21 research outputs found

    Measuring information security governance within general medical practice

    Get PDF
    Information security is becoming increasingly important within the Australian general medical practice environment as legal and accreditation compliance is being enforced. Using a literature review, approaches to measuring information security governance were analysed for their potential suitability and use within General Practice for the effective protection of confidential information. The models, frameworks and guidelines selected were analysed to evaluate if they were Key Performance Indicator (KPI), or process driven; whether the approach taken was strategic, tactical or operational; and if governance or management assessment tools were presented. To measure information security governance, and be both effective and practical, the approach to be utilised within General Practice would need to function at an operational level and be KPI driven. Eight of the 29 approaches identified, were deemed to be applicable for measuring information security governance within the General Practice environment. However, further analysis indicated that these measurement approaches were either too complex to be directly implemented into General Practice, or collected self-assessment security data rather than actual security measurements. The literature review presented in this paper establishes the need for further research to develop an approach for measuring information security governance within General Practice

    Securing small business - the role of information technology policy

    Get PDF
    As small and medium enterprises develop their capacity to trade&nbsp; electronically, they and their trading partners stand to gain considerable benefit from the resulting transaction efficiencies and business&nbsp; relationships. However, this raises the question of how well small business manages its IT security and the threats that security lapses may pose to the wider trading network. It is in the interest of all members of an electronic trading network, as well as governments, to assist smaller companies to secure their business data. This paper considers the relationship between IT security management and IT policy implementation among small&nbsp; businesses involved in business-to-business eCommerce. It reports the results of a survey of 240 Australian small and medium businesses&nbsp; operating in a cross-industry environment. The survey found a low level of strategic integration of eCommerce along with inadequate IT security among the respondents, despite the fact that 81% were doing business online and 97% identified their business data as confidential. Businesses which implemented satisfactory levels of security technologies were more likely than others to have an information technology policy within the organisation. The paper proposes a model that outlines the development of security governance and policy implementation for small and medium businesses.<br /

    Model-Based IT Governance Maturity Assessments with Cobit

    Get PDF

    Towards a better understanding of how effective IT governance leads to business value : a literature review and future research directions

    Get PDF
    This paper reviews the existing literature on IT governance to assess whether IT governance has contributed to delivering business value from IT and if so, how. The conducted literature review has shown the scarce number of studies that focus on why and how effective IT governance may lead to business value. By using a structured literature review analysis, the paper has offered a number of insights to the topic of IT governance: a) provided a systematic definition of effective IT governance based on a multi-dimensional framework, b) listed benefits of effective IT governance, and c) identified mechanisms that lead effective IT governance to those benefits. This paper takes a step towards addressing the &lsquo;why&rsquo; and &lsquo;how&rsquo; knowledge gaps by synthesising the fragmented knowledge to provide the best that is known about the subject and to identify future research directions.<br /

    The Implementation of COBIT 4.1 and COBIT 5-Based IT Governance Audits in the Ministry of Finance of Indonesia

    Get PDF
    Abstract: Lately, organizations including the governmental ones started to realize the crucial role of IT for their organizations. For example, in the last 3 years, The Ministry of Finance (MoF) has spent Rp1.244 billion (USD 93,57 million) for IT investment itself. Weill (2004) stated that the benefit received from the IT investment is influenced by its governance. To ensure that IT is well-governed, IT governance audit is performed. In Indonesia, Inspectorate General of MoF is the first and only internal audit organization to carry out IT governance audit to date. IT governance audit in the Ministry of Finance has also implemented the globally accepted framework, COBIT. For those reasons, IT governance audit practice in the MoF could be the acceptable benchmark for another public sector organization about the aforesaid area of audit. This research aims to get the understanding about the implementation of IT governance audits in the Ministry of Finance (MoF) and compare them with Assessor Guide: Using COBIT 5. This study is important because meanwhile IT governance audit is important, to the best of author’s knowledge, research about IT governance audit practice in Indonesia’s public sector is very limited. To achieve the research’s purpose, this research will be served as a qualitative descriptive research. The result showed that MoF’s IT governance audit practice implemented Assessor Guide: Using COBIT 5 with some adjustments were done. Despite being in the early stage, the IT governance audit which combined COBIT 4.1 and COBIT 5 assessment approaches is fair performed. Abstrak: Dewasa ini, organisasi termasuk organisasi pemerintah mulai menyadari peran penting TI untuk organisasi mereka. Misalnya, dalam 3 tahun terakhir, Kementerian Keuangan (Kemenkeu) telah menghabiskan Rp1.244 miliar (USD 93,57 juta) untuk investasi TI. Weill (2004) menyatakan bahwa manfaat yang diterima dari investasi TI dipengaruhi oleh tata kelolanya. Untuk memastikan bahwa TI dikelola dengan baik, audit tata kelola TI dilakukan. Di Indonesia, Inspektorat Jenderal Kemenkeu adalah organisasi audit internal pertama dan satu-satunya yang melakukan audit tata kelola TI hingga saat ini. Audit tata kelola TI di Kemenkeu juga telah menerapkan framework yang diterima secara global, COBIT. Untuk alasan tersebut, praktik audit tata kelola TI di Kemenkeu dapat menjadi tolok ukur bagi organisasi sektor publik lainnya tentang bidang audit tersebut.. Penelitian ini bertujuan untuk mendapatkan pemahaman tentang pelaksanaan audit tata kelola TI di Kemenkeu dan membandingkannya dengan Assessor Guide: Using COBIT 5. Studi ini penting sebab meskipun audit tata kelola TI penting, sepanjang pengetahuan penulis, penelitian tentang praktik audit tata kelola TI di sektor publik Indonesia sangat terbatas. Untuk mencapai tujuan penelitian, penelitian ini akan disajikan sebagai penelitian kualitatif deskriptif. Hasil penelitian menunjukkan bahwa praktik audit tata kelola TI Kemenkeu telah menerapkan Assessor Guide: Using COBIT 5 dengan beberapa penyesuaian. Meskipun berada di tahap awal, audit tata kelola TI yang menggabungkan pendekatan assessment COBIT 4.1 dan COBIT 5 telah dilakukan secara cukup baik.

    A study of the causal relationship between IT governance inhibitors and its success in Korea enterprises

    Get PDF
    노트 : Proceedings of the 41st Hawaii International Conference on System Sciences - 2008 행사명 : 41st Hawaii International Conference on System Sc

    IT governance maturity patterns in Portuguese healthcare

    Get PDF
    The pervasive use of technology in organizations to address the increased services complexity has created a critical dependency on information technology (IT) that calls to a specific focus on IT Governance (ITG). However, determining the right ITG mechanisms remains a complex endeavor. This paper uses Design Science Research and proposes an exploratory research by analyzing ITG case studies to elicit possible ITG mechanisms patterns. Six interviews were performed in Portuguese healthcare services organizations to assess the ITG practices. Our goal is to build some theories (ITG mechanisms patterns), which we believe will guide healthcare services organizations about the advisable ITG mechanisms given their specific context. We also intend to elicit conclusions regarding the most relevant ITG mechanisms for Portuguese healthcare services organizations. Additionally, a comparison is made with the financial industry to identify improvement opportunities. We finish our work with limitations, contribution and future work.info:eu-repo/semantics/acceptedVersio

    Using information technology governance, risk management and compliance (GRC) as a creator of business values – a case study

    Get PDF
    The relationship between Information Technology (IT) Governance, Risk Management and Compliance (GRC) and organisation business values continues to interest academics and practitioners (IT Governance Institute, 2003). Like governance, risk management and compliance generally, IT GRC is about the decision rights and accountabilities that encourage desirable behaviour in the use of IT (IT Governance Institute, 2003). A case study approach was used in an organisation with many business units. The organisation selected is a mining company, RioZim, situated in Zimbabwe. Data was collected from business units on IT issues and business values. The interviews centred on the IT GRC practices based on responsibility and authority for IT decision making. The results suggest that IT GRC does not adequately support business values. The study revealed that business values should drive IT GRC and IT GRC should be the responsibility of executives and all business units
    corecore