IT GOVERNANCE AUDIT AT THE KAMPAR REGENCY LIBRARY AND ARCHIVES DEPARTMENT USING COBIT 2019 AND ITIL 4

Information Technology (IT) is a tool that plays an important role in helping improve the effectiveness and efficiency of a company's or organization's business processes. The Kampar Regency Library and Archives Service uses the Integrated Library System (INLIS) Lite to support operational, management, and decision-making functions in the library. However, the use of INLIS Lite has not been fully utilized properly, for this reason it is necessary to carry out an IT governance audit. The audit process aims to determine the extent of IT performance, human resources, and the level of IT maturity in the library. This study uses Control Objective for Information and Related Technology (COBIT) 2019 and Information Technology Infrastructure Library (ITIL) 4 to conduct audits. With the findings of the audit results obtained eight process domains, namely APO02 and APO012 domains are at level 1 (Performed) in the Largely Achieved category, APO09 and BAI08 domains are at level 2 (Managed) in the Largely Achieved category, domains APO013, BAI05 and MEA01 are in the Largely Achieved, and the APO07 domain is at level 4 (Predictable) and in the Fully Achieved category. In addition to the audit, an assessment of the capability level was also carried out using the Servqual Model and Importance Performance Analysis with the results of obtaining 2 criteria in quadrant A, 1 criterion in quadrant B, 2 criteria in quadrant C and 3 criteria in quadrant D. This study also provides recommendations for improvement using SWOT model approach refers to ITIL 4

Combination between Cobit 5 and ITIL V3 2011

IT organizations are under increasing pressure to meet the business goals of their companies. This challenge can be particularly daunting because it involves complying with regulations, such as the SarbanesOxley Act (Sarbox) and Basel II. Compliance requires strong corporate governance capabilities that are demonstrable to outside auditors. Because IT plays such a major role in business processes, the IT organization not only creates complexity for the business, but at the same time, provides the means to demonstrate this compliance. Organizations rely on guidelines such as the IT Infrastructure Library (ITIL® ) and Control Objectives for Information and related Technology (COBIT) to help understand and address these challenges

ITIL v3 Framework Application to Design Information Technology Incident Management Governance

Information technology (IT) is one of the strategic investments for Banks. IT can increase the efficiency and effectiveness of operational activities and strengthen their competitive position. Given that IT is an expensive investment, while its implementation contains various risks, Banks need to implement Information Technology Governance. Banks are required to implement some standards for IT governance in multiple aspects, one of which is the IT incident management aspect. IT services at the Bank are crucial because they must work optimally with zero downtime. They must ensure the management and prevention of any problems that may arise to support the sustainability of the company’s business processes. One of the frameworks that can be used for good IT service incident management is Information Technology Infrastructure Library version 3 (ITIL v3). ITIL’s incident management aims to restore disrupted IT services to their normal state and reduce the business impact. To measure the extent to which the Bank has implemented IT Incident Management Governance, the maturity level is calculated by comparing the current state (as is) and the desired shape (to be) to obtain the maturity level gap. The process of maturity level assessment is carried out using interviews and questionnaires addressed to all stakeholders involved in the entire IT incident management process. The research results show that 15 of the 42 IT incident management processes have not reached the desired state. Based on these gaps, an IT incident management governance document was designed based on the ITIL v3 framework, which is expected when implemented in the Bank’s daily operations. It will increase the availability of IT services

The Effect of Information Technology Audit For E-Health of Indonesia Using ITIL Framework V.3 Domain Service Design

This study explain about E-Health Surabaya is a web-based health service technology application that is used to help people register as patients in hospitals and health centers. Although its function is very useful, there are also people who still do not understand how to use this application, there are also some shortcomings that cause inconvenience in its use. So that research is conducted in which the application uses ITIL V.3 framework with Domain Service Design to conduct an audit of the maturity level of this E-Health Surabaya Web Application. ITIL (Information Technology Infrastructure Technology) is a framework used to manage information technology services to achieve predetermined targets. The methods used are Data Collection, Data Grouping, Calculation with Likert Scale, and Assessment Based on Service Maturity Level Framework. The results of the study are obtained from data processing of 13 respondents who have filled out the questionnaire, resulting in an overall average value of 3 which is based on the Service Maturity Level Framework is worth 3 namely Defined Process. In addition, recommendations are also given to the Service Level Management and Capacity Management sub domain so that it is expected that E-Health can be developed so that it can be easily used by all groups and can be integrated with e-kiosks in each area of the City of Surabaya for user convenience in their transactions

IT Service Management Knowledge Ecosystem – Literature Review and a Conceptual Model

Information Technology Service Management (ITSM) is a customer-centric approach to manage IT Services in order to provide value to the business. The ITSM Knowledge ecosystem comprises multiple knowledge areas including process frameworks, technology tools and skills. Organisations struggle to comprehend the ecosystem due to the sheer volume and dynamic nature of the business technology environment. A Systematic Literature Review was conducted to understand the state of the current research in ITSM knowledge ecosystem. The review indicated that the focus of the existing research is skewed towards process frameworks knowledge area neglecting tools and training. The approach proposed in the extant research fails to provide a holistic view of the ecosystem. To overcome the limitations a conceptual model is proposed based on Knowledge Commons theory

IT governance for public universities: developing a model

Information technology (IT) has become essential in supporting the growth and sustainability of all types of organizations. Universities are one of those types that are more and more dependent on IT having a technological infrastructure made of heterogeneous technologies that turns IT Governance into a real challenge. The teaching-learning and research processes, nuclear for universities, require effective and efficient IT governance so universities remain competitive. IT governance calls for the definition and implementation of formal practices at the highest level in the organization involving structures, processes and relational mechanisms for the creation of business value from IT investments. However, it is quite notorious the difficulty in defining and implementing those practices from frameworks such as COBIT, ITIL, ISO/IEC 38500, among others. The level of adoption of such frameworks at universities is quite low, superficial or limited in scope. To address these issues, we propose, using design science research, the development of an IT governance model for public universities. The model will be designed having the appropriate mechanisms identified through survey research and case studies involving Portuguese and Brazilian public universities. We expect to contribute with a model having structures, processes and relational mechanisms suitable for the public sector universities with the guidelines for effective and efficient IT governance. Moreover, contributions to the body of knowledge, regarding the adoption of frameworks such as COBIT and ITIL, taking in consideration contextual and contingency factors, are also expected in what particularly relates to Portuguese and Brazilian public universities.CAPES - Coordenação de Aperfeiçoamento de Pessoal de Nível Superior(UID/CEC/00319/2013)This work was supported by CAPES Foundation, Ministry of Education of Brazil Process n.º10415/13-0 and by FCT – Foundation for Science and Technology, project UID/CEC/00319/2013.info:eu-repo/semantics/publishedVersio

Peran Framework ITIL V3 Mengukur Kualitas Layanan TI (Studi Kasus : Perpustakaan UAJY)

Pemberian pelayanan kepada pelanggan dapat dilakukan dengan memanfaatkan kemajuan teknologi informasi. Hal ini bertujuan untuk memberikan kepuasan kepada pelanggan. Salah satu organisasi yang berhubungan dengan bagian pelayanan adalah perpustakaan. Studi kasus dalam paper ini dilakukan pada perpustakaan Universitas Atma Jaya Yogjakarta (UAJY). Perpustakaan Universitas Atma Jaya Yogjakarta telah memanfaatkan kemajuan teknologi untuk meningkatkan pelayanan terhadap pengunjung. Kemajuan teknologi juga dimanfaatkan oleh staf perpustakaan Universitas Atma Jaya Yogjakarta untuk proses monotoring dan evaluasi. Oleh karena itu penulis ingin mengukur kualitas layanan teknologi informasi di perpustakaan Universitas Atma Jaya Yogjakarta. Tujuan yang ingin dicapai adalah mengetahui kualitas layanan teknologi informasi pada perpustakaan Universitas Atma Jaya Yogjakarta melalui pemberian level  dari level 0 hingga level 5. Penulis melakukan proses pengukuran kualitas layanan teknologi informasi mengunakan framework Information Technology Infrastructure Library (ITIL) V3. Hal ini dikarenakan framework ITIL memiliki manfaat dan kelebihan dalam melakukan proses pengukuran tingkat kualitas layanan teknologi informasi. Teknik pengumpulan data menggunakan kuisoner. Berdasarkan pengukuran tingkat kualitas layanan teknologi informasi menggunakan framework ITIL V3, layanan teknologi informasi pada perpustakaan Universitas Atma Jaya Yogjakarta masuk pada level 3 yaitu, prosedur dan instruksi pekerjaan telah distandarisasikan dan didokumentasikan

Maturity model of incident management

Over the last 25 years the concern of most organizations with Information Technology (IT) has been clearly exponential. In order to plan, organize, select, support and deliver IT services, it was necessary to implement IT frameworks. These frameworks are a set of the best practices to implement on IT service management. These frameworks are included in several processes of different areas of IT. This research work is focused very concretely on the Incident Management process. Once the organizations technical consulting services are available 24/7, an implementation of this process is crucial. Many of the IT frameworks contain similar processes. Many organizations, when trying to apply more than one framework, end up doing redundant work. Therefore, eliminating overlaps of activities becomes very useful for any process of IT frameworks. In this way, the process becomes simpler and less expensive for the organization. Given the need of the organizations evaluate the maturity of their incident management process and different organizations and different IT frameworks, was born the need for this research. This thesis proposes a Maturity Model for the incident management process that covers the main and most used IT frameworks.Nos últimos 25 anos a preocupação da generalidade das empresas com as Tecnologias da Informação (TI) é claramente exponencial. De tal forma que, para conseguirem organizar, planear, selecionar, suportar e entregar os serviços de TI, foi necessário implementar frameworks de TI. Estas frameworks são um conjunto de boas práticas a implementar para gestão de serviços de TI. Nestas frameworks estão incluídos vários processos das diferentes áreas das TI. Este trabalho de investigação focou-se muito concretamente no processo de Gestão de Incidências. Sendo que a operacionalidade da generalidade dos serviços requerer disponibilidade de quase 24/7, a implementação deste processo é fulcral. Muitas das frameworks de TI contem processos similares. Muitas organizações, quando tentam aplicar mais que uma framework acabam por fazer trabalho redundante. Assim sendo, a eliminação de sobreposições das atividades torna-se bastante útil para qualquer processo das frameworks de IT. Desta forma o processo torna-se mais simples e menos dispendioso para a organização. Dada a necessidade das organizações de avaliarem a maturidade do seu processo de gestão de incidências e que diferentes organizações têm diferentes frameworks de TI, nasceu a necessidade deste trabalho de investigação. Esta tese propõe um Modelo de Maturidade para o processo de gestão de incidências que abranja as principais e mais utilizadas frameworks de TI

Towards a framework for building security operation centers

In this thesis a framework for Security Operation Centers (SOCs) is proposed. It was developed by utilising Systems Engineering best practices, combined with industry-accepted standards and frameworks, such as the TM Forum’s eTOM framework, CoBIT, ITIL, and ISO/IEC 27002:2005. This framework encompasses the design considerations, the operational considerations and the means to measure the effectiveness and efficiency of SOCs. The intent is to provide guidance to consumers on how to compare and measure the capabilities of SOCs provided by disparate service providers, and to provide service providers (internal and external) a framework to use when building and improving their offerings. The importance of providing a consistent, measureable and guaranteed service to customers is becoming more important, as there is an increased focus on holistic management of security. This has in turn resulted in an increased number of both internal and managed service provider solutions. While some frameworks exist for designing, building and operating specific security technologies used within SOCs, we did not find any comprehensive framework for designing, building and managing SOCs. Consequently, consumers of SOCs do not enjoy a constant experience from vendors, and may experience inconsistent services from geographically dispersed offerings provided by the same vendor

Maturity model for configuration management

The Configuration Management process is a support process that helps organizations have a better management of their infrastructure. This process is being implemented in a haphazard way, not producing the benefits that it should produce. In an environment where the success depends on the client’s wills, have allowed a significant advance in IT domain, granting a substantial evolution in IT services. However, with all the frameworks provided, many of the organizations have challenges to implement several processes and to design an improvement plan. Maturity Models can be seen as support tools for this kind of task. The main objective of maturity models is to evaluate and improve the organization’s practices by creating an improvement roadmap. Nevertheless, the importance of the conjunction of both concepts, Configuration Management and Maturity Models, has not been justified and developed. The practices overlap, recommended by the Information Technology frameworks, has been a problem for the organizations due to the fact of several enterprises require to have to implement diverse frameworks, bringing an increase of cost and unnecessary redundancy. In this research, with the need of the organizations evaluate their Configuration Management process, was developed an overlapless Maturity Model for the Configuration Management by combining several frameworks, with the support of the Systematic Literature Review method and the Design Science research methodology.O processo de Gestão de Configurações é um processo de suporte que ajuda as organizações a terem uma melhor gestão da sua infraestrutura. É um processo que está a ser implementado de forma aleatória, não produzindo os benefícios que deveria produzir. Num ambiente onde o sucesso depende das vontades dos clientes, permitiu um avanço significativo no domínio das TI, garantindo uma substantiva evolução nos serviços das TI. Contudo, com todas as frameworks fornecidas, muitas das organizações da área das TI têm dificuldades em implementar vários processos e em desenhar um plano de melhoramento. Os Modelos de Maturidade permitem o suporte para este tipo de tarefa. O objetivo principal desta ferramenta é avaliar e melhorar as práticas das organizações, criando um plano de melhoramento e avaliando o estado as-is do processo. Mesmo assim, a importância da conjunção entre estes dois conceitos, Gestão de Configurações e Modelos de Maturidade, nunca foi justificado nem desenvolvido. A sobreposição das práticas, recomendadas pelas frameworks das TI, tem vindo a ser um problema para as organizações. Esta sobreposição traz um acréscimo de despesa e redundância desnecessária, uma vez que as organizações necessitam de implementar diversas frameworks. Nesta investigação, com a necessidade de as organizações das TI avaliarem o seu processo de Gestão de Configurações, foi desenvolvido um Modelo de Maturidade sem sobreposição para Gestão de Configurações combinando diversas frameworks, com o suporte do método Revisão Sistemática da Literatura e da metodologia de investigação Design Science Research