To see the other types of publications on this topic, follow the link: COBIT.
Dissertations / Theses on the topic 'COBIT'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 dissertations / theses for your research on the topic 'COBIT.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
1
Steiner, Štefan. "COBIT v malom podnikaní." Master's thesis, Vysoká škola ekonomická v Praze, 2010. http://www.nusl.cz/ntk/nusl-74146.
Full textAbstract:
The aim of this work is to develop a universal procedure introducing the concept of IT Governance using COBIT methodology to a small business environment. This thesis understands COBIT as a tool with which is possible to create a new business strategy for a firm and which will provide more competitive force for the firm in the competitive fight. The main contribution of this thesis is a theoretical research, which resulted in the proposal as how should a small company (which close-up characteristic is described in more detail in the work) proceed in a case that it decides to efficiently manage, manage and control the business IS / IT. This theoretical approach is then tested as a case study on a real small enterprise.
2
Smažil, Petr. "Informační management podle Cobit 5." Master's thesis, Vysoká škola ekonomická v Praze, 2014. http://www.nusl.cz/ntk/nusl-192379.
Full textAbstract:
The thesis focuses on the concept of information management, its history and definition by various authors and also according to Cobit 5 methodology particularly its part Cobit 5: Enabling Information. The aim of the thesis is the application of Cobit 5 information model on a specific problem with information in the selected company and assessing the suitability of this application.
3
Tarbajovský, Maroš. "Nasadzovanie a hodnotenie IT Governance v organizáciách." Master's thesis, Vysoká škola ekonomická v Praze, 2009. http://www.nusl.cz/ntk/nusl-11772.
Full textAbstract:
The main objective of this thesis is to meet Governance as a new approach in company organization, especially in IT sector. The idea is about harmonization of IT and business strategy, that should ensure achieving company goals and missions, and lead company in the right direction of advancement, what is directly connected with implementation of relevant measures of IT processes. As chapter "Governance", is describing how this approach should by ensure in whole organization on a different levels. We can translate Governance as implementation of certain best practices and procedures that lead company to process standardization and formalization. The most exercising methodologies and guidelines in IT sphere as ITIL, Val IT, CobiT, ISO 27000 are reviewed in thesis. By these methodologies organizations should be able to better optimize processes and accomplish regulation frame in particular industry. Another very important contribution of process standardization is by providing better possibilities for measurement and assessment, that is reviewed in chapter "Evaluation of IT processes performance". There is also transparent guideline which provides a simple steps procedure how to implement IT Governance in organization using CobiT and Vat IT. As this branch is relatively "young", especially in Czech Republic, management is still familiarizing with it. Last chapter is dedicated to analyze approach to ITG in Czech Republic banking sector.
4
Škoviera, Martin. "Implementace ITIL a COBIT pomocí nastrojů ARIS." Master's thesis, Vysoké učení technické v Brně. Fakulta informačních technologií, 2015. http://www.nusl.cz/ntk/nusl-234919.
Full textAbstract:
This master's thesis explores the topic of guidance for the COBIT framework and ITIL library in the context of business process management. It encompasses various process modelling languages and diagrams for companies active in information and communication technologies. Through the selected ARIS tool set and the mapping of all 64 processes, the establishment of individual processes can now be achieved, which is explained by modelling a total of 101 diagrams. The thesis also contains an example of process deployment for a selected company, which is accompanied by an implementation of a dashboard application that monitors the ticket flow of service operation processes.
5
Štolbová, Milena. "Řízení informační bezpečnosti v metodikách ITIL a Cobit." Master's thesis, Vysoká škola ekonomická v Praze, 2008. http://www.nusl.cz/ntk/nusl-12065.
Full textAbstract:
IT security management is one of the essential processes in the company. This thesis deals with aspects of managing the IT security by the methodology of ITIL and COBIT. First part is focused on covering the IT security, defining the terms and concept necessary for indicating the impact of the IT security breach, the common threads which the company needs to resist and stance of methodology ITIL, COBIT and ISO/IEC 27002:2005 for managing the IT security and its specifics. In the following chapter there is a sentencious look at the structure of methodology of COBIT and more detailed depiction of COBIT Security Baseline document. The next chapter defines the methodology of ITIL, briefly compares the ITIL v2 and ITIL v3 versions, and what is more, comes up with structured view into the document of Security management which details the concept of IT security management within the company by the ITIL standards. The main thesis objective located in the last chapter is to compare the main features of both methodologies, the range of their aplicability within the company, and which is the most important, comparing them in the field of managing the IT security.
6
Sherry, Zaida. "Governance of virtual private networks using COBIT as framework." Thesis, Stellenbosch : University of Stellenbosch, 2007. http://hdl.handle.net/10019.1/3389.
Full textAbstract:
Thesis (MAcc (Accountancy))--University of Stellenbosch, 2007.The purpose of this assignment is to ascertain whether the COBIT framework is an adequate framework to assist in the governance of virtual private networks. The assignment focuses on whether the framework can ensure the identification of virtual private network-related risks and address IT compliance with policies and statutory regulations. A brief summary of the risks and issues pertaining to the pre-implementation, implementation and post-implementation phases of virtual private networks is included in the assignment. These risks and issues are then individually mapped onto a relevant COBIT control objective. The scope of the assignment does not include the intricacies of how these networks operate, the different types of network topologies or the different technologies used in virtual private networks. It was found that the COBIT framework can be implemented to manage and/or mitigate virtual private network risks.
7
Eremiáš, Karel. "Audit informačního systému společnosti Terms a.s." Master's thesis, Vysoká škola ekonomická v Praze, 2008. http://www.nusl.cz/ntk/nusl-165170.
Full textAbstract:
Práce shrnuje problematiku auditu informačního systému a tyto poznatky následně využívá při provedení auditu informačního systému v reálné společnosti. Audit je prováděn pomocí metodiky COBIT a respektuje nejen požadavky metodiky kladené na audit ale i speciální požadavky, které stanovila organizace. Práce zároveň ověřuje použitelnost metodiky COBIT při provádění auditu v podmínkách středně velké české společnosti.
8
Kieviet, Frèda. "Applying COBIT in an ERP environment, with specific reference to Qmuzik /." Link to the online version, 2006. http://hdl.handle.net/10019/1066.
Full text
9
Enslin, Zacharias. "Cloud computing : COBIT-mapped benefits, risks and controls for consumer enterprises." Thesis, Stellenbosch : Stellenbosch University, 2012. http://hdl.handle.net/10019.1/20116.
Full textAbstract:
Thesis (MComm)--Stellenbosch University, 2012.ENGLISH ABSTRACT: Cloud computing has emerged as one of the most hyped information technology topics of the decade. Accordingly, many information technology service offerings are now termed as cloud offerings. Cloud computing has attracted, and continues to attract, extensive technical research attention. However, little guidance is given to prospective consumers of the cloud computing services who may not possess technical knowledge, or be interested in the in-depth technical aspects aimed at information technology specialists. Yet these consumers need to make sense of the possible advantages that may be gained from utilising cloud services, as well as the possible incremental risks it may expose an enterprise to. The aim of this study is to inform enterprise managers, who possess business knowledge and may also be knowledgeable on the main aspects of COBIT, on the topic of cloud computing. The study focuses on the significant benefits which the utilisation of cloud computing services may bring to a prospective consumer enterprise, as well as the significant incremental risks this new technological advancement may expose the enterprise to. Proposals of possible controls that the prospective consumer enterprise can implement to mitigate the incremental risks of cloud computing are also presented.
AFRIKAANSE OPSOMMING: “Cloud computing” (wolkbewerking) het na vore getree as een van die mees opspraakwekkende inligtingstegnologieverwante onderwerpe van die dekade. Gevolglik word talle inligtingstegnologie-dienste nou as “cloud”-dienste aangebied. Uitgebreide aandag in terme van tegnologiese navorsing is en word steeds deur “cloud computing” ontlok. Weinig aandag word egter geskenk aan leiding vir voornemende verbruikers van “cloud”-dienste, wie moontlik nie tegniese kennis besit nie, of nie belangstel in die diepgrondige tegniese aspekte wat op inligtingstegnologie-spesialiste gemik is nie. Tog moet hierdie verbruikers sin maak van die moontlike voordele wat die gebruik van “cloud”-dienste mag bied, asook die moontlike inkrementele risiko’s waaraan die onderneming blootgestel mag word. Die doel van hierdie studie is om die bestuurders van ondernemings, wie besigheidskennis besit en moontlik ook kundig is oor die hoof aspekte van COBIT, in te lig oor wat “cloud computing” is. Die studie fokus op die beduidende voordele wat die benutting van “cloud computing”-dienste aan die voornemende verbruikersonderneming mag bied, asook die beduidende inkrementele risiko’s waaraan die onderneming blootgestel mag word as gevolg van hierdie tegnologiese vooruitgang. Voorstelle van moontlike beheermaatreëls wat die voornemende verbruikersonderneming kan implementeer ten einde die inkrementele risiko’s van “cloud computing” teë te werk word ook aangebied.
10
Kieviet, Freda. "Applying COBIT in an ERP environment, with specific reference to Qmuzik." Thesis, Stellenbosch : University of Stellenbosch, 2006. http://hdl.handle.net/10019.1/3390.
Full textAbstract:
Thesis (MAcc (Accountancy ))--University of Stellenbosch, 2006.ERP applications have evolved into enterprise-wide applications, which are generally acknowledged today as a critical component in an organisation’s information strategy. When implementing an ERP application, the control and governance of all IT processes are critical to ensure that value is delivered, risks are managed and that the investment in IT (ERP) delivers a reasonable return. It should, therefore, be important to focus on mitigating IT process risks that have an impact on the ERP environment, so that the level of residual risk is acceptable and aligned with the business objectives. This assignment focuses on using the generally accepted IT framework, COBIT (Control Objectives for Information and related Technology), as governance and control model. The criticality of each COBIT control objective (IT process) is evaluated by applying the COBIT control objectives in an ERP environment. Specific reference is also made to Qmuzik as an ERP application. By applying COBIT in an ERP environment, the most critical IT processes applicable to ERP are identified, in order to ensure that the minimum process controls for these IT processes are designed and implemented.
11
Bettine, Fernando Marcio. "Método para implementação da governança em TI utilizando o modelo COBIT." Instituto Tecnológico de Aeronáutica, 2008. http://www.bd.bibl.ita.br/tde_busca/arquivo.php?codArquivo=509.
Full textAbstract:
A área de tecnologia da informação ou TI deixa de ser um fornecedor de tecnologia e passa a ser um sócio estratégico da organização. Com essa visão torna-se cada vez mais necessário aproximar a área de TI à área de negócios. Entretanto a falta de proximidade que existe na grande maioria das empresas, acarreta o não alinhamento dos projetos desenvolvidos na área de TI com a estratégia corporativa, fazendo com que os produtos de software não atendam aos requisitos de qualidade esperados pela organização, além de dificultar a justificativa dos gastos da área de TI, resultando em um esforço maior no ato de governar a área de TI. A aplicação da Governança em TI harmoniza as decisões sobre o gerenciamento e o uso da TI com os comportamentos desejados e os objetivos de negócio, estabelecendo prioridades de acordo com o alinhamento entre a área de TI e a área de negócio. A proposta desta tese é desenvolver um método para implementação da Governança em TI utilizando o modelo de gestão de TI Control Objectives for Information and related Technology ou COBIT, para compor o alinhamento entre as estratégias da área de TI com as estratégias da área de negócio, contribuindo para a engenharia de requisitos e para a qualidade de software, entregando produtos e serviços de acordo com as necessidades do negócio. O método desenvolvido tem como base o estudo de Van Grembergen, onde apresenta-se a técnica Balanced Scorecard ou BSC aplicada na área de computação. São criados 3 BSCs interligados e alinhados entre si, recebendo os objetivos e indicadores do COBIT. Uma das contribuições do método desenvolvido nesta tese é a apresentação estruturada e detalhada das etapas a serem seguidas para a implementação da Governança em TI. Por fim, esse método é validado por meio de um estudo de caso implementado em uma organização multinacional do ramo de seguros.
12
Asmah, Alexander Ekow. "Towards the development of a COBIT 5-driven IT audit framework." Doctoral thesis, Faculty of Commerce, 2019. http://hdl.handle.net/11427/31541.
Full textAbstract:
In recent years, given the increased investments in Information Technology (IT), and its pervasive usage in business environment, the need to ensure that IT decisions are in the interest of shareholders led practitioners and researchers to focus on Enterprise Governance of IT (EGIT). EGIT involves implementing mechanisms that ensure that IT risks are duly mitigated, and that the IT investments are yielding the expected returns for enterprise owners. For the mechanisms to work as intended, there is the need for regular auditing; however, past literature and practitioner reports have confirmed that auditors do not audit governance mechanisms to the expectation of shareholders. Within the Ghanaian Financial services sector, failures in EGIT resulted in the collapse of several organisations which made stakeholders question the role played by auditors. The purpose of this study was to examine EGIT from the perspective of the auditor, develop an audit framework based on COBIT 5 and understand how auditors can be 'critical partners’ to ensure EGIT effectiveness. To provide a better understanding of the EGIT phenomenon, a theoretical framework based on the integration of six theoretical perspectives was presented to provide a holistic view of EGIT and how auditors can add value. The theoretical framework argued in line with organisational theorists that to achieve positive outcomes, governance mechanisms must be implemented in a coherent whole and analysed as a configuration. As such the study adopted the configurational theory to analyse the coherence of the governance mechanisms. Based on the theoretical framework and the configurational theory, a conceptual framework was developed to guide the research. The thesis proposed that the greater the level of coherence among the governance mechanisms, the higher the level of EGIT effectiveness, and that the audit of EGIT will improve the maturity of the governance mechanisms and its coherence. The pragmatic philosophic stance was adopted, utilising qualitative and quantitative methods to answer the research question. The Peffers, Tuunanen, Rothenberger, & Chatterjee, (2008) design science research methodology guided the identification of the problem and the development of an artefact that can aid IT auditors by providing them with an adequate scope for EGIT audits and reduce the audit detection risks. An Exploratory Focus Group (EFG) and a Confirmatory Focus Group (CFG) were employed in the development of the artefact. In addition, a survey instrument was utilised to gather data about the governance maturity of the case organisations prior to and after the usage of the artefact. Cluster analysis based on the concept of 'coherence as a gestalt’ produced cluster solutions revealing the nature of the configuration that resulted in positive outcomes. Post-Hoc analysis was used in the summative evaluation of the artefact to measure the statistically significant changes that occurred in the governance maturity after the use of the artefact. The findings revealed that regular auditing of EGIT mechanisms can lead to significant improvement in several governance mechanisms as postulated. It also revealed that to attain positive outcomes, there is the need for a coherent implementation of governance mechanisms with emphasis on technology which can be the driving force in a fast-changing environment. This result was contrary to existing literature about EGIT that suggested the overarching importance of leadership to drive change in the attainment of EGIT objectives. The findings show that with the right systems and technologies, IT can provide decision makers with timely information that would increase the utility of the decisions. The study makes significant contributions to knowledge by providing insights into EGIT and IT auditing which is an under-researched area. One key theoretical contribution was the integrative theoretical framework that provides theoretical underpinnings to EGIT, which has previously been studied descriptively and provides a holistic view of the complex phenomenon. The study also confirms the configurational theory and advances knowledge by proving that in the context of EGIT, the combination of the various mechanisms does influence the whole and the outcomes. Concerning the contribution to practice, the study resulted in the development of an IT auditing artefact that is based on COBIT 5, a widely accepted industry framework for EGIT, and contextualised with the regulatory needs of the Ghanaian Financial Services sector. With this tool, IT auditors can develop an audit plan that provides assurance of key governance areas and so reduce the audit risk of not detecting a non-existence or weak control in an organisation’s EGIT practices. The tool can be used by regulatory auditors who were complicit in the EGIT failures that occurred in the sector to provide adequate supervision. Further discussion on the theoretical, practical and methodological contributions are set out in this thesis along with the limitations of the study and recommendations for future research.
13
SILVEIRA, Kamilla Dória da. "Controles internos de segurança em banco de dados para certificação da Lei SOX." Universidade Federal de Pernambuco, 2015. https://repositorio.ufpe.br/handle/123456789/17889.
Full textAbstract:
Submitted by Irene Nascimento (irene.kessia@ufpe.br) on 2016-09-19T18:40:20Z
No. of bitstreams: 2
license_rdf: 1232 bytes, checksum: 66e71c371cc565284e70f40736c94386 (MD5)
Dissertação_Kamilla_Doria_v3 CD.pdf: 2299055 bytes, checksum: 917d4a23b010d4a6fcc6d29a00151c78 (MD5)Made available in DSpace on 2016-09-19T18:40:20Z (GMT). No. of bitstreams: 2 license_rdf: 1232 bytes, checksum: 66e71c371cc565284e70f40736c94386 (MD5) Dissertação_Kamilla_Doria_v3 CD.pdf: 2299055 bytes, checksum: 917d4a23b010d4a6fcc6d29a00151c78 (MD5) Previous issue date: 2015-11-13
Em resposta a uma série de escândalos por fraudes contábeis, o governo dos Estados Unidos criou a Lei Sarbanes-Oxley (SOX), em 30 de Julho de 2002. Esta lei visa responsabilizar os dirigentes de empresas em relação à eficácia de seus controles internos de TI e de negócio sobre a segurança e confiabilidade de seus dados contábeis. A avaliação desses controles é feita por meio de uma auditoria externa e do órgão regulador americano chamado SEC, o qual recomenda o uso do framework COSO para a implementação desses controles. No entanto, o COSO é um framework estratégico, ou seja, não oferece orientações para a implementação tática e operacional de controles, e principalmente não é comumente aplicado na área de TI, sendo normalmente aplicado na área de negócios. Tendo como escopo a área de segurança em banco de dados, e dado que o COSO não oferece detalhamento operacional para garantir o cumprimento da lei SOX nesta área, este trabalho propõe um guia de controles internos para este fim. O guia proposto baseia-se no COBIT 5 e na norma ISO 27002. Como prova de conceito do guia proposto, este foi utilizado como base para desenvolver a ferramenta SOXSecurity4DB, a qual foi usada em uma empresa multinacional do ramo de varejo, que havia contratado um projeto para garantir o cumprimento com a Lei SOX. Como resultado da aplicação da ferramenta, foi observado que alguns controles precisavam de ajuste, pois ainda haviam problemas para serem resolvidos.
Responding to a series of accounting fraud scandals, the American government created SOX Act, on July 30, 2002. This law aims at empowering business leaders regarding the effectiveness of their internal IT controls and business on the safety and reliability of its accounting data. The evaluation of these controls is done by an external audit and the American regulatory body called SEC which recommends using the COSO framework for the implementation of these controls. Considering the database security scope, and that in this scope, COSO does not provide operational details to ensure compliance with the SOX law, this paper proposes a guide of internal controls for this purpose. The proposed guide is based on the COBIT 5 and ISO 27002. As the proposed standard guide proof of concept, this was used as a basis to develop SOXSecurity4DB tool, which was used in a multinational company in the retail business, which had hired a project to ensure compliance with the SOX Act. As a result of application of the tool, it was observed that some controls needed adjustment, because there were still problems to be solved.
14
Protiva, Tomáš. "IT Governance na MZV ČR - systémový pohled a praktické dopady." Master's thesis, Vysoká škola ekonomická v Praze, 2008. http://www.nusl.cz/ntk/nusl-4280.
Full textAbstract:
The diploma thesis reacts on the interest of the Czech foreign ministry IT department to get an overview of ITIL 2 and COBIT 4.1 world-wide acknowledged IS/IT management best practice libraries. Both libraries are put in the framework of IT Governance theory and practice. COBIT is presented as world ITG standard, meaning the alignment of organization's strategic goals and IT goals. It is focused on organizations, where the shift of IT perception towards a strategic partnership with the business is driven by top-down board initiative. On the other hand, the ITIL core texts Service Support and Service Delivery are treated as a standard of IT service management, suitable as a framework to establish processes within the foreign ministry's IT department. Three alternative implementations of the two libraries are shown, in a situation of non-existent process management and information architecture. Moreover, the IT Governance initiative has a bottom-up character. The first variant connects ITIL and COBIT process models to the goals and projects outlaid in the 2008-2010 IT Strategy draft (IT BSC was used in the strategy to set up goals). The COBIT processes are aligned to the IT BSC domains and projects; further on, more detailed ITIL tools are assigned to the COBIT processes using the toolbox [IT GOVERNANCE INSTITUTE; OFFICE OF GOVERNMENT COMMERCE. Aligning COBIT, ITIL and ISO 17799 for Business Benefit]. As the projects formulated in the IT Strategy don't focus on the fundaments of process management, a stepwise approach to document the current processes using the ITIL: Service Support and Service Delivery framework is suggested. The second variant came into reality in mid 2008: COBIT has been used without success to estimate users' preferences. The reasons of the failure are discussed. Czech translation of COBIT 4.1 maturity models by the author intended to use as one of the tools in the opinion poll is attached as Annex 2. The last variant is not directly aligned to the problems of foreign ministry's IT/IS, but it is the most pragmatic guide to the implementation of the libraries. As an external help desk has been already launched, I suggest the establishment of ITIL Incident Management and Problem Management processes, supported with a CMDB configuration database.
15
Bručaitė, Justina, and Aldas Ragėnas. "Informacinių sistemų analizės ir įvertinimo metodika." Master's thesis, Lithuanian Academic Libraries Network (LABT), 2008. http://vddb.library.lt/obj/LT-eLABa-0001:E.02~2008~D_20080128_102451-08686.
Full textAbstract:
Darbo tyrimo sritis yra informacinių technologijų vertinimo metodologijos ir jų praktinis taikymas, detaliau nagrinėjamos COBIT (angl. Control Objectives for Information and related Technology) ir CMM (angl. Capability Maturity Model). Tyrimo objektas - vertinimo proceso kompiuterizavimas, problema - informacinių technologijų atitikimo įmonių veiklos poreikiams nustatymas. Tikslas yra suteikti galimybes įvertinti įmonių informacinių technologijų atitikimą jų veiklos poreikiams, sukuriant kompiuterizuotą vertinimo sistemą.The problem of identifying the adequacy beside information systems and business needs exists in enterprises. This research work analyzes a few evaluation methodologies and proposes supporting software tool developed for this purpose on the base of integration of two methodologies - Control Objectives for Information and related Technology (COBIT) and Capability Maturity Model (CMM). The developed software tool allows to approach to the main purpose of this research work – to provide the opportunity to evaluate the adequacy beside information systems and business needs.
16
Matos, Neto Edson de Albuquerque. "Diagnóstico do alinhamento da TI em uma empresa de varejo." Universidade Federal de Pernambuco, 2013. https://repositorio.ufpe.br/handle/123456789/11942.
Full textAbstract:
Submitted by Irene Nascimento (irene.kessia@ufpe.br) on 2015-03-11T17:13:19Z
No. of bitstreams: 2
DISSERTAÇÃO Edson de Albuquerque Matos Neto.pdf: 2888740 bytes, checksum: 7c82c6aee619708842c926eeabc22775 (MD5)
license_rdf: 1232 bytes, checksum: 66e71c371cc565284e70f40736c94386 (MD5)Made available in DSpace on 2015-03-11T17:13:19Z (GMT). No. of bitstreams: 2 DISSERTAÇÃO Edson de Albuquerque Matos Neto.pdf: 2888740 bytes, checksum: 7c82c6aee619708842c926eeabc22775 (MD5) license_rdf: 1232 bytes, checksum: 66e71c371cc565284e70f40736c94386 (MD5) Previous issue date: 2013-12-26
O objetivo deste trabalho foi analisar uma organização através de entrevistas, com a finalidade de obter a percepção do alinhamento entre as áreas de negócio e da TI (Tecnologia da Informação), sob a ótica dos principais frameworks de gestão e governança da TI sendo eles, o BSC (Balanced Scorecard) e COBIT (Control Objectives for Information and related Technology). Inicialmente, foram explanados os conceitos básicos referentes a estratégia e aos modelos de alinhamento de negócios e de TI, como também o uso da metodologia de pesquisa, tendo como foco uma empresa de grande porte do setor de varejo localizada no nordeste do Brasil, representadas pelos gestores das áreas de negócios e TI. Com base na coleta das informações, os resultados foram analisados de forma sistemática e comparativa o que possibilitou a conclusão sob duas percepções. A primeira, atribuída por pontuação em escala de 1 a 5, evidenciou equilíbrio no alinhamento entre as áreas de negócio e TI. Na segunda análise, o critério adotado de pontuação foi do mais importante para o menos importante, onde concluiu-se haver divergência sob o entendimento da importância estratégica financeira na organização, verificado assim, a necessidade de maior aderência da TI com o negócio.
17
Council, Claude L. III. "An Investigation of a COBIT Systems Security IT Governance Initiative in Higher Education." NSUWorks, 2006. http://nsuworks.nova.edu/gscis_etd/465.
Full textAbstract:
The problem investigated, in this study, was the difficulty in implementing COBIT's Systems Security, an Information Technology governance program, at South Louisiana Community College (SLCC). The goal of the researcher was to examine the managerial .aspects of introducing COBIT's fifth Delivery and Support process (DS5), successes, and the needs of a medium sized institution of higher education. The DS5 process pertains to ensuring network security. The researcher used COBIT's critical success factors, key goal indicators, key performance indicators, maturity models, audit guidelines, and diagnostic tools. In order for the researcher to develop an overall security plan that covered the building of awareness, established clear policies and standards, identified a cost-effective and sustainable implementation, and defined monitoring and enforcement processes, potential risk was balanced with the investment in resources. The plan was also made to align with the needs of all functional areas and the willingness of each functional area to tolerate the constraints the plan introduced. Prior research and theoretical literature has contributed much to the study of IT governance programs and much had been learned. The available literature surrounds six topics pertaining to IT governance including IT management, auditing, alignment, network security, IT governance, and COBIT. An exploratory case-study design was used by the researcher to answer the research questions. The general analytical strategy that was used by the researcher to answer the research questions was the development of a descriptive framework for organizing the case-study.
Despite the myriad of literature on COBIT, there existed very little rigorous research. The researcher addressed this shortage and introduced the unexplored challenges of medium sized institutions of higher learning. The researcher also provided guidance to practitioners for implementing IT governance programs to medium sized institutions of higher education. The researcher presented conclusions from the data collected to answer the research questions. The COBIT DS5 CSFs matched the environment at SLCC with a few exceptions. The four main exceptions were listed. SLCC has accepted most of the CSFs with modifications. Seventeen positive and negative management issues surfaced during the study. The nine positive issues either enhanced the support of the CSF or facilitated enhancements to the original plan. Eight negative issues prompted change. The leadership at SLCC was willing to commit to the program, but many were not sure how they could help. Ten methods for demonstrating support were listed. SLCC used six strategies to ensure compliance. Twenty-three management needs emerged at SLCC. A list was provided that summarized these needs, quantified how often they surfaced, and explained each of them. Eight leadership needs with the potential to hinder the COBIT initiative were also listed. In addition, 16 changes during the COBIT DS5 initiative were documented. Several conclusions, practitioner implications, academic implications, and suggestions for future research were presented.
18
SILVA, Fabiano Pontes Pereira da. "Verificação da adequabilidade do COBIT 5 como abordagem de governança corporativa de TI." Universidade Federal de Pernambuco, 2016. https://repositorio.ufpe.br/handle/123456789/24528.
Full textAbstract:
Submitted by Alice Araujo (alice.caraujo@ufpe.br) on 2018-05-02T22:24:43Z
No. of bitstreams: 1
DISSERTAÇÃO Fabiano Pontes Pereira da Silva.pdf: 5856814 bytes, checksum: ce6426233f024db200f4e010cabd7c33 (MD5)Made available in DSpace on 2018-05-02T22:24:43Z (GMT). No. of bitstreams: 1 DISSERTAÇÃO Fabiano Pontes Pereira da Silva.pdf: 5856814 bytes, checksum: ce6426233f024db200f4e010cabd7c33 (MD5) Previous issue date: 2016-07-29
Administrar a Tecnologia da Informação (TI) cada vez mais pervasiva nas instituições e organizações, e aproveitar as vantagens oferecidas pelas tecnologias emergentes de forma eficiente aos diversos negócios com qualidade, exige mudanças no ambiente e na cultura organizacional. A Governança Corporativa assume um papel de destaque na atualidade, em função da elevada quantidade de informações para tomada de decisões, associada às novas tecnologias e conhecimentos diversificados das áreas. Atualmente, manter a TI separada, mesmo que esteja alinhada ao negócio, não produz resultados efetivos nas diversas áreas da instituição, ou seja, ela precisa ser uma parte integrante dos projetos organizacionais, estruturas organizacionais, gestão de risco, processos, dentre outros. Por isso, a Governança Corporativa de TI é um sistema pelo qual o uso atual e futuro é dirigido e controlado; envolve avaliação e direcionamento da TI para dar suporte à organização no alcance de seus objetivos estratégicos. Os Institutos Federais buscam elementos para uma Governança Corporativa em conformidade com a Governança de TI, buscando a efetividade dos objetivos estratégicos da Instituição. Com isso, o objetivo desta pesquisa é a adequação de elementos do framework COBIT 5, tais como: princípios, processos de governança e habilitadores como abordagem para Governança Corporativa de TI nos Institutos Federais de Educação, Ciência e Tecnologia. Essa abordagem foi elaborado a partir de um referencial teórico, em conjunto com a aplicação de procedimento de campo: “questionário”, que resultou na análise de métodos empíricos, classificados da seguinte forma: métodos com aderência total, que são todos aqueles plenamente atingidos, em condições de serem implantados imediatamente; métodos que possuem tendência a uma aderência total, que são todos aqueles amplamente atingidos, em condições de serem implantados em um segundo momento. Para a coleta e análise de dados foi realizado um questionário online de natureza qualitativa, com a participação de especialistas na área de gestão da Tecnologia da Informação. O resultado desta pesquisa foi analisado nos processos do Instituto Federal de Educação, Ciência e Tecnologia de Mato Grosso para extrair constatações quanto à visão, ao esforço e à dificuldade na implantação, assim apresentando-se como referencial para outros Institutos Federais. O resultado obtido desta pesquisa foi a aderência dos métodos empíricos com os princípios do framework COBIT 5, possibilitando a produção de métodos práticos e eficientes para auxiliar no alcance dos objetivos estratégicos da instituição.
To manage the Information Technology (IT) increasingly pervasive in the institutions and organizations, and enjoy the advantages offered by emerging technologies efficiently to the various businesses of the national and international market requires changes in the environment and organizational culture. Corporate governance plays an important role today, due to the high amount of information for decision making associated with new technologies and diverse knowledge areas. Currently, maintain separate IT, even if it is aligned with the business, does not produce effective results in different areas of the institution, that is, it must be an integral part of organizational design, organizational structures, risk management, processes, among others. Therefore, IT Corporate Governance is a system by which the current and future use is managed and controlled; It involves evaluation and direction of IT to support the organization in achieving its strategic objectives. The Federal Institutes seek elements for Corporate Governance in accordance with IT Governance, seeking the effectiveness of the strategic objectives of the institution. Thus, the objective of this research is the adequacy framework COBIT 5 elements, such as principles, governance processes and enablers as an approach to IT Corporate Governance in Federal Institutes of Education, Science and Technology. This approach was developed from a theoretical framework, together with the scope of procedure: "questionnaire", which resulted in the analysis of empirical methods, classified as follows: methods with full compliance, which are all those fully achieved, able to be implemented immediately; methods that are prone to a total adherence, which are those widely achieved, capable of being deployed in a second time. For the collection and analysis of data was conducted an online survey of a qualitative nature, with the participation of experts in management of information technology. The result of this research was analyzed in the processes of the Federal Institute of Education, Science and Technology Mato Grosso to extract findings about the vision, effort and difficulty in implementation, thus presenting itself as a reference for other Federal Institutes. The result of this research was the adherence of empirical methods with the principles of the COBIT framework 5, enabling the production of practical and efficient methods to assist in achieving the strategic objectives of the institution.
19
ALMEIDA, JUNIOR Edson. "Uma proposta para uso do framework COBIT em uma ferramenta de balanced scorecard." Universidade Federal de Pernambuco, 2009. https://repositorio.ufpe.br/handle/123456789/2364.
Full textAbstract:
Made available in DSpace on 2014-06-12T15:57:21Z (GMT). No. of bitstreams: 2
arquivo3184_1.pdf: 2104394 bytes, checksum: c7d0a6b6a79686236bcf1f2c5089d46f (MD5)
license.txt: 1748 bytes, checksum: 8a4605be74aa9ea9d79846c1fba20a33 (MD5)
Previous issue date: 2009Muitas empresas buscam por meio de uma forte governança da Tecnologia da Informação (TI) obter vantagens competitivas que as coloquem à frente de seus concorrentes, contudo esta governança não é uma atividade trivial e facilmente mensurável quanto aos seus reais benefícios para a empresa. Desta forma, para auxiliar nesta função, modelos de governança de TI são usados para alcançar a governança corporativa através de um maior alinhamento entre os processos das empresas e a sua TI disponível. Com o objetivo de dar mais simplicidade e dinamismo à governança de TI, esta dissertação analisa alguns importantes trabalhos relacionados e propõe o uso do framework Control Objectives for Information and Related Technology (CobiT) aliado às métricas de desempenho propiciadas pela metodologia de Balanced Scorecard (BSC). Para isto, é especificado o guia BSC-COBIT que, de forma simples, visa promover o alinhamento estratégico da TI com as demais áreas da empresa. Além disso, o guia BSC-COBIT mostra como uma ferramenta de BSC pode ser instanciada a partir das diretrizes e indicadores do CobiT. Além do guia BSCCOBIT, este trabalho apresenta a ferramenta Balanced Scorecard Toolkit (BTK) como parte de sua contribuição. Para validação deste trabalho foi realizado um estudo de caso com uma editora internacional de livros religiosos
20
Al, Omari Loai. "It governance evaluation: Adapting and adopting the COBIT framework for public sector organisations." Thesis, Queensland University of Technology, 2016. https://eprints.qut.edu.au/98551/4/Loai_Al_Omari_Thesis.pdf.
Full textAbstract:
This thesis examined the potential to develop an IT governance evaluation framework for an Australian state public sector and identified factors that would positively influence the adoption of the adapted framework. Using four linked studies the research revealed that an adapted framework for the evaluation of IT governance could be derived from best-practice models to fit the specific needs of individual organisations or sectors. The findings contribute to improving the ease of use, enhance usefulness, and increase the intent to adopt IT governance frameworks within a public sector context.
21
Camacho, Gómez Pedro Daniel, and Arrieta Wilmer Nilton Ramos. "Metodología táctica para la implantación de sistemas de información basado en métrica y COBIT." Universidad Nacional Mayor de San Marcos. Programa Cybertesis PERÚ, 2010. http://www.cybertesis.edu.pe/sisbib/2010/camacho_gp/html/index-frames.html.
Full text
22
Ramos, Arrieta Wilmer Nilton, and Gómez Pedro Daniel Camacho. "Metodología táctica para la implantación de sistemas de información basado en métrica y COBIT." Bachelor's thesis, Universidad Nacional Mayor de San Marcos, 2010. https://hdl.handle.net/20.500.12672/2651.
Full textAbstract:
El propósito de este trabajo es proponer una metodología para la implantación de un sistema de información basándose en los lineamientos de METRICA (metodología de planificación, desarrollo y mantenimiento de sistemas de información) y en COBIT (Objetivos de Control para la información y Tecnologías relacionadas) el cual es un conjunto de mejores prácticas para el manejo de información. Sintetizando ambos conjuntos de conocimientos orientados a procesos nos enfocaremos específicamente en la implantación de las soluciones informáticas.Tesis
23
Jech, Vladimír. "Řízení a kontrola bezpečnosti serverů a koncových zařízení v kontextu informační bezpečnosti (DEVSEC)." Doctoral thesis, Vysoká škola ekonomická v Praze, 2011. http://www.nusl.cz/ntk/nusl-196932.
Full textAbstract:
Securing user devices and servers requires a complex approach which includes not only the configuration of the device itself but also many other factors. The goal of this thesis is to present principles of a new guideline aimed at security and management of user devices and servers in the context of information security. The first part of this paper is devoted to the analysis of existing industry standards, frameworks, guidelines, and other collections of best practice commonly used in the management of informatics and information and IT security. The analysis is complemented with a field research conducted among forefront specialists. Based on the analysis and research, a new methodic concept for the management and control of user devices and servers security called DEVSEC is described in the next part. The concept is constructed with emphasis on security requirements, security measures, processes, resources and the overall security assurance process. The last part of the paper provides results of the final research aimed at testing the concept in the envitonment of one financial firm and also results of another field research among security specialists. The DEVSEC contributes to the theory of management of informatics as well as to its practice. The concept represents a complex approach to the management and control of security of servers and user devices as well as a new guideline ready for practical utilization.
24
Gerber, Petro. "Addressing the incremental risks associated with social media by using the cobit 5 control framework." Thesis, Stellenbosch : Stellenbosch University, 2015. http://hdl.handle.net/10019.1/96665.
Full textAbstract:
Thesis (MComm)--Stellenbosch University, 2015.ENGLISH ABSTRACT: Social media offers great opportunities for businesses and the use thereof will increase competitiveness. However, social media also introduce significant risks to those who adopt it. A business can use existing IT governance control framework to address the risks introduced by social media. However a business should combine existing control frameworks for adequate and complete IT governance. This study was undertaken to help businesses to identify incremental risks resulting from the adoption of social media and to develop an integrated IT governance control framework to address these risks both at strategic and operational level. With the help of the processes in COBIT 5, this study provides safeguards or controls which can be implemented to address the IT risks that social media introduce to a business. By implementing the safeguards and controls identified from COBIT 5, a business ensures that they successfully govern the IT related risks at strategic level. This study also briefly discuss the steps that a business can follow to ensure IT related risks at operational level is addressed through the implementation of configuration controls.
AFRIKAANSE OPSOMMING: Sosiale media bied groot geleenthede vir besighede en die gebruik daarvan sal mededingendheid verhoog. Sosiale media hou ook egter beduidende risiko's in vir diegene wat dit aanneem. 'n Besigheid kan bestaande Informasie Tegnologie (IT) kontrole raamwerke gebruik om die risiko's wat ontstaan as gevolg van die gebruik van sosiale media aan te spreek. Vir voldoende en volledige IT korporatiewe beheer moet 'n besigheid egter bestaande kontrole raamwerke kombineer. Hierdie studie is onderneem om besighede te help om die toenemende risiko's wat ontstaan as gevolg van die gebruik van die sosiale media, te identifiseer en om 'n geïntegreerde IT kontrole raamwerk te ontwikkel om hierdie risiko's op strategiese sowel as operasionele vlak aan te spreek. Met die hulp van die prosesse in COBIT 5 voorsien hierdie studie voorsorgmaatreëls of kontroles wat geïmplementeer kan word om die IT-risiko's waaraan die besigheid, deur middel van sosiale media blootgestel is, aan te spreek. Deur die implementering van die voorsorgmaatreëls en kontroles soos geïdentifiseer uit COBIT 5, verseker ʼn besigheid dat hulle die IT-verwante risiko's op strategiese vlak suksesvol beheer. Hierdie studie bespreek ook kortliks die stappe wat 'n besigheid kan volg om te verseker dat IT-verwante risiko's op operasionele vlak aangespreek word deur die implementering van konfigurasie kontroles.
25
Bernroider, Edward, and Milen Ivanov. "IT Project Management Control and the Control Objectives for IT and Related Technology (CobiT) Framework." Elsevier, 2011. http://dx.doi.org/10.1016/j.ijproman.2010.03.002.
Full textAbstract:
Motivated by scarce academic consideration of project management control frameworks, this article
explores usage, value and structure of frameworks with a focus on the popular Control Objectives for
IT and related Technology (CobiT) construct. We attempt to add to an empirically validated structure
of internal control over IT project management by including CobiT's views on the intended domain of
content. Results from the empirical survey indicate that the metrics suggested by CobiT are regarded
as feasible and important by project management professionals, and are regularly used in controlling
practice. Experience, regularity of significant projects and the size of the hosting organisations,
however, seem to be stronger moderators of success rates than the use of a management control
system with or without support of CobiT. CobiT's suggestions are of generic nature and in particular
useful for programme performance management. The latent dimensions of project quality on process
and activity levels were not validated and gaps to other project assessment models were identified.
26
Tůma, Pavel. "Implementace multiprojektového řízení v podmínkách IT útvaru velké mezinárodní obchodní organizace." Master's thesis, Vysoká škola ekonomická v Praze, 2011. http://www.nusl.cz/ntk/nusl-165284.
Full textAbstract:
The diploma thesis deals with the implementation of multiproject management in terms of international business organization and its IT department. The aim of this thesis is to describe the current state of project management in the IT department using methodology for measuring the maturity of processes. Define the management requirements for project portfolio tool, establish criteria for the selection and also tools comparison. After choosing the tool which satisfies all the requirements and criteria, proposal for implementation of this tool will follow. The conclusion is devoted to a summary of the results and proposals for change, to encourage improvement in the level of maturity of the project management process and project portfolio.
27
Santos, Diana Leite Nunes dos. "Avalia????o da capacidade dos processos de governan??a corporativa de TI baseda no COBIT 5." Universidade Cat??lica de Bras??lia, 2013. https://bdtd.ucb.br:8443/jspui/handle/tede/1951.
Full textAbstract:
Submitted by Kelson (kelson@ucb.br) on 2016-07-18T12:07:22Z
No. of bitstreams: 1
DianaLeiteNunesdosSantosDissertacao2013.pdf: 2232490 bytes, checksum: d0f04d5a5aa136b8228c17afb63807e4 (MD5)Made available in DSpace on 2016-07-18T12:07:22Z (GMT). No. of bitstreams: 1 DianaLeiteNunesdosSantosDissertacao2013.pdf: 2232490 bytes, checksum: d0f04d5a5aa136b8228c17afb63807e4 (MD5) Previous issue date: 2013-08-05
COBIT 5 provides a separation of governance and management processes along with a new assessment approach that focus on process capability. This paper describes such assessment performed at a Brazilian government institution that resulted in 40% of the governance processes at level 0 ??? incomplete process and 60% at level 1 ??? performed process. Given the role of governance, fragilities in its processes may reflect negatively in management and additional research should include a closer look at this relationship. For this particular institution, it is expected that all governance processes are performed (level 1) by the next two years, which is a goal towards an efficient and effective governance system. The following barriers to the application of this self-assessment were found: lack of knowledge on COBIT 5 processes from the assessed institution and the extension of the questionnaire which had 33 questions in its final version. When compared to COBIT 4.1 assessment model, the results were lower, as the same organization was classified in level 2 - repeatable but intuitive. The previous model is also easier and faster to apply. This comparison should be done carefully for the models are very different in its design and use. Finally, the proposed objectives were met: the mechanism is repeatable and can be used in the future to create a historic base; it can be performed as a selfassessment and is expected to be completed, in a medium size IT department, in a four hour time limit.
O COBIT 5 traz a separa????o dos processos de governan??a e gerenciamento e uma nova abordagem de avalia????o com foco na capacidade dos processos. Esse artigo descreve a aplica????o deste tipo de avalia????o em uma institui????o governamental brasileira, que resultou em 40% dos processos de governan??a no n??vel 0 ??? processo incompleto, e 60% no n??vel 1 - processo executado. Dado o papel da governan??a, fragilidades em seus processos podem refletir negativamente no gerenciamento da TI da institui????o e pesquisas adicionais devem incluir um aprofundamento neste relacionamento. Para esta institui????o, em particular, ?? esperado que todos os processos de governan??a passem a ser executados (n??vel 1) nos pr??ximos dois anos, que ?? um objetivo no rumo de um sistema de governan??a eficiente e eficaz. As seguintes barreiras na aplica????o desta autoavalia????o foram encontradas: falta de conhecimento dos processos do COBIT 5 por parte da institui????o avaliada e extens??o do question??rio, que chegou a 33 perguntas em sua vers??o final. Quando comparado com o modelo de avalia????o do COBIT 4.1, os resultados foram inferiores, com a mesma organiza????o sendo classificada no n??vel 2 ??? repet??vel mas intuitivo. O modelo anterior ?? tamb??m mais r??pido e f??cil de aplicar. Essa compara????o deve ser feita com cuidado j?? que os modelos s??o muito diferentes em seu desenho e uso. Finalmente, os objetivos propostos foram alcan??ados: o mecanismo ?? repet??vel e pode ser usado futuramente para criar uma base hist??rica; ele pode ser aplicado como uma autoavalia????o e ?? esperado que seja completado, numa institui????o com uma ??rea de TI de m??dio porte, em at?? quatro horas.
28
Carvalho, Márcio Filipe Alves. "O valor dos processos de gestão de projectos da framework COBIT 5 na governança das TI." Master's thesis, Instituto Superior de Economia e Gestão, 2015. http://hdl.handle.net/10400.5/10537.
Full textAbstract:
Mestrado em Gestão de ProjetosA governança das TI tem sido reconhecida como um fator crítico de sucesso. Esta permite que a gestão e investimento em TI sejam efetuados de forma racional, de modo a obter um nível de performance e excelência organizacional, alinhando a sua estratégia com o negócio, gerindo os riscos, minimizando a probabilidade de falha e, assim, criar um efetivo valor acrescentado para as partes interessadas da organização. Alinhados com a visão corporativa e estratégica do negócio da organização devem também estar os projetos e programas. Com este trabalho pretendeu-se entender a mais valia da governança das TI e a sua importância para colocar as TI alinhadas com a estratégia do negócio e com a visão corporativa. Pretendeu-se também, analisar as frameworks e standards que ajudam na implementação e realização de uma melhor governança e gestão das TI dentro de uma organização, com destaque para a framework COBIT 5. Realizou-se também, uma análise sobre o COBIT 5 e respetivos processos associados à gestão de projetos, assim como, a elaboração do mapeamento entre o COBIT 5 e PMBOK 5ª Edição.
The IT governance has been recognized as a critical success factor. This allows management and IT investment is made in a rational manner, in order to achieve a level of performance and organizational excellence by aligning its strategy with the business, managing risks, minimizing the probability of failure and thus creates an effective added value to the stakeholders of the organization. Aligned with the corporate vision and the organization's business strategy should also be projects and programs. This study is intended to understand the added value of the IT governance and its importance to put IT aligned with the business strategy and corporate vision. It also sought to analyze the frameworks and standards that help in the implementation and achievement of better governance and management of IT within an organization, especially the COBIT 5 framework. It held also an analysis of the COBIT 5 and related processes associated with project management as well as the development of mapping between the COBIT 5 and PMBOK 5th Edition.
29
Machado, Márcia Cristina. "Análise da gestão da sustentabilidade nas empresas de software que empregam modelos de maturidade." Universidade Nove de Julho, 2016. http://bibliotecadigital.uninove.br/handle/tede/1471.
Full textAbstract:
Submitted by Nadir Basilio (nadirsb@uninove.br) on 2016-06-21T18:42:22Z
No. of bitstreams: 1
Marcia Cristina Machado.pdf: 1557218 bytes, checksum: dc8f3badcae604c5d5af5bf370d02232 (MD5)Made available in DSpace on 2016-06-21T18:42:22Z (GMT). No. of bitstreams: 1 Marcia Cristina Machado.pdf: 1557218 bytes, checksum: dc8f3badcae604c5d5af5bf370d02232 (MD5) Previous issue date: 2016-02-15
This study proposes a verification of the relationship between CoBIT framework and the GRI sustainability indicators, and the identification of sustainable practices measured in technology companies that adopt CoBIT model in its management and control. In check the activities of software companies, without further analysis has perception that these are sustainable, since the production chain is electronic, distribution recently adopted is cybernetics and disposal also occurs electronically, not generating waste materials. For the study was used the methodology of study of multiple cases with the application of semi-structured interviews, analysis of documents obtained from the companies analyzed, as well as theoretical research in journals, books and CoBIT guidelines and GRI. As a result, identified a strong relationship between economic and environmental aspects proposed by the GRI indicators with the requirements of CoBIT model and a weak relationship of the social aspects of the GRI with CoBIT model. Regarding the adoption of the model CoBIT observed that companies that using the CoBIT model in its management and control, also practice and manage their sustainable actions, while promoting the dissemination of indicators through the GRI report. It was identified that even technology companies with adhere to other models of management and control, measuring their sustainable practices, do not publish their sustainability reports. The study found that organizations that do not employ models of management and control, and it does not measure its sustainable practices consequently do not publish sustainability reports. This discovery led to the development of a tool that seeks to help Brazilian software companies in the implementation of sustainable practices, and the adoption of management and control models.
Este estudo se propõe entender a relação entre o modelo CoBIT e os indicadores de sustentabilidade GRI, identificando as práticas sustentáveis mensuradas nas empresas de tecnologia que adotam o modelo CoBIT em sua gestão e controle. Ao verificar as atividades das empresas de software, sem uma análise mais aprofundada, poderá ter-se a percepção que estas são sustentáveis, uma vez que sua cadeia produtiva é eletrônica, sua distribuição recentemente adotada é a cibernética e seu descarte também ocorre eletronicamente, não gerando resíduos materiais. Para realizar o estudo foi empregado a metodologia de estudo de casos múltiplos, com a aplicação de entrevistas semiestruturadas, análise dos documentos obtidos junto às empresas analisadas, além da pesquisa teórica em periódicos, livros e nos guidelines CoBIT e GRI. Como resultado identificou-se uma forte relação dos aspectos econômicos e categorias análise e estratégia, engajamento dos stakeholders e governança propostos pelos indicadores do GRI com os requisitos do modelo CoBIT e uma fraca relação dos aspectos sociais e ambientais do GRI com o modelo CoBIT. No que tange a adoção do modelo CoBIT observou-se que as empresas que adotam este modelo em sua gestão e controle, praticam e gerenciam suas ações sustentáveis e promovem a divulgação de seus indicadores por meio do relatório GRI. Identificou-se ainda que as empresas de tecnologia que aderem a outros modelos de gestão e controle, executam e mensuram suas práticas sustentáveis, mas não realizam a publicação de relatórios de sustentabilidade. O estudo também revelou que as organizações que não empregam modelos de gestão e controle, também não mensuram suas práticas sustentáveis e por consequência não publicam relatórios de sustentabilidade. Esta descoberta propiciou como contribuição para a prática a elaboração de uma cartilha modelo que busca auxiliar as empresas de software brasileiras na implantação de práticas sustentáveis, e na adoção de modelos de gestão e controle.
30
Stanojevic, Petar. "AN ASSESSMENT OF THE IT GOVERNANCE MATURITY AT SL." Thesis, KTH, Industriella informations- och styrsystem, 2011. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-81389.
Full textAbstract:
Today Information Technology (IT) can be found in every modern enterprise. As IT has become one of the most crucial parts of an enterprise, it has made management aware of the impact IT has on the success of the enterprise. This has led to a significant increase on IT investments. IT governance aims at assuring that IT delivers more value from IT investments and enforcing IT‟s role as a business enabler. AB Storstockholms Lokaltrafik (SL) is a government owned company that is responsible for the general transportation system in the municipality of Stockholm. This master thesis aims at assessing the IT organization at SL from an IT governance perspective. The purpose of such assessment is to identify problem areas and suggest measures for improvement. The IT governance framework COBIT (Control Objectives for Information and related Technology) has guided the theory for IT governance throughout this study. A framework for the assessment of the IT governance maturity at SL was developed based on the IT Organization Model Assessment Tool (ITOMAT), a formalized method for assessing the IT governance maturity. The IT governance maturity of SL obtained the score 2,68 out of 5,00. Considering the fact that SL started with the process of introducing IT governance to the organization as recent as 3 years ago, the result obtained is higher than expected. It indicates that significant progress has been achieved in their IT governance. Nevertheless, the organization still has great potential for improvement.
31
Botha, Elsabe. "Information technology governance frameworks in higher education in South Africa : a paradigm shift / Elsabe Botha." Thesis, North-West University, 2012. http://hdl.handle.net/10394/8657.
Full textAbstract:
Good corporate governance has, in recent years, been placed on centre stage
worldwide and several frameworks have been put in place to enable organisations
as well as higher education institutions to adhere to effective IT governance with
regards to IT service delivery and support. At the same time, demand from users
for access to corporate resources with their own personal devices other than
desktop or laptop computers and options such as cloud computing, social media
and mobility have converged into a renewed driving force influencing all IT
decisions regarding service delivery and support, whilst higher education
institutions attempt to comply with governance regulations.
The aim of this study was to investigate whether ITIL as an IT governance
framework is still applicable and relevant to a changed service delivery context in
IT service delivery departments in the higher education sector in South Africa.
Higher education in South Africa has not been excluded from adhering to good
governance and the draft Regulations for Reporting by Higher Education
Institutions have been updated with the recommendations of King III which, for the
first time, addressed IT governance and insisted on management to implement an
IT governance framework. ITIL is one of the most widely used governance
frameworks, however its position as a technology on the Gartner Hype Cycles for
Education for 2011 and 2012 displayed a move backwards from being widely
understood to a display of waning interest amongst institutions in the education
sector worldwide.
Exploratory research found that ITIL is still valued as a governance framework in
higher education in South Africa however staff members in IT support departments
displayed a resistance to change and also found it difficult to implement ITIL
processes. This is, however, not primarily due to a changing IT service delivery
context. Findings also indicated that ITIL should be considered as a set of
guidelines and best practices and not a governance framework as such.
Recommendations towards a paradigm shift regarding ITIL as a governance
framework per se as well as a proposal towards a possible alternative conceptual
IT governance framework incorporating only ITIL guidelines and best practices as
well as COBIT for risk management were put forward.Thesis (MBA)--North-West University, Potchefstroom Campus, 2013
32
Žižka, Petr. "Srovnání metodik zaměřených na řízení ICT procesů s důrazem na ITIL." Master's thesis, Vysoká škola ekonomická v Praze, 2009. http://www.nusl.cz/ntk/nusl-17067.
Full textAbstract:
The subject of this thesis is a detailed description of the methodics and the sets of best practices for the information processes management and informatics as such, and their comparison as far as history, content, specialization and structure are concerned. The thesis mainly concentrates on a set of the best practices called Information Technology Infrastructure Library (ITIL). Furthermore, the relations between individual methods and between ITIL V2 and V3 are described. In addition, attention is also paid to the possibilities of utilizing these methods in order to attain maximal synergetic effect. The first chapter deals with ITIL. It describes the history of the second version in particular. A separate chapter is devoted to showing the differences between v2 and v3 and mapping of the processes from the second version to the third. This chapter also provides the basic principles of ITIL v3 and a detailed description of individual publications and main processes. The next part deals with ČSN/ISO 20 000, Cobit and ITGPM. A description, advantages of its implementation and the relation to ITIL is provided for each of these documents. Furthermore, the way to obtain the ČNS/ISO 20 000 certification is also described. In the following section, ITIL, Cobit and ČSN/ISO 20 000 are compared in detail. The criteria for the comparison are: type, subject, size of the organization, sector, availability, organization certification, individuals certifications, linkage to other methods, extent, concept of the life cycle, processes description, weak and strong spots. The practical part of the thesis deals particularly with the service catalogue optimalization and creation of the SLA prototype for the IT department of radio Free Europe. The practical part is the biggest contribution of this thesis.
33
Lipčák, Peter. "Dodávka informatických služeb - technologické a procesní zajištění dostupnosti a kontinuity služeb ve vazbě na podnikání a sjednané parametry služeb." Master's thesis, Vysoká škola ekonomická v Praze, 2009. http://www.nusl.cz/ntk/nusl-76822.
Full textAbstract:
This thesis deals with the aspects of managing the business continuity by the methodologies of ITIL and Cobit. The main thesis objective is to find out if there exists one general aplicable solution of the business continuity managment process based on the relative approach comparison and integration of both methodologies and afterwards to define this general solution. The secondary thesis objective is to try to specify the problem issue, which is not covered neither one of those methodologies and then integrate it into this general solution. The purpose of first chapter is to analyze and generally describe the business continuity managment area, its relation with IT Service Managment, to define all key issue terms and to give a best practice review dealing with this field. In the following chapters there is a detailed look at the concrete individual approaches of metodics ITIL and Cobit to the area of business continuity managment. The final chapter deals with approach comparison of both methodologies based on by author defined key fields as target group, enterprise type, terminology, mature models, metrics, concept and relative mapping of relevant points. The chapter provides the general complex solution guideline of this issue by simultaneous implementation of both methodologies as well. This is the main contribution of this work. The next contribution consists in the definition of irrational employee behaviour problem during disaster and its integration to this general guidelines.
34
Smetana, Jan. "Audit informačního systému v obchodní společnosti." Master's thesis, Vysoká škola ekonomická v Praze, 2017. http://www.nusl.cz/ntk/nusl-358839.
Full textAbstract:
The thesis deals with information system audit in a company. The main goal is to compile the final report of information system audit in the small company which is engaged in wholesale distribution of goods. The necessary elements for the fulfillment of the main goal are collecting knowledges about available methods and procedures of auditing, planning and processing the audit. The final audit report contains a number of identified deficiencies with recommendations for their elimination. The benefit of this thesis is a list of these recommendations that could be applied by the company to get the working processes more effective.
35
FONTES, Gislene dos Santos. "Diagnóstico e diretrizes para a governança da tecnologia da informação na ECT." Universidade Federal de Pernambuco, 2010. https://repositorio.ufpe.br/handle/123456789/2382.
Full textAbstract:
Made available in DSpace on 2014-06-12T15:57:34Z (GMT). No. of bitstreams: 2
arquivo3209_1.pdf: 2057622 bytes, checksum: 3bd1fb1db0db47e032b586b53e77a594 (MD5)
license.txt: 1748 bytes, checksum: 8a4605be74aa9ea9d79846c1fba20a33 (MD5)
Previous issue date: 2010A Governança de Tecnologia da Informação (TI) surge como uma derivação da Governança Corporativa e tem por objetivo estabelecer um conjunto de processos e controles que direcione as ações da área de tecnologia às estratégias de negócios. Apesar da adoção crescente da Governança de TI nas empresas, muitas iniciativas de implantação fracassam pela falta de envolvimento dos gestores no processo ou por estratégias de implantação distantes da necessidade e realidade das organizações. Utilizando a Empresa Brasileira de Correios e Telégrafos (ECT) como ambiente de estudo, uma pesquisa foi realizada junto aos gestores da área de tecnologia com o objetivo de identificar pontos críticos de sucesso para a governança de TI adotada pela organização. Com base nessa pesquisa e no diagnóstico sobre o ambiente estudado, um conjunto de diretrizes é apresentado como proposta para alcançar uma governança de TI corporativa e eficaz, ou seja, que possa ser percebida e praticada em cada núcleo de tecnologia da empresa
36
Ahlqvist, Petter, and Johan Vagiström. "Kravställning på Incidenthanteringssystem." Thesis, Högskolan i Borås, Akademin för bibliotek, information, pedagogik och IT, 2015. http://urn.kb.se/resolve?urn=urn:nbn:se:hb:diva-1035.
Full textAbstract:
Användandet av IT relaterade tjänster har ökat kraftigt de senaste åren och visar inga tecken på att avstanna. Men i takt med att användningen ökar så ökar även riskerna, för vad händer egentligen när de IT-tjänster som så många företag och privatpersoner förlitar sig på plötsligt fallerar eller på annat sätt blir oåtkomliga? För att skydda sig mot sådana scenarier så blir det allt vanligare bland företag som driver IT-tjänster att använda sig incidenthantering, vars syfte är att genom fördefinierade processer återställa IT-tjänster till fungerande läge när en incident väl inträffar. För att implementera en incidenthanteringsprocess är det vanligt att verksamheter använder någon form av ramverk eller metod för att underlätta och effektivisera arbetet, i skrivande stund heter de mest använda ramverken ITIL och COBIT. Det är mycket vanligt att en incidenthanteringsprocess i en verksamhet bygger på någon form av system eller applikation vars syfte är att underlätta och effektivisera hanteringen av incidenter, ett sådant system benämns ofta som incidenthanteringssystemet. Trots att ramverk som ITIL och COBIT är använda i stor utsträckning världen över så uppstår det ett problem i att de båda saknar fokus på incidenthanteringssystemet och vad ett sådant system skall klara av. För när ramverken inte tar upp en sådan central del av incidenthanteringsprocessen så innebär det att den implementerande verksamheten själva måste lägga tid och resurser på att reda ut hur ett sådant system skall fungera. Denna studie adresserar problemet med att de vanligast använda ramverken för incidenthantering inte behandlar det, för processen, så centrala incidenthanteringssystemet genom att undersöka och besvara följande forskningsfrågor. Vilka implicita och explicita krav bör ett incidenthanteringssystem uppfylla? Vilka krav på incidenthanteringssystemet går att utläsa från de mest använda ramverken för incidenthantering? Hur matchar de framtagna kraven de krav som ställts av en verksamhet ur näringslivet? Denna studie riktar sig framförallt till de verksamheter eller individer som anser sig ha nytta av en sammanställning av de krav som ett incidenthanteringssystem bör uppfylla och kan fungera som ett stöd vid implementering eller inköp av ett nytt incidenthanteringssystem. Genom att identifiera kraven som ställs på ett incidenthanteringssystem utifrån de mest använda ramverken för incidenthantering så bidrar studien med resurser för implementationen av nämnt system drastiskt minskar. Samt genom att presentera ett konkret exempel, fallstudien, och jämföra det med kraven från ramverken bidrar studien med en referenspunkt för verksamheter att utgå ifrån när de implementerar eller köper ett nytt incidenthanteringssystem.The use of IT-related services has increased massively over the past years and it shows no signs to stop. But alongside the usage increasing the risks also increases, because what will happen when the IT-services that so many rely upon suddenly cease to function, or in other ways become inaccessible? To protect against such scenarios it is increasingly more common for IT-service businesses to use incident management, whose purpose is to recover IT-services to their functional state, using predefined processes, should an event occur. It is common for IT-service businesses when implementing an incident management process to use some kind of framework or method to facilitate and streamline its work process, and as of writing this paper, the most used frameworks are ITIL and COBIT. It is very common for an IT-service business that in the incident management process develop a system or application whose purpose is to facilitate and streamline the incident management, and these are commonly referred to as Incident Management Systems. Even though ITIL and COBIT being widely used worldwide, there are some weaknesses in them, regarding Incident Management Systems, since both of the frameworks lack focus and depth of what an Incident Management System should manage. Such lack of focus and depth of a vital and central part of the Incident Management process, may prove expensive to IT-service businesses since the business needs to investigate what the system needs to manage, and how to manage it. This paper address the problem with ITIL and COBIT lack of focus and depth regarding the central part of the incident management process, the Incident Management System by investigating and reciprocate the following questions. Which implied and explicit requirements should an Incident Management System meet? Which Incident Management System requirements can be found from the most used frameworks regarding Incident Management? How well does the identified requirements match those requirements made by a real world company? The target audience for this paper is mainly IT-service business or individuals that considers themselves in need of a compilation of requirements that an Incident Management System should meet and can be used as a supporting tool when implementing or purchasing a new Incident Management System. By identifying requirements that an Incident Management Systems should meet from the most used framework regarding Incident Management, this paper will contribute with means for the implementation of the Incident Management System, reducing the costs for the investigation of demands of such a system. It will also present interested parties with a concrete example, the single case study, to compare with the requirements from the frameworks, contributing with a benchmark for IT-service business to start from when implementing or purchasing an Incident Management System.
37
Baltakys, Andrius. "Optimalus IT paslaugų valdymo sprendimas verslui." Master's thesis, Lithuanian Academic Libraries Network (LABT), 2009. http://vddb.library.lt/obj/LT-eLABa-0001:E.02~2008~D_20090204_113713-73320.
Full textAbstract:
Šiuolaikiniame pasaulyje vykstant globalizacijai, informacinių sistemų panaudojimas apima vis daugiau, sparčiai, su naujomis technologijomis žengiančios įmonės verslo procesų. Didėjant įmonės verslo priklausomybei nuo naujų technologijų yra būtina optimaliai koordinuoti įmonėje vykstančius IT procesus. Yra nemažai tarptautiniu mastu pripažįstamų standartų, tačiau labai svarbu juos tinkamai pasirinkti bei taikyti. Šio darbo tikslas – išanalizuoti lyderiaujančius IT paslaugų kokybės valdymo standartus ITIL, CobiT bei ISO ir pasiūlyti optimalų sprendimą IT ūkio priežiūros problemai spręsti. Darbe nuosekliai aprašomi IT paslaugų valdymo metodologijos standartai, jų poreikiai ir galimybės. Apžvelgiama ITIL realizacija populiariausiuose programinės įrangos paketuose, pateikiama jų stipriųjų bei silpnųjų pusių analizė, rekomendacijos naujoms rinkoms. Pasiūlytos rekomendacijos lengvai gali būti pritaikomos pagal konkretaus verslo poreikius, tiek organizacijoms, kurios pačios prižiūri savo IT ūkį, tiek kompanijoms teikiančioms IT priežiūros paslaugas.In the modern world Information Technologies are one of the most important parts of enterprise, even if IT is not key business. It‘s critical to support company‘s IT infrastucture in order to obtain as high effectiveness as it is possible. The goal of our Master thesis is to review leading IT quality management standarts and to propose IT support recommendations for companies. This work presents IT support stages and required software to establish best practice approaches for IT service management, based on ITIL. Proposed recommendations are not related to core business and organization‘s IT. They can be applied by organizations with support their IT themselves and by IT support outsourcing companies.
38
Řenč, Leoš. "Metodiky řízení informatických procesů." Master's thesis, Vysoká škola ekonomická v Praze, 2008. http://www.nusl.cz/ntk/nusl-12364.
Full textAbstract:
This thesis deals with the IT processes management methodics, their comparison in terms of content, aim and support offered during implementation, employee training and in terms of international recognition and spread among businesses. The thesis also deals with mutual methodics relation and their respective use in business practice. The first part includes the characteristics of individual methodics and their basic concepts and relations description. The possible future development trend and the spread of individual methodics in selected countries are also mentioned in this section. The following part deals with the possibilities of certification and training for all mentioned methodics and methodics support during implementation. The current offer state of the training and IT processes management methodics support in the Czech Republic is characterized there. Contribution of these first two parts is arranged comparison of methodics to defined criteria of comparison. The final part is aimed at practical application of IT management methodics in their interrelationship. It contains raw analysis of the use of individual methodics at Česká pojišťovna and the consequent detailed analysis of the selected IT processes. Following proposals for the optimization are made for processes which were detail analyzed. This is the main contribution of this work according to following update of selected IT processes.The current valid approaches to these problems in Česká pojišťovna as well as expected future development are described in this section as well.
39
Salák, Ondřej. "Systém kontrol v organizaci." Master's thesis, Vysoká škola ekonomická v Praze, 2012. http://www.nusl.cz/ntk/nusl-124694.
Full textAbstract:
The aim of this work is to create a framework to classify internal controls due to the management level in which they appear, and to apply this framework to internal controls in a small organization. First, the reader is briefly introduced to the definition of control, types of control and the structure of control. Another part is a description of the established framework for the classification and subdivision of controls in terms of the levels of management. Each level of control is also clearly accompanied by the examples from the above documents. In the end, this system is applied to an organization that has almost no internal control system yet, and the framework of the controls at the individual levels is introduced.
40
Martinati, Rafael Rodrigo. "Frameworks de governan?a de TIC aplicados em SLA de VoIP sobre WLAN." Pontif?cia Universidade Cat?lica de Campinas, 2009. http://tede.bibliotecadigital.puc-campinas.edu.br:8080/jspui/handle/tede/502.
Full textAbstract:
Made available in DSpace on 2016-04-04T18:31:24Z (GMT). No. of bitstreams: 1
Rafael Rodrigo Martinati.pdf: 892328 bytes, checksum: bb06e7a9c52ea61c8c7545d477f6b0f3 (MD5)
Previous issue date: 2009-06-19The objective of this paper is to analyze the development of Service Level Agreement to Voice over Internet Protocol over WIFI services in compliance with COBIT, ITIL and ISO / IEC 20.000-1:20005 and ISO 38.500 frameworks, specially using perceived quality of speech as a SLA requirement . The models MOS, PESQ and E MODEL published by the ITU for evaluation of quality of speech analyzed was identified the hypothesis that the E MODEL provide compliance with the frameworks of ICT governance. It was emulated a Voice over Internet Protocol over WIFI scenario and measured is the variation of the R FACTOR, in different encoders and compared with the changes in jitter and rate of loss packets. We can conclude that E model has characteristics that make it able to be inserted into a Service Level Agreements for Voice over Internet Protocol over WIFI service.
Este trabalho discorre sobre acordos de n?vel de servi?os, ou Service Level Agreements (SLA) para servi?os Voice over Internet Protocol (VoIP) sobre redes Wireless Local Area Network (WLAN). Foram considerados como fundamentos os frameworks Control Objectives for Information and related Technologies (CobiT), Information Technology Infrastructure Library (ITIL) e as normas ISO/IEC 38.500 e ISO/IEC 20.000-1 e constatouse que a qualidade de fala percebida deve ser um requisito de um SLA para VoIP. Foram analisados os modelos de avalia??o de qualidade de fala Mean Opinion Score (MOS), Perceptual Evaluation of Speech Quality (PESQ) e Modelo E, publicados pela International Telecommunications Union (ITU) onde foi identificada a hip?tese de que o Modelo E esteja em conformidade com os frameworks de governan?a de Tecnologia da Informa??o e Comunica??o (TIC), por fornecer um indicador, o fator R, que pode ser considerado como um indicador de SLA. Para comprova??o desta hip?tese, foram analisados dados, obtidos em uma emula??o de um ambiente real de redes WLAN para medi??o da varia??o do fator R, utilizando-se de dispositivos codificadores (CODEC) e cen?rios diferentes. Constatou-se que o fator R apresentou a mesma tend?ncia de qualidade de fala nos diferentes dispositivos CODEC. Foram ent?o comparadas as varia??es de jitter e taxa de perda de pacotes nos mesmos cen?rios e codificadores para analisar se a varia??o destas m?tricas possui relacionamento com as medidas do fator R. Identificou-se ent?o que o fator R apresenta caracter?sticas que permitem que ele seja inserido em um SLA de um servi?o VoIP, viabilizando assim a requisitos de governan?a e gest?o de servi?os de TIC.
41
Ben, Romdhane Randa. "Les effets de la multiplicité des normes et des référentiels de bonnes pratiques : le cas de la Direction des Systèmes d’Information." Thesis, Paris, CNAM, 2015. http://www.theses.fr/2015CNAM0989/document.
Full textAbstract:
Ce travail de recherche se donne pour ambition d'explorer les effets de la multiplicité des normes et des référentiels de bonnes pratiques en systèmes d'information au niveau de la direction des systèmes d'information. L'enjeu principal de cette thèse est de mettre en évidence une question qui n'a pas été traitée auparavant dans la recherche académique. Les carences de littérature sur le sujet ainsi que le manque de lisibilité révélé dans la littérature praticienne soutiennent la singularité et le bien-fondé de notre question.Notre stratégie de recherche a été élaborée dans le but de contribuer à la connaissance d'un objet méconnu dans la recherche académique. La question de recherche a été mise à l'épreuve de la réalité professionnelle à l'aide d'un dispositif empirique qui s'articule autour de trois éléments. Tout d'abord, trois entretiens exploratoires nous ont permis d'affiner notre question de recherche et d'affirmer son intérêt vis-à-vis de la communauté professionnelle. Ensuite, dix entretiens semi-directifs auprès de cinq entreprises françaises ont eu pour but d'approfondir la compréhension des effets de la multiplicité des normes et des référentiels pour la direction systèmes d'information. Enfin, une étude de cas unique basée sur deux vagues d'entretiens approfondis avec le DSI d'une société française cotée à Wall Street, a eu pour ambition de prolonger la réflexion en se focalisant sur un aspect particulier de notre objet de recherche.Ces éléments ont été complémentaires et pertinents pour apporter un éclairage sur la multiplicité des normes et des référentiels en systèmes d'information. S'agissant d'une thématique non spontanément maîtrisée par les répondants, nous avons suggéré une mise en perspective de nos résultats à travers des clés de compréhension théoriques. En tenant compte de la nature exploratoire de notre recherche, les résultats de cette thèse constituent principalement des propositions plausibles et acceptables dont le but de suggérer des pistes de réflexion pour des projets de recherche ultérieursThe purpose of this research is to explore the effects of multiple standards and frameworks of best practices in information systems at the level of the Information Technology Department. The main challenge of this thesis is to highlight an issue that has not been addressed before in academic research. The lack of literature on the subject and the failure to grasp its scope the practitioner literature support the uniqueness and the merits of our research question.Our research strategy was developed in order to contribute to the knowledge of an unknown object in the academic research. The research question has been submitted to the professional reality using an empirical device based on three elements. First, three exploratory interviews allowed us to refine our research question and to highlight its importance to the professional community. Then, ten semi-structured interviews within five French companies have aimed to deepen the understanding of the effects of the multiple standards and frameworks of best practices for IT Department. Finally, a single case study based on two waves of extensive interviews with the CIO of a French company listed on NYSE, had the ambition to extend the reflection focusing on a particular aspect of our research object.These elements were complementary and relevant to shed light on the multiple standards and frameworks of best practices in Information System. As this is a theme that was not spontaneously controlled by respondents, we suggested a perspective of our results through theoretical understanding elements. Considering the exploratory nature of this research, the results of this thesis are mostly plausible and acceptable proposals which aim to suggest lines of inquiry for future research projects
42
Bugosen, Abi-Gosen Omar Jesús, and Ruiz Christian Daniel Tejada. "Adaptación de modelo de gobierno y gestión de TI para la empresa virtual IT Expert basado en Cobit 5." Bachelor's thesis, Universidad Peruana de Ciencias Aplicadas (UPC), 2015. http://hdl.handle.net/10757/346736.
Full textAbstract:
In recent years, the field of IT service outsourcing has evolved substantially, and thereby the unavoidable need for adequate Governance and Management in delivering outsourced application services and IT infrastructure.
Many small and medium companies providing these services face problems of low control and misuse of resources, caused by low awareness of IT governance, which trigger an inadequate definition of processes, the lack of an assessment of processing capabilities and lack of initiative for continuous improvement.
In this situation, the case study of the company "IT Expert" is developed, in which a model of Government and Management focused on delivering IT services based on COBIT 5 is
proposed. For this purpose, the company objectives are matched with the objectives of Corporate Governance, these objectives with IT objectives; and also these with specific objectives of business processes.
Thus, the current process is then evaluated to propose improvements and redefine the necessary processes for proper delivery of IT services. With this, the proposed improvements are implemented and the results obtained are presented so that the effectiveness of the solution is ensured by comparing the final results with those obtained initially.
The main result is a proven model for IT Governance and Management solution based on COBIT 5 focused on the management domain Delivery, Service and Support. Thus, we conclude that it is fully necessary to have a proper IT governance model to ensure proper operation in the delivery of IT infrastructure and applications, mitigate risks and avoid the earlier mentioned problems.Durante los últimos años, el campo de tercerización de servicios de tecnologías de la información (TI) ha evolucionado sustancialmente y, con ello, la necesidad ineludible de un adecuado gobierno y gestión en la entrega de servicios tercerizados de aplicación e infraestructura de TI. Bajo este escenario, en el que se presenta un constante cambio, muchas pequeñas y medianas empresas prestadoras de servicios de TI se enfrentan ante problemas de bajo nivel de control y uso inadecuado de recursos, causados por la baja concientización sobre gobierno de TI, que posteriormente desencadenan en una insuficiente definición de procesos, en la carencia de una evaluación de capacidades de procesos y en la falta de iniciativa para la mejora continua. Ante esta situación, se desarrolla el caso de estudio de la empresa IT Expert, en el que se propone un modelo de gobierno y gestión enfocado en la entrega de servicios de TI basado en COBIT 5. Para ello, se "mapean" los objetivos de la empresa con los objetivos del gobierno empresarial, estos con los objetivos de TI y estos, a su vez, con los objetivos específicos de los procesos de la empresa. Posteriormente, se evalúan los procesos actuales con la finalidad de proponer mejoras y definir correctamente los procesos necesarios para una adecuada entrega de servicios de TI. Con ello, se implementan las mejoras propuestas y se presentan los resultados obtenidos, de manera que se garantiza la efectividad de la solución al comparar los resultados finales con los inicialmente obtenidos. El resultado principal es una solución probada de modelo de gobierno y gestión de TI basado en COBIT 5, enfocada en el dominio de gestión Entregar, Dar Servicio y Soporte. De esta manera, se concluye que es plenamente necesario contar con un adecuado modelo de gobierno de TI para garantizar la correcta operación en la entrega de servicios de infraestructura y aplicaciones de TI, apoyado en la mitigación riesgos y evitando los problemas expuestos.
43
Díaz, Escalante Nancy Maribel. "Guía para la gestión del servicio de mesa de ayuda, basada en ITIL–COBIT caso de estudio: empresa EPSI." Bachelor's thesis, Universidad Nacional Mayor de San Marcos, 2010. https://hdl.handle.net/20.500.12672/15010.
Full textAbstract:
Describe la problemática de la empresa EPSI el cual brinda el servicio de mesa de ayuda a la empresa PSAPAL, dicha problemática se resume en el inadecuado servicio brindado, lo cual genera un bajo nivel de satisfacción de los usuarios. Por lo cual se ha creído conveniente la realización de una Guía para la Gestión de la Mesa de Ayuda basada en ITIL – COBIT teniendo como caso de estudio a la empresa EPSI. Para el desarrollo de la guía se ha utilizado como metodología el marco de referencia COBIT versión 4.1 y las buenas prácticas de ITIL V 2.0 /3.0, dicha Guía se ha denominada 2GMA, la cual describe los pasos necesarios para una adecuada gestión de mesa de ayuda. Así mismo se encuentra dividida en 7 etapas descritas en el capítulo IV, dentro de los cuales se realizan actividades detallándose paso a paso desde el momento en que se genera el requerimiento hasta culminar con el objetivo de obtener una Gestión de Servicio Mesa de Ayuda Basado en ITIL y COBIT. Durante el desarrollo de la guía 2GMA se ha tomado como herramienta a la Suite del sistema Aranda así mismo contiene algunos formatos o documentos resultantes por cada actividad, cuyo contenido se presentan en el numeral 4.6 y se encuentran a manera de formularios, diagramas, esquemas, cuadros etc. Dichos documentos servirán como aporte al interesado para que implemente y gestione una Mesa de Ayuda eficaz y eficiente que brinde un servicio de calidad y alineada a los objetivos del negocio. Después de la aplicación de la guía 2GMA se obtuvieron resultados los cuales se encuentran descritos en el capítulo IV numeral 4.11 Resultado de la aplicación de la guía, mediante el cual se comprueba la viabilidad de la guía ya que resuelve en un 90 % la problemática de la mesa de ayuda.Trabajo de suficiencia profesional
44
García, Paredes Giuliana Jakeline, and Camarena Verónika Yaneth Guillén. "Evaluación de procedimientos de seguridad de la información utilizando ISO 27002 y COBIT. Caso de estudio: empresa de hidrocarburos." Bachelor's thesis, Universidad Nacional Mayor de San Marcos, 2009. https://hdl.handle.net/20.500.12672/14836.
Full textAbstract:
Pretende evaluar el nivel de madurez de los procedimientos de seguridad de la información de la empresa, mediante la aplicación de una metodología y propuesta de indicadores basados en un conjunto de buenas prácticas. Para tal efecto, se plantea la aplicación de normas o buenas prácticas tales como ISO 27002 y COBIT, para platear una metodología de evaluación y la determinación del nivel de madurez en el que se encuentra. Se tomará como caso de estudio una organización real (PetroAmérica).Trabajo de suficiencia profesional
45
Fuentes, Rivera Jessica Vallejos. "Alineamiento de Marco COBIT y Normas PCI para aplicarse al proceso de tarjeta de crédito en una entidad financiera." Bachelor's thesis, Universidad Nacional Mayor de San Marcos, 2010. https://hdl.handle.net/20.500.12672/11165.
Full textAbstract:
Busca alinear los requisitos normados por la industria de tarjeta de pago (PCI) con el marco conceptual COBIT, con el propósito de optimizar los procesos de tarjeta de crédito obteniendo una matriz de asignación de responsabilidades, un modelo de madurez y una gestión de prevención de los riesgos del fraude y así mantener la información que la empresa necesita para lograr sus objetivos. El proceso de tarjeta de crédito reúne una serie de debilidades correspondientes a la seguridad de la información, las entidades financieras no son ajenas a diferentes tipos de ataques, entre ellos incluidos el fraude interno, el cual afecta a la imagen del negocio.Trabajo de suficiencia profesional
46
Marcin, Juraj. "Metriky kvality řízení IT." Master's thesis, Vysoké učení technické v Brně. Fakulta informačních technologií, 2019. http://www.nusl.cz/ntk/nusl-403116.
Full textAbstract:
This thesis deals with metrics of IT management. The main goal of the thesis is to design a web application for assessing the quality of IT service management. The resulting application will determine the aforementioned quality based on the specified criteria and values. In the first part of the thesis, there are elaborated current methodologies, which are focused on quality assessment of IT administration and management. These methodologies also include metrics to assess this quality. In the third chapter, the quality assessment process is processed using the IT Quality Index. The fourth and fifth chapter describes the design and implementation of the web application itself. Validation of application results is processed in the fifth chapter. The created application is deployed on the server and used to assess IT quality. In the last chapter of this work is described practical use of work results and possible extensions of the web application.
47
Weberová, Pavla. "Možnosti hodnocení kvality informačních systémů." Master's thesis, Vysoká škola ekonomická v Praze, 2009. http://www.nusl.cz/ntk/nusl-11775.
Full textAbstract:
This thesis is engaged in Information Systems quality, because the accent on quality is present trend. In this thesis is defined the term of "Quality of Information System" and the most important standards are described. Further the ways of quality assessment -- certification and audit are put near. The procedure of the quality audit is proposed. Also this thesis containes patterns of the checklists for the quality audit
48
Nedomová, Marie. "Možnosti hodnocení kvality informačního systému." Master's thesis, Vysoká škola ekonomická v Praze, 2014. http://www.nusl.cz/ntk/nusl-193195.
Full textAbstract:
The thesis deals with the possibilities of the quality information system assessment. The theoretical part of the thesis describes the information systems, explains the term quality in information systems and describes the methods of the IT processes maturity assessment. The implementation of selected methods of the IT process maturity assessment is the content of the practical part of the thesis. A questionnaire survey based on the selected methods was conducted in the SAINT-GOBAIN ADFORS CZ s.r.o. company. The survey was analyzed, the level of the Problem Management process maturity was defined and possible improvements of this process were suggested.
49
Martinkutė, Aurelija. "Informacinių technologijų strateginis valdymas Lietuvos Respublikos viešajame sektoriuje." Master's thesis, Lithuanian Academic Libraries Network (LABT), 2009. http://vddb.library.lt/obj/LT-eLABa-0001:E.02~2009~D_20090122_103705-30406.
Full textAbstract:
Darbas yra aktualus, nes viešojo sektoriaus įstaigose ir organizacijose kol kas nėra pakankamų žinių apie informacinių technologijų valdymo procesų tobulinimo metodus. Dažnai informacinių technologijų plėtra ir strateginis valdymas yra suprantama kaip technologinis, o ne kaip vadybinis uždavinys, todėl tampa atskirti nuo pagrindinių įstaigos veiklos procesų ir vyksta nepriklausomai nuo pagrindinės įstaigos veiklos. Šiame magistriniame darbe išanalizuotos Lietuvos viešojo sektoriaus informacinių technologių strateginio valdymo problemos nustatytas Lietuvos viešojo sektoriaus strateginio valdymo lygis. Šio darbo tyrimo objektas – Lietuvos Respublikos viešojo sektoriaus informacinių technologijų strateginis valdymas. Tikslas – nustatyti Lietuvos Respublikos informacinių technologijų strateginio valdymo galimybes, taikant tarptautinį standartą COBIT. Iškeltam tikslui pasiekti ir išspręsti tokie uždaviniai, kaip: informacinių technologijų strateginio valdymo svarba, atlikta teisinės bazės, reglamentuojančios viešojo sektoriaus informacinių technologijų valdymą, analizė, išanalizuotas tarptautinį standartą – COBIT ir sugretintas su Lietuvos teisine baze, tai pat atlikta ekspertų apklausa. Taip pat atliktas tyrimas patvirtino keliamą hipotezę: Lietuvos Respublikos viešojo sektoriaus informacinių technologijų srityje strateginio valdymo reglamentavimas teisės aktais neatitinka reglamentavimo pagal tarptautinį standartą – COBIT. Pirmoje dalyje pateikiama lietuvių ir užsienio mokslinės... [toliau žr. visą tekstą]The work is important, because the lack of knowledge on improvement methods of the information technologies management processes exists in organisations and institutions of public sector. Information technologies development and strategic management is often understood as technological, but not administrative task and due to that it becomes desintegrated with the main institutional processes and goes independently from main institutional activities. In this master work problems of the strategic management of information technologies in public sector of Lithuania are analysed and the maturity level of the strategic management of public sector of Lithuania is determined. Analysis object of this work - strategic management of information technologies in public sector of the Republic of Lithuania. The objective – to determine strategic management of information technologies in public sector possibilities using international standard COBIT. For the analysis object reaching goals were solved - such as importance of the strategic management of information technologies, analysis of the legal basis, which regulates management of the public sector information technologies, analysed international standard COBIT and mapped with Lithuanian legal basis, performed interview of experts. Analysis performed confirmed raised hypothesis: regulation of the strategic management in area of public sector information technologies in the Republic of Lithuania does not meet regulations if to compare... [to full text]
50
Beratarbide, Sobrado Maria Elena. "Longitudinal analysis of eHealth Governance within healthcare organizations as a critical factor in the adaptation to the Information Society in Scotland." Doctoral thesis, Universitat Politècnica de València, 2016. http://hdl.handle.net/10251/63456.
Full textAbstract:
[EN] EHealth plays an essential role in supporting healthcare in today's digital society; it is perceived as crucial for high quality and cost-effective healthcare. However, getting the expected benefits from eHealth has been difficult to demonstrate. There has been a raising interest in adopting eHealth Governance frameworks to obtain re-assurance that investments return the expected results in health care. How IT Governance is implemented within healthcare, the actual impact on strategic alignment and its influence to the information society progress, remains poorly understood. For this purpose we have explored the application of these frameworks within the National Health Service in Scotland and their impact on the following three aspects: eHealth Governance maturity, strategic alignment with healthcare and local progress of digital societies. This research is a longitudinal study (2008-2013), involving an exploratory and explanatory multi-case analysis of three representative organisations across Scotland. A combination of empiric methods has been used: semi-structured interviews with implementers, surveys (Strategic Alignment Model), cross-sectoral/national benchmarking based on a literature review and a qualitative analysis of established eHealth progress indicators. Ninety-two participants have been involved across three case studies. The outcomes of this study have been published over a period of 5 years representing a composite thesis based on relevant publications. Results sustain that EHealth Governance is in its infancy across sectors and countries. 80% of the organisations worldwide are in a transition point between a "committed" and an "established" process. Our results support that the more mature eHealth Governance is, the better the strategic alignment between eHealth and health care organisations (HCOs), hence the better progress of eHealth and the Digital Society.
The Strategic alignment is slowly maturing across organisations (15% since 2008), indicating a faster development than the overall Digital Society (Scotland) progress indicators.
The National eHealth Strategy shows signs of steady progress and very positive eHealth uptake in society with an overall growth of 12% since 2008, despite the deep economical recession within the period of this research.
The conclusions of this study as a longitudinal analysis are limited and more research over the forthcoming years is required. For this purpose, a simplified and adapted method to monitor these trends in future HCOs research has also been provided.[ES] La eSalud juega un papel esencial en el desarrollo de la asistencia médica en sociedades digitales; se percibe como un elemento crucial en la provisión de servicios médico-sanitarios alta calidad y costo-efectivos. A pesar de ello, hasta ahora ha sido difícil demostrar la materialización de los beneficios esperados de la eSalud, pero hay un interés creciente en la adopción de marcos de referencia basados en buenas prácticas, y estándares profesionales internacionales para la gestión y dirección de la eSalud, con el propósito de asegurar que las inversiones revierten los resultados esperados en el cuidado y servicios de la salud. Hasta ahora se sabe muy poco sobre el fenómeno de cómo la eSalud es integrada en el cuidado y servicios de la salud, y del impacto que esta tiene en la alineación estratégica de la eSalud. Igualmente, sabemos muy poco de la influencia real que estas prácticas tienen en el progreso de sociedades digitales. Este estudio se centra en explorar la aplicación de buenas practicas y estándares internacionales como marco de referencia en el gobierno de la eSalud en el servicio de salud Escocés; también contrastamos y comparamos el fenómeno con otros países y sectores. Esta investigación es un estudio longitudinal (2008-2013) que incorpora un análisis exploratorio y explicativo de casos. Se obtuvieron un total de noventa y dos participantes a lo largo de los tres casos estudiados, con representación de los principales grupos de interés (médicos y no médicos). Los resultados se han divulgado a lo largo del periodo de investigación en un compendio de publicaciones relevantes que conforman la tesis. Los principales hallazgos muestran que el gobierno de la eSalud está en su infancia en los sectores y países analizados: el 80% de las organizaciones a nivel mundial presentan este proceso en un punto de transición entre "comprometido" y "establecido" (Modelo SAM). Los resultados corroboran que cuanto más maduro es el gobierno de la eSalud, mayor alineación estratégica entre la eSalud y la organización, y mayor progreso de la variable eSalud en los indicadores de la sociedad de la información. La alineación estratégica esta madurando lentamente (15% desde 2008), sin embargo este crecimiento es mas rápido que el progreso observado en los indicadores de la sociedad digital (Escocia). La estrategia nacional Escocesa muestra signos de progreso sostenido y de integración (por uso o adopción) de las iniciativas de eSalud en la sociedad (crecimiento del 12% desde 2008), a pesar de la profunda depresión económica durante el periodo de investigación. Las conclusiones de esta investigación, como estudio longitudinal, son limitadas y requieren la captura de más datos y observaciones durante los próximos anos. Con el fin de facilitar este proceso, se ha propuesto un método simplificado y adaptado al sector salud, que permite capturar observaciones, comparar y monitorizar estas tendencias en futuras investigaciones en el sector salud.
[CAT] La eSalut juga un paper essencial en el suport a l'assistència sanitària a la societat digital de hui en dia; es percep com crucial per a l'alta qualitat i efectivitat del servicis de salut. No obstant això, ha estat difícil de demostrar la obtenció dels beneficis esperats de la eSalut. Hi ha hagut un interès en augmentar l'adopció de marcs de governança de la eSalut per obtenir re-assegurament que les inversions retornen els resultats esperats en els servicis sanitaris. Com s'implementa la governança de les TIC dins de l'assistència sanitària, l'impacte real en l'alineació estratègica i la seua influència en el progrés de la societat de la informació, continua sent poc conegut. Aquest estudi explora l'aplicació d'aquests estàndards i marcs de referència dins dels Serveis Nacionals de Salut d'Escòcia i el seu impacte en els tres aspectes següents: la maduresa de la governança de la eSalut", l'alineació estratègica amb l'assistència sanitària i, finalment, el progrés local de les societats digitals. Aquesta investigació és un estudi longitudinal (2008-2013), que implica una anàlisi multi cas exploratori i explicatiu de tres organitzacions representatives del servici nacional de salut de Escòcia. S'ha utilitzat una combinació de mètodes empírics: entrevistes semi estructurades, enquestes (Model SAM) comparatives de mercat intersectorial i internacional basat en una revisió bibliogràfica i, finalment, una anàlisi qualitativa dels indicadors de progrés eSalut. Noranta dos participants han informat a través de tres estudis de casos. Els resultats s'han divulgat al llarg del període d'investigació en un compendi de publicacions rellevants que conformen la tesi. Els resultats assenyalen que la governança de la eSalut està en la seua infància en tots els sectors i països. 80% de les organitzacions de tot el món es troben en un punt de transició entre un procés "compromès" i "establint". Els nostres resultats apunten que quan més madur es la governança de la eSalut, millor serà l'alineació estratègica entre la eSalut i les organitzacions d'atenció sanitària (HCOs), per tant el millor progrés de la sanitat electrònica a la Societat Digital. L'alineació estratègica està madurant lentament en les organitzacions (15% des de 2008); aquest desenvolupament és més ràpid que el progrés de la societat digital (Escòcia). L'estratègia Nacional de eSalut mostra signes de progrés constant i l'absorció de la eSalut en la societat es prou positiva, amb un creixement global del 12% des de l'any 2008, tot i la profunda recessió econòmica durant el període de temps d'aquesta investigació. Les conclusions d'aquest estudi com una anàlisi longitudinal són limitades i es requereix més investigació en els propers anys.
Beratarbide Sobrado, ME. (2016). Longitudinal analysis of eHealth Governance within healthcare organizations as a critical factor in the adaptation to the Information Society in Scotland [Tesis doctoral no publicada]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/63456
TESIS