Using ArchiMate to Assess COBIT 5 and ITIL Implementations

The assessment of Enterprise Governance of IT (EGIT) mechanisms, such as COBIT and ITIL, is considered highly complex and implies a duplication of resources. The main goal of this research is to reduce the complexity of EGIT mechanisms by facilitating the assessment of these mechanisms when used simultaneously. Organisational stakeholders should be able to easily understand the impact of implementing ITIL on COBIT 5 Processes Performance without being COBIT experts. On the other hand, they should know their organisation’s positioning according to ITIL, even if they just follow COBIT and do not master ITIL. In order to fulfil our goal, we propose a model that uses TIPA for ITIL, COBIT PAM and ArchiMate to analyse the impact of ITIL implementation on COBIT processes performance, and vice-versa. We demonstrate our proposal by analysing the impact of the Incident Management and Request Fulfilment ITIL processes on the COBIT 5 related process

Maturity based approach for ISMS Governance

Information security is an integral element of fiduciary duty. The purpose of information security is to protect an organization’s valuable resources, such as information. Information security is also a subset of IT governance and must be managed within an Information Security Management System (ISMS). Key element of the operation of an ISMS are ISMS processes. Current research focuses on economics and cost benefit analysis of information security investment regarding single measures protecting information. ISMS processes are not in the focus of current research. Actually a specific ISMS process framework which clearly differentiates between ISMS processes and security measures controlled by ISMS processes as well as a description of ISMS processes and their interaction does not exist yet. ISMS processes as well as their maturity level need to be aligned to the implementing organization and their mission to be cost-effective. Considering limited resources as well as ensuring an efficient use of those resources not every ISMS process should be established and operated at the same level of maturity. Taking into account that business alignment and cost-effectiveness are important for the successful operation of an ISMS, research contributions must address both problems – ISMS processes as well as the determination their target maturity level. Therefore the overall objective of this doctoral thesis is to make the appropriateness of an ISMS transparent as well as to avoid unnecessary costs of information governance which is still a major issue/problem for many organizations. This doctoral thesis aims to fill this research gap by proposing an ISMS process framework, based on a set of agreed upon ISMS processes in existing applicable standards like ISO 27000 series, COBIT and ITIL. Within the framework, identified processes are described and their interaction and interfaces are specified. This framework helps to focus on the operation of the ISMS instead of focusing on measures and controls. By this the systemic character of the ISMS and the perception of relevant roles of the ISMS as a management system consisting of processes is strengthened. For an efficient use of the ISMS process framework a method to determine the individually necessary maturity level of the ISMS processes is proposed.La seguridad de la información es un elemento integral del deber fiduciario. El propósito de la seguridad de la información es proteger los recursos de una organización, incluyendo en los mismos la información. La seguridad de la información es también un subconjunto de la gobernanza de TI y debe gestionarse dentro de un Sistema de Gestión de la Seguridad de la Información (por sus siglas en inglés ISMS). El elemento clave del funcionamiento de un ISMS son los procesos del ISMS. La investigación actual se centra en aspectos económicos como el análisis de coste-beneficio de la inversión en seguridad de la información en relación a medidas individuales de protección de la información. De esta forma, los procesos del ISMS no están en el foco de la investigación actual. Así, todavía no existe un marco de proceso ISMS específico que diferencie claramente entre procesos ISMS y medidas de seguridad controladas por procesos ISMS, así como una descripción de procesos ISMS y su interacción. Para construir este marco, los procesos del ISMS, así como su nivel de madurez, deben estar alineados con la organización que los implanta así como con su misión. Tomando en consideración que las empresas presentan unos recursos limitados y que los recursos disponibles deben ser explotados de forma eficiente, no todos los procesos del ISMS deben ser establecidos y operados en el mismo nivel de madurez. Teniendo en cuenta que la alineación con el negocio y la rentabilidad son aspectos importantes para el funcionamiento exitoso de un ISMS, las contribuciones a la investigación del tópico deben abordar tanto los procesos del ISMS como la determinación de su nivel de madurez objetivo. Por lo tanto, el objetivo general de esta tesis doctoral es encaminar a las organizaciones hacia la construcción de un ISMS transparente, así como evitar costos innecesarios de la gobernanza de la información aspecto que sigue siendo una dificultad para muchas organizaciones. Esta tesis doctoral propone un marco de proceso ISMS basado en un conjunto de procesos acordados de ISMS en las normas vigentes existentes como la serie ISO 27000, COBIT e ITIL. Dentro del marco, se describen los procesos identificados y se especifica su interacción y las interfaces entre los mismos. Este marco ayuda a centrarse en el funcionamiento del ISMS en lugar de poner el foco en medidas y controles. Con esta aproximación, se fortalece el carácter sistémico del ISMS y la percepción de los roles relevantes del ISMS como un sistema de gestión que consiste en procesos. Para un uso eficiente del marco del proceso ISMS se propone un método para determinar el nivel de madurez individualmente necesario de los procesos del ISMS.Programa Oficial de Doctorado en Ciencia y Tecnología InformáticaPresidente: Antonio de Amescua Seco.- Secretario: Tomás San Feliú Gilabert.- Vocal: Rafael Valencia Garcí

Development and evaluation of a software-mediated process assessment approach in IT service management

To operate in a highly competitive business environment, organisations require the support of continually improving IT services. The dominant academic literature on ITService Management (ITSM) focuses on the measurement of the outcome of ITSM implementation. Consequently, there is limited research on the measurement of ITSM processes. The ITSM industry has defined a number of processes as best practices in the IT Infrastructure Library (ITIL®) framework and the international standard forITSM, ISO/IEC 20000. However, there is a lack of a transparent and efficient process assessment method to improve ITSM processes. This research aims to address the dual problems of the lack of transparency and the need for efficiency in ITSM process assessment. Using the design science research methodology, an iterative design process was followed to develop a research artefact in the form of a method: the Software-Mediated Process Assessment (SMPA) approach that enables researchers and practitioners to assess the ITSM processes in a transparent and efficient way. The four phases in theSMPA approach include preparation for the assessment; online survey to collect assessment data; measurement of process capability; and reporting of process improvement recommendations. The international standard for process assessment ISO/IEC 15504 and associated assessment models provided support for a transparent method. A Decision Support System (DSS) was implemented to demonstrate efficient use of the SMPA approach. Using a theoretically-grounded fit profile based on the Task-Technology Fit theory, the international standards and DSS technology were implemented in the SMPA approach to address the research problem. The DSS platform was provided by an industry partner Assessment Portal Pty Ltd. that specialises in online assessment services. Two case study organisations provided test sites for the evaluation of the SMPA approach. The two organisations are the Queensland Government’s primary IT service provider, CITEC and the IT service department of an Australian local government authority, Toowoomba Regional Council. Using the quality models from the international standard for software quality evaluation ISO/IEC 25010, the usability and ii outcomes of the SMPA approach were evaluated. Evidence from the case study evaluations indicated that the SMPA approach is usable for ITSM process assessment in order to support decision-making on process improvements. Further discussions of the research findings provided design knowledge that included the emergence of the concept of virtualisability in ITSM process assessments and a proposal of a hybrid ITSM process assessment method. Moreover, iterations ofself-assessments of ITSM processes using the SMPA approach may facilitate continual service improvement. Based on the design knowledge obtained, the contributions of this research to theory and practice were articulated. The SMPA approach extends prior guidelines on ITSM process assessment by providing a fine-grained method to assess ITSM processes. The SMPA approach clarifies the impact of software mediation to support transparency and efficiency in the way process assessments are conducted. This research also demonstrates how the SMPA approach is applied in practice by enabling IT organisations to self-assess the capability of their ITSM processes. Upon reflection, the design science research method was found to be highly suitable to develop an artefact to solve a research problem and to evaluate the practical utility of the artefact. The SMPA approach is a research artefact that is implemented as a DSS; hence it is readily accessible to practitioners. The focus on practical utility provides researchers with results that are more readily endorsed, thus maximising the impact of the research findings in practice

Micro-topography associated to forest edges

Forest edges are often defined as the discontinuity between the forest habitat and an adjacent open habitat, thus they are based on a clear difference in the structure of the dominant vegetation. However, beside this very general definition, in the field we can observe a large diversity of edges, with often different kinds of micro-topography features: bank, ditch, stone wall, path, etc. As these elements are rather common in many temperate forest edges, it seems important to start to characterize them more clearly and with consistency. From a set of observations in south-western France, we build a first typology of the micro-topographic elements associated to forest edges. For each of them we describe the process, natural or human induced, at their origin, and according to the literature available, we identify some of their key ecological roles. Banks, generated by the differential erosion between forest and crops along slopes, are especially analyzed since they are the most common micro-topographic element in our region. It offers many micro-habitat conditions in the soil used by a wide range of species, notably by several bee species. More research is required to study in details the importance of such micro-topographic elements

Risk Management

Every business and decision involves a certain amount of risk. Risk might cause a loss to a company. This does not mean, however, that businesses cannot take risks. As disengagement and risk aversion may result in missed business opportunities, which will lead to slower growth and reduced prosperity of a company. In today's increasingly complex and diverse environment, it is crucial to find the right balance between risk aversion and risk taking. To do this it is essential to understand the complex, out of the whole range of economic, technical, operational, environmental and social risks associated with the company's activities. However, risk management is about much more than merely avoiding or successfully deriving benefit from opportunities. Risk management is the identification, assessment, and prioritization of risks. Lastly, risk management helps a company to handle the risks associated with a rapidly changing business environment

Social capital in urban environments: intersection of theory, research and practice literature

This paper attempts to stretch the understanding of the relationship between social capital and attributes of the physical environment through an exploration of the intersection of social capital theory, urban design practitioner guidance and empirical research on social capital that considers the built environment as a variable. Viewing such knowledge through the lens of social capital, the links, overlaps, and extensions were extrapolated thereby attempting to operationalise the theoretical notion of social capital, within sustainability assessment

Bridging the gap between conservation and land reform : communally-conserved areas as a tool for managing South Africa's natural commons

Includes abstract.Includes bibliographical references (p. 370-417).This dissertation examines whether the concept of communally-conserved areas provides a useful tool for bridging the current apparent impasse between South Africa’s conservation and land reform agendas

Knowing better, doing better? International development NGOs, faith and wellbeing

Wellbeing, and particularly subjective wellbeing or happiness, has come to the fore in international development rhetoric since 2000. Making the promotion of human wellbeing the principal goal of public policy and using self-reported wellbeing as a key indicator of performance has proven hugely popular. It promises better information and practice; greater voice, agency and shifting power in aid projects, and space for secular and faith-based conceptions of human development that challenge dominant emphases on economic growth and metrics (“beyond GDP”). Together these offer better outcomes for those at the sharp end of interventions. Reviewing the UK international development NGO sector as a whole, and in a number of in-depth case studies it is clear that wellbeing has entered the rhetoric of development and that NGOs have embraced wellbeing as an aim. Some NGOs have gone further, seeking to articulate visions of human wellbeing and integrate these into their policy and practice. Some UK Christian-rooted NGOs have seen in the developing debate on wellbeing a vision of human development very similar to their own and an opportunity to advance their views of a person-centred, holistic, and social vision of human wellbeing, one situated in a long-term relationship with people and the planet. There is an emerging consensus that human wellbeing should be the aim of international development, and that wellbeing should be considered from both objective and subjective standpoints, as well as situating the individual within relationships, culture and moral frameworks, including faith. Wellbeing carries a heavy burden, with its promises of better information and practice, increasing voice and agency, shifting power, and in some cases aligning with alternative agendas to dominant development paradigms. The thesis combines an overview of the UK NGO sector with a number of in-depth case studies of organisations drawn from across the faith-based spectrum, and additional information on other organisations that have deliberately engaged with wellbeing, from faith-permeated to secular. It explores if the rhetoric of wellbeing is reflected in the practice. In doing so the research explores how secular and faith-based organisations engage with wellbeing, and how Christian-rooted organisations have used wellbeing both to distinguish Christian visions of development and build bridges with secular and other faith-based actors that share similar visions of human development and wellbeing. The use of a spectrum of religiosity rather than a binary view of faith-based versus secular organisations has illustrated differences between these Christian-rooted organisations and supports the argument that such binary distinctions have limited analytical use. These organisations have demonstrated that the promise of improved information can be achieved with investment, but that strengthening voice, agency and shifting power requires stronger political will and leadership. They highlight the temptations and pressures to adopt a top-down approach, to elaborate in detail universal frameworks, and failing to root these in the priorities the realities and priorities of the local contexts. In their efforts to explicitly include faith and religion the organisations have illustrated some of the challenges in doing so, and the need to explore again the issues of public and private spaces and what a positive vision of secularism can offer to the wellbeing of all. This research contributes to the literature on wellbeing and international development by exploring the role that religion and faith plays in conceptualizing and assessing wellbeing, and how Christian-rooted organisations are using concepts of wellbeing to explore and advance their notions of human development. It contributes to the discussion of distinctions between faith-based and secular organisations. It highlights two challenges of giving explicit expression to faith and religion in wellbeing frameworks – the risk of taking an overly normative approach, and of doing so in mixed-faith spaces and with communities that may have quite different conceptions of wellbeing. The challenge of using universal frameworks in ways that reflect and respect local priorities and understandings is central to how wellbeing is used in international development. In addition, the focus on faith and religion has highlighted the need for a more critical analysis of secularism and its potential in navigating these tensions. Wellbeing has entered the rhetoric of development, but practice is yet to fully realise the promises of wellbeing. This research explores that discrepancy, and suggests some avenues for further research, including the need to explore these issues in relation to non-Christian faith traditions

When value chains go south:governance and upgrading of the Kenyan leather sector

In the last three decades, the global economy has witnessed an ambivalent phenomenon of integration through disintegration. Whilst the amount of regional and global trade dramatically increased, vertical specialisation prompted the outsourcing of manufacturing, assembling, and other business functions regionally and globally. The slicing up of value chains and the consequent surge in trade of intermediate goods drew the attention of scholars interested in the economic, social, and environmental consequences of this phenomenon. Yet, most of the literature on value chains has concentrated on the institutional and market linkages between firms in developed economies and delocalised suppliers in the global South. Conversely, less attention has been paid to the rise in South-South trade that accompanied the development of South- South and regional value chains. The following chapters provide new evidence on the opportunities and constraints that participation in value chains across North-South, South-South, and regional trajectories entails for local suppliers in developing countries. This is achieved by means of a mixed-methods approach that combines firm-level export data with over 100 semi-structured interviews across the Kenyan leather sector. On the one hand, results show how North-South value chains are characterised by more profitable and stable relationships between buyers and local suppliers. Nonetheless, whilst defined by higher product and process standards, linkages with developed economies appear to prevent rather than encourage local value addition. On the other hand, South-South value chains are governed by instability and distrust underpinned by pressures to reduce prices and lack of upgrading opportunities. Like the global South, regional value chains are characterised by fierce competition and low profitability. Even so, they often constitute an alternative for small suppliers willing to venture into new products and functions. Particularly, the local and regional markets represent an upgrading platform for innovative firms whose low capital endowments prevent them from accessing premium North-South value chains. In this case, industrial policy and entrepreneurship play a crucial role in enabling smallholders to upgrade in a competitive environment.</p