COBIT

COBIT(Control Objectives for Information and Related Technologies) is a framework created byISACAforinformation technology (IT) managementandIT governance.^[1]

The framework is business focused and defines a set of generic processes for the management of IT, with each process defined together with process inputs and outputs, key process-activities, process objectives, performance measures and an elementarymaturity model.^[1]

Framework and components

Business and IT goals are linked and measured to create responsibilities of business and IT teams.

Five processes are identified: Evaluate, Direct and Monitor (EDM); Align, Plan and Organize (APO); Build, Acquire and Implement (BAI); Deliver, Service and Support (DSS); and Monitor, Evaluate and Assess (MEA).^[2]

The COBIT framework ties in withCOSO,ITIL,^[3]BiSL,ISO 27000,CMMI,TOGAFandPMBOK.^[1]

The framework helps companies follow law, be more agile and earn more.^[4]

Below are COBIT components:

Framework: OrganizesIT governanceobjectives and good practices by IT domains and processes and links them to business requirements.
Process descriptions: A reference process model and common language for everyone in an organization. The processes map to responsibility areas of plan, build, run, and monitor.
Control objectives: Provides a complete set of high-level requirements to be considered by management for effective control of each IT process.
Management guidelines: Helps assign responsibility, agree on objectives, measure performance, and illustrate interrelationship with other processes.
Maturity models: Assesses maturity and capability per process and helps to address gaps.

The standard meets all the needs of the practice, while maintaining independence from specific manufacturers, technologies and platforms. When developing the standard, it was possible to use it both for auditing a company'sIT systemand for designing an IT system. In the first case, COBIT allows you to determine the degree of conformity of the system under study to the best examples, and in the second, to design a system that is almost ideal in its characteristics.

History

COBIT was initially "Control Objectives for Information and Related Technologies," though before the release of the framework people talked of "CobiT" as "Control Objectives for IT"^[5]or "Control Objectives for Information and Related Technology."^[6]

ISACA first released COBIT in 1996, originally as a set of control objectives^{[clarification needed]}to help the financial audit community better maneuver in IT-related environments.^[1]^[7]Seeing value in expanding the framework beyond just the auditing realm, ISACA released a broader version 2 in 1998 and expanded it even further by adding management guidelines in 2000's version 3. The development of both theAS 8015:Australian Standard for Corporate Governance of Information and Communication Technologyin January 2005^[8]and the more international draft standard ISO/IEC DIS 29382 (which soon after becameISO/IEC 38500) in January 2007^[9]increased awareness of the need for more information and communication technology (ICT) governance components. ISACA inevitably added related components/frameworks with versions 4 and 4.1 in 2005 and 2007 respectively, "addressing the IT-related business processes and responsibilities in value creation (Val IT) andrisk management(Risk IT). "^[1]^[7]

COBIT 5 (2012) is based on COBIT 4.1, Val IT 2.0 and Risk IT frameworks, and draws on ISACA'sIT Assurance Framework(ITAF) and theBusiness Model for Information Security(BMIS).^[10]^[11]

ISACA currently offers certification tracks on both COBIT 2019 (COBIT Foundations, COBIT Design & Implementation, and Implementing the NIST Cybersecurity Framework Using COBIT 2019)^[12]as well as certification in the previous version (COBIT 5).^[13]^[14]

References

^^a ^b ^c ^d ^eHaes, S.D.; Grembergen, W.V. (2015)."Chapter 5: COBIT as a Framework for Enterprise Governance of IT".Enterprise Governance of Information Technology: Achieving Alignment and Value, Featuring COBIT 5(2nd ed.). Springer. pp. 103–128.ISBN 9783319145471.Retrieved24 June2016.
^COBIT 2019 Framework: Introduction and Methodology from ISACA
^ITIL Foundation: 4th edition.AXELOS. 2019.ISBN 9780113316076.
^Luellig, Lorrie; Frazier, J. (2013)."A COBIT Approach to Regulatory Compliance and Defensible Disposal".ISACA Journal.5.Retrieved24 June2016.
^Katsikas, S.; Gritzalis, D., eds. (1996).Information Systems Security: Facing the Information Society of the 21st Century.IFIP Advances in Information and Communication Technology. Springer. p. 358.ISBN 9780412781209.TheMcCumber modelhas great similarities with the CobiT - Control Objectives for IT - framework (CobiT 1995).
^"Welcome to the ISACA/F".ISACA. 18 October 1996. Archived fromthe originalon 7 November 1996.Retrieved24 June2016.
^^a ^bStroud, R.E. (2012)."Introduction to COBIT 5"(PDF).ISACA.Retrieved24 June2016.
^da Cruz, M. (2006)."10: AS 8015-2005 - Australian Standard for Corporate Governance of ICT".In van Bon, J.; Verheijen, T. (eds.).Frameworks for IT Management.Van Haren Publishing. pp. 95–102.ISBN 9789077212905.Retrieved23 June2016.
^"ISO/IEC DIS 29382: 2007 Edition, February 1, 2007".IHS Standards Store.IHS, Inc. Archived fromthe originalon 23 June 2016.Retrieved23 June2016.
^"COBIT 5 for Information Security".ISACA.Retrieved24 June2016.
^"COBIT 5 for Assurance".ISACA.Retrieved24 June2016.
^"COBIT Certifications | Get Your COBIT Certificate | ISACA".
^"COBIT 5 Certification | Get COBIT 5 Certified | ISACA".
^"Home".knowyourprivacyrights.org.

External links

[HaesCOBIT15-1] Haes, S.D.; Grembergen, W.V. (2015)."Chapter 5: COBIT as a Framework for Enterprise Governance of IT".Enterprise Governance of Information Technology: Achieving Alignment and Value, Featuring COBIT 5(2nd ed.). Springer. pp. 103–128.ISBN 9783319145471.Retrieved24 June2016.

[Cobit_2019-2] COBIT 2019 Framework: Introduction and Methodology from ISACA

[3] ITIL Foundation: 4th edition.AXELOS. 2019.ISBN 9780113316076.

[LuelligACOBIT13-4] Luellig, Lorrie; Frazier, J. (2013)."A COBIT Approach to Regulatory Compliance and Defensible Disposal".ISACA Journal.5.Retrieved24 June2016.

[KatsikasInfo96-5] Katsikas, S.; Gritzalis, D., eds. (1996).Information Systems Security: Facing the Information Society of the 21st Century.IFIP Advances in Information and Communication Technology. Springer. p. 358.ISBN 9780412781209.TheMcCumber modelhas great similarities with the CobiT - Control Objectives for IT - framework (CobiT 1995).

[ISACAFirstArch-6] "Welcome to the ISACA/F".ISACA. 18 October 1996. Archived fromthe originalon 7 November 1996.Retrieved24 June2016.

[StroudIntro12-7] Stroud, R.E. (2012)."Introduction to COBIT 5"(PDF).ISACA.Retrieved24 June2016.

[Cruz10AS8015_06-8] Cruz, M. (2006)."10: AS 8015-2005 - Australian Standard for Corporate Governance of ICT".In van Bon, J.; Verheijen, T. (eds.).Frameworks for IT Management.Van Haren Publishing. pp. 95–102.ISBN 9789077212905.Retrieved23 June2016.

[ISODIS29382Arch-9] "ISO/IEC DIS 29382: 2007 Edition, February 1, 2007".IHS Standards Store.IHS, Inc. Archived fromthe originalon 23 June 2016.Retrieved23 June2016.

[C5InfoSec-10] "COBIT 5 for Information Security".ISACA.Retrieved24 June2016.

[C5Assur-11] "COBIT 5 for Assurance".ISACA.Retrieved24 June2016.

[12] "COBIT Certifications | Get Your COBIT Certificate | ISACA".

[13] "COBIT 5 Certification | Get COBIT 5 Certified | ISACA".

[14] "Home".knowyourprivacyrights.org.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

Framework and components

History

See also

References

External links