IT governance (ITG) provides a toolbox for companies to realize maximum value from IT. Firms implement ITG via frameworks, such as COBIT or VALIT, which list processes to align business and IT strategies, deliver IT services and comply with regulations. While there exists evidence that companies with mature ITG processes outperform their competitors and that signaling ITG maturity to external s...

In this paper, after giving a brief definition of Information Security Management Systems (ISMS), ISO 27001, IT governance and COBIT, pros and cons of implementing only COBIT, implementing only IS

Knowledge is recognized as the most important strategic asset every organization has. It is very important to identify, capture/acquire, share, reuse and unlearn knowledge. These activities are managed through Knowledge Management (KM). It is a rather challenging task to evaluate the level of KM in an organization. Framework for Information System Due Diligence (FISDD) can be used for different...

This paper investigates the coexistence of and complementary use of COBIT and ISO 17799 as reference frameworks for Information Security governance. The investigation is based on a mapping between COBIT and ISO 17799 which became available in 2004, and provides a level of 'synchronization' between these two frameworks.

One of the problems reported by researchers and auditors in the field of spreadsheet risks is that of getting and keeping management’s attention to the problem. Since 1996, the Information Systems Audit & Control Foundation and the IT Governance Institute have published CobiT ® which brings mainstream IT control issues into the corporate governance arena. This paper illustrates how spreadsheet ...

The maturity model provided by the COBIT Management Guidelines for the 34 COBIT IT processes is becoming an increasingly popular tool to manage the timeless issue of balancing risk and control in a cost-effective manner. Control Objectives for Information and related Technology (COBIT) is published by the IT Governance Institute (ITGI) and Information Systems Audit and Control Foundation (ISACF...

Abstr act The purpose of this study is to explore the integrated use of Control Objectives for Information Technology (COBIT) and Balanced Scorecard (BSC) frameworks for strategic information security management (ISM). The goal is to investigate the strengths, weaknesses, implementation techniques, and potential benefits of such an integrated framework. This integration is achieved by “bridging...

IT governance and management in an enterprise plays an important part in generating value for the stakeholders [1]. COBIT 5 is a framework for the governance and management of IT enterprises. In 2012 the latest version of this framework was released introducing important features. One of those features is the evolution from COBIT 4.1 Maturity Model to COBIT 5 Process Capability Model. This pape...

With the increasing dependence of enterprises on IT, and with the widely spreading use of e-business, IT governance is attracting increasing worldwide attention. A proper IT governance would promote enterprise performance through intelligent and efficient utilization of IT. In addition, standard IT governance practices would provide a suitable open environment for e-business that provides compa...

COBIT is a well-known framework for IT governance, and provides an extensive list of control objectives for IT managers. However, anecdotal evidence shows that many organizations that use COBIT do not implement the entire framework. Instead, they focus their efforts on only some of COBIT’s control objectives. We argue that this could be due to the bounded rationality of IT managers, which affec...