On the Way to a Minimum Baseline in IT Governance: Using Expert Views for Selective Implementation of COBIT 5

Bartens, Yannick; Haes, Steven De; Lamoen, Yannick; Schulte, Frederik; Voß, Stefan

doi:10.1109/hicss.2015.543

Cited by 35 publications

(19 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…However, such approaches are ad hoc-based and are not directly linked with existing security standards. MSB verification could be implemented in different ways, starting from the expert review [18], including information security consultant analysis. Authors of [18] conducted an explorative expert study to derive a set of COBIT 5 processes that could serve as a basis for an enterprise governance of IT implementation and discussed how this approach could contribute to complexity reduction.…”

Section: The Proposed Methods For Msb Identification and Verification mentioning

confidence: 99%

“…MSB verification could be implemented in different ways, starting from the expert review [18], including information security consultant analysis. Authors of [18] conducted an explorative expert study to derive a set of COBIT 5 processes that could serve as a basis for an enterprise governance of IT implementation and discussed how this approach could contribute to complexity reduction. This research was based on an earlier [19] study, which was focused on identifying which practices (structures, processes, and relational mechanisms) an organization could leverage to ensure that IT governance becomes a reality in the organization.…”

Section: The Proposed Methods For Msb Identification and Verification mentioning

confidence: 99%

“…In other words, the MSB would be a subset of an information security standard and could be represented as a subpart of it. The standard approach for minimum security baseline identification is the use of expert knowledge [18]. Information security specialists review the standard or framework and identify which requirements are mandatory and are a part of the MSB.…”

Section: Prior and Related Workmentioning

confidence: 99%

See 2 more Smart Citations

Defining the Minimum Security Baseline in a Multiple Security Standards Environment by Graph Theory Techniques

et al. 2019

View full text Add to dashboard Cite

One of the best ways to protect an organization’s assets is to implement security requirements defined by different standards or best practices. However, such an approach is complicated and requires specific skills and knowledge. In case an organization applies multiple security standards, several problems can arise related to overlapping or conflicting security requirements, increased expenses on security requirement implementation, and convenience of security requirement monitoring. To solve these issues, we propose using graph theory techniques. Graphs allow the presentation of security requirements of a standard as graph vertexes and edges between vertexes, and would show the relations between different requirements. A vertex cover algorithm is proposed for minimum security requirement identification, while graph isomorphism is proposed for comparing existing organization controls against a set of minimum requirements identified in the previous step.

show abstract

Section: The Proposed Methods For Msb Identification and Verification mentioning

confidence: 99%

Section: The Proposed Methods For Msb Identification and Verification mentioning

confidence: 99%

Section: Prior and Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Defining the Minimum Security Baseline in a Multiple Security Standards Environment by Graph Theory Techniques

et al. 2019

View full text Add to dashboard Cite

show abstract

“…Ao comparar a lista de processos obtidos neste trabalho, com a lista de processos mais importantes e efetivos do COBIT 5 identificados em Bartens et al, (2015) verifica-se a presença de cinco dos oito processos (EDM01; EDM02; APO02; APO06 e BAI01), o que vem reforçar a importância que deve ser dada desde o primeiro momento à componente de Gestão do Valor na implementação prática do COBIT 5. A Framework VAL IT 2.0 considera as componentes de Projetos, Programas e Portfólio, essenciais para entrega de valor ao negócio.…”

Section: Processos De Gestão Do Valor Das Tiunclassified

“…Processos X Definição e manutenção do modelo de governança (EDM01) (ISACA, 2012b); (Kumar et al, 2008); (Bartens et al, 2015) X Realização de benefícios (EDM02) X Gestão da estrutura de gestão de TI (APO01) ; (Ward & Daniel, 2006); (Grajek, 2015); X X Critérios e tipos de investimento X X X Feedback de desempenho do programa e portfólio…”

Section: Categoriaunclassified

Identificação de Práticas e Recursos de Gestão do Valor das TI no COBIT 5

Pereira

Ferreira

2015

RISTI

View full text Add to dashboard Cite

Resumo: A Governança Corporativa das Tecnologias de Informação é uma temática primordial reconhecida pela comunidade académica e profissional. A necessidade de obter valor, seja financeiro ou estratégico para a organização, resultante dos investimentos realizados em TI implica uma Gestão do Valor das TI adequada. As dificuldades ou o pouco know-how das empresas na implementação de práticas propostas por Frameworks elaborados pela comunidade profissional, como o Val IT 2.0 ou o COBIT, 5 levam as organizações a optar pelo desenvolvimento de modelos próprios. Este artigo identifica um conjunto de práticas e recursos de Gestão do Valor das TI, resultantes da integração do VAL IT 2.0 no COBIT 5, usando uma metodologia de investigação baseada numa revisão da literatura, que suportará o desenho de um modelo conceptual para identificação de um conjunto de habilitadores de Gestão do Valor das TI presentes no COBIT 5. Palavras-chave:Governança das TI; Práticas de Gestão do Valor, Habilitadores, COBIT 5; VAL IT 2.0; Identification of IT Value Management Practices and Resources in COBIT 5Abstract: Enterprise Governance of Information Technology is a primary theme recognized by the academic and professional community. The need for value to the organization, whether strategic or financial, resulting from investments made in IT implies an appropriate IT Value Management. The difficulties or the little knowhow in the implementation of practical Frameworks proposed by the professional community like Val IT 2.0 or COBIT 5 lead organizations opt for the development of their own models. This paper identifies a set of practices and resources of IT Value Management resulting from the integration of VAL IT 2.0 in COBIT 5. A research methodology based on a literature review, will support the design of a conceptual model for identifying a set of enablers of IT Value Management present in COBIT 5.

show abstract

How to Govern VSE Teams: Experiences Through a Model and Case Study

Arévalo

Montenegro

2018

Communications in Computer and Information Science

View full text Add to dashboard Cite

On the Way to a Minimum Baseline in IT Governance: Using Expert Views for Selective Implementation of COBIT 5

Cited by 35 publications

References 26 publications

Defining the Minimum Security Baseline in a Multiple Security Standards Environment by Graph Theory Techniques

Defining the Minimum Security Baseline in a Multiple Security Standards Environment by Graph Theory Techniques

Identificação de Práticas e Recursos de Gestão do Valor das TI no COBIT 5

How to Govern VSE Teams: Experiences Through a Model and Case Study

Contact Info

Product

Resources

About