Model-Based Mitigation of Availability Risks

The assessment and mitigation of risks related to the availability of the IT infrastructure is becoming increasingly important in modern organizations. Unfortunately, present standards for Risk Assessment and Mitigation show limitations when evaluating and mitigating availability risks. This is due to the fact that they do not fully consider the dependencies between the constituents of an IT infrastructure that are paramount in large enterprises. These dependencies make the technical problem of assessing availability issues very challenging. In this paper we define a method and a tool for carrying out a Risk Mitigation activity which allows to assess the global impact of a set of risks and to choose the best set of countermeasures to cope with them. To this end, the presence of a tool is necessary due to the high complexity of the assessment problem. Our approach can be integrated in present Risk Management methodologies (e.g. COBIT) to provide a more precise Risk Mitigation activity. We substantiate the viability of this approach by showing that most of the input required by the tool is available as part of a standard business continuity plan, and/or by performing a common tool-assisted Risk Management

MANAGING KNOWLEDGE AND DATA FOR A BETTER DECISION IN PUBLIC ADMINISTRATION

In the current context, the society is dominated by the rapid development of computer networks and the integration of services and facilities offered by the Internet environment at the organizational level. The success of an organization depends largely on the quality and quantity of information it has available to develop quickly decisions able to meet the current needs. The need for a collaborative environment within the central administration leads to the unification of resources and instruments around the Center of Government, to increase both the quality and efficiency of decision - making, especially reducing the time spent with decision - making, and upgrading the decision – making act.administration, strategy, decision, complex systems, management, infrastructure, e-government, information society, government platform.

IT service management: towards a contingency theory of performance measurement

Information Technology Service Management (ITSM) focuses on IT service creation, design, delivery and maintenance. Measurement is one of the basic underlying elements of service science and this paper contributes to service science by focussing on the selection of performance metrics for ITSM. Contingency theory is used to provide a theoretical foundation for the study. Content analysis of interviews of ITSM managers at six organisations revealed that selection of metrics is influenced by a discrete set of factors. Three categories of factors were identified: external environment, parent organisationand IS organisation. For individual cases, selection of metrics was contingent on factors such as organisation culture, management philosophy and perspectives, legislation, industry sector, and customers, although a common set of four factors influenced selection of metrics across all organisations. A strong link was identified between the use of a corporate performance framework and clearly articulated ITSM metrics

ERP implementation methodologies and frameworks: a literature review

Enterprise Resource Planning (ERP) implementation is a complex and vibrant process, one that involves a combination of technological and organizational interactions. Often an ERP implementation project is the single largest IT project that an organization has ever launched and requires a mutual fit of system and organization. Also the concept of an ERP implementation supporting business processes across many different departments is not a generic, rigid and uniform concept and depends on variety of factors. As a result, the issues addressing the ERP implementation process have been one of the major concerns in industry. Therefore ERP implementation receives attention from practitioners and scholars and both, business as well as academic literature is abundant and not always very conclusive or coherent. However, research on ERP systems so far has been mainly focused on diffusion, use and impact issues. Less attention has been given to the methods used during the configuration and the implementation of ERP systems, even though they are commonly used in practice, they still remain largely unexplored and undocumented in Information Systems research. So, the academic relevance of this research is the contribution to the existing body of scientific knowledge. An annotated brief literature review is done in order to evaluate the current state of the existing academic literature. The purpose is to present a systematic overview of relevant ERP implementation methodologies and frameworks as a desire for achieving a better taxonomy of ERP implementation methodologies. This paper is useful to researchers who are interested in ERP implementation methodologies and frameworks. Results will serve as an input for a classification of the existing ERP implementation methodologies and frameworks. Also, this paper aims also at the professional ERP community involved in the process of ERP implementation by promoting a better understanding of ERP implementation methodologies and frameworks, its variety and history

The Measurement of Information Technology Performance in Indonesian Higher Education Institutions in the Context of Achieving Institution Business Goals Using COBIT Framework Version 4.1 (Case Study: Satya Wacana Christian University, Salatiga)

Researchers World : Journal of Arts Science & Commerece, Vol. III, Issue 3(3) July 2012, p. 9-19. Tersedia online di http://www.researchersworld.com/vol3/issue3/vol3_issue3_3/Paper_02.pdfIT management in higher education institutions is a Critical Success Factor (CSF) for University leaders and partners, but this IT management has not been done by using well structured method and approach. In addition, supervision and assessment of IT performance have not been carried out periodically, but only if there are complaints from the working unit. Therefore, the IT performance measurement will be done in order to achieve the business goals by measuring the maturity level of IT process using COBIT model framework version 4.1. The measurement was made in SWCU. The aim of this research is to see the IT management and provide recommendation for improvements in the IT management for service process to the stakeholders so that it can reduce the risk of problems in the future. The results showed that the IT has been managed well in which the processes of IT to support the business goals have been standardized, documented and well communicated, just for the service aspect for the users should receive more priority in improvements from the Bureau of Technology and information Systems (BTSI), because this aspect has the worst performance among the other aspects of the business goal

Evaluation of Information Technology Governance Using COBIT 5 and ISO/IEC 38500

Infrastructure Section, Information and Communication Technology Development Division, South Tangerang City Communication and Information Office, one of the main tasks and functions is to provide services and management of internet network infrastructure for all Regional Apparatus Organizations (OPD) in South Tangerang City. The implementation of the Infrastructure Section is constrained by the problem of employee competence that has not reached the standard in internet network management and service, from these problems the researcher intends to evaluate governance using the COBIT 5 framework and ISO/IEC 38500 with recommendations for improvement in the Infrastructure Section. This study uses PAM (Process Assessment Model) with the Guttman scale to determine the results and level of capability. The use of COBIT 5 in this research will focus on the domain of EDM (Evaluate Direct Monitor) point 04, Ensure Resource Management and MEA (Monitor, Evaluate and Assessment) point 01, Performance and Conformance. The results and the level of capability obtained during the research were level 2 Managed Process with a value of 2.46 with a gap of 0.54. The level expected by the Infrastructure Section is at level 3 Established Process with a value of 3.00. Recommendations for achieving Level 3 are used ISO/IEC 38500

Characteristics of the Audit Processes for Distributed Informatics Systems

The paper contains issues regarding: main characteristics and examples of the distributed informatics systems and main difference categories among them, concepts, principles, techniques and fields for auditing the distributed informatics systems, concepts and classes of the standard term, characteristics of this one, examples of standards, guidelines, procedures and controls for auditing the distributed informatics systems. The distributed informatics systems are characterized by the following issues: development process, resources, implemented functionalities, architectures, system classes, particularities. The audit framework has two sides: the audit process and auditors. The audit process must be led in accordance with the standard specifications in the IT&C field. The auditors must meet the ethical principles and they must have a high-level of professional skills and competence in IT&C field.informatics audit, characteristic, distributed informatics system, standard

Towards alignment of architectural domains in security policy specifications

Large organizations need to align the security architecture across three different domains: access control, network layout and physical infrastructure. Security policy specification formalisms are usually dedicated to only one or two of these domains. Consequently, more than one policy has to be maintained, leading to alignment problems. Approaches from the area of model-driven security enable creating graphical models that span all three domains, but these models do not scale well in real-world scenarios with hundreds of applications and thousands of user roles. In this paper, we demonstrate the feasibility of aligning all three domains in a single enforceable security policy expressed in a Prolog-based formalism by using the Law Governed Interaction (LGI) framework. Our approach alleviates the limitations of policy formalisms that are domain-specific while helping to reach scalability by automatic enforcement provided by LGI