Full Text Available
Note: Clicking the button above will open the full text document at the original institutional repository in a new window.
An investigation to determine incremental risks to software as a service from a user’s perspective
Thesis (MComm)--Stellenbosch University, 2011.
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Thesis |
| Language: | en_ZA |
| Published: |
Stellenbosch : Stellenbosch University
2011
|
| Subjects: | |
| Tags: |
No Tags, Be the first to tag this record!
|
| _version_ | 1867614136023646208 |
|---|---|
| access_status_str | Open Access |
| author | Ipland, Frederick Ferdinand |
| author2 | Steenkamp, L. P. |
| author_browse | Ipland, Frederick Ferdinand Steenkamp, L. P. |
| author_facet | Steenkamp, L. P. Ipland, Frederick Ferdinand |
| author_sort | Ipland, Frederick Ferdinand |
| collection | Thesis |
| dc_rights_str_mv | Stellenbosch University |
| description | Thesis (MComm)--Stellenbosch University, 2011. |
| format | Thesis |
| id | oai:scholar.sun.ac.za:10019.1/18086 |
| institution | Stellenbosch University (South Africa) |
| language | en_ZA |
| last_indexed | 2026-06-10T12:47:14.419Z |
| license_str | Other — see source repository |
| provenance_str_mv | Harvested via OAI-PMH from SUNScholar — Stellenbosch University Repository |
| publishDate | 2011 |
| publishDateRange | 2011 |
| publishDateSort | 2011 |
| publisher | Stellenbosch : Stellenbosch University |
| publisherStr | Stellenbosch : Stellenbosch University |
| record_format | dspace |
| source_str | SUNScholar — Stellenbosch University Repository |
| spelling | oai:scholar.sun.ac.za:10019.1/18086 An investigation to determine incremental risks to software as a service from a user’s perspective Ipland, Frederick Ferdinand Steenkamp, L. P. Stellenbosch University. Faculty of Economic and Management Sciences. Dept. of Accountancy. Software as a Service -- Risks Cloud computing -- Risks Risk management Dissertations -- Accountancy Theses -- Accountancy Dissertations -- Computer auditing Theses -- Computer auditing Thesis (MComm)--Stellenbosch University, 2011. ENGLISH ABSTRACT: Software as a Service (SaaS) – which is a deployment model of cloud computing – is a developing trend in technology that brings with it new potential opportunities and consequently potential risk to enterprise. These incremental risks need to be identified in order to assist in risk management and therefore information technology (IT) governance. IT governance is a cornerstone of enterprise-wide corporate governance. For many entities corporate governance has become a statutory requirement, due to the implementation of legislation such as Sarbanes-Oxley Act of the United States of America. The research aims to assist in the IT governance of SaaS, by identifying risks and possible controls. By means of an in-depth literature review, the study identified 30 key risks relating to the use and implementation of SaaS from the user’s perspective. Different governance and risk frameworks were considered, including CobiT and The Risk IT Framework. In the extensive literature review, it was found that CobiT would be the most appropriate framework to use in this study. Mapping the risks and technologies from the user's perspective to one or more of the processes of the CobiT framework, the research found that not all processes where applicable. Merely 18 of 34 CobiT processes where applicable. The study endeavoured to identify possible controls and safeguards for the risks identified. By using the technologies and risks that were mapped to the CobiT processes, a control framework was developed which included 11 key controls to possibly reduce, mitigate or accept the risks identified. Controls are merely incidental if it is not linked to a framework. AFRIKAANSE OPSOMMING: Software as a Service (SaaS) – ‘n ontplooiingsmodel van cloud computing – is ‘n ontwikkelende tegnologiese tendens wat verskeie moontlikhede, maar daarby ook verskeie risiko’s vir ondernemings inhou. Hierdie addisionele risiko’s moet geïdentifiseer word om te help met die bestuur van risiko’s en daarom ook die beheer van Informasie Tegnologie (IT). IT beheer is ‘n belangrike deel van die grondslag van ondernemingswye korporatiewe beheer. As gevolg van die implimentering van wetgewing soos die Sarbanes-Oxley wetsontwerp van die Verenigde State van Amerika, het korporatiewe beheer ‘n statutêre vereiste geword vir verskeie ondernemings. Hierdie studie poog om die IT beheer van SaaS by te staan, deur risiko’s en moontlike beheermaatreëls te identifiseer. Deur middel van ‘n indiepte literatuur ondersoek het die studie 30 sleutelrisiko’s geïdentifiseer wat verband hou met die gebruik en implimentering van SaaS vanuit ‘n gebruikersoogpunt. Verskeie korporatiewe- en risiko raamwerke, insluitende CobiT en The Risk IT Framework, was oorweeg. Die literatuur ondersoek het egter bevind dat CobiT die mees toepaslikste raamwerk vir dié studie sal wees. Deur die risiko’s en tegnologieë vanuit ‘n gebruikers perspektief te laat pas met een of meer CobiT prosesse, het die navorsing bevind dat nie alle prosesse in CobiT van toepassing is nie. Slegs 18 van die 34 prosesse was van toepassing. Die studie het ook gepoog om moontlike beheer- en voorsorgmaatreëls vir die risiko’s te identifiseer. Deur die tegnologieë en risiko’s te gebruik wat gepas is teen die CobiT prosesse, is ‘n beheer raamwerk ontwikkel wat 11 sleutel beheermaatreëls insluit, wat die geïdentifiseerde risiko’s kan verminder, temper of aanvaar. Beheermaatreëls is slegs bykomstig as dit nie direk aan ‘n raamwerk gekoppel is nie. Masters 2011-11-03T10:41:25Z 2011-12-05T13:27:12Z 2011-11-03T10:41:25Z 2011-12-05T13:27:12Z 2011-12 Thesis http://hdl.handle.net/10019.1/18086 en_ZA Stellenbosch University 86 p. application/pdf Stellenbosch : Stellenbosch University |
| spellingShingle | Software as a Service -- Risks Cloud computing -- Risks Risk management Dissertations -- Accountancy Theses -- Accountancy Dissertations -- Computer auditing Theses -- Computer auditing Ipland, Frederick Ferdinand An investigation to determine incremental risks to software as a service from a user’s perspective |
| title | An investigation to determine incremental risks to software as a service from a user’s perspective |
| title_full | An investigation to determine incremental risks to software as a service from a user’s perspective |
| title_fullStr | An investigation to determine incremental risks to software as a service from a user’s perspective |
| title_full_unstemmed | An investigation to determine incremental risks to software as a service from a user’s perspective |
| title_short | An investigation to determine incremental risks to software as a service from a user’s perspective |
| title_sort | investigation to determine incremental risks to software as a service from a user s perspective |
| topic | Software as a Service -- Risks Cloud computing -- Risks Risk management Dissertations -- Accountancy Theses -- Accountancy Dissertations -- Computer auditing Theses -- Computer auditing |
| url | http://hdl.handle.net/10019.1/18086 |
| work_keys_str_mv | AT iplandfrederickferdinand aninvestigationtodetermineincrementalriskstosoftwareasaservicefromausersperspective AT iplandfrederickferdinand investigationtodetermineincrementalriskstosoftwareasaservicefromausersperspective |