COBIT

COBIT (Control Objectives for Information and Related Technology) is the internationally recognized framework for IT governance and divided the tasks of IT in processes and control objectives (often translated as control objective, actually control targets in the current German-language version of the term will not be translated ). COBIT defines this are not primarily how to implement the requirements, but primarily what is to be implemented.

History

COBIT was originally developed (1993 ) from the International Association of IT Auditor (Information Systems Audit and Control Association, ISACA ). COBIT has evolved from a tool for IT auditors ( auditors) to a tool for managing IT from a business perspective and is used among other things as a model for ensuring compliance with legal requirements ( compliance). This promotes the IT - industrialization.

COBIT has been created in strong accordance with COSO, to ensure the integration of IT governance in the corporate governance. The claim of COBIT is the link between the company-wide control frameworks ( COSO ) and IT-specific models (eg ITIL, 27001/27002 ISO, etc. ) to be. That COBIT meets this requirement, shows the high prevalence of COBIT as the control model of most major international companies: ISACA postulated that 95 % of large companies COBIT implemented in whole or in part.

Control approach

The control approach of COBIT is fundamentally top-down. Starting with corporate objectives IT objectives are set, in turn influencing the architecture of IT. These ensure appropriately defined and driven IT processes the processing of information, management of IT resources ( people, technology, data, applications ) and the provision of services. For these levels ( Company-wide, IT, process and activities) in each measurement and targets to assess the results and performance drivers are fixed. The measurement of goal achievement is done bottom-up, and so results in a control cycle.

In sum, the COBIT 5 framework defines 37 IT processes, where the control objectives assigned to them. The control objectives are key areas that need to be taken into account in the process to the process target (and thus on the IT target the company's goal ) to achieve. The sum of the control objectives ensures a reliable and match business needs adequate information function.

Construction

COBIT 4.1

The publications of COBIT 4.1 consist of the " core content ", the " IT Assurance Guide", the "Implementation Guide" and the "Control Practices ".

The COBIT 4.1 Core content is determined for each of the 34 COBIT-P rocesses:

• Process Description
• Process Objective (High- Level Control Objective)
• Significant activities
• Essential metrics
• Control Objectives (a total of 210, compared to 215 in 4.0 and 318 in version 3, which is called " 3rd Edition " )
• Management Guidelines with the inputs and outputs of the process, a roles and responsibilities matrix ( RACI matrix ) and detailed metrics to evaluate the process and assess the contribution of individual activities to the objectives of the process and the contribution of the process in turn to the objectives of IT
• Maturity model, which - based on CMM - the different typical characteristics of the process in six maturity levels ( 0 to 5) describes

In addition, the COBIT 4.1 Core Content describes:

• The link between corporate objective to target IT
• A generic maturity model
• Measurement and assessment of IT
• Seven generic ( valid for all processes ) Control Objectives
• Control Objectives for application controls ( input, processing, output, and transmission controls)

The IT Assurance Guide provides detailed instructions for testing the IT processes. A distinction is made in the examination of processes, control objectives and control practices.

The COBIT Control Practices set for each existing in the Core Content Control Objective specifies actions that will help to achieve the targets. The Control Practices can thus be used as a guide for implementation.

The methodological approach to aggregate the implementation of IT governance is described in the " IT Governance Implementation Guide ".

COBIT 5

COBIT 5 was released in April 2012. COBIT 5 consolidated and integrated COBIT 4.1, Val IT 2.0 and Risk IT Framework.

COBIT - related publications

More COBIT ISACA relevant publications are:

• Board Briefing on IT Governance - To raise awareness of the need for enterprise-wide management of IT
• COBIT Mapping - A series of documents that contains the comparison of COBIT and other IT standards ( eg ITIL, ISO 17799, IT Baseline Protection Catalogs, NIST, FIPS, ISO 13335, TOGAF, etc.). As part of the COBIT mapping was, together with OGC, the editor of a publication ITIL for optimum combination of COBIT, ITIL and ISO 27001 created.
• Control Objectives for Sarbanes Oxley - guidance for the definition of significant control activities, which are usually defined in the context of SOX implementations.
• Control Objectives for Basel II - A guide to the implementation of Basel II requirements using the COBIT framework (currently in preparation )

Personnel Certification

ISACA offers the following certifications on the topic at:

• Certified Information Systems Auditor ( CISA ) - This certification is aimed mainly at IT-Prüfer/Auditoren.
• Certified Information Security Manager ( CISM ) - This certification is aimed primarily at IT security manager.
• Certified in the Governance of Enterprise IT ( CGEIT ) - This certification is designed for IT governance officer.
• Certified in Risk and Information Systems Control ( CRISC ) ​​- This certification is aimed at IT risk and control managers.
• COBIT 5 Foundation
• COBIT 5 Implementation
• COBIT 5 Assessor

ISACA annually organizes regional (European ) and international conferences as well as several COBIT User Convention. Within these platforms, lectures and workshops about COBIT and IT governance are offered.