Spelling suggestions: "subject:"cobit"" "subject:"fobia""
111 |
Vliv zralosti business procesů na provoz IT procesů / Impact of business process maturity on performing IT processesKrál, Filip January 2012 (has links)
The diploma thesis is focused on researching of impact of maturity of enterprise internal environment and business processes outside domain IS/IT on performing IT processes. The thesis is based on the coevolutionary theory from the authors Benbya and McKelvey. The author of this thesis uses maturity models Business Process Maturity Model (BPMM), Process and Enterprise Maturity Model (PEMM) and Control Objectives for Information and Related Technology (COBIT) 4.1 framework for information technology management. The diploma thesis is diveded into three main parts -- the theoretical part, the analytical and the research part. The diploma thesis contents a survey research. The outputs of the thesis could be used as a methodological tool for improving of IT process efficiency and performance.
|
112 |
Posouzení informačního systému firmy a návrh změn / Information System Assessment and Proposal for ICT ModificationPetrová, Pavla January 2013 (has links)
This dissertation is dealing with the issue of information systems in business environment. The practical part focusses on examining the contemporary solutions IS/IT at a chosen hotel with the help of analysis HOS 8 and ZEFIS. Based on these analyses the final part of this thesis proposes solutions for the improvement of the current state of IS from balance perspective as well as efficiency.
|
113 |
Towards a framework to ensure alignment among information security professionals, ICT security auditors and regulatory officials in implementing information security in South AfricaBasani, Mandla 02 1900 (has links)
Information security in the form of IT governance is part of corporate governance. Corporate
governance requires that structures and processes are in place with appropriate checks and
balances to enable directors to discharge their responsibilities. Accordingly, information
security must be treated in the same way as all the other components of corporate
governance. This includes making information security a core part of executive and board
responsibilities.
Critically, corporate governance requires proper checks and balances to be established in an
organisation; consequently, these must be in place for all information security
implementations. In order to achieve this, it is important to have the involvement of three
key role players, namely information security professionals, ICT security auditors and
regulatory officials (from now on these will be referred to collectively as the ‘role players’).
These three role players must ensure that any information security controls implemented
are properly checked and evaluated against the organisation’s strategic objectives and
regulatory requirements.
While maintaining their individual independence, the three role players must work together
to achieve their individual goals with a view to, as a collective, contributing positively to the
overall information security of an organisation. Working together requires that each role
player must clearly understand its individual role, as well the role of the other players at
different points in an information security programme. In a nutshell, the role players must
be aligned such that their involvement will deliver maximum value to the organisation. This
alignment must be based on a common framework which is understood and accepted by all
three role players.
This study proposes a South African Information Security Alignment (SAISA) framework to
ensure the alignment of the role players in the implementation and evaluation of
information security controls. The structure of the SAISA framework is based on that of the
COBIT 4.1 (Control Objectives for Information and Related Technology). Hence, the SAISA framework comprises four domains, namely, Plan and Organise Information Security (PO-IS),
Acquire and Implement Information Security (AI-IS), Deliver and Support Information
Security (DS-IS) and Monitor and Evaluate Information Security (ME-IS).
The SAISA framework brings together the three role players with a view to assisting them to
understand their respective roles, as well as those of the other role players, as they
implement and evaluate information security controls. The framework is intended to
improve cooperation among the role players by ensuring that they view each other as
partners in this process. Through the life cycle structure it adopts, the SAISA framework
provides an effective and efficient tool for rolling out an information security programme in
an organisation / Computer Science / M. Sc. (Computer Science)
|
114 |
Propuesta de transformación digital y mejora del gobierno de TI para el organismo estatal encargado de la identificación de los peruanos / Proposal of digital transformation and improvement of the IT government for the state agency responsible for the identification of PeruviansPrado Quintana, Elvis David, Valdivieso Alvarado, Wiliam Eduardo 09 November 2019 (has links)
La presente tesis tiene como objetivo la elaboración de una Propuesta de Transformación Digital sobre el proceso de registro de identificación, la cual toma como base la mejora de los procesos de TI a través de los lineamientos de COBIT PAM para el organismo estatal encargado de la identificación de los peruanos. Para lograr este propósito se identificarán los objetivos estratégicos de la institución y su relación con los procesos de TI. Posteriormente, se determinarán los procesos que serán revisados bajo el Modelo de Evaluación de Procesos de COBIT 5. A partir de los resultados obtenidos se elaborará un plan de mejora cuyo objetivo será cumplir con los criterios necesarios para lograr que los procesos de TI estén consolidados. Finalmente, teniendo un buen soporte de TI, se hará una propuesta de transformación digital para el proceso de registro de identificación que con la ayuda de un asistente virtual, basado en inteligencia artificial, brindará un servicio omnicanal a los ciudadanos. / This thesis aims to develop a Digital Transformation Proposal on the identification registration process, which is based on the improvement of IT processes through the COBIT PAM guidelines for the state body responsible for identification of the Peruvians. To achieve this purpose, the institution's strategic objectives and its relationship with IT processes will be identified. Subsequently, the processes that will be reviewed under the COBIT Process Evaluation Model 5 will be determined. Based on the results obtained, an improvement plan will be developed whose objective will be to meet the criteria necessary to ensure that the IT processes are consolidated. Finally, having a good IT support, a digital transformation proposal will be made for the identification registration process that, with the help of a virtual assistant, based on artificial intelligence, will provide an omnichannel service to citizens. / Tesis
|
115 |
RELACIÓN ENTRE GOBIERNO DE TECNOLOGÍAS DE LA INFORMACIÓN Y RESULTADOS DEL SISTEMA SANITARIO EN HOSPITALES DEL SERVICIO MADRILEÑO DE SALUDMuria Tarazón, Juan Carlos 04 May 2016 (has links)
[EN] The main goal of this thesis is to determine whether there is an association between the existence of Information Technology Governance practices and healthcare outcomes in hospitals from the Madrid Healthcare Service (SERMAS) network.
It is a descriptive, exploratory and correlational study. The descriptive analysis provides the characterization of the status of information technology governance practices in the hospitals and healthcare outcomes published by the Madrid Healthcare Service. The exploratory and correlational analysis includes factorial, regression and paths statistical analysis, as well as cluster and discriminant analysis.
This thesis makes a review of the methodological frameworks of Government Information Technology state of the art, including references to seminal works and most important authors in the field and summarizing the most important aspects of governance practices at a critical comparative study.
The second part develops the methodological and statistical research work. First the research model, the hypothesis and empirical indicators based on theoretical models are presented. Then the methodological design of empirical research and descriptive analysis of the sample comprising 150 responses to a questionnaire of 19 questions based on the Information Technology Governance COBIT 5 enablers, aimed at hospital workers from Madrid Healthcare Service, and performance outcomes of 2013 healthcare observatory, from the hospitals where participants work.
This research presents 10 hypotheses regarding the association between indicators of good practices on Information Technology Governance and healthcare outcomes related to Clinical Effectiveness and Patient Safety, Efficiency, Patient Care, and Education and Research.
Conclusions find associations between some practices of Information Technology Governance (IT department involvement in the hospital steering committee, IT return of investment assessment, and risk analysis, primarily) with healthcare outcomes obtained in hospitals covered by this study. Discriminant analysis allows us to identify the main independent variables that discriminate the cluster that each hospital belongs to. / [ES] El objetivo principal de esta tesis es determinar si existe relación entre la existencia de prácticas de Gobierno de Tecnologías de Información y resultados de asistencia sanitaria en hospitales de la red del Servicio Madrileño de Salud (SERMAS).
Se trata de un estudio de naturaleza descriptiva, exploratoria y relacional. El análisis descriptivo tiene como resultado la caracterización del estado de las prácticas de Gobierno de Tecnologías de la Información en dichos hospitales y de los resultados de asistencia sanitaria publicados por el Servicio Madrileño de Salud. El análisis exploratorio y relacional incluye los análisis estadísticos factorial, de correlaciones, de regresión y de caminos, así como el análisis de clúster y discriminante.
El documento recoge el estado del arte sobre marcos metodológicos de Gobierno de Tecnologías de Información incluyendo referencias sobre obra fundamental y sobre los autores más relevantes en la materia y resume los aspectos más importantes de las prácticas de gobierno en un estudio crítico comparativo.
La segunda parte desarrolla el trabajo de campo, metodológico y estadístico de la investigación. Primero se presenta el modelo de investigación, las hipótesis e indicadores basados en modelos teóricos y empíricos. Seguidamente se detalla el diseño metodológico de la investigación empírica y el análisis descriptivo de la muestra, que comprende 150 respuestas a un cuestionario de 19 preguntas basado en los catalizadores COBIT 5 de Gobierno de Tecnologías de la Información dirigido a trabajadores de los hospitales del Servicio Madrileño de Salud y los indicadores de resultados de asistencia sanitaria de 2013 publicados en el Observatorio de resultados acerca de los hospitales a los que pertenecen los participantes en el cuestionario.
El presente trabajo de investigación plantea 10 hipótesis de investigación relativas a la asociación entre indicadores de buenas prácticas de Gobierno de Tecnologías de la Información y resultados de asistencia sanitaria relativos a Efectividad Clínica y Seguridad del Paciente, Eficiencia, Atención al Paciente y Docencia e Investigación.
Como conclusiones se obtiene la asociación entre algunas prácticas de Gobierno de Tecnologías de la Información (la participación del departamento de TI en el comité de dirección, la evaluación del retorno de la inversión en TI, y el análisis de riesgos, principalmente) con resultados de asistencia sanitaria en los hospitales objeto de este estudio. El análisis discriminante nos permite por último identificar las principales variables independientes que discriminan el grupo o conglomerado al que pertenece cada hospital. / [CA] L'objectiu principal d'aquesta tesi és determinar si existeix associació entre l'existència de pràctiques de Govern de Tecnologies d'Informació i resultats d'assistència sanitària en hospitals de la xarxa del Servei Madrileny de Salut (SERMAS).
Es tracta d'un estudi de naturalesa descriptiva, exploratòria i correlacional. L'anàlisi descriptiva té com a resultat la caracterització de l'estat de les pràctiques de Govern de Tecnologies de la Informació en aquests hospitals i dels resultats d'assistència sanitària publicats pel Servei Madrileny de Salut. L'anàlisi exploratòria i correlacional inclou les anàlisis estadístiques factorial, de regressió i de camins, així com l'anàlisi de clúster i discriminant.
El document fa un repàs de l'estat de l'art sobre marcs metodològics de Govern de Tecnologies d'Informació incloent referències sobre les obres fonamentals i sobre els autors més importants en la matèria i resumint els aspectes més rellevants de les pràctiques de govern en un estudi crític comparatiu.
La segona part desenvolupa el treball metodològic i estadístic de la investigació. Primer es presenta el model de recerca, les hipòtesis i indicadors basats en models teòrics i empírics. Tot seguit es detalla el disseny metodològic de la investigació empírica i l'anàlisi descriptiva de la mostra, que comprèn 150 respostes a un qüestionari de 19 preguntes basat en els catalitzadors COBIT 5 de Govern de Tecnologies de la Informació dirigit a treballadors dels hospitals del Servei Madrileny de Salut i els indicadors de resultats d'assistència sanitària de 2013 publicats a l'Observatori de resultats sobre els hospitals als quals pertanyen els participants en el qüestionari.
El present treball de recerca planteja 10 hipòtesi d'investigació relatives a l'associació entre indicadors de bones pràctiques de Govern de Tecnologies de la Informació i resultats d'assistència sanitària relatius a Efectivitat Clínica i Seguretat del Pacient, Eficiència, Atenció al Pacient i Docència i Recerca.
Com a conclusions s'obté l'associació entre algunes pràctiques de Govern de Tecnologies de la Informació (la participació del departament de TI al comitè de direcció, l'avaluació del retorn de la inversió en TI, i l'anàlisi de riscos, principalment) amb resultats de assistència sanitària als hospitals objecte d'aquest estudi. L'anàlisi discriminant ens permet finalment identificar les principals variables independents que discriminen el grup o conglomerat a què pertany cada hospital. / Muria Tarazón, JC. (2016). RELACIÓN ENTRE GOBIERNO DE TECNOLOGÍAS DE LA INFORMACIÓN Y RESULTADOS DEL SISTEMA SANITARIO EN HOSPITALES DEL SERVICIO MADRILEÑO DE SALUD [Tesis doctoral]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/63446
|
116 |
A risk based approach for managing information technology security risk within a dynamic environmentMahopo, Ntombizodwa Bessy 11 1900 (has links)
Information technology (IT) security, which is concerned with protecting the confidentiality, integrity and availability of information technology assets, inherently possesses a significant amount of known and unknown risks. The need to manage IT security risk is regarded as an important aspect in the daily operations within organisations. IT security risk management has gained considerable attention over the past decade due to the collapse of some large organisations in the world.
Previous investigative research in the field of IT security has indicated that despite the efforts that organisations use to reduce IT security risks, the trend of IT security attacks is still increasing. One of the contributing factors to poor management of IT security risk is attributed to the fact that IT security risk management is often left to the technical security technologists who do not necessarily employ formal risk management tools and reasoning. For this reason, organisations find themselves in a position where they do not have the correct approach to identify, assess and treat IT security risks.
The IT security discipline is complex in nature and requires specialised skills. Organisations generally struggle to find a combination of IT security and risk management skills in corporate markets. The scarcity of skills leaves organisations with either IT security technologists who do not apply risk management principles to manage IT security risk or risk management specialists who do not understand IT security in order to manage IT security risk.
Furthermore, IT is dynamic in nature and introduces new threats and vulnerabilities as it evolves. Taking a look at the development of personal computers over the past 20 years is indicative of how change has been constant in this field, from big desktop computers to small mobile computing devices found today. The requirement to protect IT against threats associated with desktops was far less than the requirement associated with protecting mobile devices. There is pressure for organisations to ensure that they stay abreast with the current technology and associated risks.
Failure to understand and manage IT security risk is often cited as a major cause of concern within most organisations’ IT environments because comprehensive approaches to identify, assess and treat IT security risk are not consistently applied. This is due to the fact that the trend of IT security attacks across the globe is on the increase, resulting in gaps when managing IT security risk.
Employing a formal risk based approach in managing IT security risk ensures that risks of importance to an organisation are accounted for and receive the correct level of attention. Defining an approach of how IT security risk is managed should be seen as a fundamental task and is the basis of this research. This study aims to contribute to the field of IT security by developing an approach that assists organisations in treating IT security risk more effectively. This is achieved through the use of a combination of existing best practice IT security frameworks and standards principles, basic risk management principles, as well as existing threat modelling processes.
The approach developed in this study serves to encourage formal IT security risk management practices within organisations to ensure that IT security risk is accounted for by senior leadership. Furthermore, the approach is anticipated to be more proactive and iterative in nature to ensure that external factors that influence the increasing trend of IT security threats within the IT environment are acknowledged by organisations as technology evolves. / Computing / M. Sc. (Computing)
|
117 |
Integration of information management systems to enhance business intelligence at the Department of Transport in South AfricaChauke, Tshepo 02 1900 (has links)
Public sector decision makers are confronted by pressures to make faster and better decisions as a result of the competitive environment they operate in. However, there is a trend in the public sector, including the Department of Transport (DoT) in South Africa, to invest in management information systems (MIS) that are highly fragmented and not aiding effective and timely decision-making. As a result, the country witnessed several service delivery protests since 2008 which also affected the public transport sector, such as the widespread burning of Metrorail trains several times by angry commuters. In most instances, poor service delivery emanates from the fact that public servants do not have information at their fingertips to make decisions. This quantitative study utilised Control Objectives for Information and Related Technologies 5 (COBIT 5) as a theoretical framework to investigate the integration of MIS at the DoT with a view to enhancing business intelligence for effective decision-making. Data were collected through a questionnaire directed at middle managers and senior managers that were selected through stratification of business units at the DoT, as well as analysis of documents such as system specifications and strategic plans. The study established that the DoT has several systems such as Alfresco, BAS, GIS, Logis and Persal to name a few, which serve different purposes. However, in most instances, the systems are not integrated as the current infrastructure did not support integration needs and plans to accommodate changing requirements. This is compounded by the system policy implementation constraints, as well as ageing legacy systems that are obsolete. The only component where MIS was found to be integrated, was in the financial business units (Supply Chain Management, Finance and Budgeting). Core business units use off-the-shelf systems and, in some cases, custom-made applications that do not integrate with any other system and thus hinder decision-making. In conclusion, decisions are made based on thumb-sucking, as management does not have access to comprehensive information that is stored in fragmented unintegrated systems. The study recommends that governance structures should be set up to deal with a more holistic business, information and technology architecture for the DoT that enable integration of various systems for effective decision-making. Failure to transform this pattern would lead to service delivery protests persisting. A further study on a framework to integrate MIS in the public sector is recommended. / Information Science / M. Inf.
|
118 |
Addressing the incremental risks associated with adopting a Bring Your Own Device program by using the COBIT 5 framework to identify keycontrolsWeber, Lyle 04 1900 (has links)
Thesis (MComm)--Stellenbosch University, 2014. / ENGLISH ABSTRACT: Bring Your Own Device (BYOD) is a technological trend which individuals of all ages are embracing. BYOD involves an employee of an organisation using their own mobile devices to access their organisations network. Several incremental risks will arise as a result of adoption of a BYOD program by an organisation. The research aims to assist organisations to identify what incremental risks they could potentially encounter if they adopt a BYOD program and how they can use a framework like COBIT 5 in order to reduce the incremental risks to an acceptable level. By means of an extensive literature review the study revealed 50 incremental risks which arise as a result of the adoption of a BYOD program. COBIT 5 was identified as the most appropriate framework which could be used to map the incremental risks against. Possible safeguards were identified from the mapping process which would reduce the incremental risks to an acceptable level. It was identified that 13 of the 37 COBIT 5 processes were applicable for the study.
|
119 |
Problematika definice role business vlastníka SW aplikací / Matters of definition of application business owner roleHák, Martin January 2013 (has links)
This thesis maps the situation in information technology management on the interface between informational services delivery and business users with focus on one of the key roles -- service owner. From the theoretical point of view it's done on the basis of common IT methodologies, from the practical point of view on the basis of comparison of four insurance companies. The thesis concludes possible definitions of the role with regard to benefits achievable for the studied companies.
|
120 |
Problematika vymezení role vlastníka procesu / Matters of definition of process owner roleHejda, Jan January 2011 (has links)
The aim of this thesis is to map how the most common process-oriented methodologies and standards govern the issue of process ownership, define the role of a process owner and a comparison of these with a current practice in the corporate environment. The first part describes the theoretical concepts related to process management, including a description of selected methodologies. The following part is a questionnaire and its description followed by the expected responses based on previous theories. The last, third, part of the thesis contains an analysis based on the data obtained from the questionnaire respondents compared with the stated hypotheses and its evaluation.
|
Page generated in 0.0331 seconds