Control Objectives for Information and related Technology

From The Secure Arc Wiki

Jump to: navigation, search

COBIT (Control Objectives for Information and related Technology) is a set of best practices (framework) for information technology (IT) management. It was created by a large group of people, and published by the IT Governance Institute (ITGI). This was originally a research arm of the Information Systems Audit and Control Association (ISACA). As of early 2008, COBIT is at version 4.1

COBIT provides managers, auditors, and IT users with a set of generally accepted controls and processes. These practices will help optimise IT-enabled investments, ensure service delivery and provide a measure against which to judge when things do go wrong.

The following information gives a brief account of the COBIT standard. Each requirement of the standard are broken down further into more specific sub-requirements that can be mapped back to both the Security Principles that drive them and the Design Patterns that satisfy them.


Standards Outline

  • COBIT product family (version 4.1)
    • Executive Summary
    • Framework
    • Control Objectives
    • IT Assurance Guide (formerly Audit Guidelines)
    • Implementation Tool Set
    • Management Guidelines
  • COBIT structure
    • Plan and Organize
    • Acquire and Implement
    • Delivery and Support
    • Monitor and Evaluate

Around the Control Objectives, there are a number of other structures to help manage the vast number of controls. These are grouped into;

  • Domains - 4
  • Processes - 34
  • Control Objectives - 318
  • Control Practices - 1547

Standard Practice

The COBIT standards suggest an approach to managing various technical aspects of a security operation within an organisation. These practices will map directly into the Security Principles.

Licensing and Documentation

The license associated with the COBIT standards does not permit public distribution or reproduction, however they can be purchased for personal or business use directly from the ISACA website.

A high-level outline can be found on Wikipedia.


Personal tools