• Title/Summary/Keyword: Cobit

Search Result 19, Processing Time 0.021 seconds

Influential Factors for COBIT Adoption Intention: An Empirical Analysis

  • Jo, Yoon-Sung;Lee, Jung-Hoon;Kim, Jae-Min
    • International Journal of Contents
    • /
    • v.6 no.4
    • /
    • pp.79-89
    • /
    • 2010
  • In recent years, IT organizations are in the process of introducing IT Governance as the concept and measure of transparency, accountability and effectiveness of IT activities and control for managing governance processes. In this paper, the influential factors for IT organizations to adopt COBIT(The Control Objectives for Information and related Technology) which is a typical framework for effective IT Governance execution were classified and analyzed empirically into internal and external factors. Internal factors were designed based on influential factors in the theory of innovation diffusion, and external factors were designed based on influential factors from outside certification which were absent in COBIT and expertise support from the outside. The result of this study showed that understandability, transition and effectiveness which were internal factors had no effect on COBIT introduction, and only expertise support among certification and expertise support which were external factors had significant effects. This result shows that there are lack of COBIT supports and introduction in internal IT organizations. It is expected that the result of this study will allow strategic approach of COBIT adoption in future by verifying influential factors of COBIT introduction within IT organizations.

정보보호 요소의 통합에 관한 선행 연구: COBIT 4.1과 ISO/IEC 27002:2005의 매핑을 중심으로

  • Kim, Jeong Hyun
    • Review of KIISC
    • /
    • v.23 no.4
    • /
    • pp.15-21
    • /
    • 2013
  • 기업의 비즈니스 환경에서 정보보호의 중요성이 높아감에 따라 정보보호와 관련된 표준이나 벤치마크의 필요성도 증대되었다. 이러한 표준에는 ISO/IEC 27001, ISO/IEC 27002, PCIDSS, ITIL, COBIT 등이 유명하다. 본 논문에서는 IT 거버넌스의 프레임워크로서 폭 넓은 범위의 정보보호 플랫폼이 될 수 있는 COBIT 4.1과 정보보호를 위한 상세한 최선의 실무(best practice)를 담고 있는 ISO/IEC 27002의 각 정보보호 요소에 대해 간략히 알아보고, 이들을 서로 매핑하여 "높은 수준"의 프레임워크와 "낮은 수준"의 방법론의 통합에 대한 방향을 제시하고자 한다.

The Impact of The Maturity of IT Management Standard Processes on IT Outsourcing Performance: A Field Case Study (IT 아웃소싱 서비스 관리를 위한 표준 프로세스 성숙도가 성과에 미치는 영향에 관한 탐색적 현장 사례연구)

  • An, Joon M.;Kim, Kyoung M.;Kim, Yong J.
    • Informatization Policy
    • /
    • v.17 no.1
    • /
    • pp.102-119
    • /
    • 2010
  • This study explores the effects of standardized management processes such as COBIT and ITIL on the success of IT outsourcing by utilizing an exploratory case study. The exploratory model includes the maturity of ITIL and COBIT process and success of IT outsourcing. For each construct of the model, several measures are developed from preceding researches and confirmed in the context of the cases utilized for this study. It is found that the maturity of the processes supported by ITIL and COBIT is critical for the success of IT outsourcing in this study. This results confirm the current popularity of the standardized process adopted in practice and also require further research endeavors in this control or management process in the future. It should include any other processes and related activities to the control process in the relationship of IT outsourcing.

  • PDF

The Measurement Model for the Evaluation of Information Systems Service : The Case of Chinese SI Company (정보시스템 서비스 평가를 위한 측정모형의 개발 및 실증적 검증 : 중국 SI 기업 사례)

  • Lee, Sang-Jae;Lim, Gyoo-Gun
    • Journal of Information Technology Services
    • /
    • v.10 no.2
    • /
    • pp.141-162
    • /
    • 2011
  • The controls of Information Systems (IS) have been an more critical issue controls as the sophistication and integration of IS is more proceeded. ITGI (The Information Technology Governance Institute) of ISACA (Information Systems Audit and Control Association) has suggested COBIT (Control Objectives for Information and related Technology) and this has been widely recognized the evaluation model of IS controls. In COBIT, IS was evaluated in terms of process, information quality, and IT resources. This study used COBIT in order to suggest and empirically test an evaluation model of IS service. The data was collated from one major Chinese SI (Systems Integration) company in four domains of processes : planning and organization, acquisition and implementation, delivery and support, and monitoring. Seven factors are extracted using an exploratory factor analysis as follows : Overall IT planning process, technological assessment process in IT planning of IT, cost-benefit assessment process in IT planning, implementation process, support process, monitoring process, post-implementation evaluation process. The results of confirmatory analysis of three alternative measurement models indicated that the measurement model with one inherent or conceptual variable has greater model fitness than the other models. This study suggests the logical and general way to test and apply COBIT in evaluating IS services.

Risk Management interaction model for Process of Information Security Governance (정보보호 거버넌스 프로세스를 위한 위험관리 상호작용 모델)

  • Song, You-Jin
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.1 no.2
    • /
    • pp.103-108
    • /
    • 2012
  • Recently, IT Governance has been applied to business management environment. In this paper, we study business model that can minimize information security risk using IT governance in cloud computing environment. Especially, we propose the interaction model that link risk management for subject of information security governance. In our model, synergy means the effective, strategic and secure business support. And interaction analysis of BMIS's 4 elements and 6 dynamic interconnections is required. Therefore we propose interaction model which can link risk management based on COSO ERM or COBIT Risk IT Framework.

COBIT 프레임워크를 활용한 정보보호 성숙도 측정에 관한 연구 - 정보보호 거버넌스 관점을 중심으로 -

  • Cho, Hee-Joon;Park, Sung-Kap;Min, Dae-Hwan
    • Review of KIISC
    • /
    • v.23 no.4
    • /
    • pp.22-28
    • /
    • 2013
  • 정보보호의 중요성으로 공공기관이나 일반 기업은 정보보호관리체계를 수립, 운영하고 있거나 정보보호 활동을 하고 있다. 하지만 정보보호관리체계나 정보보호 활동에 대한 성과측정이 불명확한 기준을 가지고 있거나 명확한 기준이 없는 것이 현실적인 문제점이다. 이러한 문제점으로 적절한 성과측정이 이루어지지 않기 때문에 현재의 정보보호 수준을 올바르게 측정할 수 없을 뿐만 아니라 그에 따른 성과개선을 하기에도 어려운 실정이다. COBIT 프레임워크의 정보보호 성숙도 모델을 활용하여 정보보호 거버넌스 관점과 연계함으로써 정보보호 성과에 대한 측정지표를 구체적으로 제시하고자 한다. 구체적인 정보보호 성과에 대한 측정지표를 활용함으로써 현재의 정보보호 수준을 파악하고 나아가서 정보보호 수준을 개선하고자 하는데 이 연구의 의미를 두고 있다.

Research on Integrated Management of ISMS : Comparative Analysis of IT Disaster Recovery Framework (IT재해복구 연관 프레임워크 비교분석을 통한 ISMS의 통합관리방안)

  • Bak, Yurim;Kim, Byungki;Yoon, Ohjun;Khil, Ara;Shin, Yongtea
    • KIISE Transactions on Computing Practices
    • /
    • v.23 no.3
    • /
    • pp.177-182
    • /
    • 2017
  • To develop computer and communication in the information society, difficulties exist in managing the enormous data manually. Also, loss of data due to natural disasters or hacker attacks, generate a variety of disasters in the IT securities. Hence, there is an urgent need for an information protection management system in order to mitigate these incidents. Information Security Management System has various existing frameworks for IT disaster management. These include Cyber Security Framework, Risk Management Framework, ISO / IEC 27001: 2013, and COBIT 5.0. Each framework analyses and compares the entry for IT disaster recovery from among the various available data. In this paper, we describe a single integrated management scheme for fast resolution of IT disasters.

A Study on the Information System Operation Plan for the Mobile Environments Construction (모바일 환경 구축을 위한 정보시스템 운영방안에 대한 연구)

  • Kim, Dong Soo;Kim, Hee Wan
    • Journal of Service Research and Studies
    • /
    • v.4 no.2
    • /
    • pp.21-35
    • /
    • 2014
  • The mobile environment which is based on the Internet is expanding the area of the web information systems. The mobile Internet is expanding mobile content and services due to the development of wireless network technology, the proliferation of smart terminal devices, and the emergence of a variety of mobile services platforms. A mobile web is to access to the Internet service using a mobile network or other wireless network using a smart phone or a mobile device. Recently, it is to increase the smart phone usage rapidly in the country, and many companies is entering the mobile market. There are increasing need for this operation plan of a mobile web information system. In this paper, we compared the COBIT, ITIL, the SLA, which are the International Information Systems operation standards, and the information system operation standards of Korea Information Security Agency. We analyzed the suitability of the mobile environment and information system operating instructions, and we compared mobile web, operating environments and the ITIL V3.

  • PDF

A Study on Analysing Framework of Information Security Management Systems for Managing Business Risk (비즈니스 위험관리를 위한 정보보호제도 분석 프레임웍에 관한 연구)

  • Kim, Min-Sun
    • Journal of the Korea Academia-Industrial cooperation Society
    • /
    • v.11 no.2
    • /
    • pp.703-708
    • /
    • 2010
  • Various information sources and the increasing vulnerabilities of information systems could increase the risks of a business. The successful management of business risks depends on appropriate level of risks in business. Business risk management would be conducted in terms of financial risk management and information security management. The financial management and the information security management could not achieve an integrated business risk management. For developing the integrated business risk management, this study analyzes the various information security management systems such as ISMS, EA, ISO27001, COBIT, SPICE, Auditing. This study analyzes information security systems, which could be utilized in developing business risk management.

A Theoretical Comparative Study of Human Resource Security Based on Korean and Int'l Information Security Management Systems (국내·외 정보보호 관리체계기반의 인적보안의 이론적 비교연구)

  • Rha, Hyeon-Dae;Chung, Hyun-soo
    • Journal of Convergence Society for SMB
    • /
    • v.6 no.3
    • /
    • pp.13-19
    • /
    • 2016
  • In various ICBM (IoT, Bigdata, Cloud, Mobile) IT convergence environments, IT technologies have been evolved, new information security threats have been occurred. As information security incidents in major public agencies, financial institutions and companies occurred, it was emphasized that the importance of human security was disclosed. Thus, implementing of information security management system could protect hacks and security breaches and respond quickly to accidents so it minimized the sized of loss. In this paper, comparison of human security controls shown in ISO27001, COBIT, NIST 800-53, K-ISMS, Cyber Security Framework such as the main information security management systems was analyzed, and proposed of the security implications about effective controls of human resources security issues.