Thesis (MComm)--Stellenbosch University, 2011. / ENGLISH ABSTRACT: Software as a Service (SaaS) – which is a deployment model of cloud computing – is a
developing trend in technology that brings with it new potential opportunities and
consequently potential risk to enterprise. These incremental risks need to be identified in order
to assist in risk management and therefore information technology (IT) governance.
IT governance is a cornerstone of enterprise-wide corporate governance. For many entities
corporate governance has become a statutory requirement, due to the implementation of
legislation such as Sarbanes-Oxley Act of the United States of America.
The research aims to assist in the IT governance of SaaS, by identifying risks and possible
controls.
By means of an in-depth literature review, the study identified 30 key risks relating to the use
and implementation of SaaS from the user’s perspective. Different governance and risk
frameworks were considered, including CobiT and The Risk IT Framework. In the extensive
literature review, it was found that CobiT would be the most appropriate framework to use in
this study. Mapping the risks and technologies from the user's perspective to one or more of
the processes of the CobiT framework, the research found that not all processes where
applicable. Merely 18 of 34 CobiT processes where applicable.
The study endeavoured to identify possible controls and safeguards for the risks identified. By
using the technologies and risks that were mapped to the CobiT processes, a control framework
was developed which included 11 key controls to possibly reduce, mitigate or accept the risks
identified. Controls are merely incidental if it is not linked to a framework. / AFRIKAANSE OPSOMMING: Software as a Service (SaaS) – ‘n ontplooiingsmodel van cloud computing – is ‘n ontwikkelende
tegnologiese tendens wat verskeie moontlikhede, maar daarby ook verskeie risiko’s vir
ondernemings inhou. Hierdie addisionele risiko’s moet geïdentifiseer word om te help met die
bestuur van risiko’s en daarom ook die beheer van Informasie Tegnologie (IT).
IT beheer is ‘n belangrike deel van die grondslag van ondernemingswye korporatiewe beheer.
As gevolg van die implimentering van wetgewing soos die Sarbanes-Oxley wetsontwerp van die
Verenigde State van Amerika, het korporatiewe beheer ‘n statutêre vereiste geword vir
verskeie ondernemings.
Hierdie studie poog om die IT beheer van SaaS by te staan, deur risiko’s en moontlike
beheermaatreëls te identifiseer.
Deur middel van ‘n indiepte literatuur ondersoek het die studie 30 sleutelrisiko’s geïdentifiseer
wat verband hou met die gebruik en implimentering van SaaS vanuit ‘n gebruikersoogpunt.
Verskeie korporatiewe- en risiko raamwerke, insluitende CobiT en The Risk IT Framework, was
oorweeg. Die literatuur ondersoek het egter bevind dat CobiT die mees toepaslikste raamwerk
vir dié studie sal wees. Deur die risiko’s en tegnologieë vanuit ‘n gebruikers perspektief te laat
pas met een of meer CobiT prosesse, het die navorsing bevind dat nie alle prosesse in CobiT van
toepassing is nie. Slegs 18 van die 34 prosesse was van toepassing.
Die studie het ook gepoog om moontlike beheer- en voorsorgmaatreëls vir die risiko’s te
identifiseer. Deur die tegnologieë en risiko’s te gebruik wat gepas is teen die CobiT prosesse, is
‘n beheer raamwerk ontwikkel wat 11 sleutel beheermaatreëls insluit, wat die geïdentifiseerde
risiko’s kan verminder, temper of aanvaar. Beheermaatreëls is slegs bykomstig as dit nie direk
aan ‘n raamwerk gekoppel is nie.
| Identifer | oai:union.ndltd.org:netd.ac.za/oai:union.ndltd.org:sun/oai:scholar.sun.ac.za:10019.1/18086 |
| Date | 12 1900 |
| Creators | Ipland, Frederick Ferdinand |
| Contributors | Steenkamp, L. P., Stellenbosch University. Faculty of Economic and Management Sciences. Dept. of Accountancy. |
| Publisher | Stellenbosch : Stellenbosch University |
| Source Sets | South African National ETD Portal |
| Language | en_ZA |
| Detected Language | Unknown |
| Type | Thesis |
| Format | 86 p. |
| Rights | Stellenbosch University |
Page generated in 0.0018 seconds