Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

You must be logged in to join this group.

AI2.1 - High-level Design

This topic is intended to enable collaboration and sharing of information to facilitate a better understanding and approach to implementing this COBIT control objective based on the risk, value and guidance provided by its corresponding control practices.

COBIT Control Objective AI2.1 - High-level Design is contained within Process Popup Acquire and Maintain Application Software.

Learn more about COBIT and related publications.

Click “Join This Community” to be able to actively participate in discussions and contribute content. You must be an ISACA member to join this topic. Join ISACA now.

This Topic Has:
5 Members
0 Online
4312 Visits

 Recent Discussions

Community Leader

Knowledge Center Manager

Knowledge Center Manager

Title: Become a Topic Leader!

Badge: Energizer

High-level Design

Translate business requirements into a high-level design specification for software acquisition, taking into account the organisation’s technological direction and information architecture. Have the design specifications approved by management to ensure that the high-level design responds to the requirements. Reassess when significant technical or logical discrepancies occur during development or maintenance.

View value and Risk Drivers  help

Hide value and Risk Drivers help

Value Drivers

  • Reduced costs
  • Consistency between business requirements and high-level design results
  • Improved time to delivery
  Risk Drivers
  • Dependency on knowledge held by key individuals
  • Undefined development scope
  • Solutions failing to deliver business requirements
  • Solutions not aligned with strategic IT plan, information architecture and technology direction
  • High costs of fragmented solutions

View Control Practices  help

Hide Control Practices  help

  1. Establish a high-level design specification that translates the business requirements for the software development based on the organisation’s technological direction and information architecture model.
  2. Confirm that the design approach and documentation are compliant with the organisation’s design standards.
  3. Involve appropriately qualified and experienced users in the design process to draw on their expertise and knowledge of existing systems or processes.
  4. Confirm that the design is consistent with the business plans, strategies, applicable regulations and IT plans.
  5. Ensure that the high-level design is approved and signed off on by IT stakeholders (e.g., human/computer interaction, security and other experts) to ensure that their inputs have been recognised and the design, as a whole, constitutes a solution that the organisation can deliver, operate and maintain. Establish that no project proceeds to the business approval process without appropriate review and sign-off by IT stakeholders.
  6. Submit the final high-level design after QA sign-off to the project sponsor/business process owner, and obtain approval and sign-off. Establish that no project proceeds to development without appropriate sign-off by the business.

Discussions: 0 total

Must be a Topic member to contribute

No Results Found

Documents & Publications: 69 total

Must be a Topic member to contribute
View All »
Posted by ISACA 1274 days ago
Posted by ISACA 353 days ago
Posted by ISACA 567 days ago
Posted by ISACA 672 days ago

Events & Online Learning: 20 total

16 Mar 2015
ISACA International Event
Orlando, FL, USA
21 Sep 2015
ISACA International Event
06010 Mexico City, Panama
La Conferencia Latinoamericana CACS/ISRM
9 Nov 2015
ISACA International Event
Copenhagen, Denmark
Stay on top of the trends and opportunities of the dynamic technology industry at EuroCACS/ISRM —the leading European conference for IT audit, assurance, security and risk professionals.

Journal Articles: 220 total

Volume 3, 2107
by Jayakumar Sundaram, CISA, ISO 27001 LA
The SoA is a continuously updated and controlled document that provides an overview of information security implementation.
Volume 6, 2106
by Venkatasubramanian Ramakrishnan, CISM, CRISC, CHFI
Bayesian networks can capture the complex interdependencies among risk factors and can effectively combine data with expert judgment.
Volume 5, 2017
by Michael Werneburg, CIA, PMP
Service organizations with a bespoke application in a regulated industry have special challenges in addressing application vulnerabilities.
Volume 5, 2017
by Filip Caron, Ph.D.
Blockchain technology, commonly expected to drive the next wave of digital infrastructure and process innovation, is rapidly developing into maturity.
Volume 5, 2017
by Hari Mukundhan, CISA, CISSP
This is an age in which machine-to-machine communication is expanding significantly, creating new types of cyberrisk or exacerbating existing risk, thus impacting not only privacy and wealth, but also human safety.
Volume 4, 2017
by Rassoul Ghaznavi-Zadeh, CISM, COBIT Foundation, SABSA, TOGAF
Traditionally, security architecture consists of some preventive, detective and corrective controls that are implemented to protect the enterprise infrastructure and applications.

Wikis: 2 total

Blog Posts: 126 total

With the advancement of technology, many people are engaged on Internet to perform their day to day online activities. One out ofthree people are now planning to conduct and promote their business throughonline, so it has become as a fastest way of commun...
Posted By : Chiranjibi492 | 0 comments
ProposalI will come straight to the point, every country is now connected to the Internet Of The Thing available to public to access to their personal data, order stuffs, book tickets, book hotel, open bank account, view personal account and play around o...
Posted By : SHAMU2015 | 0 comments
24 Aug 2017
The Mobile Maritime Hub 2009-2050 is an strategic plan that started in 2009, in Vilanova i La Geltrú, a coastal town, to promote maritime, nautical, fishing and scientific activities in a seaside region, by a properly use of the technological tools exist...
Posted By : ramoncod | 0 comments
Few days ago the person behind the Hacking Team hack revealed how he did it in pastebin - (the original in Spanish) I was very keen to understand how good you need to be to hack back one of the most (in)famous hacki...
Posted By : TiagoRosado | 0 comments
Realizar tareas de educación y concienciación para el usuario final es vital, teniendo en cuenta que al final es este usuario quien decidirá si se protege. pensando en esto, les comparto consejos útiles. 1. No utilices vocabulario técnico, considera que t...
Posted By : Rene372 | 0 comments
Recently while reading through various cyber security threat feeds, I ran across a very interesting article describing ways to protect your identity and personal data.  In the article the author discussed "Understanding your data-protection and privacy ri...
Posted By : James948 | 0 comments