged as one of the most hyped information technology topics of the decade. Accordingly, many information technology service offerings are now termed as cloud offerings. Cloud computing has attracted, and continues to attract, extensive technical research attention. However, little guidance is given to prospective consumers of the cloud computing services who may not possess technical knowledge, or be interested in the in-depth technical aspects aimed at information technology specialists. Yet these consumers need to make sense of the possible advantages that may be gained from utilising cloud services, as well as the possible incremental risks it may expose an enterprise to. The aim of this study is to inform enterprise managers, who possess business knowledge and may also be knowledgeable on the main aspects of COBIT, on the topic of cloud computing. The study focuses on the significant benefits which the utilisation of cloud computing services may bring to a prospective consumer enterprise, as well as the significant incremental risks this new technological advancement may expose the enterprise to. Proposals of possible controls that the prospective consumer enterprise can implement to mitigate the incremental risks of cloud computing are also presented. / AFRIKAANSE OPSOMMING: “Cloud computing” (wolkbewerking) het na vore getree as een van die mees opspraakwekkende inligtingstegnologieverwante onderwerpe van die dekade. Gevolglik word talle inligtingstegnologie-dienste nou as “cloud”-dienste aangebied. Uitgebreide aandag in terme van tegnologiese navorsing is en word steeds deur “cloud computing” ontlok. Weinig aandag word egter geskenk aan leiding vir voornemende verbruikers van “cloud”-dienste, wie moontlik nie tegniese kennis besit nie, of nie belangstel in die diepgrondige tegniese aspekte wat op inligtingstegnologie-spesialiste gemik is nie. Tog moet hierdie verbruikers sin maak van die moontlike voordele wat die gebruik van “cloud”-dienste mag bied, asook die moontlike inkrementele risiko’s waaraan die onderneming blootgestel mag word. Die doel van hierdie studie is om die bestuurders van ondernemings, wie besigheidskennis besit en moontlik ook kundig is oor die hoof aspekte van COBIT, in te lig oor wat “cloud computing” is. Die studie fokus op die beduidende voordele wat die benutting van “cloud computing”-dienste aan die voornemende verbruikersonderneming mag bied, asook die beduidende inkrementele risiko’s waaraan die onderneming blootgestel mag word as gevolg van hierdie tegnologiese vooruitgang. Voorstelle van moontlike beheermaatreëls wat die voornemende verbruikersonderneming kan implementeer ten einde die inkrementele risiko’s van “cloud computing” teë te werk word ook aangebied. Cloud computing Information technology -- Evaluation Dissertations -- Accountancy Theses -- Accountancy Dissertations -- Computer auditing Theses -- Computer auditing Accounting
92	Addressing the incremental risks associated with social media by using the cobit 5 control framework Gerber, Petro 04 1900 (has links) Thesis (MComm)--Stellenbosch University, 2015. / ENGLISH ABSTRACT: Social media offers great opportunities for businesses and the use thereof will increase competitiveness. However, social media also introduce significant risks to those who adopt it. A business can use existing IT governance control framework to address the risks introduced by social media. However a business should combine existing control frameworks for adequate and complete IT governance. This study was undertaken to help businesses to identify incremental risks resulting from the adoption of social media and to develop an integrated IT governance control framework to address these risks both at strategic and operational level. With the help of the processes in COBIT 5, this study provides safeguards or controls which can be implemented to address the IT risks that social media introduce to a business. By implementing the safeguards and controls identified from COBIT 5, a business ensures that they successfully govern the IT related risks at strategic level. This study also briefly discuss the steps that a business can follow to ensure IT related risks at operational level is addressed through the implementation of configuration controls. / AFRIKAANSE OPSOMMING: Sosiale media bied groot geleenthede vir besighede en die gebruik daarvan sal mededingendheid verhoog. Sosiale media hou ook egter beduidende risiko's in vir diegene wat dit aanneem. 'n Besigheid kan bestaande Informasie Tegnologie (IT) kontrole raamwerke gebruik om die risiko's wat ontstaan as gevolg van die gebruik van sosiale media aan te spreek. Vir voldoende en volledige IT korporatiewe beheer moet 'n besigheid egter bestaande kontrole raamwerke kombineer. Hierdie studie is onderneem om besighede te help om die toenemende risiko's wat ontstaan as gevolg van die gebruik van die sosiale media, te identifiseer en om 'n geïntegreerde IT kontrole raamwerk te ontwikkel om hierdie risiko's op strategiese sowel as operasionele vlak aan te spreek. Met die hulp van die prosesse in COBIT 5 voorsien hierdie studie voorsorgmaatreëls of kontroles wat geïmplementeer kan word om die IT-risiko's waaraan die besigheid, deur middel van sosiale media blootgestel is, aan te spreek. Deur die implementering van die voorsorgmaatreëls en kontroles soos geïdentifiseer uit COBIT 5, verseker ŉ besigheid dat hulle die IT-verwante risiko's op strategiese vlak suksesvol beheer. Hierdie studie bespreek ook kortliks die stappe wat 'n besigheid kan volg om te verseker dat IT-verwante risiko's op operasionele vlak aangespreek word deur die implementering van konfigurasie kontroles. Social media risks UCTD Social media Computer security Social media -- Security measures Risk management
93	Benefits, business considerations and risks of big data Smeda, Jorina 04 1900 (has links) Thesis (MComm)--Stellenbosch University, 2015. / ENGLISH ABSTRACT: Big data is an emerging technology and its use holds great potential and benefits for organisations. The governance of this technology is something that is still a big concern and as aspect for which guidance to organisations wanting to use this technology is still lacking. In this study an extensive literature review was conducted to identify and define the business imperatives distinctive of an organisation that will benefit from the use of big data. The business imperatives were identified and defined based on the characteristics and benefits of big data. If the characteristics and benefits are clear, the relevant technology will be better understood. Furthermore, the business imperatives provide business managers with guidance to whether their organisation will benefit from the use of this technology or not. The strategic and operational risks related to the use of big data were also identified and they are discussed in this assignment, based on a literature review. The risks specific to big data are highlighted and guidance is given to business managers as to which risks should be addressed when using big data. The risks are then mapped against COBIT 5 (Control Objectives for Information and Related Technology) to highlight the processes most affected when implementing and using big data, providing business managers with guidance when governing this technology. / AFRIKAANSE OPSOMMING: ‘Big data’ is 'n ontwikkelende tegnologie en die gebruik daarvan hou baie groot potensiaal en voordele vir besighede in. Die bestuur van hierdie tegnologie is egter ŉ groot bron van kommer en leiding aan besighede wat hierdie tegnologie wil gebruik ontbreek steeds. Deur middel van 'n uitgebreide literatuuroorsig is die besigheidsimperatiewe kenmerkend van 'n besigheid wat voordeel sal trek uit die gebruik van ‘big data’ geïdentifiseer. Die besigheidsimperatiewe is geïdentifiseer en gedefinieer gebaseer op die eienskappe en voordele van ‘big data’. Indien die eienskappe en voordele behoorlik verstaan word, is 'n beter begrip van die tegnologie moontlik. Daarbenewens bied die besigheidsimperatiewe leiding aan bestuur sodat hulle in staat kan wees om te beoordeel of hulle besigheid voordeel sal trek uit die gebruik van hierdie tegnologie of nie. Die strategiese en operasionele risiko's wat verband hou met die gebruik van ‘big data’ is ook geïdentifiseer en bespreek, gebaseer op 'n literatuuroorsig. Dit beklemtoon die risiko's verbonde aan ‘big data’ en daardeur word leiding verskaf aan besigheidsbestuurders ten opsigte van watter risiko's aangespreek moet word wanneer ‘big data’ gebruik word. Die risiko's is vervolgens gekarteer teen COBIT 5 (‘Control Objectives for Information and Related Technology’) om die prosesse wat die meeste geraak word deur die gebruik van ‘big data’ te beklemtoon, ten einde leiding te gee aan besigheidsbestuurders vir die beheer en kontrole van hierdie tegnologie. UCTD Big data Big data -- Risk management
94	Análise da governança de tecnologia da informação para reduzir problemas de agência: estudo em assimetria da informação Coser, Tiago 17 December 2015 (has links) Submitted by Silvana Teresinha Dornelles Studzinski (sstudzinski) on 2016-02-18T14:53:03Z No. of bitstreams: 1 Tiago Coser_.pdf: 1143518 bytes, checksum: 1ab49a0e3a1cd5b419cae7912e0ad87c (MD5) / Made available in DSpace on 2016-02-18T14:53:03Z (GMT). No. of bitstreams: 1 Tiago Coser_.pdf: 1143518 bytes, checksum: 1ab49a0e3a1cd5b419cae7912e0ad87c (MD5) Previous issue date: 2015-12-17 / CAPES - Coordenação de Aperfeiçoamento de Pessoal de Nível Superior / UNISINOS - Universidade do Vale do Rio dos Sinos / A problemática resultante da separação entre propriedade e controle do capital é direcionada, nesta pesquisa, para o nível operacional e considera o fundamento assimetria da informação. Este estudo analisou como a Governança de Tecnologia da Informação (GTI) pode contribuir para reduzir problemas de agência. A relação de agência foi delimitada entre diretores (principal) e gerentes (agente) das áreas Administrativa e Comercial. Trata-se de uma pesquisa descritiva, com abordagem qualitativa, desenvolvida por meio de um estudo de caso único em uma indústria sediada no estado do Rio Grande do Sul. Os principais resultados indicam que os problemas de agência não se limitam a informações e ações ocultas no ambiente pesquisado, mas, também, se devem a fragilidades nos recursos e fluxos de informações que suportam os processos de delegação e monitoramento de atividades entre diretores e gerentes. As principais contribuições da GTI para reduzir o problema de agência associam-se, prioritariamente, ao alinhamento entre a TI e os objetivos do negócio, nos processos de planejamento, construção, entrega e monitoramento de serviços de TI. Estas visando a padronizar processos de negócio e a reduzir a dependência humana nas etapas dos mesmos. / The resulting separation issues of ownership and control of capital is directed in this research to the operational level and considers the foundation asymmetry of information. This study examined how the Information Technology (IT) Governance can help reduce agency problems. The agency relationship was established between directors (principal) and managers (agent) of the Administrative and Commercial areas. It is a descriptive research with a qualitative approach, developed through a unique case study in an industry based in the state of Rio Grande do Sul. The main results indicate that agency problems are not limited to information and hidden actions the researched environment, but also are due to weaknesses in resources and information flows supporting the delegation process and monitoring activities among directors and managers. The main contributions of the IT governance to reduce the agency problem are associated primarily to the alignment between IT and business objectives in the planning, construction, delivery and monitoring of IT services. It seeks to standardize business processes and reduce human dependence on the steps of the same. Problema de agência Assimetria da informação Processos de TI Information technology governance Agency problem Information asymmetry IT processes COBIT 5
95	O papel da controladoria das empresas na avaliação dos investimentos em tecnologia da informação Ogassavara, Tomio 21 October 2010 (has links) Made available in DSpace on 2016-04-25T18:39:34Z (GMT). No. of bitstreams: 1 Tomio Ogassavara.pdf: 943190 bytes, checksum: 559c3e282d74eb3a6c608ba1cf10e073 (MD5) Previous issue date: 2010-10-21 / Due to the economies and markets globalization, the information technology has increased its participation in all areas of business, creating new challenges for business management. On this context the controller responsible for providing and managing the information systems control and performance evaluation of the company needs to increase his participation on investment management of information technology. IT Governance has become well known, especially after Sarbanes-Oxley law has been implemented by organizations in order to gain better IT control management and attend demands from control´s organizations. This study aims to verify how the controller evaluates and manages IT investments, as well as his uses IT governance structure outlined in VAL IT. The research methodology used was qualitative research and exploratory-descriptive type. The data collections were used questionnaires and interviews. In questionnaire was used the Maturity Model. The research was conducted in European conglomerate business located in Mercosur operating on segments like plastics, chemicals and pharmaceuticals. The literature revision procedures applied in this study used literature research, documents, materials published in books, magazines, specialized dictionaries, theses, dissertations and internet / Com a globalização das economias e mercados, a tecnologia da informação vem aumentado a sua participação em todas as áreas de negócios, criando novos desafios para os gestores das empresas. Neste contexto a Controladoria responsável pelo fornecimento e gestão dos sistemas de informações de controle e avaliação de desempenho da empresa precisa participar cada vez mais da gestão dos investimentos da tecnologia da informação das organizações. A Governança de TI que se tornou mais conhecida, principalmente após a Lei Sarbanes-Oxley, tem sido implementada por organizações que buscam obter melhor controle de gestão em TI, além de atender os órgãos de controle. Este estudo tem como objetivo verificar como a controladoria analisa e faz gestão dos investimentos em TI, bem como se faz uso da estrutura de governança de TI preconizadas no VAL IT. A metodologia da pesquisa utilizada foi a qualitativa e o tipo de pesquisa exploratório-descritiva. Para a coleta de dados foram utilizados questionário e entrevistas. No questionário utilizou-se o Modelo de Maturidade. A pesquisa foi efetuada em um conglomerado empresarial europeu atuante no Mercosul com participação no segmento plástico, químico e farmacêutico. Foi efetuada também uma revisão da literatura e se deu por meio de pesquisa bibliográfica, documental, materiais publicados em livros, revistas, dicionários especializados, teses, dissertações e em meio eletrônico Controladoria Governança de TI COBIT VAL IT Investimento em TI Controle Valor ótimo Controlling IT Governance IT Investment Control Optimal value
96	Hodnocení přístupů k analýze bezpečnostních rizik / Assessment of approaches to security risk analysis Koudela, Radek January 2010 (has links) Risk management is a process through which organizations are methodically devoted to the risks associated with their activities in order to get the biggest benefit from their business. It is also a rapidly developing field, where there is a variety of different approaches, methods, methodologies and standards in which may be little confusing. Therefore, this work offers a comprehensive and systematic view on the issue of risk analysis and management. Risk analysis is a cornerstone for effective security management of each company used for identification, description and quantification of risks, which should lead to acceptance of suitable measures for risk treatment. That is the reason why it requires a careful and methodical procedure described in this work. The main objective of this work is to analyse different approaches to risk analysis and management and thus highlight the importance of information security and protection of corporate assets. This approaches need to be understood as a different levels of detail of conducted risk analysis which will depend on initial maturity level (according to the CMM -- Capability Maturity Model) of information security process. The theoretical part of this thesis will explain relevant methodologies, techniques and procedure of risk analysis based on the ISO 27005 standard. From this part reader should learn what risk analysis is, what is it used for, how can it be carried out and what standards and methods can be used. The practical part will solve a real risk analysis project, which will demonstrate application of information obtained in the theoretical part.
97	Avalia????o da capacidade dos processos de governan??a corporativa de TI baseda no COBIT 5 / Avalia????o da percep????o da conformidade de processos de contrata????o de solu????es de tecnologia da informa????o com a instru????o normativa 04/2010 da SLTI Santos, Diana Leite Nunes dos 05 August 2013 (has links) Submitted by Kelson (kelson@ucb.br) on 2016-07-18T12:07:22Z No. of bitstreams: 1 DianaLeiteNunesdosSantosDissertacao2013.pdf: 2232490 bytes, checksum: d0f04d5a5aa136b8228c17afb63807e4 (MD5) / Made available in DSpace on 2016-07-18T12:07:22Z (GMT). No. of bitstreams: 1 DianaLeiteNunesdosSantosDissertacao2013.pdf: 2232490 bytes, checksum: d0f04d5a5aa136b8228c17afb63807e4 (MD5) Previous issue date: 2013-08-05 / COBIT 5 provides a separation of governance and management processes along with a new assessment approach that focus on process capability. This paper describes such assessment performed at a Brazilian government institution that resulted in 40% of the governance processes at level 0 ??? incomplete process and 60% at level 1 ??? performed process. Given the role of governance, fragilities in its processes may reflect negatively in management and additional research should include a closer look at this relationship. For this particular institution, it is expected that all governance processes are performed (level 1) by the next two years, which is a goal towards an efficient and effective governance system. The following barriers to the application of this self-assessment were found: lack of knowledge on COBIT 5 processes from the assessed institution and the extension of the questionnaire which had 33 questions in its final version. When compared to COBIT 4.1 assessment model, the results were lower, as the same organization was classified in level 2 - repeatable but intuitive. The previous model is also easier and faster to apply. This comparison should be done carefully for the models are very different in its design and use. Finally, the proposed objectives were met: the mechanism is repeatable and can be used in the future to create a historic base; it can be performed as a selfassessment and is expected to be completed, in a medium size IT department, in a four hour time limit. / O COBIT 5 traz a separa????o dos processos de governan??a e gerenciamento e uma nova abordagem de avalia????o com foco na capacidade dos processos. Esse artigo descreve a aplica????o deste tipo de avalia????o em uma institui????o governamental brasileira, que resultou em 40% dos processos de governan??a no n??vel 0 ??? processo incompleto, e 60% no n??vel 1 - processo executado. Dado o papel da governan??a, fragilidades em seus processos podem refletir negativamente no gerenciamento da TI da institui????o e pesquisas adicionais devem incluir um aprofundamento neste relacionamento. Para esta institui????o, em particular, ?? esperado que todos os processos de governan??a passem a ser executados (n??vel 1) nos pr??ximos dois anos, que ?? um objetivo no rumo de um sistema de governan??a eficiente e eficaz. As seguintes barreiras na aplica????o desta autoavalia????o foram encontradas: falta de conhecimento dos processos do COBIT 5 por parte da institui????o avaliada e extens??o do question??rio, que chegou a 33 perguntas em sua vers??o final. Quando comparado com o modelo de avalia????o do COBIT 4.1, os resultados foram inferiores, com a mesma organiza????o sendo classificada no n??vel 2 ??? repet??vel mas intuitivo. O modelo anterior ?? tamb??m mais r??pido e f??cil de aplicar. Essa compara????o deve ser feita com cuidado j?? que os modelos s??o muito diferentes em seu desenho e uso. Finalmente, os objetivos propostos foram alcan??ados: o mecanismo ?? repet??vel e pode ser usado futuramente para criar uma base hist??rica; ele pode ser aplicado como uma autoavalia????o e ?? esperado que seja completado, numa institui????o com uma ??rea de TI de m??dio porte, em at?? quatro horas. Gest??o Conhecimento Tecnologia da Informa????o Avalia????o da Governan??a de TI Avalia????o da Maturidade da Capacidade COBIT 5 Processos de Governan??a
98	Análise de processos de tecnologia da informação para o disclosure da informação contábil Lazzari, Robson Luis Meneguzzi 15 March 2016 (has links) Submitted by Silvana Teresinha Dornelles Studzinski (sstudzinski) on 2016-06-14T15:26:55Z No. of bitstreams: 1 Robson Luis Meneguzzi Lazzari_.pdf: 2737794 bytes, checksum: 9dadff38c69edaabec05da0277f10c14 (MD5) / Made available in DSpace on 2016-06-14T15:26:55Z (GMT). No. of bitstreams: 1 Robson Luis Meneguzzi Lazzari_.pdf: 2737794 bytes, checksum: 9dadff38c69edaabec05da0277f10c14 (MD5) Previous issue date: 2016-03-15 / UNISINOS - Universidade do Vale do Rio dos Sinos / O objetivo deste estudo foi analisar como os processos de TI contribuem para o disclosure da informação contábil. Esta investigação foi realizada com relação ao disclosure das informações contábeis para a gestão da empresa, envolvendo os principais agentes internos nesse processo. A metodologia de pesquisa baseia-se em um estudo de caso realizado no segundo semestre de 2015, em uma empresa atuante no setor moveleiro do Rio Grande do Sul. Os dados coletados foram analisados por meio de análise de conteúdo. Os resultados encontrados indicam como os processos de TI contribuem para o disclosure da informação contábil, identificando e analisando os principais aspectos de disclosure que devem ser priorizados pelos processos de TI para disponibilizar informações mais assertivas e de qualidade para a gestão da organização. Neste contexto, no caso investigado, os aspectos prioritários são os de acessibilidade – acesso às informações por qualquer recurso de TI e em qualquer lugar –, garantia da segurança – dos dados e informações –, assegurar a integridade, agilidade (tempestividade) na disponibilização, alinhamento com a estratégia do negócio, disponibilização de controles e recursos de monitoramento de despesas e receitas, transparência dos processos de negócio de TI, criação de confiança – nos recursos de TI e no disclosure de suas informações – e alinhamento com fatores externos (como leis). / The objective of this study was to analyze how IT processes contribute to the disclosure of accounting information. This research was conducted with a relation of the disclosure of accounting information for management of the company, involving the main internal actors in this process. The research methodology is based on a case study realized in the second half of 2015 in a furniture industry of Rio Grande do Sul. The collected data were analyzed using content analysis. The results indicate how IT processes contribute to the disclosure of accounting information, identifying and analyzing the main aspects of disclosure that should be prioritized by IT processes to deliver information more assertiveness and quality to management of the organization. In this context, in the investigated case, the priority aspects are accessibility - access to information by any IT resource in anywhere - ensuring security – of Data and information - to ensure the integrity, agility (timing) in disclosure, alignment with the business strategy, providing control and monitoring capabilities of revenue and expenditure, transparency of IT business processes, creating confidence - the IT resources and disclosure of your information - and alignment with external factors (such as laws). Sistemas de Informação (SI) COBIT 5 Disclosure Information technology (IT) governance Information systems
99	Alineamiento de Marco COBIT y Normas PCI para aplicarse al proceso de tarjeta de crédito en una entidad financiera Fuentes Rivera, Jessica Vallejos January 2010 (has links) Busca alinear los requisitos normados por la industria de tarjeta de pago (PCI) con el marco conceptual COBIT, con el propósito de optimizar los procesos de tarjeta de crédito obteniendo una matriz de asignación de responsabilidades, un modelo de madurez y una gestión de prevención de los riesgos del fraude y así mantener la información que la empresa necesita para lograr sus objetivos. El proceso de tarjeta de crédito reúne una serie de debilidades correspondientes a la seguridad de la información, las entidades financieras no son ajenas a diferentes tipos de ataques, entre ellos incluidos el fraude interno, el cual afecta a la imagen del negocio. / Trabajo de suficiencia profesional Bancos - Sistemas de seguridad Encriptación de datos (Computación) Ingeniería de Sistemas y Comunicaciones
100	Comment la répartition des rôles et tâches influence l'efficacité du support et des opérations informatiques Bouvrette, Nicolas 05 1900 (has links) (PDF) Cette recherche porte sur les facteurs d'influence de l'efficacité des opérations et du support TI. Plus précisément nous cherchons à connaître l'impact de la répartition des rôles et des tâches sur l'efficacité. En identifiant ces facteurs, il serait possible d'aider de futures recherches ou projets afin de modéliser une situation organisationnelle optimale. Plusieurs référentiels connus ont tenté de généraliser les meilleures pratiques dans ce domaine, mais ce sujet reste largement sous-exploité par le milieu académique. Nous avons donc tenté de percer le mystère des facteurs d'influence et de comprendre si la répartition de rôles et des tâches a un impact important sur l'efficacité. En second lieu, plusieurs autres variables ont été ajoutées à l'analyse telles que la maturité, la performance, les outils, les compétences et la situation professionnelle. C'est à l'aide des référentiels existants (ITIL, COBIT, MOF, etc.) que la revue de littérature a permis d'établir les variables entourant la question principale de cette recherche. Les facteurs d'influence retenus pour cette recherche ont alors été utilisés afin de construire un questionnaire permettant de faire la lumière sur les interrelations existantes dans le secteur professionnel montréalais. Une fois les données collectées, plusieurs méthodes d'analyse statistique ont été utilisées afin de trouver toutes relations existantes parmi ces variables. Les résultats sont quand même intéressants, même s'ils démontrent que la répartition des rôles et des tâches semble avoir une faible influence sur l'efficacité. On explique en partie cette situation à l'aide des variables concernant l'expertise requise afin d'exécuter les tâches spécifiques aux opérations et support TI. Le résultat final semble sensiblement le même, peu importe qui est responsable de ces tâches. Ce même constat s'applique autant aux tâches bien maîtrisées que celles moins connues par les professionnels du secteur. Par contre, d'autres liens seront découverts et discutés, tels que l'influence de l'utilisation d'outils sur la performance ainsi que celle de la maturité sur l'efficacité. ______________________________________________________________________________ MOTS-CLÉS DE L’AUTEUR : rôles, tâches, opérations, support, TI, efficacité, performance, maturité, outils, ITIL, COBIT, MOF. COBIT (Norme informatique) Efficacité organisationnelle Organisation du travail Processus d'affaires Soutien informatique Service informatique MOF (Microsoft Operations Framework)

Search results