Post

COBIT - Overview

Posted
By Erich Mair 2 min read

Introduction

(Control Objectives for Information and related Technologies)

The COBIT control model guarantees the integrity of the information system. COBIT ensures quality, control, and reliability of information systems in an organization, which is also the most important aspect of every modern business.

ISACA (Information Systems Audit and Control Association) is behind the creation, sponsorship, and driving of the COBIT framework. This framework provides a common language for IT professionals, compliance auditors, and business executives. These stakeholders can easily communicate with each other on the same IT goals, controls, objectives and outcomes.

Structure

COBIT 2019 (the latest version) presents six principles for a governance system:

  1. Meet stakeholder needs
  2. Holistic approach
  3. Dynamic governance system
  4. Distinct governance from management
  5. Tailored to enterprise needs
  6. End-to-end governance system

COBIT Processes

COBIT processes are focused on creating individualistic IT frameworks specifically suited to a company’s own requirements and goals. There are several aspects to this:

Objectives – COBIT 2019 lays out ‘Governance Objectives’ and ‘Management Objectives’, with a total of 40 as part of its ‘Core Model’.

  • Practitioners prioritize these objectives based on the needs of customers, stakeholders, users, and so on. It allows them to create comprehensive and individualistic IT strategies and frameworks. These guide the creation of enterprise controls going forwards.

Domains – Every COBIT objective fits within a specific ‘Domain’.

  • Management Objectives are contained within ‘Deliver, Service and Support (DSS)’, ‘Monitor, Evaluate and Assess (MEA)’, ‘Build Acquire and Implement (BAI)’, and ‘Align, Plan and Organize (APO)’. Governance Objectives are found under ‘Evaluate, Direct and Monitor (EDM)’.

Goals Cascade – This tool is used to demonstrate how drivers create needs and subsequently create more clearly defined ‘goals’.

Components – Components are generic elements that influence IT.

  • They include ‘Information Flows’, ‘Skills’, ‘Infrastructure’, ‘Processes’, ‘Policies and Procedures’, and ‘Organizational Structures’.

Design Factors – These factors help define the needs of an organization and how they must be addressed in a framework.

  • Contextual factors, such as corporate and threat landscapes, are beyond the organization’s control.
  • Strategic factors reflect decisions by the organization, such as the direction of enterprise strategy and the prioritization of different IT elements.
  • Tactical factors focus on implementation choices regarding technology (such as cloud data management), methods (such as DevOps, ITIL 4, or Agile), and outsourcing models.

Based on the results, COBIT practitioners will then create individualistic frameworks that help managers optimize the use of resources, time, and other factors to meet crucial targets and achieve strategic goals. COBIT audit frameworks can also establish processes for driving future improvements.

Source: https://csrc.nist.gov/projects/risk-management/fisma-background

Security Frameworks, Defensive Frameworks
Security Frameworks
This post is licensed under CC BY 4.0 by the author.