81 |
IT Process and Governance Framework Adoption in Ghanaian Firms; Extent of Progress and Influencing FactorsLumor, Truth January 2012 (has links)
Gradually, the physical and geographically restricted marketplace is eroding and giving room to a more vibrant and competitive virtual marketplace – J.F Rayport and J.J Sviokla referred to it as the ―marketspace‖ (J.F. Payport, 1995). Technological advancement is the causative agent of this rapid change. As customers become increasingly complex and find sustained satisfaction in the marketspace, pressure keeps mounting on enterprises to adjust and seek suitable dance to the new rhythm. More prepared enterprises like e-bay and FEDEX have taken advantage of this rapid change to emerge competitive in the marketspace whist others dawdle behind. Enterprises especially in developing economies like Ghana, are increasingly investing enterprise resources in IT infrastructure, and accompanying applications and services to take advantage of the new marketplace and emerge competitive nationally and perhaps, in the process, gain global competitiveness. Are firms having strategic frameworks that guide these investments? And what are the factors that influence the adoption of these frameworks? Are there enabling national and firm level mechanisms to support IT investments? These are the questions that the research seeks to respond to. The research discovered Ghana’s strategic initiatives aimed at providing enabling infrastructure, regulatory and business environment to support the adoption of ICTs into public and civil service, and to also promote the performance and competitiveness of its industries and firms. At firm level, the research investigated the factors that influence the adaptation and effective implementation of IT Governance frameworks in enterprises. The research found education, external business environment, and extent of IT investment, statistically significant in driving IT process and governance framework adoption. It was therefore, recommended that regulatory institutions, educational institutions, market players and managers of firms contribute to the enhancement of these predictor variables to further improve ICT, IT process and IT governance framework adoption in Ghana. It was also recommended that later research should be undertaken to re-evaluate the performance and progress made by Ghanaian firms, and to possibly discover other drivers of ICT, ITprocess and IT governance framework adoption. / IT Process and Governance framework adoption in Ghana is relatively new. The research identifies Education, Level of IT investment and the Business Environment to be the most influential factors in promoting IT process and governance framework adoption in Ghana. / +233-246655744 / +233 - 201111216
|
82 |
Exploring the governance of IT in SMEs in SmålandAjegunma, Solomon, Abdirahman, Zakaria, Raza, Hassan January 2012 (has links)
With many research available on IT governance, this research differs from most of them due to its delimitation. The focus of this research lies in the two domains of value creation and performance measurement. Furthermore, the area of research has been small and medium Enterprises located in the area of Småland, Sweden. Brisebois, Boyd & Shadid (2001) gave us the following definition of IT governance: “How those persons entrusted with governance of an entity will consider IT in their supervision, monitoring, control, and direction of the entity. How IT is applied will have an immense impact on whether the entity will attain its vision, mission, or strategic goal.” An objective of IT governance is to align the IT resources of an enterprise in a way that it fast-tracks the business priorities of the enterprise and assures that the investments in IT generates business value and that the IT is performing to its expectations. The research questions and the outcome of this research paper sheds light on the challenges of both value creation and performance measurement within the SMEs, but it also showcases what the driving forces of IT value creation are and which benefits arise from measuring the IT performance within the SMEs. Through semi-structured interviews with four SMEs, based in the region of Småland, numerous amounts of challenges and driving forces for IT value creation and challenges and benefits to measuring IT performance have been extracted. Based on the extracted information from the interviews, an analysis and a conclusion have been formed by the authors. In the end, the authors provide their thoughts for suggestions for further work and how all of this contributes to the field of Informatics.
|
83 |
Procesy IS/ICT a jejich mapování ke standardům v oblasti IS/ICT / IS / ICT processes and their mapping to the standards and frameworks in the area of IS / ICTDvořák, Jan January 2011 (has links)
The aim of this thesis is to define the audit issues regarding IS/ICT sector, creating a summary of standards, frameworks and best practices in IS/ICT - usable for IS auditing and mutual mapping of selected standards to the chosen reference framwork of ICT and following related goal is to make a procedure for the mapping of IT processes on standards in the field of IS/ICT. The aim of this thesis is description and mapping of the most important methodologies, standards and best practices related to the management and audit of IS/ICT and following related goal is building a procedure that allows the company to assess readiness for the certification of any of the selected standards, implement an alternative methodology for IT management or audit IS/ICT. First, the notion of audit is defined and discussed, followed by the discussion of the issue of IT audit, together with the financial audit. This is followed by a description of the different methodologies and approaches, which I used in my work. The chapter continues the description of methodology section that describes the mapping results. The actual mapping is in a separate Excel file and is part of this thesis. In the next chapter there is a procedure for mapping of business processes to different methodologies and standards used for management and audit of IS / ICT, which was created by myself.
|
84 |
IT Risk register / Registr IT rizikKohout, Karel January 2011 (has links)
The theoretical part of the thesis analyzes several selected methodologies and best-practices related to information technology risks management, with focus on documents and guidance developed by ISACA. It builds a set of ideas and basic requirements for effective model of an IT risk register. Strong emphasis is placed on mapping CobiT 4.1 based Risk IT to COBIT 5. The practical part describes implementation of an exploratory web-based IT risk register in Python programming language utilizing the Django framework and employs concepts from the analysis.
|
85 |
Audit IS - teorie a praxe / IS Audit - Theory and PracticeFišera, Martin January 2013 (has links)
The thesis covers the issue of IS audit in all its breadth. On the basis that this is a very complex area, it was necessary to divide the work into several logical and subsequent chapters. Quality and audit are the key words for this job. Therefore is them given the whole first chapter that chronologically describes the evolution of these concepts. Interpretation of quality is widely described since the Greece and Rome ancient, through Total Quality Management approach to the current understanding of the normative frameworks issued by ISO. There is the term audit continuously followed in the chapter of the concept of quality, whose development is also described in detail in chronological order starting from the reading public accounts to the current form of IS audit. Especially, we focus on development of the definition of audit and the relationship between the financial audits and IS. The second - last - part of the chapter is devoted to a detailed description of the reasons for the application of IS audit in practice. Because of the large specifications of the IS audit is this characteristic position in practice given the second chapter. This chapter contains not only description of the characteristics but also a brief outline of the issue of outsourcing and CloudComputing in relation to the audit of IS. The third chapter is devoted to a normative base of IS audit. Due to a large number of normative frameworks there are analysed only selected representatives in the chapter. These include the ISO / IEC 20000, COBIT, ITIL and others. They are thoroughly described, evaluated and compared to other possibly relevant for the definition of relations and benefit evaluation. The last chapter deals with design process of IS audit at a conceptual level. The aim is to freely continue on the normative base discussed in the previous chapter and a simple, versatile, easily applicable and adaptable IS audit process regarding defined limits.
|
86 |
Bezpečnost podnikové informatiky v souvislosti s ITIL / Information Security in the context of ITILKorous, Petr January 2011 (has links)
The diploma thesis discusses information security management in the context of ITIL framework. In the introductory part is explained the concept of information security, its importance and main goals. In subsequent chapters, the work aims to explore methodologies, frameworks and standards related to information security and internal control. Selected frameworks and models and described and compared with each other based on different criteria. The comparison is also one of the benefits of the work because similar topics which compare different models of internal control and information security are quite rare in the literature. The practical part of the thesis forms new methodology on basis of researched models and standards, including ISO 27000, ITIL and COBIT. This methodology provides a relatively simple way to evaluate the level of information security in an organization. It uses process capability model which is applied on selected company. Another benefit of the thesis is the developed methodology and its demonstration on a selected company.
|
87 |
Propuesta de un modelo de implementación de gestión de servicios de tecnología de información, para la empresa de servicios informáticos / Proposal of an IT Services Management Implementation Model for an IT services companyElías Pantoja, Patricia Muriel, Hinojosa Apaza, Manuel Anderson, Ticona Palli, Henry, Vega Meléndez, Gumercindo 06 October 2020 (has links)
Una de las características que está sobresaliendo en el mercado de los Servicios de TI es mejorar y optimizar los procesos de una compañía, alineando la gestión de dichos servicios a sus objetivos como negocio, es por ello por lo que el presente trabajo de investigación tiene el objetivo principal de proponer un Modelo de Implementación de Gestión de Servicios de TI, con fundamentos en COBIT 5 y NTP-ISO/IEC 20 000 para una empresa orientada al Rubro de la tecnología de información.
Cabe señalar que el trabajo de investigación se basa en el análisis actual de la empresa con foco a los servicios TI que esta gestiona como parte de sus procesos, identificando los roles y responsabilidades que esto conlleva y los puntos de debilidad en su gestión; Luego se realiza un análisis para la propuesta de mejora en base al mapa estratégico de la organización, todo esto soportado por el marco de trabajo COBIT y de la NTP-ISO/IEC 20 000. Finalmente, se realiza un Modelo de Gestión de Servicios en base a la propuesta realizada con el objetivo mejorar la calidad y la operativa de los servicios TI en la organización, permitiendo alinear los servicios de TI con los objetivos de negocio, es decir que los servicios prestados estén orientados a las necesidades de los clientes y se adapte al mercado dinámico y global, garantizando la calidad de estos, con procesos optimizados, costos competitivos que contribuyen a la satisfacción de sus clientes y generando valor al negocio. / One of the outstanding characteristics in the IT Services market is to improve and optimize a company’s processes by aligning such services management to their business goal. That is why this investigation’s main goal is to propose an IT Services Management Implementation Model with COBIT 5 and NTP (Peruvian Technical Regulation)-ISO/IEC 20000 foundations for a company focused on the information technology field.
It is important to highlight that this investigation is based on the company’s current analysis with focus on IT services managed by them as part of their processes, identifying roles and responsibilities carried by them and weakness points in their management. Then, an analysis is made to propose an improvement on the organization’s strategic map; all of this is supported by the COBIT and NTP-ISO/IEC 20000 work frame. Finally, a Service Management Model is done based on a proposed goal to improve quality and the organization’s IT services operation, allowed to align the IT services with the business goals; that is to say that services provided are focused on the clients’ needs and they are adapted to the dynamic and global market, assuring their quality with optimized processes and competitive prices that contribute to the client’s satisfaction, and finally provide value to the business. / Trabajo de investigación
|
88 |
Implementación de un plan de control de seguridad de la información mediante la norma ISO/IEC 27002:2013 en un centro de datos: caso de estudio: Consult Export S.A.Beltrán Navarro, Roberto Alex January 2015 (has links)
Publicación a texto completo no autorizada por el autor / Implementa un plan de control interno de seguridad de la información mediante la norma ISO/IEC 27002:2013 en el centro de datos. Esto permitirá a la empresa protegerse de un amplio rango de amenazas, para asegurar la continuidad de los sistemas y los servicios que brinda, minimizar los daños a los activos que aloja en su interior y resguardar la información a través de estrategias y un conjunto adecuado de controles. Entre los resultados esperados está concientizar sobre los peligros a la que está expuesto los activos de información así como informar la existencia de 7 normas y estándares de uso internacional que pueden ser tomados como referencia para implementar, mejorar y mantener las políticas de la seguridad de la información en el centro de datos. A través de una correcta gestión del riesgo se podrá priorizar la atención a los activos que estén más expuestos. / Trabajo de suficiencia profesional
|
89 |
COBIT v malom podnikaní / COBIT in small businessSteiner, Štefan January 2010 (has links)
The aim of this work is to develop a universal procedure introducing the concept of IT Governance using COBIT methodology to a small business environment. This thesis understands COBIT as a tool with which is possible to create a new business strategy for a firm and which will provide more competitive force for the firm in the competitive fight. The main contribution of this thesis is a theoretical research, which resulted in the proposal as how should a small company (which close-up characteristic is described in more detail in the work) proceed in a case that it decides to efficiently manage, manage and control the business IS / IT. This theoretical approach is then tested as a case study on a real small enterprise.
|
90 |
Towards a framework to ensure alignment among information security professionals, ICT security auditors and regulatory officials in implementing information security in South AfricaBasani, Mandla 02 1900 (has links)
Information security in the form of IT governance is part of corporate governance. Corporate
governance requires that structures and processes are in place with appropriate checks and
balances to enable directors to discharge their responsibilities. Accordingly, information
security must be treated in the same way as all the other components of corporate
governance. This includes making information security a core part of executive and board
responsibilities.
Critically, corporate governance requires proper checks and balances to be established in an
organisation; consequently, these must be in place for all information security
implementations. In order to achieve this, it is important to have the involvement of three
key role players, namely information security professionals, ICT security auditors and
regulatory officials (from now on these will be referred to collectively as the ‘role players’).
These three role players must ensure that any information security controls implemented
are properly checked and evaluated against the organisation’s strategic objectives and
regulatory requirements.
While maintaining their individual independence, the three role players must work together
to achieve their individual goals with a view to, as a collective, contributing positively to the
overall information security of an organisation. Working together requires that each role
player must clearly understand its individual role, as well the role of the other players at
different points in an information security programme. In a nutshell, the role players must
be aligned such that their involvement will deliver maximum value to the organisation. This
alignment must be based on a common framework which is understood and accepted by all
three role players.
This study proposes a South African Information Security Alignment (SAISA) framework to
ensure the alignment of the role players in the implementation and evaluation of
information security controls. The structure of the SAISA framework is based on that of the
COBIT 4.1 (Control Objectives for Information and Related Technology). Hence, the SAISA framework comprises four domains, namely, Plan and Organise Information Security (PO-IS),
Acquire and Implement Information Security (AI-IS), Deliver and Support Information
Security (DS-IS) and Monitor and Evaluate Information Security (ME-IS).
The SAISA framework brings together the three role players with a view to assisting them to
understand their respective roles, as well as those of the other role players, as they
implement and evaluate information security controls. The framework is intended to
improve cooperation among the role players by ensuring that they view each other as
partners in this process. Through the life cycle structure it adopts, the SAISA framework
provides an effective and efficient tool for rolling out an information security programme in
an organisation / Computer Science / M. Sc. (Computer Science)
|
Page generated in 0.028 seconds