Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top
Published in:
NDT-Agile: An Agile, CMMI-Compatible Framework for Web Engineering Read chapter Read first chapter

2017 | Supplement | Chapter

Developing an Integrated Risk Management Process Model for IT Settings in an ISO Multi-standards Context

Authors : Béatrix Barafort, Antoni-Lluís Mesquida, Antònia Mas

Published in: Software Process Improvement and Capability Determination

Publisher: Springer International Publishing

Log in

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

With risk management as a key topic for most organizations, aligning and improving organisational and business processes is essential. Capability and Maturity Models can contribute to assess and then enable process improvement. With the need to integrate risk management in IT settings (IT department/organisation), ISO/IEC 15504-330xx process assessment approach combined with ISO 31000 for risk management can be the foundations for new process models. An integrated process-based approach with various market-demanded ISO standards (ISO 9001, ISO 21500, ISO/IEC 20000-1 and ISO/IEC 27001) is proposed in the paper; it explains how the Integrated Risk Management Process Model for IT settings in an ISO multi-standards context is developed with a Design Science research method.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

inform now
previous chapter Enterprise SPICE Extension for Smart Specialization Based Regional Innovation Strategy
next chapter A Framework for Assessing Organisational IT Governance, Risk and Compliance
Literature
1.
ISO/IEC ISO/IEC 15504: Information technology – Process assessment, Parts 1-10. International Organization for Standardization, Geneva (2003, 2012)
2.
ISO/IEC 330xx: Information Technology - Process assessment. International Organization for Standardization, Geneva (2013, 2017)
3.
ISO/IEC 15504-5: Information Technology – Process assessment – An exemplar software life cycle process assessment model. International Organization for Standardization, Geneva (2012)
4.
ISO/IEC 15504-8: Information Technology – Process assessment – An exemplar process assessment model for IT service management. International Organization for Standardization, Geneva (2012)
5.
ISO/IEC 33072: TS Information Technology – Process Assessment – Process capability assessment model for information security management. International Organization for Standardization, Geneva (2016)
6.
7.
8.
Lepmets, M., McCaffery, F., Clarke, P.: Development and benefits of MDevSPICE®, the medical device software process assessment framework. J. Softw. Evol. Process 28(9), 800–816 (2016)
9.
ISO/IEC 27001: Information technology – Security techniques – Information security management systems – Requirements. International Organization for Standardization, Geneva (2013)
10.
ISO/IEC 20000-1: Information Technology – Service management – Part 1: Service management system requirements. International Organization for Standardization, Geneva (2011)
11.
ISO 9001: Quality management systems – Requirements. International Organization for Standardization, Geneva (2015)
12.
ISO/IEC ISO 21500: Guidance on project management. International Organization for Standardization, Geneva (2012)
13.
Barafort, B., Mesquida, A.L., Mas, A.: Integrating risk management in IT settings from ISO standards and management systems perspectives. Comput. Stand. Interfaces (2016)
14.
Barafort, B., Mesquida, A.L., Mas, A.: How to elicit Processes for an ISO-based Integrated Risk Management Process Reference Model in IT Settings? In: To be published in Proceedings of the 24th European System & Software Process Improvement and Innovation Conference 2017, Ostrava (2017)
15.
ISO 31000: Risk management – Principles and guidelines (2009)
16.
Barafort, B., Renault, A., Picard, M., Cortina, S.: A transformation process for building PRMs and PAMs based on a Collection of Requirements – Example with ISO/IEC 20000. In: 8th International SPICE 2008 Conference, Nuremberg (2008)
17.
Peffers, K., Tuunanen, T., Rothenberger, M., Chatterjee, S.: A design science research methodology for information systems research. J. Manage. Inf. Syst. 24(3) (2008)
18.
Buglione, L., Abran, A., von Wangenheim, C.G., McCaffery, F., Hauck, J.C.R.: Risk management: achieving higher maturity & capability levels through the LEGO approach. In: 2016 Joint Conference of the International Workshop on Software Measurement and the International Conference on Software Process and Product Measurement (IWSM-MENSURA), pp. 131–138. IEEE, October 2016
19.
ISO, Economic benefits of standards – International case studies. ISBN 978-92-10556-7
20.
21.
MacMahon, S.T., McCaffery, F., Keenan, F.: The MedITNet assessment framework: development and validation of a framework for improving risk management of medical IT networks. J. Softw. Evol. Process 28(9), 817–834 (2016)CrossRef
22.
ISO/IEC 27005: Information technology – Security techniques – Information security risk management – Requirements. International Organization for Standardization, Geneva (2011)
23.
Denning, P.J.: A new social contract for research. Commun. ACM 40(2), 132–134 (1997)CrossRef
24.
March, S., Smith, G.: Design and natural science research on information technology. Decis. Support Syst. 15(4), 251–266 (1995)CrossRef
25.
ISO/IEC TR 24774: Software and systems engineering – Life cycle management – Guidelines for process description. International Organization for Standardization, Geneva (2010)
Metadata
Title
Developing an Integrated Risk Management Process Model for IT Settings in an ISO Multi-standards Context
Authors
Béatrix Barafort
Antoni-Lluís Mesquida
Antònia Mas
Copyright Year
2017
Book
Software Process Improvement and Capability Determination

Print ISBN: 978-3-319-67382-0

Electronic ISBN: 978-3-319-67383-7

Copyright Year: 2017

DOI
https://doi.org/10.1007/978-3-319-67383-7_24

Premium Partner

    Image Credits