Audits in Cybersecurity

2022 ◽  
pp. 1-18
Author(s):  
Regner Sabillon
Keyword(s):  
Information Technology ◽  
Literature Review ◽  
Best Practices ◽  
Technology Infrastructure ◽  
Information Technology Infrastructure ◽  
Information Technology Infrastructure Library ◽  
Pci Dss ◽  
Comprehensive Literature Review ◽  
Iec 27001 ◽  
Iec 27002

The objective of this chapter is to provision a comprehensive literature review of the most relevant approaches for conducting cybersecurity audits. The study includes auditing perspectives for specific scopes and the best practices that many leading organizations are providing for security and auditing professionals to follow. The chapter reviews relevant features for auditing approaches in the following order: ISO/IEC 27001:2013, ISO/IEC 27002:2013, Control Objectives for Information and Related Technology (COBIT) 2019, Information Technology Infrastructure Library (ITIL) 4, AICPA, ISACA, NIST SP 800-53, NIST CSF v1.1, IIA, PCI DSS, ITAF, COSO, ENISA, NERC CIP, and CSAM.

Audits in Cybersecurity

2021 ◽  
pp. 126-148
Keyword(s):  
Information Technology ◽  
Literature Review ◽  
Best Practices ◽  
Technology Infrastructure ◽  
Information Technology Infrastructure ◽  
Information Technology Infrastructure Library ◽  
Pci Dss ◽  
Comprehensive Literature Review ◽  
Iec 27001 ◽  
Iec 27002

The objective of this chapter is to provision a comprehensive literature review of the most relevant approaches for conducting cybersecurity audits. The study includes auditing perspectives for specific scopes and the best practices that many leading organizations are providing for security and auditing professionals to follow. The chapter reviews relevant features for auditing approaches in the following order: ISO/IEC 27001:2013, ISO/IEC 27002:2013, Control Objectives for Information and Related Technology (COBIT) 2019, Information Technology Infrastructure Library (ITIL) 4, AICPA, ISACA, NIST SP 800-53, NIST CSF v1.1, IIA, PCI DSS, ITAF, COSO, ENISA, NERC CIP, and CSAM.

scholarly journals How to Optimize the Implementation of ITIL through a Process Ordering Algorithm

2019 ◽  
Vol 10 (1) ◽  
pp. 34 ◽  
Author(s):  
Juan Luis Rubio ◽  
Magdalena Arcilla
Keyword(s):  
Information Technology ◽  
Literature Review ◽  
Systematic Literature Review ◽  
Real Case ◽  
Technology Infrastructure ◽  
Mathematical Basis ◽  
Information Technology Infrastructure ◽  
Information Technology Infrastructure Library

One of the main points when implementing the Information Technology Infrastructure Library (ITIL) is which order the processes must be implemented. In the systematic literature review (SLR) developed, it is possible to find references about strategies and factors that ease the implementation of the ITIL, static sequences for the processes to be implemented, and recommendations about the first process to implement, but it is rather complicated to find references that explicitly define the order (adapted to a specific company) of the processes to be implemented. Thus, once it is shown that there is no methodology/algorithm providing a sequence of ITIL processes specifically adapted for each company, an algorithm to solve this problem is presented: The algorithm has a deep mathematical basis and returns a sequence of ITIL processes to optimize the efforts during implementation, so the company implementing the ITIL gets the closest to the competitors. The optimization is made considering parameters such as staff, age of the company, IT size, industry, etc. Thus, the sequence proposed is specific for each company. Finally, a comparative of the sequence obtained (from the proposed algorithm) with sequences discovered in the SLR is presented and applied to a real case.

Boas práticas para o aumento do índice de governança de TI na administração pública federal

2016 ◽  
Vol 7 (1) ◽  
pp. 297-306
Author(s):  
Deivid José Smek ◽  
Marcos Roque da Rosa
Keyword(s):  
Information Technology ◽  
Technology Infrastructure ◽  
Information Technology Infrastructure ◽  
Information Technology Infrastructure Library

Neste artigo propõe-se a adoção de boas práticas na implantação do gerenciamento de serviços de T.I. utilizando software livre, com o propósito de melhorar os resultados do índice de governança de T.I. em instituições públicas federais. A pesquisa utilizou-se de abordagens práticas documentadas pela UNILA (Universidade da Integração Latino Americana), modelos práticos de implantação da governança e também métricas de gerenciamento de serviços propostos pelo modelo ITIL (Information Technology Infrastructure Library) versão 3. A adoção de boas práticas contribui para o aumento do nível de governança e resulta em um impacto positivo na avaliação de controle aplicada pelo governo a cada exercício de dois anos nas instituições públicas federais, esta avaliação serve de parâmetro para melhor alocar o uso do dinheiro público na inovação da área de Tecnologia da Informação. Como resultado do trabalho são apresentadas recomendações acerca da implantação dos processos de gestão de serviços de T.I. utilizando a ferramenta livre GLPI.

scholarly journals Propuesta de mejores prácticas: ITIL para la gestión de las TIC en apoyo a la actividad docente

2019 ◽  
Vol 3 (3.4.) ◽  
pp. 167-179
Author(s):  
Blanca Faustina Hidalgo Ponce ◽  
Natalia Patricia Layedra Larrea ◽  
Marco Vinicio Ramos Valencia
Keyword(s):  
Information Technology ◽  
Technology Infrastructure ◽  
Information Technology Infrastructure ◽  
Information Technology Infrastructure Library

Esta investigación propone guiar a los docentes en la gestión del uso de las TIC en el proceso de enseñanza aprendizaje, posibilitando la mejora en la calidad de la educación y con ello la capacidad de aprender. Junto a las TIC se ha considerado la integración de la gestión de información propuestas en ITIL (Information Technology Infrastructure Library Librerías para la Infraestructura de las Tecnologías de la Información). La filosofía ITIL adopta la gestión de procesos y considera que para lograr los objetivos claves de la administración de servicios, los procesos deberían ser usados por las personas y las herramientas de manera efectiva, eficiente y económicamente en el desarrollo de la calidad y la innovación de los servicios de TI alineados con los procesos de negocio en este caso al proceso de enseñanza aprendizaje. Como hipótesis se planteó: “Una propuesta que incorpore las mejores prácticas enfocadas a la gestión, difusión y uso de las TIC en el área académica mejorará la calidad del proceso de enseñanza aprendizaje” utilizando la prueba de chi-cuadrado. La guía propuesta pretende ofrecer orientaciones mínimas para quienes se propongan generar contenidos educativos utilizando las TIC.

Sign in / Sign up

Export Citation Format

Share Document