-
An Adaptable Maturity Strategy for Information Security
Authors:
Gliner Dias Alencar,
Hermano Perrelli de Moura,
Ivaldir Honório de Farias Júnior,
José Gilson de Almeida Teixeira Filho
Abstract:
The lack of security in information systems has caused numerous financial and moral losses to several organizations. The organizations have a series of information security measures recommended by literature and international standards. However, the implementation of policies, actions, and adjustment to such standards is not simple and must be addressed by specific needs identified by the Informat…
▽ More
The lack of security in information systems has caused numerous financial and moral losses to several organizations. The organizations have a series of information security measures recommended by literature and international standards. However, the implementation of policies, actions, and adjustment to such standards is not simple and must be addressed by specific needs identified by the Information Security Governance in each organization. There are many challenges in effectively establishing, maintaining, and measuring information security in a way that adds value. Those challenges demonstrate a need for further investigations which address the problem. This paper presents a strategy to measure the maturity in information security aiming, also, to assist in the application and prioritization of information security actions in the corporate environment. For this, a survey was used as the main methodological instrument, reaching 157 distinct companies. As a result, it was possible to classify the ISO/IEC 27001 and 27002 controls in four stages according to the importance given by the companies. The COBIT maturity levels and a risk analysis matrix were also used. Finally, the adaptable strategy was successfully tested in a company
△ Less
Submitted 16 July, 2018;
originally announced July 2018.
-
Agile Governance Theory: conceptual development
Authors:
Alexandre J. H. de O. Luna,
Philippe Kruchten,
Hermano P. de Moura
Abstract:
Context: Competitiveness is the key to a sustainable development and it demands agility at the business and organizational levels, which in turn requires a flexible and customizable IT environment and effective and responsive governance in order to deliver value to the business. Objective: This paper describes the conceptual development of a theory for analyze and describe agile governance in orde…
▽ More
Context: Competitiveness is the key to a sustainable development and it demands agility at the business and organizational levels, which in turn requires a flexible and customizable IT environment and effective and responsive governance in order to deliver value to the business. Objective: This paper describes the conceptual development of a theory for analyze and describe agile governance in order to increasing the success rate of their practice, achieving organizational performance and business competitiveness. Method: We adopt a multi-method research, framing the theory conceptual development using Dubin's method of theory building. Results: We have developed a conceptual framework of the theory encompassing its constructs, laws of interaction, boundaries and system states. Conclusion: This theory can provide a better understanding of the nature of agile governance, by map** of its constructs, mediators, moderators and disturbing factors, in order to help organizations reach better results.
△ Less
Submitted 25 May, 2015;
originally announced May 2015.
-
Agile governance in Information and Communication Technologies: shifting paradigms
Authors:
Alexandre J. H. de O. Luna,
Cleyverson P. Costa,
Hermano P. de Moura,
Magdala A. Novaes,
Cesar A. D. C. do Nascimento
Abstract:
This paper presents the basis of the Agile Governance in Information and Communication Technology (ICT), which is based on Agile Software Engineering Methodologies principles and values. Its development was done through a systematic review process, supported by Bibliometrics and Scientometrics methods and techniques, where the Critical Success Factors (CSF) of ICT Governance projects and the princ…
▽ More
This paper presents the basis of the Agile Governance in Information and Communication Technology (ICT), which is based on Agile Software Engineering Methodologies principles and values. Its development was done through a systematic review process, supported by Bibliometrics and Scientometrics methods and techniques, where the Critical Success Factors (CSF) of ICT Governance projects and the principles of the Agile Manifesto were analyzed. Next, through an inductive approach, focused on the convergence between the concepts involved, it was analyzed how agile principles could help to minimize the gap between ICT and business. Evidences of their occurrence were taken through a Conceptual Survey Research. As a result, the foundations and concepts of Agile Governance in ICT were defined and, finally, the development of a reference model was proposed as a future work.
△ Less
Submitted 10 November, 2014;
originally announced November 2014.
-
State of the Art of Agile Governance: A Systematic Review
Authors:
Alexandre J. H. de O. Luna,
Philippe Kruchten,
Marcello L. G. do E. Pedrosa,
Humberto R. de Almeida Neto,
Hermano P. de Moura
Abstract:
Context: Agility at the business level requires Information Technology (IT) environment flexible and customizable, as well as effective and responsive governance in order to deliver value faster, better, and cheaper to the business. Objective: To understand better this context, our paper seeks to investigate how the domain of agile governance has evolved, as well as to derive implications for rese…
▽ More
Context: Agility at the business level requires Information Technology (IT) environment flexible and customizable, as well as effective and responsive governance in order to deliver value faster, better, and cheaper to the business. Objective: To understand better this context, our paper seeks to investigate how the domain of agile governance has evolved, as well as to derive implications for research and practice. Method: We conducted a systematic review about the state of art of the agile governance up to and including 2013. Our search strategy identified 1992 studies in 10 databases, of which 167 had the potential to answer our research questions. Results: We organized the studies into four major groups: software engineering, enterprise, manufacturing and multidisciplinary; classifying them into 16 emerging categories. As a result, the review provides a convergent definition for agile governance, six meta- principles, and a map of findings organized by topic and classified by relevance and convergence. Conclusion: The found evidence lead us to believe that agile governance is a relatively new, wide and multidisciplinary area focused on organizational performance and competitiveness that needs to be more intensively studied. Finally, we made improvements and additions to the methodological approach for systematic reviews and qualitative studies.
△ Less
Submitted 7 November, 2014;
originally announced November 2014.