Control Objectives for Information and related Technology (COBIT)


The Control Objectives for Information and related Technology (COBIT) is a set of best practices (framework) for information technology (IT) management created by the Information Systems Audit and Control Association (ISACA), and the IT Governance Institute (ITGI) in 1992. COBIT provides managers, auditors, and IT users with a set of generally accepted measures, indicators, processes and best practices to assist them in maximizing the benefits derived through the use of information technology and developing appropriate IT governance and control in a company.

COBIT was first released in 1996. Its mission is “to research, develop, publicize and promote an authoritative, up-to-date, international set of generally accepted information technology control objectives for day-to-day use by business managers and auditors.” Managers, Auditors, and users benefit from the development of COBIT because it helps them understand their IT systems and decide the level of security and control that is necessary to protect their companies’ assets through the development of an IT governance model.

COBIT 4.1 has 34 high level processes that cover 210 control objectives categorized in four domains: Planning and Organization, Acquisition and Implementation, Delivery and Support, and Monitoring. COBIT provides benefits to managers, IT users, and auditors. Managers benefit from COBIT because it provides them with a foundation upon which IT related decisions and investments can be based. Decision making is more effective because COBIT aids management in defining a strategic IT plan, defining the information architecture, acquiring the necessary IT hardware and software to execute an IT strategy, ensuring continuous service, and monitoring the performance of the IT system. IT users benefit from COBIT because of the assurance provided to them by COBIT's defined controls, security, and process governance. COBIT benefits auditors because it helps them identify IT control issues within a company’s IT infrastructure. It also helps them corroborate their audit findings.

Recently, ISACA has released Val IT, which correlates the COBIT processes to senior management processes required to get good value from IT investments.

source: wikipedia.org


Related Content

Information Technology Infrastructure Library

The IT Infrastructure Library originated as a collection of books each covering a specific practice within IT Service Management. After the initial publication, the number of books quickly grew within ITIL v1 to over 30 volumes. In order to make ITIL more accessible (and affordable) to those wishing to explore it, one of the aims of ITIL v2 was to consolidate the publications into logical 'sets' that grouped related process guidelines into the different aspects of IT management, applications and services.

While the Service Management sets (Service Support and Service Delivery) are by far the most widely used, circulated and understood of ITIL publications, ITIL provides a more comprehensive set of practices as a whole. Proponents believe that using the broader library provides a comprehensive set of guidance to link the technical implementation, operations guidelines and requirements with the strategic management, operations management and financial management of a modern business.

The eight ITIL version 2 books and their disciplines are:
The IT Service Management sets
1. Service Delivery
2. Service Support

Enhanced Telecom Operations Map (eTOM)

The eTOM (enhanced Telecom Operations Map) is a guidebook, the most widely used and accepted standard for business processes in the telecommunications industry. The eTOM model describes the full scope of business processes required by a service provider and defines key elements and how they interact.

eTOM is a common companion of ITIL, an analogous standard or framework for best practices in information technology.

Both of these frameworks are part of the larger context of Total Quality Management, in which many industries have since 1950 increasingly formalized their business processes and metrics in search of higher quality, fewer defects, and greater efficiency. ISO 9000 is probably the best-known of these "process and results improvement" standards, but it is far more generic than either eTOM or ITIL.

eTOM has been adopted as ITU-T International Recommendation, known in 2004 as M.3050.

Bookmark/Search this post with:
  • Delicious
  • Digg
  • StumbleUpon
  • Propeller
  • Reddit
  • Magnoliacom
  • Newsvine
  • Furl
  • Facebook
  • Google
  • Yahoo
  • Technorati
  • Icerocket

Trackback URL for this post:

http://www.securityprocedure.com/trackback/6

User login

Who's online

There are currently 0 users and 8 guests online.