Académique Documents
Professionnel Documents
Culture Documents
COBIT
Control Objectives for Information and Related Technology (COBIT) is a framework created by ISACA for information technology (IT) management and IT governance. It is a supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks.
Overview
COBIT was first released in 1996; the current version, COBIT 5, was published in 2012. Its mission is to research, develop, publish and promote an authoritative, up-to-date, international set of generally accepted information technology control objectives for day-to-day use by business managers, IT professionals and assurance professionals.. [1] COBIT, initially an acronym for 'Control objectives for information and related technology', defines a set of generic processes to manage IT. Each process is defined together with process inputs and outputs, key process activities, process objectives, performance measures and an elementary maturity model. The framework supports governance of IT by defining and aligning business goals with IT goals and IT processes.
COBIT
Releases
COBIT has had five major releases: In 1996, the first edition of COBIT was released. In 1998, the second edition added "Management Guidelines". In 2000, the third edition was released. In 2003, an on-line version became available. In December 2005, the fourth edition was initially released. In May 2007, the current 4.1 revision was released. COBIT 5 was released in June 2012. It consolidates and integrates the COBIT 4.1, Val IT 2.0 and Risk IT frameworks, and also draws significantly from the Business Model for Information Security (BMIS) and ITAF.
Components
The COBIT components include: Framework: Organize IT governance objectives and good practices by IT domains and processes, and links them to business requirements Process descriptions: A reference process model and common language for everyone in an organization. The processes map to responsibility areas of plan, build, run and monitor. Control objectives: Provide a complete set of high-level requirements to be considered by management for effective control of each IT process. Management guidelines: Help assign responsibility, agree on objectives, measure performance, and illustrate interrelationship with other processes Maturity models: Assess maturity and capability per process and helps to address gaps. Other ISACA Publications [4] based on the COBIT framework include: Board Briefing for IT Governances, 2nd Edition COBIT and Application Controls COBIT Control Practices, 2nd Edition IT Assurance Guide: Using COBIT Implementing and Continually Improving IT Governance COBIT Quickstart, 2nd Edition COBIT Security Baseline, 2nd Edition IT Control Objectives for Sarbanes-Oxley, 2nd Edition IT Control Objectives for Basel II COBIT User Guide for Service Managers COBIT Mappings (to ISO/IEC 27002, CMMI, ITIL, TOGAF, PMBOK etc.) COBIT Online
COBIT
References
ISACA [6] Custodians of COBIT COBITCampus [7] COBIT education provided by ISACA ISO/IEC 20000 international standard for IT Service Management ISO/IEC 27000 Information Security Management Systems standards Wood, David J. 2010. "Assessing IT Governance Maturity: The Case of San Marcos, Texas". Applied Research Projects, Texas State University-San Marcos. The Institute of Internal Auditors' List of most commonly used Internal Control Frameworks [8] http://ecommons.txstate.edu/arp/345 (This paper applies a modified COBIT framework to a medium sized city).
Notes
[1] ITGI. "COBIT 4.1 Executive Summary" (http:/ / www. isaca. org/ Knowledge-Center/ cobit/ Documents/ COBIT4. pdf). COBIT 4.1 Executive Summary. ITGI. . [2] http:/ / www. isaca. org/ Knowledge-Center/ cobit/ Pages/ Downloads. aspx [3] ISACA. [ISACA Issues COBIT 5 for Information Security "ISACA Issues COBIT 5 for Information Security"]. ISACA Issues COBIT 5 for Information Security. ISACA. ISACA Issues COBIT 5 for Information Security. [4] http:/ / www. isaca. org/ Knowledge-Center/ cobit/ Pages/ Products. aspx [5] IIA. "common internal control frameworks" (http:/ / www. theiia. org/ intAuditor/ media/ images/ Burch_dec'08_artok_cx. pdf). common internal control frameworks. IIA. . [6] http:/ / www. isaca. org/ [7] http:/ / www. isaca. org/ cobitcampus [8] http:/ / www. theiia. org/ intAuditor/ media/ images/ Burch_dec'08_artok_cx. pdf
License
Creative Commons Attribution-Share Alike 3.0 Unported //creativecommons.org/licenses/by-sa/3.0/