IT Service Management Knowledge Ecosystem – Literature Review and a Conceptual Model

Information Technology Service Management (ITSM) is a customer-centric approach to manage IT Services in order to provide value to the business. The ITSM Knowledge ecosystem comprises multiple knowledge areas including process frameworks, technology tools and skills. Organisations struggle to comprehend the ecosystem due to the sheer volume and dynamic nature of the business technology environment. A Systematic Literature Review was conducted to understand the state of the current research in ITSM knowledge ecosystem. The review indicated that the focus of the existing research is skewed towards process frameworks knowledge area neglecting tools and training. The approach proposed in the extant research fails to provide a holistic view of the ecosystem. To overcome the limitations a conceptual model is proposed based on Knowledge Commons theory

Evalusi Kinerja Tata Kelola Teknologi Informasi terhadap Sistem Aplikasi Elektronik Program Keluarga Harapan dengan COBIT 5

Penelitian ini melakukan evaluasi dan identifikasi terkait proses dari kinerja tata kelola Teknologi Informasi (TI) terhadap aplikasi Elektronik Program Keluarga Harapan (E-PKH) dengan COBIT 5 yang pada implementasinya masih banyak kekurangan yang berimbas pada kurang maksimalnya kinerja Sumber Daya Manusia (SDM) PKH dalam pelaksanaan program keluarga harapan Kementerian Sosial di Kota Semarang. Data diperoleh dari hasil kuesioner, di mana topik pembahasan mengarah pada penggunaan dari proses domain COBIT 5 yaitu Deliver, Service and Support (DSS) serta domain Monitor, Evaluate, and Assess (MAE).   Hasil evaluasi dari kinerja aplikasi E-PKH dengan COBIT 5 untuk 30 responden menunjukkan pada domain DSS01 (Manage Operation) level kapabilitas mencapai rata-rata nilai 0,79, yang berarti semua kegiatan operasional berdasasarkan standar COBIT 5 sudah terlaksana, di samping itu masih ada beberapa catatan yang perlu ditingkatkan, baik dari infrastruktur Teknologi Informasi yang sudah ada atau dengan dilakukannya kerjasama dengan pihak ketiga yang sudah berpengalaman untuk meningkatkan standar kualitas dari infrastruktur Teknologi Informasi. Domain DSS04 (Manage continuity) level kapabilitas dengan nilai 0,98 dari nilai ini Direktorat Jaminan Sosial yang menaungi Program Keluarga Harapan memerlukan sebuah manajemen untuk penanganan kemampuan atau skills dari SDM Program Keluarga Harapan dalam menjalankan bisnis proses yang lebih baik dari sistem yang ada

INTEGRACIÓN DE SEGURIDAD Y GESTIÓN DE SERVICIOS EN EL GOBIERNO DE LAS TECNOLOGÍAS DE LA INFORMACIÓN

Este artículo presenta la integración de diversas disciplinas en la aplicación de las tecnologías de la información a nivel organizacional a partir de la adopción de buenas prácticas, estándares, marcos de referencias y normativas de seguridad de la información, gestión de servicios y gobierno de TI

Rekomendasi Perbaikan Layanan Sistem Informasi Akademik Universitas Islam Kalimantan Muhammad Arsyad Al Banjary Menggunakan Metode Analytical Hierarchy Process (AHP) Berdasarkan kerangka kerja ITIL Versi 3

Universitas Islam Kalimantan (UNISKA) Muhammad Arsyad Al Banjary merupakan Perguruan Tinggi Swasta tertua dan terbesar yang ada di kalimantan, UNISKA didirikan pada tanggal 7 Juli 1981. saat ini jumlah mahasiswa UNISKA mencapai sekitar 13.000 mahasiswa aktif. UNISKA telah menggunakan sistem informasi akademik sejak 2013, sistem informasi tersebut digunakan untuk menunjang layanan akademik, UPTI adalah unit yang mengelola sistem tersebut. UPTI ingin mengetahui tingkat layanan SIA UNISKA dari beberapa permasalahan terjadi. Maka dipilihlah kerangka kerja best practice yaitu ITIL versi 3 untuk mengetahui tingkat yang ada di SIA UNISKA. Pada ITIL versi 3 akan berfokus kepada 2 domain yaitu Service Operation untuk mengetahui perbaikan dari permasalahan layanan dan Continual Service Improvement untuk melakukan perbaikan yang berkelanjutan. Sehingga didapatkan bahwa tingkat kematangan layanan SIA UNISKA pada domain Service Operation berada pada level 1 (Initial Level) dan Continual Service Improvement berada pada level 1 (Initial Level), dan masing-masing nilai gap yaitu 1,62 dan 2,41. Setelah mendapatkan beberapa rekomendasi, maka rekomendasi tersebut dilakukan perangkingan dengan menggunakan metode AHP, sehingga hasil penetapan perbaikan dari domain Service Operation adalah service management as a practice, service operation principles, common service operation activities, service operation processes, organising service operation, so technology consideration dan implementing service operation dan untuk domain Continual Service Improvement adalah Service management as a practice, CSI principles, CSI processes, CSI Method and Techniques, Organising CSI, CSI technology consideration, dan Implementing CSI. ========================================================================================================= The Universitas Islam Kalimantan (UNISKA) Muhammad Arsyad Al Banjary is the oldest and largest private university in kalimantan, UNISKA was established on July 7, 1981. currently the number of UNISKA students reaches about 13,000 active students. UNISKA has been using academic information systems since 2013, the information system is used to support academic services, UPTI is the unit that manages the system. UPTI wants to know the level of service SIA UNISKA from some problems that happened. therefore the best practice framework chosen is ITIL version 3, to know the existing level in SIA UNISKA. ITIL version 3 here will focus on 2 domains, namely Service Operation to know the improvement of service problem and Continual Service Improvement to make continuous improvement. So it is found that the level of service maturity SIA UNISKA in Service Service domain is at level 1 (Initial Level) and Continual Service Improvement is at level 1 (Initial Level) as well, and each value of gap is 1.62 for Service Service domain and 2,41 for the Continual Service Improvement domain. After getting some recommendations from the ITIL process. Then the results of the recommendation is done ranking using AHP method. so that the result of fixing of Service Operation domain are service management as a practice, service operation principles, common service operation activities, service operation processes, organizing service operation, so technology consideration and implementation of service operation, and for Continual Service Improvement domains are Service Management as a practice, CSI principles, CSI processes, CSI Methods and Techniques, Organizing CSI, CSI technology consideration, and Implementing CSI

Penyusunan Mekanisme Kerja Identifikasi Risiko TI Pada Departemen Pengelolaan Sistem Informasi Bank Indonesia Dengan Penggabungan Best Practice

Penerapan teknologi informasi dalam sebuah organisasi maupun perusahaan mampu mengambil sebagian besar anggaran sebagai salah satu investasi untuk meningkatkan produktifitas perusahaan. Besarnya pengeluaran yang dikeluarkan perusahaan seringkali tidak sebanding dengan manfaat yang diperoleh. Hal tersebut dapat terjadi ketika perusahaan tidak mempersiapkan hal terburuk yang mungkin terjadi pada penerapan investasi TI. Sehingga dapat terjadi segala risiko yang dampaknya akan menghambat proses bisnis perusahaan tersebut. Begitu pula dengan Departemen Pengelolaan Sistem Informasi Bank Indonesia, perusahaan nirlaba dibawah pemerintah ini juga telah menyadari pentingnya manajemen risiko untuk mendukung tujuan bisnis yang berhubungan dengan penggunaan TI. Karena hal tersebut berkaitan dengan departemen lain yang ada di Bank Indonesia. Namun, DPSI belum menerapkan standar maupun mekanisme kerja yang pasti secara berkala agar proses identifikasi risiko berjalan secara konsisten. Untuk itu dikatakan berhasil apabila list risiko tidak kompleks dan dapat di mitigasi dengan mudah. Penelitian ini akan memberikan analisis mengenai kurang maksimalnya penerapan proses manajemen risiko TI di Bank Indonesia khususnya Departemen Pengelolaan Sistem Informasi, mengevaluasi celah yang perlu diperbaiki, serta penerapan framework COBIT 5 dan ISO 31000:2009 terkait vi proses manajemen risiko sebagai acuan perbaikan. Melalui kajian dan evaluasi serta mengacu kepada penerapan proses yang sama diberbagai organisasi dan framework terkait manajemen risiko tersebut diharapkan dapat memberikan solusi terkait perbaikan penerapan manajemen risiko TI di DPSI Bank Indonesia yang disajikan dalam rekomendasi mekanisme kerja proses identifikasi risiko TI sesuai dengan kebutuhan dan kondisi Bank Indonesia. =========================================================================================================== The application of information technology within an organization or company is able to take most of the budget as one of the biggest investments to improve productivity. The amount of expenditure incurred by the company are often not comparable to the benefts gained. This might occur when a company does not prepare the worst thing that could happen to the application of IT investment and the risk impact will hamper the company’s business process. Similarly, the Department of Management Information Systems has realized the importance of risk management to support business objectives associated with the use of IT because it is related to other departments at Bank Indonesia. However, DPSI not apply standards and mechanisms definite work regularly so that the risk identification process runs consistently. For it is said to be successful if the list of risks are not complex and can be easily mitigated. This research aims to provide a mechanism to identify risk, which is accordance with the requirements of the company especially for the Department of Management Information Systems, evaluate the gaps that need to be improved, as well as the implementation of COBIT 5 and ISO 31000:2009 related to the risk management process as a reference for improvement. Through study and evaluation as well as referring to the viii application of the same process in different organizations and related risk management framework is expected to provide solutions related to improving IT risk management at Bank Indonesia DPSI presented in the working mechanism on IT risk identification process in accordance with the requirements and conditions of Bank Indonesia

A Risk management framework for the BYOD environment

Computer networks in organisations today have different layers of connections, which are either domain connections or external connections. The hybrid network contains the standard domain connections, cloud base connections, “bring your own device” (BYOD) connections, together with the devices and network connections of the Internet of Things (IoT). All these technologies will need to be incorporated in the Oman Vision 2040 strategy, which will involve changing several cities to smart cities. To implement this strategy artificial intelligence, cloud computing, BYOD and IoT will be adopted. This research will focus on the adoption of BYOD in the Oman context. It will have advantages for organisations, such as increasing productivity and reducing costs. However, these benefits come with security risks and privacy concerns, the users being the main contributors of these risks. The aim of this research is to develop a risk management and security framework for the BYOD environment to minimise these risks. The proposed framework is designed to detect and predict the risks by the use of MDM event logs and function logs. The chosen methodology is a combination of both qualitative and quantitative approaches, known as a mixed-methods approach. The approach adopted in this research will identify the latest threats and risks experienced in BYOD environments. This research also investigates the level of user-awareness of BYOD security methods. The proposed framework will enhance the current techniques for risk management by improving risk detection and prediction of threats, as well as, enabling BYOD risk management systems to generate notifications and recommendations of possible preventive/mitigation actions to deal with them

Modelo de gobernabilidad basado en COBIT para la gestión por procesos definida en un espacio multidimensional

Las organizaciones están compuestas por diversas áreas que enfocan sus esfuerzos en la consecución de objetivos que en primera instancia pueden parecer que apuntan a metas divergentes. Por esto, la implementación de las tecnologías de la información suele ser tratada como un esquema alterno a los objetivos de la organización sin tener en cuenta que hace parte integral y que posibilita la construcción de elementos más eficaces y eficientes para alcanzar las metas y estrategias del negocio. Desde la organización, los Procesos de Negocio (PN) son los que deben vincular las diversas áreas de la organización incluyendo las Tecnologías de Información y Comunicaciones (TIC). Estos deben incorporar de manera integral cada una de las actividades que se realicen en la organización para la toma de decisiones y apoyarse en las TIC para que el logro de las estrategias del negocio sean coherentes a las metas organizacionales. Además es muy importante para las organizaciones poder realizar la gestión del cambio bajo esquemas que mantengan la alineación entre el negocio y las TIC. Por esto es necesario que la gobernabilidad bajo un esquema arquitectónico empresarial oriente diferentes tipos de decisiones durante la gestión por procesos. Esta disertación define un nuevo modelo de gobernabilidad basado en COBIT 5 que apoya la gestión por procesos, por la ocurrencia de cambios en la organización, definida en el espacio multidimensional (MEM) propuesto por (Tabares & Lochmuller, 2012). Esto se logró usando un método de investigación desarrollado en tres fases. Inicialmente se hizo un análisis del entorno y de la base del conocimiento alrededor de un espacio multidimensional para la gestión por procesos y la gobernabilidad desde un framework basado en SOA (Service Oriented Architecture). Luego, se determinó el espacio de diseño que incluiría los componentes COBIT articulados con el MEM, el framework AUT-SOA y Framework TOGAF. Finalmente en la última fase se validó el modelo propuesto de gobernabilidad desde un estudio de caso donde se realiza la gestión por procesos sobre uno de los productos que actualmente lidera una compañía de telecomunicaciones. Los resultados obtenidos orientan una nueva forma de evaluar, medir y controlar la gestión por procesos realizada por medio de las intercepciones que se presentan bajo el esquema del espacio multidimensional. Así se logra concluir que el modelo propuesto es un nuevo instrumento que alinea el gobierno de TI en función de los procesos de la organización.Organizations are comprised of different areas that focus their efforts on achieving objectives, which may at first seem to point to divergent goals. The implementation of information technology is therefore often viewed as outside the objectives of the organization, and is not considered an integral part of them which enables the construction of more effective and efficient components to achieve the goals and strategies of the business. It is the Business Processes (BP) of the organization that must connect the various areas together including Technologies Information and Communications Technologies (TIC). They should comprehensively incorporate all decision making activities within the organization and rely on TIC in such a way that the achievement of business strategies are consistent with organizational goals. It is also very important for organizations to perform change management using schemes that maintain the alignment between the business and TIC. It is therefore necessary that the governance under a corporate architectural scheme guides different types of decisions during the management of the processes. This dissertation defines a new governance model based on COBIT 5 for process management, that is motivated by changes that occur in an organization, taking into account the "multidimensional space" (MEM) proposed by (Tabares & Lochmuller, 2012). This was achieved using a method of investigation implemented in three phases. This involved an initial analysis of the environment and the knowledge base around a multidimensional space for management by processes and the governance based on an SOA (Service Oriented Architecture) framework. This was followed by the design definition phase that would include the COBIT components articulated with multidimensional space model, the AUT- SOA framework and TOGAF framework. The final phase included the validation of the proposed governance model using a case study, where management by processes was performed on one of the existing leading products of a telecommunications company. The results indicate a new way to assess, measure and control management of the processes by means of information captured under the multidimensional space model. Through this it is possible to conclude that the proposed model is a new instrument that aligns IT governance to organizational processes

Análisis y estudio sobre el gobierno y gestión de los servicios de TI en el mercado español

Este proyecto es un informe completo sobre la investigación realizada con el objeto de conocer cuál es la situación en la investigación, difusión del conocimiento, e implantación en las organizaciones que operan en España, con respecto a diferentes protocolos, buenas prácticas y normativas relacionadas con Gobierno y Gestión de Servicios TI (GyGS TI). Para la mejor visualización y comprensión de este documento se ha dejado en el mismo formato en el que se entregará a los participantes en los cuestionarios, a los socios de itSMF, y a otro amplio grupo de personas que han mostrado interés en este Observatorio. De manera que, en el anexo, encontrarán el documento “An{lisis y Estudio sobre el Gobierno y Gestión de los Servicios TI en el Mercado Español” en su formato original. Este Observatorio ha sido realizado durante los años 2008 y 2010, el cual analiza la situación pasada sobre el Gobierno y Gestión de los Servicios de TI (GyGSTI) entre las empresas que operan en España, este análisis se realiza a través de los resultados del cuestionario realizado en 2008, y prepara un segundo cuestionario para la conocer la situación en el 2010. Al mismo tiempo, realiza un estudio sobre el conocimiento existente en torno al Gobierno y Gestión de Servicios TI, a través de estudiar los libros más representativos sobre GyGS TI, las publicaciones académicas de investigación de GyGS, las principales empresas de análisis TI, y la situación sobre la difusión en el mercado español sobre GyGS TI a través de las revistas especializadas. Igualmente, el estudio ofrecerá una visión de la implantación de GyGS TI para que las empresas de cualquier tamaño puedan tener acceso, y realizar una comparativa (benchmarking) sobre su estado frente a sus iguales. Para finalmente ofrecer una visión de la evolución temporal del 2008 al 2010 y unas tendencias futuras. El objetivo es, entonces, analizar el estado y la implantación del GyGS TI entre las empresas que operan en España, e igualmente analizar la creación y difusión del conocimiento sobre esta misma área. _____________________________________________________________________________________________________________________________________________This project is a comprehensive report on the investigation in order to know what the situation in the research, knowledge dissemination, and implementation in organizations operating in Spain, with respect to different protocols, best practices and regulations related to IT Governance and Service Management (IT G&SM). For best viewing and understanding the final document is left in the same format as that given to participants in the questionnaires, itSMF members, and another large group of people who have shown interest in this Observatory. So, in the Annex, will find the “Analysis and Study on the IT Government and Service Management in the Spanish Market” in its original format. This final document is the result of the Observatory carried out during the years 2008 and 2010, which analyzes the past situation on the Governance and Service Management of IT Services (IT G&SM) between companies operating in Spain, this analysis is performed through the results the survey conducted in 2008, and prepares a second questionnaire to ascertain the situation in 2010. At the same time, it is also carried out a study on the existing knowledge about IT Government and IT Service Management, by studying the most representative books on these fields, publications academic research, major IT analyst firms, and the situation on the IT GSM Spanish market through specialized magazines. As well as, the study will provide for companies of any size an overview of the implementation of IT GSM Spanish implantation, thus these companies will be able to benchmark theirselves with their peers. Finally, this document gives an overview of the temporal evolution from 2008 to 2010 and some future trends. The aim is, then, to analyze the status and implementation of IT GSM among companies operating in Spain, and also to discuss about the creation and dissemination of knowledge on this same area.Ingeniería de Telecomunicació

Framework of Six Sigma implementation analysis on SMEs in Malaysia for information technology services, products and processes

For the past two decades, the majority of Malaysia’s IT companies have been widely adopting a Quality Assurance (QA) approach as a basis for self-improvement and internal-assessment in IT project management. Quality Control (QC) is a comprehensive top-down observation approach used to fulfill requirements for quality outputs which focuses on the aspect of process outputs evaluation. However in the Malaysian context, QC and combination of QA and QC as a means of quality improvement approaches have not received significant attention. This research study aims to explore the possibility of integrating QC and QA+QC approaches through Six Sigma quality management standard to provide tangible and measureable business results by continuous process improvement to boost customer satisfactions. The research project adopted an exploratory case study approach on three Malaysian IT companies in the business area of IT Process, IT Service and IT Product. Semi-structured interviews, online surveys, self-administered questionnaires, job observations, document analysis and on-the-job-training are amongst the methodologies employed in these case studies. These collected data and viewpoints along with findings from an extensive literature review were used to benchmark quality improvement initiatives, best practices and to develop a Six Sigma framework for the context of the SMEs in the Malaysian IT industry. This research project contributed to both the theory and practice of implementing and integrating Six Sigma in IT products, services and processes. The newly developed framework has been proven capable of providing a general and fundamental start-up decision by demonstrating how a company with and without formal QIM can be integrated and implemented with Six Sigma practices to close the variation gap between QA and QC. This framework also takes into consideration those companies with an existing QIM for a new face-lift migration without having to drop their existing QIM. This can be achieved by integrating a new QIM which addresses most weaknesses of the current QIM while retaining most of the current business routine strengths. This framework explored how Six Sigma can be expanded and extended to include secondary external factors that are critical to successful QIM implementation. A vital segment emphasizes Six Sigma as a QA+QC approach in IT processes; and the ability to properly manage IT processes will result in overall performance improvement to IT Products and IT Services. The developed Six Sigma implementation framework can serve as a baseline for SMEs to better manage, control and track business performance and product quality; and at the same time creates clearer insights and un-biased views of Six Sigma implementation onto the IT industries to drive towards operational excellence

Framework of Six Sigma implementation analysis on SMEs in Malaysia for information technology services, products and processes

For the past two decades, the majority of Malaysia’s IT companies have been widely adopting a Quality Assurance (QA) approach as a basis for self-improvement and internal-assessment in IT project management. Quality Control (QC) is a comprehensive top-down observation approach used to fulfill requirements for quality outputs which focuses on the aspect of process outputs evaluation. However in the Malaysian context, QC and combination of QA and QC as a means of quality improvement approaches have not received significant attention. This research study aims to explore the possibility of integrating QC and QA+QC approaches through Six Sigma quality management standard to provide tangible and measureable business results by continuous process improvement to boost customer satisfactions. The research project adopted an exploratory case study approach on three Malaysian IT companies in the business area of IT Process, IT Service and IT Product. Semi-structured interviews, online surveys, self-administered questionnaires, job observations, document analysis and on-the-job-training are amongst the methodologies employed in these case studies. These collected data and viewpoints along with findings from an extensive literature review were used to benchmark quality improvement initiatives, best practices and to develop a Six Sigma framework for the context of the SMEs in the Malaysian IT industry. This research project contributed to both the theory and practice of implementing and integrating Six Sigma in IT products, services and processes. The newly developed framework has been proven capable of providing a general and fundamental start-up decision by demonstrating how a company with and without formal QIM can be integrated and implemented with Six Sigma practices to close the variation gap between QA and QC. This framework also takes into consideration those companies with an existing QIM for a new face-lift migration without having to drop their existing QIM. This can be achieved by integrating a new QIM which addresses most weaknesses of the current QIM while retaining most of the current business routine strengths. This framework explored how Six Sigma can be expanded and extended to include secondary external factors that are critical to successful QIM implementation. A vital segment emphasizes Six Sigma as a QA+QC approach in IT processes; and the ability to properly manage IT processes will result in overall performance improvement to IT Products and IT Services. The developed Six Sigma implementation framework can serve as a baseline for SMEs to better manage, control and track business performance and product quality; and at the same time creates clearer insights and un-biased views of Six Sigma implementation onto the IT industries to drive towards operational excellence