Feltus, Christophe and Michael, Petit and Georges, Ataya (2008): Definition and Validation of a Business IT Alignment Method for Enterprise Governance Improvement in the Context of Processes Based Organizations. Published in: Proceedings of the first conference on Corporate Governance of IT , Vol. 1, No. 1 (2. December 2008)
This is the latest version of this item.
Download (447kB) | Preview
These days, it is remarkable to note the growing of interest in professional responsibility. Specifically, the responsibility a person commits to when he or she performs a task. Based on a review of research currently performed in the field of policy (from corporate to technical ones), we observe that the perception of responsibility has often been limited to a combination of rights and obligations. In addition, we are seeing a re-emergence in business (for example, in the financial sector) of a belief that business ethics foundation can be improved and that a renewed focus in this area would help to prevent future breakdowns in the system. With regard to improving business/IT alignment and corporate ICT governance, it becomes increasingly important to define a commonly accepted personal responsibility model that embodies important and well-known concepts like accountability, capability and commitment. Moreover, because responsibility constitutes a fundamental notion of management theory, it is likewise identified as a meaningful bridge toward organizational artifacts. Exploiting process-based approach to define policy seems to offer new research opportunities since process-based organization becomes a continuous widely spread structure.
|Item Type:||MPRA Paper|
|Original Title:||Definition and Validation of a Business IT Alignment Method for Enterprise Governance Improvement in the Context of Processes Based Organizations|
|English Title:||Definition and Validation of a Business IT Alignment Method for Enterprise Governance Improvement in the Context of Processes Based Organizations|
|Keywords:||ICT Governance, Responsibility model, Capability, Accountability, Commitment.|
|Subjects:||D - Microeconomics > D8 - Information, Knowledge, and Uncertainty > D80 - General|
|Depositing User:||Christophe Feltus|
|Date Deposited:||29. Mar 2010 06:26|
|Last Modified:||13. Feb 2013 13:00|
Abou El Kalam, A., El Baida, R., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte, Y., Miège, A., Saurel, C., Trouessin, G. (2003), Organization-Based Access Control, IEEE 4th International Workshop on Policies for Distributed Systems and Networks (Policy’03), 4-6 juin 2003, Côme, Italie, pp 120-131.
Antón, A. (1996), Goal-Based Requirements Analysis. Second ICRE’96, Colorado Springs, USA.
Aubert, J., Gateau, B., Incoul, C., Feltus, C. (2008), SIM : An Innovative Business-Oriented Approach for a Distributed Access Management, International Conference on Information & Communication Technologies: from Theory to Applications (IEEE ICTTA2008), Damascus, Syria.
Basel II (2006), Bank for International Settlements BIS: International Convergence of Capital Measurement and Capital Standards: Revised Framework – Comprehensive Version.
Bertino, E., Mileo, A., and Provetti, A. 2005. PDL with Preferences. IEEE international Workshop on Policies For Distributed Systems and Networks, Policy 2005 – Vol. 00, IEEE Computer Society, Washington, DC, 213-222.
CEN/ENV 12204 (1996): Advanced manufacturing technology – Systems architecture - Constructs for enterprise modelling, CEN TC 310/WG1.
CobiT 4.1, Control Objectives for Information and Related Technology, Information Systems Audit and Control Association, http://www.isaca.org/Template.cfm?Section=COBIT6&Template=/TaggedPage/TaggedPageDisplay.cfm&TPLID=55&ContentID=7981
Crook, R., Ince, D., Nuseibeh, B., (2002) Towards an Analytical Role Modelling Framework for Security Requirements, Security Requirements Group, Departement of Computing, The Open University, Walton Hall, Milton Keynes, MK7 6AA, UK.
Directive 95/46/EC (1995), European Union: Directive 95/46/EC of the European Parliament and of the Council. Official Journal of the European Communities, pp. 28-31.
Feltus, C. and Rifaut, A. (2007), An Ontology for Requirements Analysis of Managers’ Policies in Financial Institutions, I-ESA2007, Madeira, Portugal.
Feltus, C. (2008), Preliminary Literature Review of Policy Engineering Methods - Toward Responsibility Concept, ICTTA2008, Damascus, Syria.
Ferraiolo, D. F., Sandhu, R., Gavrila, S., D. Kuhn, R., Chandramouli, R. (2001), Proposed NIST Standard for Role-Based Access Control, ACM Transactions on Information and System Security, 4 (3), 224-274.
Gateau, B., Feltus, C., Aubert J., Incoul, C. (2008), An Agent-based Framework for Identity Management: The Unsuspected Relation with ISO/IEC 15504, RCIS 2008, Morocco.
ISO/IEC 38500 (2008), International Standard for Corporate Governance of IT (IT Governance)
ISO 9000:2005 (2005), Quality management systems - Fundamentals and vocabulary.
ISO/IEC 15504-1 (2004): Information technology - Process assessment - Part 1: Concepts and vocabulary.
ISO/IEC 15504-2 (2003): Information technology - Process assessment - Part 2: Performing an assessment.
ISO/IEC 15504-5 (2006): Information technology - Software Process Assessment - Part 5: An exemplar process assessment model.
ITIL (2001), IT Infrastructure Library – Service Delivery, The Stationery Office Edition, ISBN 011 3308930. Kosanke, K., Vernadat, F.B. and Zelm, M. (1999) CIMOSA: enterprise engineering and integration Computers in Industry, Volume 40, Issues 2-3, Pages 83-97.
March, J. G. and Olsen, J. P. (1995) Democratic Governance, New York, The Free Press, 1995, 292 pp.
Mauchan, M. (2007), thèse « Modélisation pour la simulation de chaines de production de valeur en entreprise industrielle comme outil d’aide à la décision en phase de conception / Industrialisation »
Park, J., Sandhu, R., (2002) Originator Control in Usage Control, Policy 2002, Monterey, California, U.S.A.
Rifaut, A. and Feltus, C. (2006), Improving Operational Risk Management Systems by Formalizing the Basel II Regulation with Goal Models and the ISO/IEC 15504 Approach, REMO2V’2006, Luxembourg
Sarbanes, P. S. and Oxley, M. (2002) “Sarbanes-Oxley Act of 2002”.
Savén, R. S. (2002), Process modelling for enterprise integration: review and framework, 13th International Working Seminar on Production Economics, Igls/Innsbruck, Austria, February 18-22.
Togaf (2007), The Open Group Architecture Framework (TOGAF 8.1.1 'The Book'), 2007 Edition , Van Haren Publishing
Vernadat F. B. (1995), Enterprise Modelling and Integration, Chapman & Hall, London , ISBN 0-412-60550-3
Vernadat, F.B. (2004), Enterprise Modelling: Objectives, constructs & ontologies, Tutorail EMOI-CaiSE Workshop, Latvia.
Yu, E. S. and Liu, L. (2001). Modelling Trust for System Design Using the i* Strategic Actors Framework. Workshop on Deception, Fraud, and Trust in Agent Societies Held During the Autonomous, Eds. Lecture Notes In Computer Science, vol. 2246. Springer-Verlag, London, 175-194
Available Versions of this Item
- Definition and Validation of a Business IT Alignment Method for Enterprise Governance Improvement in the Context of Processes Based Organizations. (deposited 29. Mar 2010 06:26) [Currently Displayed]