Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
NDT-Agile: An Agile, CMMI-Compatible Framework for Web Engineering Kapitel lesen Erstes Kapitel lesen

2017 | Supplement | Buchkapitel

Developing an Integrated Risk Management Process Model for IT Settings in an ISO Multi-standards Context

verfasst von : Béatrix Barafort, Antoni-Lluís Mesquida, Antònia Mas

Erschienen in: Software Process Improvement and Capability Determination

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

With risk management as a key topic for most organizations, aligning and improving organisational and business processes is essential. Capability and Maturity Models can contribute to assess and then enable process improvement. With the need to integrate risk management in IT settings (IT department/organisation), ISO/IEC 15504-330xx process assessment approach combined with ISO 31000 for risk management can be the foundations for new process models. An integrated process-based approach with various market-demanded ISO standards (ISO 9001, ISO 21500, ISO/IEC 20000-1 and ISO/IEC 27001) is proposed in the paper; it explains how the Integrated Risk Management Process Model for IT settings in an ISO multi-standards context is developed with a Design Science research method.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel Enterprise SPICE Extension for Smart Specialization Based Regional Innovation Strategy
Nächstes Kapitel A Framework for Assessing Organisational IT Governance, Risk and Compliance
Literatur
1.
ISO/IEC ISO/IEC 15504: Information technology – Process assessment, Parts 1-10. International Organization for Standardization, Geneva (2003, 2012)
2.
ISO/IEC 330xx: Information Technology - Process assessment. International Organization for Standardization, Geneva (2013, 2017)
3.
ISO/IEC 15504-5: Information Technology – Process assessment – An exemplar software life cycle process assessment model. International Organization for Standardization, Geneva (2012)
4.
ISO/IEC 15504-8: Information Technology – Process assessment – An exemplar process assessment model for IT service management. International Organization for Standardization, Geneva (2012)
5.
ISO/IEC 33072: TS Information Technology – Process Assessment – Process capability assessment model for information security management. International Organization for Standardization, Geneva (2016)
6.
7.
8.
Lepmets, M., McCaffery, F., Clarke, P.: Development and benefits of MDevSPICE®, the medical device software process assessment framework. J. Softw. Evol. Process 28(9), 800–816 (2016)
9.
ISO/IEC 27001: Information technology – Security techniques – Information security management systems – Requirements. International Organization for Standardization, Geneva (2013)
10.
ISO/IEC 20000-1: Information Technology – Service management – Part 1: Service management system requirements. International Organization for Standardization, Geneva (2011)
11.
ISO 9001: Quality management systems – Requirements. International Organization for Standardization, Geneva (2015)
12.
ISO/IEC ISO 21500: Guidance on project management. International Organization for Standardization, Geneva (2012)
13.
Barafort, B., Mesquida, A.L., Mas, A.: Integrating risk management in IT settings from ISO standards and management systems perspectives. Comput. Stand. Interfaces (2016)
14.
Barafort, B., Mesquida, A.L., Mas, A.: How to elicit Processes for an ISO-based Integrated Risk Management Process Reference Model in IT Settings? In: To be published in Proceedings of the 24th European System & Software Process Improvement and Innovation Conference 2017, Ostrava (2017)
15.
ISO 31000: Risk management – Principles and guidelines (2009)
16.
Barafort, B., Renault, A., Picard, M., Cortina, S.: A transformation process for building PRMs and PAMs based on a Collection of Requirements – Example with ISO/IEC 20000. In: 8th International SPICE 2008 Conference, Nuremberg (2008)
17.
Peffers, K., Tuunanen, T., Rothenberger, M., Chatterjee, S.: A design science research methodology for information systems research. J. Manage. Inf. Syst. 24(3) (2008)
18.
Buglione, L., Abran, A., von Wangenheim, C.G., McCaffery, F., Hauck, J.C.R.: Risk management: achieving higher maturity & capability levels through the LEGO approach. In: 2016 Joint Conference of the International Workshop on Software Measurement and the International Conference on Software Process and Product Measurement (IWSM-MENSURA), pp. 131–138. IEEE, October 2016
19.
ISO, Economic benefits of standards – International case studies. ISBN 978-92-10556-7
20.
21.
MacMahon, S.T., McCaffery, F., Keenan, F.: The MedITNet assessment framework: development and validation of a framework for improving risk management of medical IT networks. J. Softw. Evol. Process 28(9), 817–834 (2016)CrossRef
22.
ISO/IEC 27005: Information technology – Security techniques – Information security risk management – Requirements. International Organization for Standardization, Geneva (2011)
23.
Denning, P.J.: A new social contract for research. Commun. ACM 40(2), 132–134 (1997)CrossRef
24.
March, S., Smith, G.: Design and natural science research on information technology. Decis. Support Syst. 15(4), 251–266 (1995)CrossRef
25.
ISO/IEC TR 24774: Software and systems engineering – Life cycle management – Guidelines for process description. International Organization for Standardization, Geneva (2010)
Metadaten
Titel
Developing an Integrated Risk Management Process Model for IT Settings in an ISO Multi-standards Context
verfasst von
Béatrix Barafort
Antoni-Lluís Mesquida
Antònia Mas
Copyright-Jahr
2017
Buch
Software Process Improvement and Capability Determination

Print ISBN: 978-3-319-67382-0

Electronic ISBN: 978-3-319-67383-7

Copyright-Jahr: 2017

DOI
https://doi.org/10.1007/978-3-319-67383-7_24