Risk and compliance management framework for outsourced global software development

Proceedings - 5th International Conference on Global Software Engineering, ICGSE 2010

Volumn , Issue , 2010, Pages 228-233

  Magnusson, Christer ^a   Chou, Sung Chun ^a  

^a STOCKHOLM UNIVERSITY   (Sweden)

Author keywords

Compliance; COSO ERM; Global software development; ISO 20000; ISO 27001; Risk management; SABSA; SOX

Indexed keywords

INDUSTRIAL MANAGEMENT; OUTSOURCING; RISKS; SOFTWARE DESIGN; TRANSPARENCY;

COMPLIANCE; COSO-ERM; GLOBAL SOFTWARE DEVELOPMENT; ISO 20000; ISO 27001; SABSA;

RISK MANAGEMENT;

EID: 78149292908     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ICGSE.2010.34     Document Type: Conference Paper

References (27)

1. Azad, A., Barnard M., and Johnson, K. "The future of IT application development", White Paper, IBM Corporation, June 2007, Accessed from: http://www-935.ibm.com/services/hk/cio/pdf/sourcing-wp-gtw01473-usen-00.pdf
2. BASDA, "IT Implications of Sarbanes-Oxley: Challenge or Opportunity", White Paper, The Business Application Software Developer's Association, 2005. Accessed from: http://www.pwc.com/en-LU/lu/it-effectiveness/ docs/pwc-sarbanes-oxley210606.pdf
3. Bass, M., Herbsleb, J. D. and Lescher, C., "A Coordination Risk Analysis Method for Multi-Site Projects: Experience Report" in 2009 IEEE International Conference on Global Software Engineering, July, 2009, pp. 31-40
4. Brown, W. and Nasuti, F. "What ERP systems can tell us about Sarbanes-Oxley", Information Management & Computer Security, Vol. 13 No. 4, 2005, pp. 311-327
5. Brown, S. G. and Yip, F., "Integrating Pattern Concepts and Network Security Architecture," In Network Operations and Management Symposium, 2006, 10th IEEE/IFIP, 3-7 April 2006, pp. 1-4
6. Clerc, V., Lago, P. and Vliet, H. "Global Software Development: Are Architecture Rules the Answer?", in 2007 IEEE International Conference on Global Software Engineering, Aug. 2007, pp. 225-234
7. COSO, "Enterprise Risk Management - Integrated Framework Executive Summary", September 2004.
8. Ebert, C., Murthy, B. K. and Jha, N. N., "Managing Risks in Global Softwre Engineering: Principles and Practices," in 2008 IEEE International Conference on Global Software Engineering, Aug. 2008, pp. 131-140
9. Farr, P. V., "The IT/Compliance Challenge Within Segregation of Duties", White Paper, BMC Software, Accessed from: http://documents.bmc. com/products/documents/59/09/65909/65909.pdf
10. Gartner Group, "Sarbanes-Oxley Compliance Demands IS Involvement", 10 October 2003, Accessed from: http://www.gartner.com/ DisplayDocument?id=412275
11. Holmstrom, H., Cochuir, E., Ågerfalk, P. J. and Fitzgerald, B. "Global Software Development Challenges: A Case Study on Temporal, Geographical and Socio-Cultural Distance", in 2006 IEEE International Conference on Global Software Engineering, Oct. 2006, pp. 3-11
12. IBM Global Technology Service, "Outsourcing and Informatino Security," White Paper, Feburary 2009. Accessed from: http://www-935.ibm. com/services/nl/gts/pdf/white-paper-v01.pdf
13. International Organization for Standardization, "ISO/IEC 20000-2:2005 Information technology - Service management - Part 1: Specification" Published on 2005-12-15
14. International Organization for Standardization, "ISO/IEC 20000-2:2005 Information technology - Service management - Part 2: Code of practice," Published on 2005-12-15
15. st edition, Published on 2005-10-15
16. st edition, Published on 2005-6-15
17. Kaarst-Brown, M. L. and Kelly S., "IT Governance and Sarbanes-Oxley: The latest sales pitch or real challenges for the IT Function?", in Proceedings of the 38th Hawaii International Conference on System Sciences, 2005.
18. Kaisler, S. H., Armour F. and Valivullah, M., "Enterprise Architecting: Critical Problems", in Proceedings of the 38th Hawaii International Conference on System Sciences, 2005
19. Khan, S. U., Niazi, M. and Ahmad, R., "Critical Success Factors for Offshore Software Development Outsourcing Vendors: A Systematic Literature Review", in 2009 Fourth IEEE International Conference on Global Software Engineering, July 2009, pp.207-216.
20. Magnusson, C., "Corporate Governance, Internal Control and Compliance - From an Information Security Perspective," Report for Confederation of Swedish Enterprise, Sweden, September 2007, Accessed from: http://www.svensktnaringsliv.se/material/rapporter/corporate-governance- internal-control-and-compliance-from-aninfo-35898.html
21. Oda, S. M., Fu, H. and Zhu, Y., "Enterprise Information Security Architecture: A Review of Frameworks, Methodology, and Case Studies", in Proceeding of the 2009 2nd IEEE International Conference on Computer Science and Information Technology, Beijing, 2009, pp.333-337
22. Prikladnicki, R., Audy, J. and Evaristo R., "Global Software Development in Practice Lessons Learned," Software Process: Improvement and Practice, vol 8, Issue 4, October/December 2003, pp. 267-281
23. Sherwood, J., Clark, A. and Lynas, D., "Enterprise Security Architecture: A Business Driven Approach", San Francisco, CA: CMP Books, 2005
24. Stephenson, P. "S-TRAIS: A Method for Security Requirements Engineering Using a Standards Based Network Security Reference Model," in Conference Proceedings from SREIS 2005, Accessed from http://www.sreis.org/old/ 2001/papers/sreis018.pdf
25. Symantec Corporation, "Lessons Learned for SOX Compliance and Other Regulatory Challenges," White Paper: Enterprise Security, 2008, Accessed from: http://ww2.ost-us.com:5051/White%20Papers/Lessons%20Learned%20for%0SOX.pdf
26. The 117th Congress of the United States of America, "Sarbanes-Oxley Act of 2002," enacted on July 30, 2002
27. Zachman, J. A. , "A framework for information systems architecture", IBM Systems Journal, Vol. 26, No 3, 1987, pp. 276-292