Control Objectives For Information And Related Technology Research Articles

An overview of cybersecurity in Zimbabwe's financial services sector.

As nations, businesses, and individuals rely on the Internet for everyday use, so are cybercriminals manipulating systems to access information illegally and disrupting services for financial gain. The global cost of cybercrime eclipsed one trillion US Dollars in 2020, with Africa losing US $3.5 billion. A quantitative research methodology was adopted to investigate factors affecting cybercrime in Zimbabwean financial institutions. The study focused on the technical aspects of cybersecurity. Data were collected from July 2022 to October 2022, targeting technology experts in the financial services sector. Participants were recruited from 13 institutions to rank cybersecurity constructs, frameworks, and challenges associated with cybersecurity. Data was collected using a questionnaire distributed to participants. Descriptive statistics were used to extract meanings from the responses that measure mean and standard deviation. Network and data security were the most highly ranked cybersecurity constructs, while physical security was the least. The top three barriers are increasing sophistication of threats, limited skills and emerging technologies, while lack of executive support was the least. The top frameworks used are the Information Technology Infrastructure Library (ITIL) and Control Objectives for Information and Related Technologies (COBIT), while a fifth is yet to adopt cybercrime frameworks. The study proposes that financial institutions establish a cybersecurity culture to fight cybercrime, addressing cybersecurity barriers and following best practices. Financial institutions should invest in cybersecurity technologies, train security specialists, and employ a Chief Information Security Officer (CISO). The study's small sample may affect the generalisability of the results. Financial institutions should implement strategies to raise awareness and collaborate with institutions to train cybersecurity security specialists to close the skills gap.

The impact of information technology governance according to the COBIT on performance

This study aims to explore the relationship between the performance of banks and the governance of information technology as outlined by control objectives for information and related technologies (COBIT) standards. A survey questionnaire method was used to collect data, guided by a specific model to address the research objectives. Participants included employees from the Central Bank of Sudan and various commercial banks. Out of 280 distributed surveys, 240 were successfully returned and analyzed using the SPSS software to assess both measurement and structural models. The analysis revealed a positive and significant link between bank performance and several aspects: acquisition and implementation, support and delivery, monitoring and evaluation, and planning and organizing. This research contributes to the existing literature by specifically examining the performance of banks and information technology governance in the Middle Eastern context through COBIT, marking it as a distinctive empirical study in this field.

An overview of cybersecurity in Zimbabwe’s financial services sector

Background: As nations, businesses, and individuals rely on the Internet for everyday use, so are cybercriminals manipulating systems to access information illegally and disrupting services for financial gain. The global cost of cybercrime eclipsed one trillion US Dollars in 2020, with Africa losing US $3.5 billion. Methods: A quantitative research methodology was adopted to investigate factors affecting cybercrime in Zimbabwean financial institutions. The study focused on the technical aspects of cybersecurity. Data were collected from July 2022 to October 2022, targeting technology experts in the financial services sector. Participants were recruited from 13 institutions to rank cybersecurity constructs, frameworks, and challenges associated with cybersecurity. Data was collected using a questionnaire distributed to participants. Descriptive statistics were used to extract meanings from the responses that measure mean and standard deviation. Results: Network and data security were the most highly ranked cybersecurity constructs, while physical security was the least. The top three barriers are increasing sophistication of threats, limited skills and emerging technologies, while lack of executive support was the least. The top frameworks used are the Information Technology Infrastructure Library (ITIL) and Control Objectives for Information and Related Technologies (COBIT), while a fifth is yet to adopt cybercrime frameworks. Conclusions: The study proposes that financial institutions establish a cybersecurity culture to fight cybercrime, addressing cybersecurity barriers and following best practices. Financial institutions should invest in cybersecurity technologies, train security specialists, and employ a Chief Information Security Officer (CISO). The study’s small sample may affect the generalisability of the results. Financial institutions should implement strategies to raise awareness and collaborate with institutions to train cybersecurity security specialists to close the skills gap.

Evaluation Of Information System Governance Capability Level Of Engineering Construction Services Firm Using COBIT Framework 5

Engineering Construction Services Firm Instrument Engineering is a company in engineering construction services. Not only construction services Engineering Construction Services Firm Instrument Engineering also has services in the field of non-construction such as operation and maintenance. There is no quality management standard in the company expected to increase productivity and superiority over competitors; the company needs a schedule to conduct periodic audits of information security management. It requires recommendations for improving the Information Security Management System), and the company hopes to make a standard document for data and information security risk governance aimed at supervision and review of the Information Security Management System. To make sure that SI operations within the Company have been carried out and objectives have been supported as effectively as possible, it is required to conduct an information system audit using the Control Objectives for Information and Related Technology (COBIT) framework based on the needs that have been described. The research on evaluating IT governance abilities using the COBIT 5 framework APO13 process ends at level 1 with a status of 82.12. EDM03 and APO12 processes terminate at level 2, with a Largely achieved status of 82.12 for EDM03 and 84.41 for APO12.

Penerapan Model COBIT 5 dalam Audit Sistem Informasi Penerimaan Negara Bukan Pajak Online Pada Lembaga Penyiaran Publik Radio Republik Indonesia

Audit is an independent and standardized systematic process that completes evidence and compares it objectively to determine the extent to which audit interpretations have been complied with. One of the standards used in the implementation of the information systems audit process is COBIT (Control Objectives for Information and Related Technology). Online PNBP still has identified problems, including that the Online PNBP application does not accommodate all Types and Tariffs for PNBP types. This study aims to conduct an online PNBP information system audit at LPP RRI Gorontalo. This study uses the APO04 (Manage Innovation) domain at COBIT 5 with the research stages using Assessment Process Activities. The data used in this study are secondary data and primary data obtained through the observation phase of interviews and questionnaires. Based on the research results, the average value in the APO04 sub-domain in the current condition (As Is) is 0.24 and the expected condition (To Be) is 0.20 or still at level 0. With the largest gap or gap value is in the APO04.02 sub domain, which is 0.54. With these results it is found that LPP RRI Gorontalo has not carried out IT processes that should have existed, or been added and have not succeeded in achieving the objectives of the IT process and have not been optimal in maintaining understanding of the company's environment, so the suggestion that can be given is to maximize understanding of the environment companies so that they can understand the interests of both consumers and companies so that opportunities enabled by new technologies can be identified

Evaluation Of Information System Governance Capability Level Of Engineering Construction Services Firm Using Cobit Framework 5

Engineering Construction Services Firm Instrument Engineering is a company in engineering construction services. Not only construction services Engineering Construction Services Firm Instrument Engineering also has services in the field of non-construction such as operation and maintenance. There is no quality management standard in the company expected to increase productivity and superiority over competitors; the company needs a schedule to conduct periodic audits of information security management. It requires recommendations for improving the Information Security Management System), and the company hopes to make a standard document for data and information security risk governance aimed at supervision and review of the Information Security Management System. To make sure that SI operations within the Company have been carried out and objectives have been supported as effectively as possible, it is required to conduct an information system audit using the Control Objectives for Information and Related Technology (COBIT) framework based on the needs that have been described. The research on evaluating IT governance abilities using the COBIT 5 framework APO13 process ends at level 1 with a status of 82.12. EDM03 and APO12 processes terminate at level 2, with a Largely achieved status of 82.12 for EDM03 and 84.41 for APO12.

ANALISIS IMPLEMENTASI DATA SECURITY, INTENTION FOR COMPLIANCE, DAN KERANGKA COBIT DI PERUSAHAAN: TINJAUAN LITERATUR SISTEMATIS

One way to protect organizational data is to comply with security standards set by regulations and industry standards. The purpose of this compliance is to ensure that the organization meets the security requirements set by the competent authorities and avoids the risk of penalties or sanctions for breaches of privacy and data security. COBIT (Control Objectives for Information and Related Technology) is an IT management framework used by organizations to ensure that data security and privacy are well maintained. The purpose of this research is to find out the forms of implementation of data security management, intention for compliance with the COBIT framework in companies over the last 10 years. This research is expected to provide a scientific contribution to the direction of research in the field of data security management and provide managerial contributions regarding the urgency and challenges of COBIT implementation as part of good IT governance.

An Empirical Study to Measure the Impact of Information Technology Governance Under the Control Objectives for Information and Related Technologies on Financial Performance

Purpose: To determine the effect of information technology governance (ITG) under the control objectives for information and related technologies (COBIT) on financial performance is the objective of this study. Additionally, the article seeks to look into the relationships between the factors under consideration. Theoretical framework: Information technology and operational processes are evaluated and ensure their compliance with the instructions of the Central Bank of Iraq. Therefore, the research dealt with a conceptual framework by reviewing the literature on the importance of the COBIT framework in assessing financial performance. Design/methodology/approach: To investigate the effect of information technology; we the value-added intellectual coefficient approach and a defined corporate governance index were utilized. The performance of the company was assessed using operating efficiency ratio and Economic value Added (EVA). Findings: the results Show there are the high level of application of ITG in the banks listed in the Iraqi stock exchange. Also, we found the effectiveness of ITG under the COBIT framework in banking financial performance. Research, Practical & Social implications: The findings should inform practitioners and legislative institutions of the necessity to follow strong COBIT procedures and enhance the effectiveness of IT to produce a better financial performance for firms. Originality/value: the study is among the first to consider the casual connections and how COBIT policies for ITG affect financial performance in the setting of Iraq.

Impact of the electronic internal auditing based on IT governance to reduce auditing risk

This paper analysed the effect of electronic internal auditing (EIA) based on the Control Objectives for Information and Related Technologies (COBIT) framework. Organisations must implement an up-to-date accounting information system (AIS) capable of meeting their auditing requirements. Electronic audit risk (compliance assessment, control assurance, and risk assessment) is a development by Weidenmier and Ramamoorti (2006) to improve AIS. In order to fulfil the study’s objectives, a questionnaire was prepared and distributed to a sample comprising 120 employees. The employees were financial managers, internal auditors, and workers involved in the company’s information security departments in the General Company for Electricity Distribution (GCBED) of Baghdad, owned by the Iraqi federal government. The Statistical Package for the Social Sciences (SPSS) software was employed to analyse the data and hypotheses. The study concluded that there is a substantial effect on the performance of EIA depending on the COBIT framework in reducing electronic audit risk in GCBED. According to the findings, additional research should be undertaken to improve efficiency, accounting control efficiency, and asset protection programs to lessen audit risk.

IT GOVERNANCE CAPABILITY LEVEL IDENTIFICATION OF COBIT 2019 AT THE RSUP PROF. DR. R.D. KANDOU, MANADO, NORTH SULAWESI

In terms of technology, governance can be implemented effectively and efficiently if it can provide functionality or value that applies to businesses of all sizes and types. IT governance design can help you explore design factors that influence governance and includes a workflow for planning a governance system for your enterprise. Control Objectives for Information and Related Technologies (COBIT) is a framework created by ISACA that contains guidance or guidance documents that may be useful to auditors, users, and management. COBIT is an internationally recognized and applied best practice for information, information technology, and organizational risk which can be used to define information technology to maximize IT control. As it is required to improve IT service, the design of IT governance was conducted at the Central Unit Hospital (RSUP) Prof. Kandou, Manado, North Sulawesi, using the latest version of COBIT, COBIT 2019. The following is an explanation of the priorities of Malayang Hospital. Governance below 25 points is proficiency level 1. The results shows that there are five objectives that becomes main priority (reaching level 4): EDM03, APO12, BAI02, BAI03 and BAI05. These objectives are the ones recommended to be audited. The second tier that may also suggested to be audited are objectives with capability level 3: APO07, APO08, BAI01, BAI07, DSS01, DSS02 and MEA01.Keywords; COBIT 2019, IT Governance, RSUP Prof. Kandou Malalayang

How to improve information technology strategic planning effectiveness using balanced scorecard, risk and maturity analysis, case study health information technology? A qualitative study.

Although many health strategic plans have been developed by scholars and organizations, they still suffer from a limited view. Since most health-related strategies in the future will depend on information technology (IT), as the main driver of today's industry, technology, and society, IT merits attention in health strategic plans. While the majority of the health strategic plan developed based on the interviews and questioner and these plans didn't consider the role of IT in their actions, this research will develop a framework to integrate risk and maturity analysis with the strategic planning process in health information technology strategic plan. The present research introduces an integrated framework based on a balanced scorecard (BSC) and control objectives for information and related technologies (COBIT). Also, The American Productivity & Quality Centre framework and COBIT were employed in this model to define the processes and activities of health IT (HIT) organizations. The organization's maturity and risk are analyzed in terms of information and management criteria using BSC, COBIT, and the analytical hierarchy process. Later this model was implemented in a Remote Health care System to improve the strategic management process for this technology. Using this framework, 17 business goals have been developed and presented for the case. Also, the total related risk was 48% and the maturity level was at 1/18. The results are presented as decision-making parameters and strategies for successful IT implementation. The presented framework provides deeper insight for the decision-maker through integrating risk and maturity analysis in the HIT strategic planning process. The results are presented as decision-making parameters and strategies for successful IT implementation. These strategies help investors decide about resource allocation based on the risk-taking capability, certainty, and uncertainty results of the plan.

Pengukuran Level Kapabilitas (Capability Level) Tata Kelola Teknologi Informasi Pada Koperasi Unit Desa Mino Saroyo Cilacap Menggunakan Cobit 5

Information Technology (IT) investment in the Village Unit Cooperative (KUD) environment is influenced by the importance of information needed by rural communities. IT is very necessary to help performance to be maximized, especially in the KUD environment. In an effort to improve performance, KUD invests IT in several business fields. However, once the invested IT is not fully used according to its business goals. IT management is still the responsibility of each business field. Therefore, the results achieved are not comparable to what was expected after the implementation of IT. From these problems, it is necessary to have an IT Governance audit in order to find out the maturity value of the IT that has been implemented. This study aims to measure the it maturity applied by the Mino Saroyo Cilacap KUD, so it is necessary to use an international standard framework, namely control objectives for information and related technology (COBIT) version 5. The results of measuring the maturity level of IT Governance kud are currently estimated to be at level 2. The maturity level of the KUD at level 2 means that the KUD management process already has formal and written standard procedures. However, KUD has not carried out socialization to all levels of management and employees to be obeyed and carried out daily activities. The recommendations from this study provide problem solving as a reference to the KUD for improvement from the TKTI side so that it goes hand in hand with organizational goals and as expected by stakeholders in predicting the optimal use of IT resources.

E-payment Challenges: The Genesis and Remedies to the Problem

Switching between internet solutions in an organization can be challenging, mainly if it affects the core operations and running of the organizations, such as e-payment. It becomes problematic when the role of e-government is not properly considered in an organization. In this study, the school fees e-payment project of a Nigerian University and the losses incurred due to the lack of incorporation of ICT- government into the e-payment process was evaluated. This study recommends good outsourcing, corporate and ICT governance practices such as the incorporation of frameworks like the Control Objectives for Information and Related Technology (COBIT) and IT Infrastructure Library (ITIL), can be integrated to minimize such problems. This would help any University to avert likely losses.

Empirical Analysis on the Internal Control of Iraqi Electronic Payments System (EPS): Evidence from Ministry of Iraqi Finance

The research aims to study the effect of the electronic payment system on the supervisory controls used in Iraqi banks registered in the Iraq money market using the COBIT framework. Also it aims to identify the discrepancy in the adoption of COBIT by academics and practitioners on the research sample (central bank of Iraq, the Gulf Commercial Bank, the United Investment Bank, and the Cooperative Agricultural Bank). The Control Objectives for Information and related Technology (COBIT) is a framework of generally applicable IS security and control practices for information technology control systems in order to achieve objective. The data been distributed on 89 items that represented by department managers (payments, accounts, information technology, control and inspection). These date were collected and analyzed for each bank under consideration of COBIT accordingly. The results showed that The percentage of the weakness varies between the banks, it is the strongest in the Central Bank of Iraq because it is the owner of the system. In order to improve the performance of Iraqi banks that are listed on Iraq Stock Exchange, international guidelines should be followed.

Maturity Models and Sustainable Indicators—A New Relationship

This study aims to investigate the relationship between maturity models adopted by information technology companies and the sustainability indicators that are currently considered decision-making factors for investors and customers. The research is based on previous studies, Control Objectives for Information and Related Technology (COBIT), and Global Reporting Initiative (GRI) standards, and indicators of the Sustainable Development Goals (SDG) defined in 2015 by the United Nations. As a result of the intersection between the GRI and SDG indicators with COBIT requirements, a set of 50 indicators covering four dimensions of sustainability was identified. In the environmental dimension, 11 indicators were identified, in the economic dimension six indicators, in social dimension 14 indicators, and, at last, in the governance dimension, there were 19 convergent indicators between COBIT and GRI. This set of 50 proposed indicators was validated by analyzing the content of the sustainability reports available on the websites of information technology companies, making it possible to relate the sustainable practices and strategies adopted by such companies with the indicators suggested in this study. Furthermore, we identified that the SDGs are incorporated into the strategic objectives of seven of the nine companies analyzed.

Complex information systems configuration using ISACA Design Guide into an Axiomatic Design approach

This paper describes the process of designing a customized governance solution for an enterprise information system using COBIT framework guidelines and an axiomatic design approach. COBIT (Control Objectives for Information and related Technology) is a generally accepted framework created by the ISACA (Information Systems Audit and Control Association) for governing and managing enterprise information and technology (IT). COBIT framework can be applied to any organization in any industry and was designed to help deliver value while managing better the risks associated with the IT processes. On the other side, the Axiomatic Design (AD) theory involves a continuous interplay between the design objectives (the needs/what we want to achieve) and the means capable of reaching those objectives (how we want to achieve) to determine the best configuration capable of satisfying the design intend. The AD theory requires a description of the design's objectives in terms of specific requirements, called Functional Requirements (FR). The development of a complete solution to a given problem starts by mapping the FRs to Design Parameters (DPs) in the solution domain. ISACA Design Guide proposes ten (10) Design Factors and forty (40) Governance Objectives; each objective (a set of Functional Requirements) can be achieved through several combinations of Design Parameters. From the Axiomatic Design theory perspective, this determines a coupled matrix. To decouple the matrix, the profile of each design factor is drawn, and the sub-factors will be taken only once within the factor where the sub-factor has the highest weight. A case study is presented.

Aligning Information Technology and Supply Chain

Information technology (IT) has a critical importance. Information technology governance (ITG) is the system that allows enterprises to master the complexity of IT in order to maximize its use and to foster the competitive advantage. Control objectives for information and related technology (COBIT) is a well-known IT governance (ITG) framework that groups IT best practices. There is little research about the correlation between COBIT and domain specific frameworks, like supply chain operation reference (SCOR) for supply chain (SC). The paper proposes an approach to map SCOR's components to COBIT with ArchiMate, which is a standard language to model enterprise architecture (EA). The mapping can simplify, by visualization, the complexity of both frameworks. It can also provide a view on possible overlaps and synergies between SCOR and COBIT. Two detailed illustrations are presented. The evaluation is done according the Bunge-Wand-Weber method. An example of the utility of the mapping is done for a real case scenario.

Intellectual Capital, Knowledge Management in the Interaction of Government and Management of Information Technologies from COBIT 5 Perspective

This article provides a reflection on Intellectual Capital and Knowledge Management out of a COBIT (Control Objectives for Information and Related Technology), 5 framework proposal stating the importance to achieve strategic objectives and to obtain an ideal quality level, through efficiency, efficacy and effectiveness in the whole area of processes and procedures oriented to Organizational Development; thus, the objective is to present these concepts through a documentary investigation analyzed in data bases, Google Scholar, on-line catalogs and repositories. The COBIT 5 framework proposal is described in its Principle 4 "Enabling a holistic approach". In the explanation, each enabler and its interaction with the Intellectual Capital and Knowledge Management is detailed, in which the viability to achieve the institutional objectives and goals is observed, ensuring and closing the gap between Information Technology Management and business objectives. From the analysis, it is concluded that the participation of these two concepts in all the processes is very active and important, so its explicit definition is proposed in the Governance models.

Healthcare Sector Security Analysis

Security and privacy are paramount pillars to the healthcare industry as protected health information can reveal very sensitive information about oneself. Prior to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), controls for securing health care facilities were discretionary (HHS, 2013, para. 2). The adoption of prescriptive controls allows a reasonable baseline of security to be applied to safeguard sensitive information. The prescriptive nature of the baseline security must be flexible enough to allow organizations to adopt new technology, while also providing an adequate level of protection to the data produced by the new technology. Despite moving to the prescriptive set of control standards, 88% of all ransomware attacks occurring during the second quarter of 2016 occurred in the healthcare industry (Mulero, 2017, para. 2). While this statistic only includes three months, this is astonishingly high. To further complicate matters, a study conducted by the Ponemon Institute that included 91 healthcare organizations saw that 90% had suffered a breach from 2014-2016 (Ponemon, 2016, p. 1). The primary motivation for the healthcare suffering such attacks is the ability for a malicious actor to siphon enough information to steal entire identities (Security Scorecard, 2019, p. 2). This paper aims to discuss the role of the security officer in a major healthcare organization with regard to evaluating security posture. To provide a holistic approach to understanding the risks associated with the healthcare industry, it is important to understand the various functions performed inside the hospital and the electronic records that facilitate these departments operate effectively. Hospitals and doctor’s offices alike are also subject to many regulations to include HIPPA, Health Information Technology for Economic and Clinical Health (HITECH) Act, and Payment Card Industry standards (Murphy, 2015, p. 64). Therefore, the technical, operational, and physical controls must uniformly comply with the provisions set forth across multiple laws. While it is prudent for and organization to choose the methodology that most closely aligns with the organizations business goals, a singular methodology may not provide adequate coverage. Therefore, choosing controls across a swath of methodologies to provide adequate coverage for the organization is recommended. For the assessment of the healthcare organization, this paper will focus on leveraging the National Institute for Science and Technology (NIST) Cyber Security Framework (CSF). The Department of Health and Human Services has published a crosswalk between the HIPAA security rule and various frameworks security controls. The crosswalk demonstrates the connection between the administrative, technical, and physical safeguard standard and implementation specification in the HIPAA security rule to a relevant control mapping between Control Objectives for Information and Related Technology (COBIT), International Standards Organization 27001, International Society of Automation 62443, and NIST 800-53 (HHS, 2016, p. 2). This linkage provides a rich resource to begin creation of a risk profile management system. The strongest controls implement nine layers between detective, corrective, and preventative functions across the administrative, technical, and physical control methods (Cannon, 2016, p. 142).

Measuring the Maturity Level of Information Technology Governance in the Informatics Engineering Department Using COBIT 4.1

Information technology plays an important role in the business world because it may affect the operations of the organization within the organization that also uses information technology to provide information. One of the departments that use information technology is the Information Engineering Department of Musamus Merauke University, which is used to provide information related to the Department of Information Engineering. But in the use of information technology is still flawed. Therefore, it is necessary to have a standard in information technology management to measure overall standards and governance in information technology management, ie using COBIT. 4.1 Based on this study, we will design an information technology management model for the Department of Information Engineering. Control objectives for information and related technologies (COBIT) are 4 primary domains, including domains, planning and organization (PO), acquisition and implementation (AI), transmission and support (DS) and Monitoring and Evaluate (ME) in all four domain research in COBIT 4.1 used to solve the problems and needs of the information engineering department in information technology management, support the process of technology services Prof. support and supervision and evaluation of information technology. The study found that the level of maturity of information technology supervision in the information engineering department is at level 2. Therefore, information technology in the information engineering department must be improved to the expected level.