91 |
Cloud computing : COBIT-mapped benefits, risks and controls for consumer enterprisesEnslin, Zacharias 03 1900 (has links)
Thesis (MComm)--Stellenbosch University, 2012. / ENGLISH ABSTRACT: Cloud computing has emerged as one of the most hyped information technology topics of the decade. Accordingly, many information technology service offerings are now termed as cloud offerings. Cloud computing has attracted, and continues to attract, extensive technical research attention. However, little guidance is given to prospective consumers of the cloud computing services who may not possess technical knowledge, or be interested in the in-depth technical aspects aimed at information technology specialists. Yet these consumers need to make sense of the possible advantages that may be gained from utilising cloud services, as well as the possible incremental risks it may expose an enterprise to.
The aim of this study is to inform enterprise managers, who possess business knowledge and may also be knowledgeable on the main aspects of COBIT, on the topic of cloud computing. The study focuses on the significant benefits which the utilisation of cloud computing services may bring to a prospective consumer enterprise, as well as the significant incremental risks this new technological advancement may expose the enterprise to. Proposals of possible controls that the prospective consumer enterprise can implement to mitigate the incremental risks of cloud computing are also presented. / AFRIKAANSE OPSOMMING: “Cloud computing” (wolkbewerking) het na vore getree as een van die mees opspraakwekkende inligtingstegnologieverwante onderwerpe van die dekade. Gevolglik word talle inligtingstegnologie-dienste nou as “cloud”-dienste aangebied. Uitgebreide aandag in terme van tegnologiese navorsing is en word steeds deur “cloud computing” ontlok. Weinig aandag word egter geskenk aan leiding vir voornemende verbruikers van “cloud”-dienste, wie moontlik nie tegniese kennis besit nie, of nie belangstel in die diepgrondige tegniese aspekte wat op inligtingstegnologie-spesialiste gemik is nie. Tog moet hierdie verbruikers sin maak van die moontlike voordele wat die gebruik van “cloud”-dienste mag bied, asook die moontlike inkrementele risiko’s waaraan die onderneming blootgestel mag word.
Die doel van hierdie studie is om die bestuurders van ondernemings, wie besigheidskennis besit en moontlik ook kundig is oor die hoof aspekte van COBIT, in te lig oor wat “cloud computing” is. Die studie fokus op die beduidende voordele wat die benutting van “cloud computing”-dienste aan die voornemende verbruikersonderneming mag bied, asook die beduidende inkrementele risiko’s waaraan die onderneming blootgestel mag word as gevolg van hierdie tegnologiese vooruitgang. Voorstelle van moontlike beheermaatreëls wat die voornemende verbruikersonderneming kan implementeer ten einde die inkrementele risiko’s van “cloud computing” teë te werk word ook aangebied.
|
92 |
Addressing the incremental risks associated with social media by using the cobit 5 control frameworkGerber, Petro 04 1900 (has links)
Thesis (MComm)--Stellenbosch University, 2015. / ENGLISH ABSTRACT: Social media offers great opportunities for businesses and the use thereof will
increase competitiveness. However, social media also introduce significant risks
to those who adopt it. A business can use existing IT governance control
framework to address the risks introduced by social media. However a business
should combine existing control frameworks for adequate and complete IT
governance.
This study was undertaken to help businesses to identify incremental risks
resulting from the adoption of social media and to develop an integrated IT
governance control framework to address these risks both at strategic and
operational level. With the help of the processes in COBIT 5, this study provides
safeguards or controls which can be implemented to address the IT risks that
social media introduce to a business. By implementing the safeguards and
controls identified from COBIT 5, a business ensures that they successfully
govern the IT related risks at strategic level. This study also briefly discuss the
steps that a business can follow to ensure IT related risks at operational level is
addressed through the implementation of configuration controls. / AFRIKAANSE OPSOMMING: Sosiale media bied groot geleenthede vir besighede en die gebruik daarvan sal
mededingendheid verhoog. Sosiale media hou ook egter beduidende risiko's in vir
diegene wat dit aanneem. 'n Besigheid kan bestaande Informasie Tegnologie (IT)
kontrole raamwerke gebruik om die risiko's wat ontstaan as gevolg van die
gebruik van sosiale media aan te spreek. Vir voldoende en volledige IT
korporatiewe beheer moet 'n besigheid egter bestaande kontrole raamwerke
kombineer.
Hierdie studie is onderneem om besighede te help om die toenemende risiko's
wat ontstaan as gevolg van die gebruik van die sosiale media, te identifiseer en
om 'n geïntegreerde IT kontrole raamwerk te ontwikkel om hierdie risiko's op
strategiese sowel as operasionele vlak aan te spreek. Met die hulp van die
prosesse in COBIT 5 voorsien hierdie studie voorsorgmaatreëls of kontroles wat
geïmplementeer kan word om die IT-risiko's waaraan die besigheid, deur middel
van sosiale media blootgestel is, aan te spreek. Deur die implementering van die
voorsorgmaatreëls en kontroles soos geïdentifiseer uit COBIT 5, verseker ʼn
besigheid dat hulle die IT-verwante risiko's op strategiese vlak suksesvol beheer.
Hierdie studie bespreek ook kortliks die stappe wat 'n besigheid kan volg om te
verseker dat IT-verwante risiko's op operasionele vlak aangespreek word deur die
implementering van konfigurasie kontroles.
|
93 |
Benefits, business considerations and risks of big dataSmeda, Jorina 04 1900 (has links)
Thesis (MComm)--Stellenbosch University, 2015. / ENGLISH ABSTRACT: Big data is an emerging technology and its use holds great potential and benefits for
organisations. The governance of this technology is something that is still a big
concern and as aspect for which guidance to organisations wanting to use this
technology is still lacking.
In this study an extensive literature review was conducted to identify and define the
business imperatives distinctive of an organisation that will benefit from the use of
big data. The business imperatives were identified and defined based on the
characteristics and benefits of big data. If the characteristics and benefits are clear,
the relevant technology will be better understood. Furthermore, the business
imperatives provide business managers with guidance to whether their organisation
will benefit from the use of this technology or not.
The strategic and operational risks related to the use of big data were also identified
and they are discussed in this assignment, based on a literature review. The risks
specific to big data are highlighted and guidance is given to business managers as to
which risks should be addressed when using big data. The risks are then mapped
against COBIT 5 (Control Objectives for Information and Related Technology) to
highlight the processes most affected when implementing and using big data,
providing business managers with guidance when governing this technology. / AFRIKAANSE OPSOMMING: ‘Big data’ is 'n ontwikkelende tegnologie en die gebruik daarvan hou baie groot
potensiaal en voordele vir besighede in. Die bestuur van hierdie tegnologie is egter ʼn
groot bron van kommer en leiding aan besighede wat hierdie tegnologie wil gebruik
ontbreek steeds.
Deur middel van 'n uitgebreide literatuuroorsig is die besigheidsimperatiewe
kenmerkend van 'n besigheid wat voordeel sal trek uit die gebruik van ‘big data’
geïdentifiseer. Die besigheidsimperatiewe is geïdentifiseer en gedefinieer gebaseer
op die eienskappe en voordele van ‘big data’. Indien die eienskappe en voordele
behoorlik verstaan word, is 'n beter begrip van die tegnologie moontlik.
Daarbenewens bied die besigheidsimperatiewe leiding aan bestuur sodat hulle in
staat kan wees om te beoordeel of hulle besigheid voordeel sal trek uit die gebruik
van hierdie tegnologie of nie.
Die strategiese en operasionele risiko's wat verband hou met die gebruik van ‘big
data’ is ook geïdentifiseer en bespreek, gebaseer op 'n literatuuroorsig. Dit
beklemtoon die risiko's verbonde aan ‘big data’ en daardeur word leiding verskaf aan
besigheidsbestuurders ten opsigte van watter risiko's aangespreek moet word
wanneer ‘big data’ gebruik word. Die risiko's is vervolgens gekarteer teen COBIT 5
(‘Control Objectives for Information and Related Technology’) om die prosesse wat
die meeste geraak word deur die gebruik van ‘big data’ te beklemtoon, ten einde
leiding te gee aan besigheidsbestuurders vir die beheer en kontrole van hierdie
tegnologie.
|
94 |
Análise da governança de tecnologia da informação para reduzir problemas de agência: estudo em assimetria da informaçãoCoser, Tiago 17 December 2015 (has links)
Submitted by Silvana Teresinha Dornelles Studzinski (sstudzinski) on 2016-02-18T14:53:03Z
No. of bitstreams: 1
Tiago Coser_.pdf: 1143518 bytes, checksum: 1ab49a0e3a1cd5b419cae7912e0ad87c (MD5) / Made available in DSpace on 2016-02-18T14:53:03Z (GMT). No. of bitstreams: 1
Tiago Coser_.pdf: 1143518 bytes, checksum: 1ab49a0e3a1cd5b419cae7912e0ad87c (MD5)
Previous issue date: 2015-12-17 / CAPES - Coordenação de Aperfeiçoamento de Pessoal de Nível Superior / UNISINOS - Universidade do Vale do Rio dos Sinos / A problemática resultante da separação entre propriedade e controle do capital é direcionada, nesta pesquisa, para o nível operacional e considera o fundamento assimetria da informação. Este estudo analisou como a Governança de Tecnologia da Informação (GTI) pode contribuir para reduzir problemas de agência. A relação de agência foi delimitada entre diretores (principal) e gerentes (agente) das áreas Administrativa e Comercial. Trata-se de uma pesquisa descritiva, com abordagem qualitativa, desenvolvida por meio de um estudo de caso único em uma indústria sediada no estado do Rio Grande do Sul. Os principais resultados indicam que os problemas de agência não se limitam a informações e ações ocultas no ambiente pesquisado, mas, também, se devem a fragilidades nos recursos e fluxos de informações que suportam os processos de delegação e monitoramento de atividades entre diretores e gerentes. As principais contribuições da GTI para reduzir o problema de agência associam-se, prioritariamente, ao alinhamento entre a TI e os objetivos do negócio, nos processos de planejamento, construção, entrega e monitoramento de serviços de TI. Estas visando a padronizar processos de negócio e a reduzir a dependência humana nas etapas dos mesmos. / The resulting separation issues of ownership and control of capital is directed in this research to the operational level and considers the foundation asymmetry of information. This study examined how the Information Technology (IT) Governance can help reduce agency problems. The agency relationship was established between directors (principal) and managers (agent) of the Administrative and Commercial areas. It is a descriptive research with a qualitative approach, developed through a unique case study in an industry based in the state of Rio Grande do Sul. The main results indicate that agency problems are not limited to information and hidden actions the researched environment, but also are due to weaknesses in resources and information flows supporting the delegation process and monitoring activities among directors and managers. The main contributions of the IT governance to reduce the agency problem are associated primarily to the alignment between IT and business objectives in the planning, construction, delivery and monitoring of IT services. It seeks to standardize business processes and reduce human dependence on the steps of the same.
|
95 |
O papel da controladoria das empresas na avaliação dos investimentos em tecnologia da informaçãoOgassavara, Tomio 21 October 2010 (has links)
Made available in DSpace on 2016-04-25T18:39:34Z (GMT). No. of bitstreams: 1
Tomio Ogassavara.pdf: 943190 bytes, checksum: 559c3e282d74eb3a6c608ba1cf10e073 (MD5)
Previous issue date: 2010-10-21 / Due to the economies and markets globalization, the information technology has
increased its participation in all areas of business, creating new challenges for
business management. On this context the controller responsible for providing and
managing the information systems control and performance evaluation of the
company needs to increase his participation on investment management of
information technology. IT Governance has become well known, especially after
Sarbanes-Oxley law has been implemented by organizations in order to gain better
IT control management and attend demands from control´s organizations. This study
aims to verify how the controller evaluates and manages IT investments, as well as
his uses IT governance structure outlined in VAL IT. The research methodology used
was qualitative research and exploratory-descriptive type. The data collections were
used questionnaires and interviews. In questionnaire was used the Maturity Model.
The research was conducted in European conglomerate business located in
Mercosur operating on segments like plastics, chemicals and pharmaceuticals. The
literature revision procedures applied in this study used literature research,
documents, materials published in books, magazines, specialized dictionaries,
theses, dissertations and internet / Com a globalização das economias e mercados, a tecnologia da informação vem
aumentado a sua participação em todas as áreas de negócios, criando novos
desafios para os gestores das empresas. Neste contexto a Controladoria
responsável pelo fornecimento e gestão dos sistemas de informações de controle
e avaliação de desempenho da empresa precisa participar cada vez mais da
gestão dos investimentos da tecnologia da informação das organizações. A
Governança de TI que se tornou mais conhecida, principalmente após a Lei
Sarbanes-Oxley, tem sido implementada por organizações que buscam obter
melhor controle de gestão em TI, além de atender os órgãos de controle. Este
estudo tem como objetivo verificar como a controladoria analisa e faz gestão dos
investimentos em TI, bem como se faz uso da estrutura de governança de TI
preconizadas no VAL IT. A metodologia da pesquisa utilizada foi a qualitativa e o
tipo de pesquisa exploratório-descritiva. Para a coleta de dados foram utilizados
questionário e entrevistas. No questionário utilizou-se o Modelo de Maturidade. A
pesquisa foi efetuada em um conglomerado empresarial europeu atuante no
Mercosul com participação no segmento plástico, químico e farmacêutico. Foi
efetuada também uma revisão da literatura e se deu por meio de pesquisa
bibliográfica, documental, materiais publicados em livros, revistas, dicionários
especializados, teses, dissertações e em meio eletrônico
|
96 |
Hodnocení přístupů k analýze bezpečnostních rizik / Assessment of approaches to security risk analysisKoudela, Radek January 2010 (has links)
Risk management is a process through which organizations are methodically devoted to the risks associated with their activities in order to get the biggest benefit from their business. It is also a rapidly developing field, where there is a variety of different approaches, methods, methodologies and standards in which may be little confusing. Therefore, this work offers a comprehensive and systematic view on the issue of risk analysis and management. Risk analysis is a cornerstone for effective security management of each company used for identification, description and quantification of risks, which should lead to acceptance of suitable measures for risk treatment. That is the reason why it requires a careful and methodical procedure described in this work. The main objective of this work is to analyse different approaches to risk analysis and management and thus highlight the importance of information security and protection of corporate assets. This approaches need to be understood as a different levels of detail of conducted risk analysis which will depend on initial maturity level (according to the CMM -- Capability Maturity Model) of information security process. The theoretical part of this thesis will explain relevant methodologies, techniques and procedure of risk analysis based on the ISO 27005 standard. From this part reader should learn what risk analysis is, what is it used for, how can it be carried out and what standards and methods can be used. The practical part will solve a real risk analysis project, which will demonstrate application of information obtained in the theoretical part.
|
97 |
Avalia????o da capacidade dos processos de governan??a corporativa de TI baseda no COBIT 5 / Avalia????o da percep????o da conformidade de processos de contrata????o de solu????es de tecnologia da informa????o com a instru????o normativa 04/2010 da SLTISantos, Diana Leite Nunes dos 05 August 2013 (has links)
Submitted by Kelson (kelson@ucb.br) on 2016-07-18T12:07:22Z
No. of bitstreams: 1
DianaLeiteNunesdosSantosDissertacao2013.pdf: 2232490 bytes, checksum: d0f04d5a5aa136b8228c17afb63807e4 (MD5) / Made available in DSpace on 2016-07-18T12:07:22Z (GMT). No. of bitstreams: 1
DianaLeiteNunesdosSantosDissertacao2013.pdf: 2232490 bytes, checksum: d0f04d5a5aa136b8228c17afb63807e4 (MD5)
Previous issue date: 2013-08-05 / COBIT 5 provides a separation of governance and management processes along
with a new assessment approach that focus on process capability. This paper
describes such assessment performed at a Brazilian government institution that
resulted in 40% of the governance processes at level 0 ??? incomplete process and
60% at level 1 ??? performed process. Given the role of governance, fragilities in its
processes may reflect negatively in management and additional research should
include a closer look at this relationship. For this particular institution, it is expected
that all governance processes are performed (level 1) by the next two years, which is
a goal towards an efficient and effective governance system. The following barriers to
the application of this self-assessment were found: lack of knowledge on COBIT 5
processes from the assessed institution and the extension of the questionnaire which
had 33 questions in its final version. When compared to COBIT 4.1 assessment
model, the results were lower, as the same organization was classified in level 2 -
repeatable but intuitive. The previous model is also easier and faster to apply. This
comparison should be done carefully for the models are very different in its design
and use. Finally, the proposed objectives were met: the mechanism is repeatable
and can be used in the future to create a historic base; it can be performed as a selfassessment
and is expected to be completed, in a medium size IT department, in a
four hour time limit. / O COBIT 5 traz a separa????o dos processos de governan??a e gerenciamento e uma
nova abordagem de avalia????o com foco na capacidade dos processos. Esse artigo
descreve a aplica????o deste tipo de avalia????o em uma institui????o governamental
brasileira, que resultou em 40% dos processos de governan??a no n??vel 0 ??? processo
incompleto, e 60% no n??vel 1 - processo executado. Dado o papel da governan??a,
fragilidades em seus processos podem refletir negativamente no gerenciamento da
TI da institui????o e pesquisas adicionais devem incluir um aprofundamento neste
relacionamento. Para esta institui????o, em particular, ?? esperado que todos os
processos de governan??a passem a ser executados (n??vel 1) nos pr??ximos dois
anos, que ?? um objetivo no rumo de um sistema de governan??a eficiente e eficaz.
As seguintes barreiras na aplica????o desta autoavalia????o foram encontradas: falta de
conhecimento dos processos do COBIT 5 por parte da institui????o avaliada e
extens??o do question??rio, que chegou a 33 perguntas em sua vers??o final. Quando
comparado com o modelo de avalia????o do COBIT 4.1, os resultados foram
inferiores, com a mesma organiza????o sendo classificada no n??vel 2 ??? repet??vel mas
intuitivo. O modelo anterior ?? tamb??m mais r??pido e f??cil de aplicar. Essa
compara????o deve ser feita com cuidado j?? que os modelos s??o muito diferentes em
seu desenho e uso. Finalmente, os objetivos propostos foram alcan??ados: o
mecanismo ?? repet??vel e pode ser usado futuramente para criar uma base hist??rica;
ele pode ser aplicado como uma autoavalia????o e ?? esperado que seja completado,
numa institui????o com uma ??rea de TI de m??dio porte, em at?? quatro horas.
|
98 |
Análise de processos de tecnologia da informação para o disclosure da informação contábilLazzari, Robson Luis Meneguzzi 15 March 2016 (has links)
Submitted by Silvana Teresinha Dornelles Studzinski (sstudzinski) on 2016-06-14T15:26:55Z
No. of bitstreams: 1
Robson Luis Meneguzzi Lazzari_.pdf: 2737794 bytes, checksum: 9dadff38c69edaabec05da0277f10c14 (MD5) / Made available in DSpace on 2016-06-14T15:26:55Z (GMT). No. of bitstreams: 1
Robson Luis Meneguzzi Lazzari_.pdf: 2737794 bytes, checksum: 9dadff38c69edaabec05da0277f10c14 (MD5)
Previous issue date: 2016-03-15 / UNISINOS - Universidade do Vale do Rio dos Sinos / O objetivo deste estudo foi analisar como os processos de TI contribuem para o disclosure da informação contábil. Esta investigação foi realizada com relação ao disclosure das informações contábeis para a gestão da empresa, envolvendo os principais agentes internos nesse processo. A metodologia de pesquisa baseia-se em um estudo de caso realizado no segundo semestre de 2015, em uma empresa atuante no setor moveleiro do Rio Grande do Sul. Os dados coletados foram analisados por meio de análise de conteúdo. Os resultados encontrados indicam como os processos de TI contribuem para o disclosure da informação contábil, identificando e analisando os principais aspectos de disclosure que devem ser priorizados pelos processos de TI para disponibilizar informações mais assertivas e de qualidade para a gestão da organização. Neste contexto, no caso investigado, os aspectos prioritários são os de acessibilidade – acesso às informações por qualquer recurso de TI e em qualquer lugar –, garantia da segurança – dos dados e informações –, assegurar a integridade, agilidade (tempestividade) na disponibilização, alinhamento com a estratégia do negócio, disponibilização de controles e recursos de monitoramento de despesas e receitas, transparência dos processos de negócio de TI, criação de confiança – nos recursos de TI e no disclosure de suas informações – e alinhamento com fatores externos (como leis). / The objective of this study was to analyze how IT processes contribute to the disclosure of accounting information. This research was conducted with a relation of the disclosure of accounting information for management of the company, involving the main internal actors in this process. The research methodology is based on a case study realized in the second half of 2015 in a furniture industry of Rio Grande do Sul. The collected data were analyzed using content analysis. The results indicate how IT processes contribute to the disclosure of accounting information, identifying and analyzing the main aspects of disclosure that should be prioritized by IT processes to deliver information more assertiveness and quality to management of the organization. In this context, in the investigated case, the priority aspects are accessibility - access to information by any IT resource in anywhere - ensuring security – of Data and information - to ensure the integrity, agility (timing) in disclosure, alignment with the business strategy, providing control and monitoring capabilities of revenue and expenditure, transparency of IT business processes, creating confidence - the IT resources and disclosure of your information - and alignment with external factors (such as laws).
|
99 |
Alineamiento de Marco COBIT y Normas PCI para aplicarse al proceso de tarjeta de crédito en una entidad financieraFuentes Rivera, Jessica Vallejos January 2010 (has links)
Busca alinear los requisitos normados por la industria de tarjeta de pago (PCI) con el marco conceptual COBIT, con el propósito de optimizar los procesos de tarjeta de crédito obteniendo una matriz de asignación de responsabilidades, un modelo de madurez y una gestión de prevención de los riesgos del fraude y así mantener la información que la empresa necesita para lograr sus objetivos. El proceso de tarjeta de crédito reúne una serie de debilidades correspondientes a la seguridad de la información, las entidades financieras no son ajenas a diferentes tipos de ataques, entre ellos incluidos el fraude interno, el cual afecta a la imagen del negocio. / Trabajo de suficiencia profesional
|
100 |
Comment la répartition des rôles et tâches influence l'efficacité du support et des opérations informatiquesBouvrette, Nicolas 05 1900 (has links) (PDF)
Cette recherche porte sur les facteurs d'influence de l'efficacité des opérations et du support TI. Plus précisément nous cherchons à connaître l'impact de la répartition des rôles et des tâches sur l'efficacité. En identifiant ces facteurs, il serait possible d'aider de futures recherches ou projets afin de modéliser une situation organisationnelle optimale. Plusieurs référentiels connus ont tenté de généraliser les meilleures pratiques dans ce domaine, mais ce sujet reste largement sous-exploité par le milieu académique. Nous avons donc tenté de percer le mystère des facteurs d'influence et de comprendre si la répartition de rôles et des tâches a un impact important sur l'efficacité. En second lieu, plusieurs autres variables ont été ajoutées à l'analyse telles que la maturité, la performance, les outils, les compétences et la situation professionnelle. C'est à l'aide des référentiels existants (ITIL, COBIT, MOF, etc.) que la revue de littérature a permis d'établir les variables entourant la question principale de cette recherche. Les facteurs d'influence retenus pour cette recherche ont alors été utilisés afin de construire un questionnaire permettant de faire la lumière sur les interrelations existantes dans le secteur professionnel montréalais. Une fois les données collectées, plusieurs méthodes d'analyse statistique ont été utilisées afin de trouver toutes relations existantes parmi ces variables. Les résultats sont quand même intéressants, même s'ils démontrent que la répartition des rôles et des tâches semble avoir une faible influence sur l'efficacité. On explique en partie cette situation à l'aide des variables concernant l'expertise requise afin d'exécuter les tâches spécifiques aux opérations et support TI. Le résultat final semble sensiblement le même, peu importe qui est responsable de ces tâches. Ce même constat s'applique autant aux tâches bien maîtrisées que celles moins connues par les professionnels du secteur. Par contre, d'autres liens seront découverts et discutés, tels que l'influence de l'utilisation d'outils sur la performance ainsi que celle de la maturité sur l'efficacité.
______________________________________________________________________________
MOTS-CLÉS DE L’AUTEUR : rôles, tâches, opérations, support, TI, efficacité, performance, maturité, outils, ITIL, COBIT, MOF.
|
Page generated in 0.059 seconds