Design and Implementation of an IT Governance Framework for Security Improvement

碩士 === 國立臺北科技大學 === 資訊工程系研究所 === 97 === Information Technology (IT) governance is the process by which decisions are made around IT environment. This is governing decision making in important IT operational areas. This terminology is involving the policy to drive the governance into effective IT org...

Full description

Bibliographic Details
Main Authors: Barli Hakim, BarliHakim
Other Authors: 陳英一
Format: Others
Language:en_US
Online Access:http://ndltd.ncl.edu.tw/handle/b4s9ms
Description
Summary:碩士 === 國立臺北科技大學 === 資訊工程系研究所 === 97 === Information Technology (IT) governance is the process by which decisions are made around IT environment. This is governing decision making in important IT operational areas. This terminology is involving the policy to drive the governance into effective IT organization. The policy sometime drives the organization into disaster without monitoring to control the direction as IT governance already created. IT organizations originally have IT governance which is managed by an administrator, person in charge have policy to handle this problem within this domain. A problem is arising when administrator has been conducted fault decision to interpret organization policy. This fault was undetected until someone noticed the problem and reported to organization, then some particular action will be arranged to deal with. Those process obviously waste time and money. This research is conducts to provide solution addressed to the problem that mentioned above. We proposed a design of IT Governance framework on problem detection of security system. This architecture monitoring the Access Control List concurrently generates real time result and then it also conducted change and configuration in order to improve the security assurance. The process of change and configuration need analytical action in order to comparing between new problems and previews problems are on the list and then when system encounter new problem that not on the list, the system will be deliver as a new problem solution considering as improvement on security domain. Finally the thesis has been done monitoring and change and configuration to conducted framework for security improvement.