Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

You must be logged in to join this group.

AI2.1 - High-level Design

This topic is intended to enable collaboration and sharing of information to facilitate a better understanding and approach to implementing this COBIT control objective based on the risk, value and guidance provided by its corresponding control practices.

COBIT Control Objective AI2.1 - High-level Design is contained within Process Popup Acquire and Maintain Application Software.

Learn more about COBIT and related publications.

Click “Join This Community” to be able to actively participate in discussions and contribute content. You must be an ISACA member to join this topic. Join ISACA now.

This Topic Has:
5 Members
0 Online
4225 Visits

 Recent Discussions

Community Leader

Knowledge Center Manager

Knowledge Center Manager

Title: Become a Topic Leader!

Badge: Energizer

High-level Design

Translate business requirements into a high-level design specification for software acquisition, taking into account the organisation’s technological direction and information architecture. Have the design specifications approved by management to ensure that the high-level design responds to the requirements. Reassess when significant technical or logical discrepancies occur during development or maintenance.

View value and Risk Drivers  help

Hide value and Risk Drivers help

Value Drivers

  • Reduced costs
  • Consistency between business requirements and high-level design results
  • Improved time to delivery
  Risk Drivers
  • Dependency on knowledge held by key individuals
  • Undefined development scope
  • Solutions failing to deliver business requirements
  • Solutions not aligned with strategic IT plan, information architecture and technology direction
  • High costs of fragmented solutions

View Control Practices  help

Hide Control Practices  help

  1. Establish a high-level design specification that translates the business requirements for the software development based on the organisation’s technological direction and information architecture model.
  2. Confirm that the design approach and documentation are compliant with the organisation’s design standards.
  3. Involve appropriately qualified and experienced users in the design process to draw on their expertise and knowledge of existing systems or processes.
  4. Confirm that the design is consistent with the business plans, strategies, applicable regulations and IT plans.
  5. Ensure that the high-level design is approved and signed off on by IT stakeholders (e.g., human/computer interaction, security and other experts) to ensure that their inputs have been recognised and the design, as a whole, constitutes a solution that the organisation can deliver, operate and maintain. Establish that no project proceeds to the business approval process without appropriate review and sign-off by IT stakeholders.
  6. Submit the final high-level design after QA sign-off to the project sponsor/business process owner, and obtain approval and sign-off. Establish that no project proceeds to development without appropriate sign-off by the business.

Discussions: 0 total

Must be a Topic member to contribute

No Results Found

Documents & Publications: 70 total

Must be a Topic member to contribute
View All »
Posted by ISACA 1151 days ago
Posted by ISACA 230 days ago
Posted by ISACA 444 days ago
Posted by ISACA 549 days ago

Events & Online Learning: 16 total

16 Mar 2015
ISACA International Event
Orlando, FL, USA
21 Sep 2015
ISACA International Event
06010 Mexico City, Panama
La Conferencia Latinoamericana CACS/ISRM
9 Nov 2015
ISACA International Event
Copenhagen, Denmark
Stay on top of the trends and opportunities of the dynamic technology industry at EuroCACS/ISRM —the leading European conference for IT audit, assurance, security and risk professionals.

Journal Articles: 210 total

Volume 3, 2107
by Jayakumar Sundaram, CISA, ISO 27001 LA
The SoA is a continuously updated and controlled document that provides an overview of information security implementation.
Volume 6, 2106
by Venkatasubramanian Ramakrishnan, CISM, CRISC, CHFI
Bayesian networks can capture the complex interdependencies among risk factors and can effectively combine data with expert judgment.
Volume 3, 2017
The resolve to address IoT device security at various levels—hardware and software, government and enterprise, consumers and services—is widespread.
Volume 3, 2017
by Vasant Raval, DBA, CISA, ACMA, and Rajesh Sharma, Ph.D., ITIL-F, Six Sigma Black Belt
Success does not teach much, if anything; it is the failure that provides lessons to do better in the future.
Volume 3, 2017
by Hemant Patel, CISM, ITIL, PMP, TOGAF
Security needs to be addressed at all stages of the IoT system life cycle, including the design, installation, configuration and operational stages.
Volume 3, 2017
by ISACA | Reviewed by Diana Hamono
The book is a useful resource for managers in all parts of an organization that is considering transitioning some, or all, of its current IT services onto cloud-based services and who want to understand the security implications of doing so.

Wikis: 2 total

Blog Posts: 121 total

Seguro que todos hemos oído en los últimos meses noticiassobre ataques cibernéticos y el impacto que los mismos han tenido en diferentesindustrias y empresas. El último de ellos denominado “WannaCry” ha sidoconsiderado como uno de los mayores ataques info...
Posted By : Rene372 | 0 comments
Manejo de TI interno. El tener toda la estructura de TI internamente, sin subcontrataciones, puede dar una acumulación de problemas difíciles de manejar para una sola organización.Asociaciones con contrapartes. Al trabajar en un proyecto conjunto con una...
Posted By : Gladys789 | 0 comments
La razón de que varias páginas y servicios soportados por la nube de Amazon Web Services –entre ellos Netflix y Spotify- presentarán fallas el martes pasado se debió a un error humano, aseguró la compañía. El reporte de Amazon apuntaba que servidores S3 e...
Posted By : Rene372 | 0 comments
La demanda de servicios bancarios a través de Internet, producto del surgimiento de nuevas necesidades en los consumidores atraídos por el auge tecnológico, mantiene a las entidades financieras inmersas en una encrucijada en la cual deben equilibrar el ni...
Posted By : Gerardo Zuñiga | 0 comments
Dear All I am working on Information security risk assessment framework which helps to reduce the subjectivity in the risk assessment process. (Subjective risk assessment is the one which is based on the risk parameters having values 1 to 5 or 1 to 3. and...
Posted By : Muhammad Irfan Bashir | 0 comments
Today, all of us need to protect the personal information... so, I share these useful tips. Here are eight tips to help you protect the privacy of your personal information:1. Implement a personal-information "need-to-know basis" policyMany businesses ask...
Posted By : Rene372 | 0 comments