Résumé
Governance of IT is becoming more and more necessary in the current financial economic situation. One declination of that statement is the definition of corporate and IT policies. To improve that matter, the paper has for objective to propose a methodology for defining policies that are closer to the business processes, and based on the strict definition of a responsibility model that clarify all actor's responsibility. This responsibility model is mainly defined based on the three concepts of capability, the accountability and the commitment. The methodology is illustrated and validated based on a case study conducted in an IT company.
langue originale | Anglais |
---|---|
titre | Proceedings of the ARES 2009 Workshop on Organizational Security Aspects (OSA), Fukuoka, Japan |
Lieu de publication | 345 E 47TH ST, NEW YORK, NY 10017 USA |
Editeur | IEEE |
Pages | 762-767 |
Nombre de pages | 6 |
Volume | 1-2 |
ISBN (imprimé) | 978-1-4244-3572-2 |
Les DOIs | |
Etat de la publication | Publié - 2009 |