Application of COBIT to Security Management in Information Systems Development

Author

Morimoto, Shoichi

Author_Institution

Sch. of Bus. Adm., Senshu Univ., Kawasaki, Japan

fYear

2009

fDate

17-19 Dec. 2009

Firstpage

625

Lastpage

630

Abstract

COBIT is a collection of good practices and processes for IT governance. It provides the effective measures, indicators and activities for enterprise. COBIT has also been applied to the other governance, e. g., software process, security governance, IT service management. However, since COBIT is too general-purpose, it requires deep expert knowledge for the implementation of each application. Although the guideline of security management is also published, its contents are abstract. Therefore, we examined the contents of COBIT and defined a framework which specializes in security engineering from the guideline. This paper presents the framework and its application to information systems development. The framework effectively utilizes the COBIT-based security management and solves various subjects of security in the development.

Keywords

information systems; security of data; software development management; COBIT; Control Objectives for Information and related Technology; IT governance; IT service management; enterprise; expert knowledge; information systems development; security governance; security management; software process; Application software; Content management; Guidelines; IEC standards; ISO standards; Information management; Information security; Management information systems; Portfolios; Project management;

fLanguage

English

Publisher

ieee

Conference_Titel

Frontier of Computer Science and Technology, 2009. FCST '09. Fourth International Conference on

Conference_Location

Shanghai

Print_ISBN

978-0-7695-3932-4

Electronic_ISBN

978-1-4244-5467-9

Type

conf

DOI

10.1109/FCST.2009.38

Filename

5392853