Ciência_Iscte Publicações Descrição Detalhada da Publicação Exportar

Exportar Publicação

A publicação pode ser exportada nos seguintes formatos: referência da APA (American Psychological Association), referência do IEEE (Institute of Electrical and Electronics Engineers), BibTeX e RIS.

Exportar Referência (APA)

Almeida, R., Lourinho, R., da Silva, M. M. & Pereira, R. (2018). A model for assessing COBIT 5 and ISO 27001 simultaneously. In 2018 IEEE 20th Conference on Business Informatics (CBI). (pp. 60-69). Vienna: IEEE.

Exportar Referência (IEEE)

R. Almeida et al.,  "A model for assessing COBIT 5 and ISO 27001 simultaneously", in 2018 IEEE 20th Conf. on Business Informatics (CBI), Vienna, IEEE, 2018, pp. 60-69

Exportar BibTeX

@inproceedings{almeida2018_1775769055580,
	author = "Almeida, R. and Lourinho, R. and da Silva, M. M. and Pereira, R.",
	title = "A model for assessing COBIT 5 and ISO 27001 simultaneously",
	booktitle = "2018 IEEE 20th Conference on Business Informatics (CBI)",
	year = "2018",
	editor = "",
	volume = "",
	number = "",
	series = "",
	doi = "10.1109/CBI.2018.00016",
	pages = "60-69",
	publisher = "IEEE",
	address = "Vienna",
	organization = "",
	url = "https://ieeexplore.ieee.org/document/8452659/"
}

Exportar RIS

TY - CPAPER
TI - A model for assessing COBIT 5 and ISO 27001 simultaneously
T2 - 2018 IEEE 20th Conference on Business Informatics (CBI)
AU - Almeida, R.
AU - Lourinho, R.
AU - da Silva, M. M.
AU - Pereira, R.
PY - 2018
SP - 60-69
SN - 2378-1971
DO - 10.1109/CBI.2018.00016
CY - Vienna
UR - https://ieeexplore.ieee.org/document/8452659/
AB - The assessment of Enterprise Governance of IT (EGIT) frameworks and standards such as COBIT 5 and ISO 27001, when adopted simultaneously, implies an unreasonable effort because each framework and standard defines its own scope, definitions, and terminologies. Using these frameworks and standards independently prevents organizations from achieving the full benefits of EGIT since there are limitations on their application to specific Information Technology (IT) areas. Also, as these frameworks and standards overlap, at a time when organizations strive to be efficient and effective, it seems counterintuitive to be wasting resources by having different organizational departments handling both approaches independently. Thus, the primary goal of this paper is to facilitate the COBIT 5 and ISO 27001 simultaneous assessment. To reach this goal, an Enterprise Architecture (EA) metamodel representation of ISO 27001 and its mapping to COBIT 5 is proposed using ArchiMate as the EA modeling language. The ISO 27001 metamodel is also extended with ISO/IEC Technical Specification (TS) 33052 and ISO/IEC TS 33072 because these standards propose a Process Reference Model and a Process Assessment Model for Information Security management, which are essential models to assess ISO 27001 and COBIT 5 simultaneously. A field study was conducted in the Portuguese Navy regarding the COBIT 5 Manage Service Requests and Incidents process and its corresponding controls in ISO 27001 through the mapped ISO/ IEC TS 33052 processes.
ER -