信息安全治理成熟度模型

<正> 信息安全治理,是指最高管理层(董事会)监督管理层在信息安全战略上的过程、结构和联系,以确保这种运营处于正确的轨道。缺乏良好信息安全治理机制的组织,亦即缺乏健全的制度安排,因而不可能具备良好的信息安全管理体系,也不可能取得信息化的成功;同样,没有信息安全管理体系的畅通,单纯的治理机制也只能是一个美好的蓝图,而缺乏实际的内容。 作为一种信息安全治理机制,信息安全治理成熟度模型将有助于回答以下这些问题。     

软件能力成熟度模型及其解决方案

软件能力成熟度模型是软件组织生产过程的评价标准，为提高软件组织的软件能力提供了一个阶梯式的进化框架，文章指出了SW－CMM对软件业发展的重要意义，介绍了该模型的具体内容和实现方法，为软件组织的发展指明了目标和手段。     

软件人员能力成熟度模型及其评估框架

首先介绍了软件人员成熟度模型,阐明了其主要的概念,再对P－CMM中的每一成熟度级别进行了分析,讨论了P－CMM的评估框架及应用,最后提出了若干要进一步研究的问题。     

CMM软件能力成熟度模型概述

给出了CMM软件能力成熟度模型的基本概念,归纳CMM五个不同成熟度级别的主要特征。     

软件能力成熟度模型CMM的探讨

本文首先对软件能力成熟度模型的起因、历史、发展及一些基本概念作了简单的介绍;然后对模型的结构、内容和各成熟度等级的行为特征进行了描述;最后,进行了相关总结。     

软件测评能力成熟度模型研究

软件测评作为软件质量保证的重要手段,其重要性已越来越受到各方的高度关注。要在有限的时间、人员和经费等约束条件下,验证软件是否满足要求并尽可能多地发现其中存在的缺陷,就必须找到提高测评效率和质量的有效途径,为此不仅要研究软件测评的技术、方法和工具,还必须注重软件测评过程的管理和改进。本文在借鉴CMM、CMMI、TMMi、GJB5000、GJB5000A思想的基础上,提出了适用于软件第三方测评机构的软件测评能力成熟度模型,有助于第三方测评机构改进其测评过程、主管部门遴选测评机构。     

深入探讨软件成熟度模型

联想公司软件事业部通过了ＣＭＭ２级认证这件事情让软件界兴奋了许久，近期有消息透露联想公司有意在年底冲击ＣＭＭ３级认证，这一消息更加振奋了中国软件业。信息产业部“今年电子信息产品投资重点”中提到，软件“开发过程中采用ＣＭＭ管理模式，提高软件开发效率和质量保证能力”。软件能力成熟度是属于软件质量和软件生产组织管理问题。本文来说说这一问题，并给出我们的观点和想法。软件质量概念和问题 信息时代，软件质量的重要性越来越为人们所认识。软件是产品、是装备、是工具，其质量使得顾客满意，是产品市场开拓、事业得以发…     

SaaS成熟度模型浅析

一次面试过程中,面试者提到他们公司也在做SaaS软件,他提到他们为某一个大客户开发了一款软件,并且购买了相应硬件、网络设备,并负责软件的部署和维护,客户仅仅需要按年支付服务费用。我诧异道：这也算SaaS？不过回想一下,这为什么不能称为SaaS模式,它完全符合SaaS的众多特征：按需付费、租用、客户不拥有软硬件所有权等。但是为什么一般很难将这种模式视为SaaS模式？     

SaaS成熟度模型浅析

一次面试过程中,面试者提到他们公司也在做SaaS软件,他提到他们为某一个大客户开发了一款软件,并且购买了相应硬件、网络设备,并负责软件的部署和维护,客户仅仅需要按年支付服务费用。我诧异道：这也算SaaS？不过回想一下,这为什么不能称为SaaS模式,它完全符合SaaS的众多特征：按需付费、租用、客户不拥有软硬件所有权等。但是为什么一般很难将这种模式视为SaaS模式？     

软件能力成熟度模型及其在软件测试过程中的应用

软件测试是质量保证的关键步骤。本文介绍了软件能力成熟度模型在软件测试过程中的相关支持和扩充,然后结合实际的软件测试过程,介绍了如何利用CMM改进软件测试过程。     

Explaining IT governance disclosure through the constructs of IT governance maturity and IT strategic role

This study investigates the relation between the maturity of IT governance processes and the IT governance disclosure of firms. Furthermore, it examines whether the strategic role of IT in an industry induces systematic variation in IT governance disclosure. Based on a content analysis of annual reports and a field survey on the maturity of the implementation of COBIT processes, the results demonstrate a role of IT governance frameworks in stimulating accountability and transparency via enhanced external reporting of relevant IT information to external stakeholders, in particular in settings where the strategic role of IT is high.     

企业IT治理架构构建①

针对当前企业信息化过程中所存在的问题,系统论述了企业管理和IT治理的关系,并着重分析了企业IT治理的模式,提出了企业IT治理的目标和架构。并在此基础上提出了企业IT治理架构构建的方法。     

Business analytics maturity of firms: an examination of the relationships between managerial perception of IT,business analytics maturity and success

This study develops a measure for business analytics (BA) maturity and empirically examines the relationships between managerial perception of IT, BA maturity and BA success. The findings suggest that (1) BA maturity can be measured via BA integration & management support, process-level benefits of BA and technology & data analytics capabilities, (2) BA maturity positively affects organizations’ overall BA success, and (3) managerial perception of IT positively influence organizations’ achievement of BA maturity.     

Exploring IT Dependence and IT Governance

The purpose of this study is to identify the IT governance mechanisms that are used at different levels of IT dependence (defensive or offensive IT modes) and to compare the degree of their use between these IT modes. The results of a survey suggest that the degree of use of IT governance mechanisms varies by IT mode, and it is greater when a firm is in offensive versus defensive IT mode.     

企业信息化建设成功之路——IT治理

IT治理是以企业战略为导向,以IT业务过程和IT服务的改进为手段,合理利用IT资源,规避IT风险的动态改进过程。本文从战略管理的角度分析企业信息化建设,认为IT实施与战略目标的背离是其失败的主要原因,并以COBIT模型为例论述了IT治理的流程。     

Evolution of a maturity model – critical evaluation and lessons learned

A system documentation process maturity model and assessment procedure were developed and used to assess 78 projects at 28 different companies over a five year period. During this time the original version evolved into second and third versions based on feedback from industry and the experience gained from the assessments. The changes to the model, maturity levels, key practices, scoring scheme and assessment report, and the reasons behind these changes are analyzed in this paper. The biggest lesson learned is that the key practices' degree of satisfaction and not the maturity levels drive the assessment and provide the key information needed for process improvement.     

Development and evaluation of a software-mediated process assessment method for IT service management

IT service improvements can add immense value to organisations. To improve IT service management (ITSM) processes, a software-mediated process assessment method is proposed with four phases: process identification, process assessment, process capability measurement and process improvement. The international standard for process assessment was applied to measure process capability. This method was trialled at two Australian organisations and positively evaluated in a US foreign exchange trading business. Our empirical evidence challenges the underlying assumption that higher levels of process capability depend on the achievement of lower level process attributes. We conclude that this method can be applied to transparently self-assess processes.     

The capability maturity model and CASE

Abstract. Many software organizations face serious problems in their attempts to make expectations and realities meet in introducing CASE technology. One promising approach to understanding CASE introduction better and to managing it more effectively has been developed by relating CASE introduction to the Capability Maturity Model (CMM). This paper reviews software process maturity as a framework for CASE introduction. The relevance of the framework is discussed and three critical questions are explored: 1) What is the role of organizational experiments in CASE introduction? 2) How do the functional characteristics of CASE technology influence CASE introduction? and 3) How does the organizational context influence CASE introduction? The aim of the paper, by way of this discussion, is to explicate the strengths and limits of software process maturity as a framework for CASE introduction, and to identify the most important supplementary issues     

电子政务的IT治理初探

IT治理，作为一种全新的管理理念，有助于防范各种导致电子政务失败和低效化的风险。本文运用COBIT模型，对电子政务中存在的风险进行IT治理，并指出建立IT治理机制势在必行。     

Impact of IT Governance and IT Capability on Firm Performance

Based on resource-based and strategic choice theory, this research empirically validates that IT governance is an important antecedent of IT capability, which in turn results in improved firm performance. This article contributes to the IS literature by proposing a comprehensive measure of IT governance based on secondary data, and simultaneously examining the impact of IT governance and IT capability on firm performance.