Assurance for Change Management With COBIT 2019 and CMMC Maturity Frameworks-Reference-Cited by-同舟云学术

Assurance for Change Management With COBIT 2019 and CMMC Maturity Frameworks

Published:2022 Issue: Volume: Page:163-196
ISSN:2327-3275
Container-title:Advances in Business Information Systems and Analytics
language:
Short-container-title:

Author:

Zanzig Jeffrey S.¹,Francia, III Guillermo A.²^ORCID

Affiliation:

1. Jacksonville State University, USA

2. University of West Florida, USA

Abstract

As technology plays an ever-increasing role in carrying out structured tasks in today's society, people are given more time to focus their attention on higher levels of service and personal development. However, technology is in a constant state of change and assurance services are needed to help ensure that technology changes are accomplished properly. The Institute of Internal Auditors has identified 10 steps that can be used to effectively implement changes in technology. This process and its accompanying internal controls can be assessed through an internal audit function that considers issues of both functionality and security. In addition, continuous improvement of the change management process for technology can be evaluated though capability/maturity models to see if organizations are achieving higher levels of accomplishment over time. Such models include the COBIT 2019-supported capability maturity model integration (CMMI) model and the cybersecurity maturity model certification (CMMC) framework used by defense industrial base organizations.

Publisher

IGI Global

Reference25 articles.

1. Buckley, S. (2011). IT Change Management. Internal Auditor. Retrieved from https://www.theiia.org/intAuditor/itaudit/2011-articles/it-change-management/

2. Carnegie Mellon University and The John Hopkins University Applied Physics Laboratory, LLC. (2020). Cybersecurity Maturity Model Certification (CMMC) v 1.02. Carnegie Mellon University and The John Hopkins University Applied Physics Laboratory, LLC.

3. Cavusoglu, H., Cavusoglu, H., & Zhang, J. (2004). Economics of Security Patch Management. Annual Workshop on the Economics of Information Security. Retrieved November 14, 2012, from http://ns2.honlab.dc.hu/~mfelegyhazi/courses/BMEVIHIAV15/readings/06_Cavasoglu2006security_patch.pdf

4. Choi, E. (2020, Jul 28). Business news: Garmin says hack disabled software. Wall Street Journal. Retrieved from http://lib-proxy.jsu.edu/login?url=https://www-proquest-com.lib-proxy.jsu.edu/newspapers/business-news-garmin-says-hack-disabled-software/docview/2427462869/se-2?accountid=11662