Standards IT-Revision - Revision-heute

Direkt zum Seiteninhalt

Hauptmenü:

Standards IT-Revision

Interne Revision

Security, Control and Assurance

ISACA/ITGI Research Publications

*  COBIT 5
This newest version provides renewed, authoritative governance and management framework for enterprise information and related technology, building on the previous COBIT framework, linking and reinforcing all other major ISACA frameworks and guidance, such as:

§  Board Briefing on IT Governance, 2nd Edition

§  Business Model for Information Security™ (BMIS™)

§  IT Assurance Framework™ (ITAF™)

§  Risk IT Framework

§  Taking Governance Forward

§  Val IT™ Framework

*  COBIT 5 Implementation
Provides a good-practice approach for implementing governance of enterprise IT (GEIT) based on a continual improvement life cycle that should be tailored to suit the enterprise’s specific needs. It covers the following subjects:

§  Positioning GEIT within an enterprise

§  Taking the first steps towards improving GEIT

§  Implementation challenges and success factors

§  Enabling GEIT-related organizational and behavioral change

§  Implementing continual improvement that includes change enablement and program management

§  Using COBIT 5 and its components

*  COBIT 5:  Enabling Processes
Complements COBIT 5 and contains a detailed reference guide to the processes defined in the COBIT 5 process reference model.

*  COBIT and Application Controls:  A management Guide
This guide helps business executives, business management, and IT management, as well as IT developers and implementers, internal and external auditors and other professionals manage and provide assurance regarding application controls.

*  COBIT Security Baseline: An Information Security Survival Kit, 2nd Edition
This guide, based on COBIT 4.1, consists of a comprehensive set of resources that contains the information organizations need to adopt an IT governance and control framework. COBIT covers security in addition to all the other risks that can occur with the use of IT. COBIT Security Baseline focuses on the specific risk of IT security in a way that is simple to follow and implement for the home user or the user in small to medium enterprises, as well as executives and board members of larger organizations.

*  COBIT 4.1
Incremental changes to version 4.0, presenting a streamlined, pragmatic and business-focused approach to implementing IT governance enterprisewide.

*  IT Control Objectives for Sarbanes-Oxley 2nd Edition
ITGI has released an updated edition of its well-received publication, IT Control Objectives for Sarbanes-Oxley. The first edition, published in 2004, has been downloaded more than 250,000 times. Companies around the world have used it as a tool for evaluating IT controls in support of Sarbanes-Oxley compliance. Experts from many organizations, including the top 10 accounting and professional firms, provided input and direction for the update. Now available in Japanese and Italian.

*  Information Security Governance: Guidance for Boards of Directors and Executive Management 2nd Edition
Reviews the increasing importance of governance over the security aspect of information and related systems. Based on the IT governance framework described in the Board Briefing on IT Governance.

*  COBIT Quickstart
This is an abbreviated version of COBIT designed for small to medium enterprises, or those organizations in which IT is not strategically critical to enterprise success. Available from the ISACA Bookstore.

 

Articles/Papers

*  IT Assurance Framework
Issued by ITGI’s affiliate, ISACA, ITAF is a comprehensive and good-practice-setting model that provides guidance on the design, conduct and reporting of IT audit and assurance assignments; defines terms and concepts specific to IT assurance; and establishes standards that address IT audit and assurance professional roles and responsibilities, knowledge and skills, and diligence, conduct and reporting requirements.

*  Information Security Risk Assessment Guide - Practices of Leading Organizations (PDF, 716K)
From U.S. General Accounting Office

 

 

 

Articles/Papers

*  A More Perfect Union?
IT governance may enable companies to drive technology strategy, not just steer it. By Peter Krass and John Verity, published in CFO Magazine, 1 July 2003

*  IT Performance Measurement (PDF, 276K)
Measuring Performance and Demonstrating Results of Information Technology Investments, Executive Guide from U.S. General Accounting Office

 

Other

*  European Survey on the Economic Value of Information Technology, Edition 2002-2003 (MS PowerPoint, 2.4M)
Christophe Legrenzi, Acadys

 

 

ISACA/ITGI Research Publications

*  Enterprise Value: Governance of IT Investments
The Val IT publications help those with an interest in value delivery from IT. The series consists of four volumes, available for free download:

*  IT Control Objectives for Sarbanes-Oxley 2nd Edition
ITGI has released an updated edition of its well-received publication, IT Control Objectives for Sarbanes-Oxley. The first edition, published in 2004, has been downloaded more than 250,000 times. Companies around the world have used it as a tool for evaluating IT controls in support of Sarbanes-Oxley compliance. Experts from many organizations, including the top 10 accounting and professional firms, provided input and direction for the update. Now available in Japanese and Italian.

*  IT Governance Domains Practices and Competencies: Optimising Value Creation from IT Investments
This volume, one of the five-part IT Governance Domains Practices and Competencies series, focuses on a frequently raised issue in most organizations, the challenge of achieving adequate returns on IT investment. It examines the relevance of value to IT governance, categories of IT investment, value return targets, the hurdle rate concept, defining and quantifying expected benefits, realizing the benefits and managing the IT investment portfolio.

Articles/Papers

*  IT Governance: Developing a successful governance strategy-A Best Practice guide for decision makers in IT (PDF, 8M)
from the National Computing Centre, UK

*  IT Governance: Pourquoi faut-il renouveler le management des technologies de l'information et de la communication dans l'entreprise? (MS Word, 37K)
Par Jean Bourdariat

*  Maximizing the Success of Chief Information Officers - Learning from Leading Organizations (PDF, 720K)
From U.S. General Accounting Office

*  Measuring and Managing E-business Projects through the Balanced Scorecard (MS Word, 78K)
A paper by Wim Van Grembergen and Isabelle Amelinckx, University of Antwerp

*  The Balanced Scorecard and IT Governance (PDF, 198K)
By Wim Van Grembergen Ph.D.

 

Other

*  IT Governance Guideline
Guideline published by the Information Systems Audit and Control Association.

*  Measuring and Improving Corporate IT Performance through the Balanced Scorecard (MS PowerPoint, 104K)
By Prof. dr. Wim van Grembergen, University of Antwerp (UFSIA) and University of Leuven (KUL)

Download Standards, Guidelines, and Tools and Techniques ISACA

 

Links

·         Australian Institute of Company Directors

·         Corporate Governance

·         Council for Excellence in Government

·         Department of Trade and Industry of UK

·         Institute for the Management of Information Systems

·         Institute of Corporate Directors

·         Institute of Directors (UK)

·         Institute of Directors in New Zealand

·         International Compliance Association

·         National Association of Corporate Directors

·         Project Management Institute

·         University of Antwerp Management School Information Technology Alignment and Governance Research Institute

·         American Institute of Certified Public Accountants

·         Canadian Institute of Chartered Accountants

·         Financial Executives Institute

·         International Federation of Accountants

·         International Organization of Securities Organizations

·         Securities Industry Association

·         US General Accounting Office

·         US Office of Management and Budget

·         US Securities and Exchange Commission

·         Carnegie Mellon Software Engineering Institute CERT Coordination Center

·         Center for Education and Research in Information Assurance and Security

·         Certified Information Security Manager (CISM)

·         Communications Security Establishment

·         Computer Security Institute

·         Computer Security Resource Clearinghouse (US National Institute of Standards and Technology)

·         InfoSysSec, The Security Portal for IS Security Professionals

·         Institute for Internal Auditors

·         International Computer Security Association

·         Internet for the US Federal Inspector General Community

·         ISACA

·         ISO17799

·         IT Audit Forum

·         Partnership for Critical Infrastructure Security

·         SANS Institute

·         Stay Safe Online

·         US House of Representatives Office of Inspector General

·         US Intergovernmental Audit Forum

·         Business Continuity Planning Guide

·         Disaster Recovery Information Exchange

·         Disaster Recovery Institute International

·         Disaster Recovery Journal

·         Disaster Recovery World

·         Disaster Resource Guide Online

·         Global Continuity

·         Global Information Network for the Business Continuity Community

·         International (Telecommunications) Disaster Recovery Association (IDRA)

·         IT Audit Forum

·         Treasury Board of Canada Chief Information Officers Council

·         US Federal Emergency Management Agency

·         Canadian Information Processing Society

·         Carnegie Mellon Software Engineering Institute

·         Chief Information Officers Council (US Federal Government)

·         CIO Magazine

·         Computerworld Magazine

·         Data Warehousing Institute

·         Forrester Research, Inc

·         GartnerGroup Interactive

·         Information Technology Association of America

·         Information Week Online

·         IT Policy Compliance

·         Office of Governmentwide Policy, US General Services Administration

·         Office of Information Technology, US General Services Administration

·         Telecommunications Industry Association

·         US Federal Computer Week

·         US Government Computer News

·         US Interagency Management Council

 

 
Zurück zum Seiteninhalt | Zurück zum Hauptmenü