Skip to main content
Registrieren
Springer Professional
SUCHE
MENÜ 1 2 3 4
nach oben

Tipp

Weitere Kapitel dieses Buchs durch Wischen aufrufen

Erschienen in:
NDT-Agile: An Agile, CMMI-Compatible Framework for Web Engineering Kapitel lesen Erstes Kapitel lesen

2017 | Supplement | Buchkapitel

A Framework for Assessing Organisational IT Governance, Risk and Compliance

verfasst von : Mikhel Vunk, Nicolas Mayer, Raimundas Matulevičius

Erschienen in: Software Process Improvement and Capability Determination

Verlag: Springer International Publishing

Einloggen, um Zugang zu erhalten
share
TEILEN

Abstract

Enterprises have reached to understanding that information technology (IT) is more than just a technical issue. Domains such as IT governance, risk management and compliance (GRC) have been established to steer it. Though there has been some improvements, these domains are usually considered separately, thus less business value is created due to complexity of the process flows. There has been little attempts to integrate all three aspects, however this was done using domain specific standard and not taking into account the existing state of the art. In this paper, we conduct a systematic literature review to understand the processes, roles, strategies, and technologies of IT GRC as well as their integration. Based on the results of the review, we propose an assessment framework, which could guide evaluation of the enterprise’s IT GRC concerns.

Sie möchten Zugang zu diesem Inhalt erhalten? Dann informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 69.000 Bücher
  • über 500 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt 90 Tage mit der neuen Mini-Lizenz testen!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 50.000 Bücher
  • über 380 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe



 


Jetzt 90 Tage mit der neuen Mini-Lizenz testen!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 58.000 Bücher
  • über 300 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko





Jetzt 90 Tage mit der neuen Mini-Lizenz testen!

Jetzt informieren
Vorheriges Kapitel Developing an Integrated Risk Management Process Model for IT Settings in an ISO Multi-standards Context
Nächstes Kapitel A Process Reference Model and A Process Assessment Model to Foster R&D&I Management in Organizations: MGPDI
Fußnoten
Literatur
1.
Racz, N., Weippl, E., Seufert, A.: A frame of reference for research of integrated governance, risk and compliance (GRC). In: De Decker, B., Schaumüller-Bichl, I. (eds.) CMS 2010. LNCS, vol. 6109, pp. 106–117. Springer, Heidelberg (2010). doi: 10.​1007/​978-3-642-13241-4_​11 CrossRef
2.
ISACA: COBIT 5: A Business Framework for the Governance and Management of Enterprise IT (2012)
3.
ISO/IEC 27005:2011: Information technology – security techniques – information security risk management. International Organization for Standardization, Geneva (2011)
4.
ISO/IEC 38500:2015: Information technology - Governance of IT for the organization. International Organization for Standardization, Geneva (2015)
5.
Racz, N.: Governance, Risk and Compliance for Information Systems: Towards an Integrated Approach. Sudwestdeutscher Verlag, Saarbrücken (2011)
6.
Kitchenham, B., Charters, S.: Guidelines for performing systematic literature reviews in software engineering. School of Computer Science and Mathematics, Keele University (2007)
7.
Mayer, N., Barafort, B., Picard, M., Cortina, S.: An ISO compliant and integrated model for IT GRC (Governance, Risk Management and Compliance). In: O’Connor, R., Umay Akkaya, M., Kemaneci, K., Yilmaz, M., Poth, A., Messnarz, R. (eds.) Systems, Software and Services Process Improvement. CCIS, vol. 543, pp. 87–99. Springer, Cham (2015). doi: 10.​1007/​978-3-319-24647-5_​8 CrossRef
8.
De Smet, D., Mayer, N.: Integration of IT governance and security risk management: a systematic literature review. In: 2016 International Conference on Information Society (i-Society), pp. 143–148 (2016)
9.
Racz, N., Weippl, E., Seufert, A.: Governance, risk & compliance (GRC) software - an exploratory study of software vendor and market research perspectives. In: 44th Hawaii International Conference on System Sciences, pp. 1–10 (2011)
10.
Vicente, P., da Silva, M.M.: A business viewpoint for integrated IT governance, risk and compliance. In: 2011 IEEE World Congress on Services, pp. 422–428 (2011)
11.
Krey, M.: Information technology governance, risk and compliance in health care - a management approach. In: 2010 Developments in E-systems Engineering, pp. 7–11 (2010)
12.
Racz, N., Weippl, E., Seufert, A.: Integrating IT governance, risk, and compliance management processes. In: Proceedings of the 2011 Conference on Databases and Information Systems VI: Selected Papers from the Ninth International Baltic Conference, DB&IS 2010, pp. 325–338. IOS Press, Amsterdam, The Netherlands (2011)
13.
Vicente, P., Mira da Silva, M.: A conceptual model for integrated governance, risk and compliance. In: Mouratidis, H., Rolland, C. (eds.) CAiSE 2011. LNCS, vol. 6741, pp. 199–213. Springer, Heidelberg (2011). doi: 10.​1007/​978-3-642-21640-4_​16 CrossRef
14.
Puspasari, D., Hammi, M.K., Sattar, M., Nusa, R.: Designing a tool for IT governance risk compliance: a case study. In: 2011 International Conference on Advanced Computer Science and Information Systems, pp. 311–316 (2011)
15.
Shahim, A., Batenburg, R., Vermunt, G.: Governance, risk and compliance: a strategic alignment perspective applied to two case studies. In: Hercheui, M.D., Whitehouse, D., McIver, W., Phahlamohlaka, J. (eds.) HCC 2012. IAICT, vol. 386, pp. 202–212. Springer, Heidelberg (2012). doi: 10.​1007/​978-3-642-33332-3_​19 CrossRef
16.
Rath, D.M., Sponholz, R.: IT-Compliance: Erfolgreiches Management regulatorischer Anforderungen. Erich Schmidt Verlag GmbH & Co., Berlin (2009)
17.
Racz, N., Weippl, E., Seufert, A.: A process model for integrated IT governance, risk, and compliance management. In: Proceedings of the Ninth International Baltic Conference on Databases and Information Systems, DB&IS 2010, Baltic. pp. 155–170 (2010)
18.
19.
ISO 31000:2009: Risk management – principles and guidelines. International Organization for Standardization, Geneva (2009)
20.
ISO 19600:2014: Compliance management systems — guidelines. International Organization for Standardization, Geneva (2014)
21.
ISO/IEC 33020:2015: Information technology – process assessment – process measurement framework for assessment of process capability. International Organization for Standardization, Geneva (2015)
Metadaten
Titel
A Framework for Assessing Organisational IT Governance, Risk and Compliance
verfasst von
Mikhel Vunk
Nicolas Mayer
Raimundas Matulevičius
Copyright-Jahr
2017
Buch
Software Process Improvement and Capability Determination

Print ISBN: 978-3-319-67382-0

Electronic ISBN: 978-3-319-67383-7

Copyright-Jahr: 2017

DOI
https://doi.org/10.1007/978-3-319-67383-7_25

Premium Partner