2. INTRODUCTION:
COBIT was first released in 1996; the
current vision, COBIT 5 was published in 2012.
Its mission is “to research, develop, publish and
promote an authoritative, up-to-date,
international set of generally accepted information
technology control objectives for day-to-day use
by business managers, IT professionals and
assurance professionals.
3. Theframeworkprovidesgoodpracticesacrossadomainandprocessframework:
“The business orientation of COBIT consists of linking business goals to IT goals, providing
metrics and maturity models to measure their achievement and identifying the associated
responsibilitiesofbusinessandIT processowners.”
COBIT is a framework of generally applicable information systems security and
control. The framework allows:
1) Benchmarking of the security andcontrol arrangement.
2) Auditor to review internal controls and advise on ITsecurity matters.
3) Users of IT services to beassured that adequate security and control exist
5. IT PROCESSES
C o n t ro l s a re re q u i re d t o b e
i m p l e m e n t e d i n a l l t h e p ro c e s s e s , w h i c h
a re b ro k e n i n t o 4 d o m a i n s :
P l a n n i n g a n d o r g a n i z a t i o n
A c q u i s i t i o n a n d i m p l e m e n t a t i o n .
D e l i v e r y a n d s u p p o r t a n d
M o n i t o r i n g .
6. BUSINESS OBJECTIVES
To satisfy business objectives, information must
satisfy some criteria that COBIT refers to as business
requirement for information. The criteria are divided
into seven categories:
Effectiveness
Efficiency
Confidentiality
Integrity
Availability
Compliance with legal requirement and
Reliability
7. IT RESOURCES
To protect the IT resources must be
developed which includes:
People
Application system
Hardware devices
Facilities and data
Security controls.
8. Advantages of COBIT
I. COBIT is aligned with other standards and best
practices and should be used together with them.
II. It’s framework and supporting best practices
provide a well-managed and flexible IT
environment in an organization.
III. COBIT provides a control environment that is
responsive to business needs and serves
management and audit functions in terms of
their control responsibilities.
IV. It provides tools to help manage IT activities.
9. 1) Strategic alignment focuses on ensuring the linkage
of business and IT plans; defining maintaining and
validating the IT value proposition; and aligning IT
operations with enterprise operations.
2) Value delivery is about executing the value
proposition throughout delivery cycle, ensuring that
IT delivers the promised benefits against the
strategy, concentrating on optimizing cost and
providing the intrinsic value of IT.
COBIT HAS FIVE IT GOVERNANCE
AREAS OF CONCENTRATION
10. 3) Resource management is about the optimum investment and
proper management of critical IT resources: applications.
Information, infrastructure and people.
4) Risk management is a clear understanding of the enterprises,
appetite for risk, understanding of compliance requirements, and
transparency into the organization
5) Performance measurements track and monitors strategy
implementation, project completion, resource usage, process
performance and service delivery, for example, balanced
scorecards that translate strategy into action to achieve goals
measurable beyond conventional accounting.
COBIT HAS FIVE IT GOVERNANCE
AREAS OF CONCENTRATION