Find Resources & Connect with members on topics that interest you.

Applications

Audit

Business Processes

Career Management

Cloud Computing/Virtualization

COBIT

Controls and Monitoring

Country

Databases

Fraud and Computer Crime

Governance and Management

Industry

Information Security

IT Service Management

Mobile/Wireless

Operating Systems

Privacy/Data Protection

Regulations

Risk

Standards

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

ME - Monitor and Evaluate

Application Controls

Process Controls

Please sign in to see your topics.

You must be logged in to join this group.

PO3.4 - Technology Standards

This topic is intended to enable collaboration and sharing of information to facilitate a better understanding and approach to implementing this COBIT control objective based on the risk, value and guidance provided by its corresponding control practices.

COBIT Control Objective PO3.4 - Technology Standards is contained within Process Popup Determine Technological Direction

Learn more about COBIT and related publications.

Click “Join This Community” to be able to actively participate in discussions and contribute content. You must be an ISACA member to join this topic. Join ISACA now.

 
This Topic Has:
4 Members
0 Online
2402 Visits

 Recent Discussions

Community Leader

Knowledge Center Manager

Knowledge Center Manager

Title: Become a Topic Leader!

Technology Standards

To provide consistent, effective and secure technological solutions enterprisewide, establish a technology forum to provide technology guidelines, advice on infrastructure products and guidance on the selection of technology, and measure compliance with these standards and guidelines. This forum should direct technology standards and practices based on their business relevance, risks and compliance with external requirements.

View value and Risk Drivers  help

Hide value and Risk Drivers help


Value Drivers

  • Increased control over information systems asset acquisitions, changes and disposals
  • Standardised acquisitions supporting the technological direction, increasing alignment and reducing risks
  • Scalable information systems reducing replacement costs
  • Consistency in technology throughout the enterprise, improving efficiency and reducing support, licensing and maintenance costs
   Risk Drivers
  • Incompatibilities between technology platforms and applications
  • Deviations from the approved technological direction
  • Licensing violations
  • Increased support, replacement and maintenance costs
  • Inability to access historical data on unsupported technology

View Control Practices  help

Hide Control Practices  help

  1. Ensure that corporate technology standards are approved by the IT architecture board and communicated throughout the organisation by using a technology forum.
  2. Ensure that management establishes and maintains an approved list of vendors and system components that conform with the technological infrastructure plan and technology standards.
  3. Establish a process to prevent the acquisition of non-conforming systems or applications.
  4. Put technology guidelines in place to effectively support the organisation’s technological solutions.
  5. Put in place monitoring and benchmarking processes, such as measuring non-compliance to technology standards, to ensure compliance to the standards.
  6. Update technology standards as part of a periodic review of the technological infrastructure plan. Ensure that all stakeholders are involved in the development and approval of migration strategies and change plans, taking into consideration impacts on personnel and operations.
  7. Align the information systems department’s recruiting and training practices with the technology standards.

Discussions: 0 total

Must be a Topic member to contribute

No Results Found

Documents & Publications: 149 total

Must be a Topic member to contribute
View All »
Downloads
Virtualization: Benefits and Challenges White Paper
Posted by ISACA 582 days ago
Downloads
Val IT Framework 2.0
Posted by ISACA 704 days ago
Downloads
VAL IT Business Case
Posted by ISACA 757 days ago
Research
Cloud Governance: Questions Boards of Directors Need to Ask
Posted by ISACA 21 days ago
Research
Cloud Computing Management Audit/Assurance Program (Aug 2010)
Posted by ISACA 45 days ago
Downloads
APT Survey Report
Advanced persistent threat (APT) has been a term used frequently during security threat discussion; however, confusion exists as to what an APT is and how to manage the risk associated with it.
Posted by ISACA 85 days ago
View All »

Events & Online Learning: 8 total

View All »
19 Jul 2012
Online
Virtual Conference: Mobile Security Imperatives 2012
Online
More »
Add to my Outlook
17 Sep 2012
ISACA International Event
Cloud Computing—Seeing through the Cloud: What the IT Auditor Needs to Know-San Francisco
San Francisco, CA, USA
More »
Add to my Outlook
12 Dec 2012
Online
Virtual Conference: Secure the Hybrid Cloud: Protecting Users, APIs and Devices
Online
More »
Add to my Outlook
6 May 2013
ISACA International Event
Cloud Computing: Seeing through the Clouds - What the IT Auditor Needs to Know-Washington, DC
Washington, DC, US
More »
Add to my Outlook
10 Jun 2013
ISACA International Event
INSIGHTS 2013: ISACA's World Congress
Berlin, Germany
Early bird deadline has been extended: save over US $350 when you register by 1 May. Learn from industry-leading IT experts at Insights 2013. This is a unique opportunity to discover revolutionary new ideas at the world’s premier business event.
More »
Add to my Outlook
Register Now
16 Sep 2013
ISACA International Event
2013 EuroCACS / ISRM
London, England
Stay on top of the trends and opportunities of the dynamic technology industry at EuroCACS/ISRM 2013 in Berlin—the leading European conference for IT audit, assurance, security and risk professionals. Save over US $200 when you register by 22 July!
More »
Add to my Outlook
Register Now
View All »

Journal Articles: 261 total

View All »
Volume 3, 2013
IT Security Responsibilities Change When Moving to the Cloud
by Larry G. Wlosinski, CISA, CISM, CRISC, CAP, CDP, CISSP, ITIL
How will an organization’s information security staff be affected if the organization’s computer systems are moved to a cloud environment?
Volume 3, 2013
The Arrival (Finally) of PCI Cloud Guidance
by Andrew Hay
The PCI Security Standards Council’s Special Interest Group for Cloud released its much-anticipated guidance for securing Software, Platform and Infrastructure as a Service (SaaS, PaaS and IaaS) cloud servers.
Volume 3, 2013
Pushing Back the Rain—How to Create Trustworthy Services in the Cloud
by Dan Bogdanov, Ph.D., and Aivo Kalu, Ph.D., CISA
A cloud is a remote-access platform; thus, technical controls that remotely enforce a particular security policy are especially efficient.
Volume 2, 2013
ISO/IEC 27001:2005 Implementation and Certification—Doing It Again and Again
by Nurudeen Odeshina, CISA, CISM, CRISC, ISO 27001 LI, ITSM
As is often said, “information security is not a destination, it is a journey,” and for the organization it means continuous improvement.
Volume 2, 2013
Aspirations to Reality—Filling the Cloud Computing Performance Gap
by Vicki Gatewood, CGEIT, CRISC
For all of the positive claims about the benefits of cloud computing, there have been as many articles warning of the dangers.
Volume 2, 2013
Just Okay Practice
by Steven J. Ross, CISA, CISSP, MBCP
Organizations should never aspire to being standard in any endeavor.
View All »

User Contributed External Links: 0 total

Wikis: 2 total

Blog Posts: 40 total

View All »
18 Mar 2013
VENEZUELA, Cursos de Preparación Examenes CISA, CISM, CRISC, COBIT
Grupos de Estudio para Acreditaciones de JUNIO, SEPTIEMBRE Y DICIEMBRE 2013. Para los que esten interesados en la presentación del exámen de certificación CISA y CISM  o para cualquiera que desee comenzar a prepararse para estas o las próximas pruebas, pu...
Posted By : Alexander Osorio | 0 comments
13 Mar 2013
Remote Power management of machines in corporate network
DISCLAIMER :- Below information is just for knowledge sharing purpose and reference. Personally or on behalf of any organization; I do not recommend any specific / particular tool listed below. These are the ones which I have come across. there may be t...
Posted By : prathameshkarekar | 0 comments
23 Jan 2013
Security certification o security rating for cloud services?
(Cross posted in http://www.leetsecurity.com/en/2013/01/18/certification-or-rating)In some occasions, specially when the issue we want to analyze or study is complex or very new, it could be useful to use analogies. We say that because, to explain the use...
Posted By : Antonio Ramos | 0 comments
6 Jan 2013
Auditing SQL Server Permissions using CAATs
Before we get into auditing SQL Server permissions a reminder of a few definitions might be helpful. In SQL Server anything that can be granted a right to perform an activity is called a principal. So fundamentally principals are logins, users, roles, ...
Posted By : Ian Cooke | 3 comments
1 Jan 2013
ISACA Security Considerations for Cloud Computing
(Cross-posted in www.leetsecurity.com/en/2012/12/14/isaca-security-considerations-for-cloud/)As part of ISACA Series about cloud computing, we find the document "Security Considerations for Cloud Computing"  (link) with the objective of provide a practice...
Posted By : Antonio Ramos | 1 comments
5 Nov 2012
OIC GRC Reality
Case Studies Based On Real World Experience All OIC Member Contractors have the option to participate in a new component of our Oracle Governance, Risk and Compliance (GRC) training called OIC GRC Reality.  You will have an opportunity to participate...
Posted By : RogerDrolet | 4 comments
View All »
Report An Issue