ISO standards and reference framework for ICT governance. General revision
Keywords:
ICT governance, Standards ISO, ITIL, COBIT, CMMI
Abstract
Currently there are different norms, models and frames of reference in the topic of ICT Governance, in general, it can be said that these are intended to show a way for companies to align corporate mission with appropriate, efficient and effective use Of technology, clearly looking for concepts such as quality, safety, risk reduction, service continuity among others; This article reviews the main internationally recognized norms associated with the topic of ICT Governance, with the intention of bringing the reader interested in this topic, especially IT directors or CIO, To be directed to researchers in the area, so that they have an overview of the current regulations since these good practices have been validated in most of them by more than 150 countries.
References
[1] B. Gupta, S. Dasgupta, and A. Gupta, “Adoption of ICT in a government organization in a developing country: An empirical study,” J. Strateg. Inf. Syst., vol. 17, no. 2, pp. 140–154, 2008.
[2] P. Weill and J. W. Ross, “How Top Performers Manage IT Decisions Rights for Superior Results,” IT Gov., no. Harvard Business School Press Boston, Massachusetts, pp. 1–10, 2004.
[3] P. Weill and J. Ross, “A Matrixed Approach to Designing IT Governance,” MIT Sloan Manag. Rev., vol. 46, no. 2, pp. 26–34, 2005.
[4] C. M. F. Sánchez and M. P. Velthius, Modelo para el gobierno de las TIC basado en las normas ISO. AENOR Ediciones, 2012.
[5] Asociación Española para la Calidad, “Gestión TIC,” 2017. [Online]. Available: https://www.aec.es/web/guest/centro- conocimiento/gestion-tic. [Accessed: 21-Nov-2017].
[6] M. Ballester, “JOnline: Gobierno de las TIC ISO/IEC 38500,” 2010. [Online]. Available: https://www.isaca.org/Journal/archives/2010/Volume-1/Pages/Gobierno-de-las-TIC-ISO-IEC-385001.aspx?utm_referrer=. [Accessed: 21-Nov-2017].
[7] ISOTools, “¿Qué es la ISO 27001?,” 2017. [Online]. Available: https://www.isotools.org/normas/riesgos-y-seguridad/iso-27001. [Accessed: 21-Nov-2017].
[8] ISO27000.es, “ISO27000.es - El portal de ISO 27001 en español. Gestión de Seguridad de la Información.,” 2017. [Online]. Available: http://www.iso27000.es/iso27000.html. [Accessed: 21-Nov-2017].
[9] M. C. P. Alonso, “Seguridad de la información en el Uruguay: políticas de Estado en la administración pública,” Rev. la Asoc. Escribanos del Uruguay, vol. 97, pp. 137–156, 2011.
[10] K. Hajdarevic and C. Pattinson, “Information security measurement infrastructure for KPI visualization,” Int. Conv. Inf. Commun. Technol. Electron. Microelectron. MIPRO, pp. 1543–1548, 2012.
[11] A. Leitner and I. Schaumuller-Bichl, “ARiMA - A New Approach to Implement ISO/IEC 27005,” in 2009 2nd International Symposium on Logistics and Industrial Informatics, 2009, pp. 1–6.
[12] M. M. Cabero, “Certificación de calidad en los archivos. Análisis y prospectiva,” Rev. Española Doc. Científica, vol. 34, no. 3, pp. 447–460, 2011.
[13] AENOR, “Certificación ISO 20000 del Sistema de Gestión de Servicios de Tecnologías de la Información,” 2016. [Online]. Available: https://www.aenor.es/aenor/certificacion/calidad/calidad_serviciosti_20000.asp#.WhWHs1WnFph. [Accessed: 21-Nov-2017].
[14] SGS, “ISO 20000 - CERTIFICACIÓN DE TI,” 2017. [Online]. Available: http://www.sgs.co/es-es/health-safety/quality-health-safety-and-environment/risk-assessment-and-management/security-management/iso-20000-it-certification. [Accessed: 21-Nov-2017].
[15] ISO, “ISO/IEC 19770-5:2015(en) Information technology — IT asset management — Overview and vocabulary — Part 5,” 2015. [Online]. Available: https://www.iso.org/obp/ui#iso:std:iso-iec:19770:-5:ed-2:v1:en. [Accessed: 21-Nov-2017].
[16] ISO, “ISO/IEC 12207:2008 Systems and software engineering -- Software life cycle processes,” 2008. [Online]. Available: https://www.iso.org/standard/43447.html. [Accessed: 21-Nov-2017].
[17] EcuRED, “ISO 15504,” 2017. [Online]. Available: https://www.ecured.cu/ISO_15504. [Accessed: 21-Nov-2017].
[18] NYCE Colombia, “ISO/IEC 29110,” 2016. [Online]. Available: http://nycecolombia.co/isoiec-29110. [Accessed: 21-Nov-2017].
[19] ISO, “ISO/IEC TR 29110-5-1-2:2011 Software engineering -- Lifecycle profiles for Very Small Entities (VSEs) -- Part 5-1-2: Management and engineering guide: Generic profile group: Basic profile,” 2011. [Online]. Available: https://www.iso.org/standard/51153.html. [Accessed: 21-Nov-2017].
[20] GT26, “Grupo de Trabajo AEN/CTN71/SC7/GT26 Pruebas de Software. ISO/IEC/IEEE 29119 Software Testing Standard,” 2017. [Online]. Available: http://in2test.lsi.uniovi.es/gt26/. [Accessed: 21-Nov-2017].
[21] ISO, “ISO/IEC 25000:2014 Systems and software engineering -- Systems and software Quality Requirements and Evaluation (SQuaRE) -- Guide to SQuaRE,” 2014. [Online]. Available: https://www.iso.org/standard/64764.html. [Accessed: 21-Nov-2017].
[22] AENOR, “UNE-EN ISO 22301:2015,” 2015. [Online]. Available: http://www.aenor.es/aenor/normas/normas/fichanorma.asp?tipo=N&codigo=N0054336#.WhWMxlWnFpg. [Accessed: 21-Nov-2017].
[23] AXELOS, “What is ITIL® Best Practice?,” 2017. [Online]. Available: https://www.axelos.com/best-practice-solutions/itil/what-is-itil. [Accessed: 21-Nov-2017].
[24] ISACA, “Acerca de ISACA,” 2017. [Online]. Available: http://www.isaca.org/spanish/Pages/default.aspx. [Accessed: 21-Nov-2017].
[25] Microsoft, “Información general de CMMI,” 2017. [Online]. Available: https://msdn.microsoft.com/es-es/esco/library/ee461556.aspx. [Accessed: 21-Nov-2017].
[26] CMMI Institute, “What Is Capability Maturity Model Integration (CMMI)®?,” 2017. [Online]. Available: http://cmmiinstitute.com/capability-maturity-model-integration. [Accessed: 21-Nov-2017].
[2] P. Weill and J. W. Ross, “How Top Performers Manage IT Decisions Rights for Superior Results,” IT Gov., no. Harvard Business School Press Boston, Massachusetts, pp. 1–10, 2004.
[3] P. Weill and J. Ross, “A Matrixed Approach to Designing IT Governance,” MIT Sloan Manag. Rev., vol. 46, no. 2, pp. 26–34, 2005.
[4] C. M. F. Sánchez and M. P. Velthius, Modelo para el gobierno de las TIC basado en las normas ISO. AENOR Ediciones, 2012.
[5] Asociación Española para la Calidad, “Gestión TIC,” 2017. [Online]. Available: https://www.aec.es/web/guest/centro- conocimiento/gestion-tic. [Accessed: 21-Nov-2017].
[6] M. Ballester, “JOnline: Gobierno de las TIC ISO/IEC 38500,” 2010. [Online]. Available: https://www.isaca.org/Journal/archives/2010/Volume-1/Pages/Gobierno-de-las-TIC-ISO-IEC-385001.aspx?utm_referrer=. [Accessed: 21-Nov-2017].
[7] ISOTools, “¿Qué es la ISO 27001?,” 2017. [Online]. Available: https://www.isotools.org/normas/riesgos-y-seguridad/iso-27001. [Accessed: 21-Nov-2017].
[8] ISO27000.es, “ISO27000.es - El portal de ISO 27001 en español. Gestión de Seguridad de la Información.,” 2017. [Online]. Available: http://www.iso27000.es/iso27000.html. [Accessed: 21-Nov-2017].
[9] M. C. P. Alonso, “Seguridad de la información en el Uruguay: políticas de Estado en la administración pública,” Rev. la Asoc. Escribanos del Uruguay, vol. 97, pp. 137–156, 2011.
[10] K. Hajdarevic and C. Pattinson, “Information security measurement infrastructure for KPI visualization,” Int. Conv. Inf. Commun. Technol. Electron. Microelectron. MIPRO, pp. 1543–1548, 2012.
[11] A. Leitner and I. Schaumuller-Bichl, “ARiMA - A New Approach to Implement ISO/IEC 27005,” in 2009 2nd International Symposium on Logistics and Industrial Informatics, 2009, pp. 1–6.
[12] M. M. Cabero, “Certificación de calidad en los archivos. Análisis y prospectiva,” Rev. Española Doc. Científica, vol. 34, no. 3, pp. 447–460, 2011.
[13] AENOR, “Certificación ISO 20000 del Sistema de Gestión de Servicios de Tecnologías de la Información,” 2016. [Online]. Available: https://www.aenor.es/aenor/certificacion/calidad/calidad_serviciosti_20000.asp#.WhWHs1WnFph. [Accessed: 21-Nov-2017].
[14] SGS, “ISO 20000 - CERTIFICACIÓN DE TI,” 2017. [Online]. Available: http://www.sgs.co/es-es/health-safety/quality-health-safety-and-environment/risk-assessment-and-management/security-management/iso-20000-it-certification. [Accessed: 21-Nov-2017].
[15] ISO, “ISO/IEC 19770-5:2015(en) Information technology — IT asset management — Overview and vocabulary — Part 5,” 2015. [Online]. Available: https://www.iso.org/obp/ui#iso:std:iso-iec:19770:-5:ed-2:v1:en. [Accessed: 21-Nov-2017].
[16] ISO, “ISO/IEC 12207:2008 Systems and software engineering -- Software life cycle processes,” 2008. [Online]. Available: https://www.iso.org/standard/43447.html. [Accessed: 21-Nov-2017].
[17] EcuRED, “ISO 15504,” 2017. [Online]. Available: https://www.ecured.cu/ISO_15504. [Accessed: 21-Nov-2017].
[18] NYCE Colombia, “ISO/IEC 29110,” 2016. [Online]. Available: http://nycecolombia.co/isoiec-29110. [Accessed: 21-Nov-2017].
[19] ISO, “ISO/IEC TR 29110-5-1-2:2011 Software engineering -- Lifecycle profiles for Very Small Entities (VSEs) -- Part 5-1-2: Management and engineering guide: Generic profile group: Basic profile,” 2011. [Online]. Available: https://www.iso.org/standard/51153.html. [Accessed: 21-Nov-2017].
[20] GT26, “Grupo de Trabajo AEN/CTN71/SC7/GT26 Pruebas de Software. ISO/IEC/IEEE 29119 Software Testing Standard,” 2017. [Online]. Available: http://in2test.lsi.uniovi.es/gt26/. [Accessed: 21-Nov-2017].
[21] ISO, “ISO/IEC 25000:2014 Systems and software engineering -- Systems and software Quality Requirements and Evaluation (SQuaRE) -- Guide to SQuaRE,” 2014. [Online]. Available: https://www.iso.org/standard/64764.html. [Accessed: 21-Nov-2017].
[22] AENOR, “UNE-EN ISO 22301:2015,” 2015. [Online]. Available: http://www.aenor.es/aenor/normas/normas/fichanorma.asp?tipo=N&codigo=N0054336#.WhWMxlWnFpg. [Accessed: 21-Nov-2017].
[23] AXELOS, “What is ITIL® Best Practice?,” 2017. [Online]. Available: https://www.axelos.com/best-practice-solutions/itil/what-is-itil. [Accessed: 21-Nov-2017].
[24] ISACA, “Acerca de ISACA,” 2017. [Online]. Available: http://www.isaca.org/spanish/Pages/default.aspx. [Accessed: 21-Nov-2017].
[25] Microsoft, “Información general de CMMI,” 2017. [Online]. Available: https://msdn.microsoft.com/es-es/esco/library/ee461556.aspx. [Accessed: 21-Nov-2017].
[26] CMMI Institute, “What Is Capability Maturity Model Integration (CMMI)®?,” 2017. [Online]. Available: http://cmmiinstitute.com/capability-maturity-model-integration. [Accessed: 21-Nov-2017].
How to Cite
Vecino P., H. (2017). ISO standards and reference framework for ICT governance. General revision. Revista Colombiana De Computación, 18(1), 70–81. https://doi.org/10.29375/25392115.3199
Downloads
Download data is not yet available.
Published
2017-06-01
Section
Article of scientific and technological research
Escanea para compartir
