COBIT
   HOME

TheInfoList



Click Here for Items Related To - COBIT
OR:
COBIT on:   [Wikipedia]   [Google]   [Amazon]

COBIT (Control Objectives for Information and Related Technologies) is a framework created by ISACA for information technology (IT) management and
IT governance Information technology (IT) governance is a subset discipline of corporate governance, focused on information technology (IT) and its performance and risk management. The interest in IT governance is due to the ongoing need within organization ...
. The framework is business focused and defines a set of generic processes for the management of IT, with each process defined together with process inputs and outputs, key process-activities, process objectives, performance measures and an elementary
maturity model Maturity is a measurement of the ability of an organization for continuous improvement in a particular discipline (as defined in O-ISM3 ). The higher the maturity, the higher will be the chances that incidents or errors will lead to improvements e ...
.


Framework and components

Business and IT goals are linked and measured to create responsibilities of business and IT teams. Five processes are identified: Evaluate, Direct and Monitor (EDM); Align, Plan and Organize (APO); Build, Acquire and Implement (BAI); Deliver, Service and Support (DSS); and Monitor, Evaluate and Assess (MEA).COBIT 2019 Framework: Introduction and Methodology from ISACA The COBIT framework ties in with COSO,
ITIL The Information Technology Infrastructure Library (ITIL) is a set of detailed practices for IT activities such as IT service management (ITSM) and IT asset management (ITAM) that focus on aligning IT services with the needs of business. ITIL de ...
, BiSL, ISO 27000,
CMMI Capability Maturity Model Integration (CMMI) is a process level improvement training and appraisal program. Administered by the CMMI Institute, a subsidiary of ISACA, it was developed at Carnegie Mellon University (CMU). It is required by many U ...
,
TOGAF The Open Group Architecture Framework (TOGAF) is the most used framework for enterprise architecture as of 2020 that provides an approach for designing, planning, implementing, and governing an enterprise information technology architecture. TOG ...
and PMBOK. The framework helps companies follow law, be more agile and earn more. Below are COBIT components: * Framework: Organizes
IT governance Information technology (IT) governance is a subset discipline of corporate governance, focused on information technology (IT) and its performance and risk management. The interest in IT governance is due to the ongoing need within organization ...
objectives and good practices by IT domains and processes and links them to business requirements. * Process descriptions: A reference process model and common language for everyone in an organization. The processes map to responsibility areas of plan, build, run, and monitor. * Control objectives: Provides a complete set of high-level requirements to be considered by management for effective control of each IT process. * Management guidelines: Helps assign responsibility, agree on objectives, measure performance, and illustrate interrelationship with other processes. * Maturity models: Assesses maturity and capability per process and helps to address gaps. The standard meets all the needs of the practice, while maintaining independence from specific manufacturers, technologies and platforms. When developing the standard, it was possible to use it both for auditing a company's IT system and for designing an IT system. In the first case, COBIT allows you to determine the degree of conformity of the system under study to the best examples, and in the second, to design a system that is almost ideal in its characteristics.


History

COBIT was initially "Control Objectives for Information and Related Technologies," though before the release of the framework people talked of "CobiT" as "Control Objectives for IT" or "Control Objectives for Information and Related Technology." ISACA first released COBIT in 1996, originally as a set of control objectives to help the financial audit community better maneuver in IT-related environments. Seeing value in expanding the framework beyond just the auditing realm, ISACA released a broader version 2 in 1998 and expanded it even further by adding management guidelines in 2000's version 3. The development of both the
AS 8015 AS 8015-2005: ''Australian Standard for Corporate Governance of Information and Communication Technology'' is a technical standard developed by Standards Australia Committee IT-030 and published in January 2005. The standard provides principles, a ...
: ''Australian Standard for Corporate Governance of Information and Communication Technology'' in January 2005 and the more international draft standard ISO/IEC DIS 29382 (which soon after became
ISO/IEC 38500 ISO/IEC 38500 is an international standard for Corporate governance of information technology published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It provides a fra ...
) in January 2007 increased awareness of the need for more information and communication technology (ICT) governance components. ISACA inevitably added related components/frameworks with versions 4 and 4.1 in 2005 and 2007 respectively, "addressing the IT-related business processes and responsibilities in value creation (
Val IT Val IT is a governance framework that can be used to create business value from IT investments. It consists of a set of guiding principles and a number of processes and best practices that are further defined as a set of key management practices to ...
) and risk management (
Risk IT Risk IT, published in 2009 by ISACA,ISACA THE RISK IT FR ...
)." COBIT 5 (2012) is based on COBIT 4.1, Val IT 2.0 and Risk IT frameworks, and draws on ISACA's ''IT Assurance Framework'' (ITAF) and the ''Business Model for Information Security'' (BMIS). ISACA currently offers certification tracks on both COBIT 2019 (COBIT Foundations, COBIT Design & Implementation, and Implementing the NIST Cybersecurity Framework Using COBIT 2019) as well as certification in the previous version (COBIT 5).


See also

*
IT governance Information technology (IT) governance is a subset discipline of corporate governance, focused on information technology (IT) and its performance and risk management. The interest in IT governance is due to the ongoing need within organization ...
*
Data governance Data governance is a term used on both a macro and a micro level. The former is a political concept and forms part of international relations and Internet governance; the latter is a data management concept and forms part of corporate data govern ...
* Information quality management *
ITIL The Information Technology Infrastructure Library (ITIL) is a set of detailed practices for IT activities such as IT service management (ITSM) and IT asset management (ITAM) that focus on aligning IT services with the needs of business. ITIL de ...
*
ISO/IEC 38500 ISO/IEC 38500 is an international standard for Corporate governance of information technology published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It provides a fra ...


References


External links


COBIT page at ISACA

Checklist/cheatsheet summarizing Cobit 5

A user case of the COBIT Framework: San Marcos, TX
{{DEFAULTSORT:Cobit Information technology governance Information technology audit Privacy