COBIT is a framework for the governance and management of enterprise information and technology, aimed at the whole enterprise. Enterprise IT means all the technology and information processing the enterprise puts in place to achieve its goals, regardless of where this happens in the enterprise. In other words, enterprise I&T is not limited to the IT department of an organization, but certainly includes it.
This publication, COBIT 2019 Framework: Governance and Management Objectives, contains a detailed description of the COBIT Core Model and its 40 governance and management objectives. A description of each objective, its purpose, and its connection with enterprise and alignment goals along with sample metrics are provided. For each objective, the process, practices, activities, and related guidance to other standards and frameworks are also provided. COBIT defines the components to build and sustain a governance system: processes, organizational structures, policies and procedures, information flows, culture and behaviors, skills, and infrastructure. This publication also includes detailed information about each of the components relevant to each governance and management objective.
File Pages Language Size Book Code 302 English 3.5 MB E-Book-COBIT-2019
COBIT 5 is the overarching business and management framework for governance and management of enterprise IT. This volume documents the five principles of COBIT 5 and defines the 7 supporting enablers that form the framework. COBIT 5 is the only business framework for the governance and management of enterprise IT. This evolutionary version incorporates the latest thinking in enterprise governance and management techniques, and provides globally accepted principles, analytical tools and models to help increase the trust in, and value from, information systems. COBIT 5 builds and expands on COBIT 4.1 by integrating other major frameworks, standards and resources, including: ISACA's Val IT and Risk IT Information Technology Infrastructure Library (ITIL). Related standards from the International Organization for Standardization (ISO). COBIT 5 helps enterprises of all sizes: Maintain high-quality information to support business decisions Achieve strategic goals and realize business benefits through the effective and innovative use of IT Achieve operational excellence through reliable, efficient application of technology Maintain IT-related risk at an acceptable level Optimize the cost of IT services and technology. Support compliance with relevant laws, regulations, contractual agreements and policies.
This publication complements COBIT 5 and contains a detailed reference guide to the processes defined in the COBIT 5 process reference model.
COBIT 5: Enabling Processes includes:
COBIT 4 Goals Cascade
Enterprises exist to create value for their stakeholders. Consequently, any enterprise will have value creation as a governance objective. Value creation means realizing benefits at an optimal resource cost while optimizing risk. The goals cascade is important, because it allows the definition of priorities for implementation, improvement and assurance of governance of enterprise IT based on (strategic) objectives of the enterprise and the related risk.
COBIT 5 Process Model
The COBIT 5 process model includes a number (37) of governance and management processes; this set of processes is the successor to the COBIT 4.1, Val IT and Risk IT processes, and includes all processes required for end-to-end treatment of all governance and management of enterprise IT.
Process Reference Model
Developed based on best practices, standards and the opinion of experts. It is important to understand that the model and its contents are generic and not prescriptive, and it has to be adapted to suit the enterprise. Also, the guidance defines practices and activities at a relatively high level and does not describe how the process procedure is to be defined.
This guide and COBIT 5 recognize that information and related information technologies are pervasive in enterprises and that it is neither possible nor good practice to separate business and IT-related activities. The governance and management of enterprise IT should therefore be implemented as an integral part of enterprise governance, covering the full end-to-end business and IT functional areas of responsibility.
This publication provides a good-practice approach for implementing governance of enterprise IT (GEIT) based on a continual improvement life cycle that should be tailored to suit the enterprise's specific needs. It covers the following subjects:
- Positioning GEIT within an enterprise
- Taking the first steps towards improving GEIT
- Implementation challenges and success factors
- Enabling GEIT-related organisational and behavioural change
- Implementing continual improvement that includes change enablement and programme management
- Using COBIT 5 and its components.
This new book by Anthony Tarantino is an authoritative guide to understanding and implementing compliance and regulatory requirements in the United States and around the world. From SOX to COSO to ERM, this book covers them all." --Martin T. Biegelman, Certified Fraud Examiner, Fellow and Regent Emeritus of the Association of Certified Fraud Examiners, and coauthor of Executive Roadmap to Fraud Prevention and Internal Control: Creating a Culture of Compliance "If compliance wasn't difficult enough, now companies are faced with a barrage of technology vendors claiming to automate compliance as if it were a project. In his new book, Dr. Tarantino paints the reality of the situation: companies need to embrace the broader tenets of governance and use technology to embed governance policies and controls into their daily business processes. Only then can they gain business value from their compliance investments." --Chris Capdevila, CEO and cofounder, LogicalApps.
File Pages Language Size Book Code 235 English 3.5 MB E-Book-COBIT-Com
The numbers of threats, risk scenarios and vulnerabilities have grown exponentially. Cybersecurity has evolved as a new field of interest, gaining political and societal attention. Given this magnitude, the future tasks and responsibilities associated with cybersecurity will be essential to organizational survival and profitability.
This publication applies the COBIT 5 framework and its component publications to transforming cybersecurity in a systemic way. First, the impacts of cybercrime and cyberwarfare on business and society are illustrated and put in context. This section shows the rise in cost and frequency of security incidents, including APT attacks and other threats with a critical impact and high intensity.
Second, the transformation addresses security governance, security management and security assurance. In accordance with the lens concept within COBIT 5, these sections cover all elements of the systemic transformation and cybersecurity improvement.
File Pages Language Size Book Code 190 English 1.2 MB E-Book-COBIT-Tra
IT Assurance Guide provides detailed guidance on how COBIT can be used to support a variety of assurance activities, such as planning, scoping and assessing risks and how an assurance review can be performed for each of the 34 COBIT processes. Assurance steps and advice are provided for:
Generic controls that apply to all processes (identified by PC.n in COBIT)
Specific process controls (identified by domain identification and process number, e.g., PO6.3, AI4.1)
Application controls (identified by AC.n in COBIT to:
Test the control design of the control objective
Test the outcome of the control objective (operational effectiveness)
Document control weaknesses and their impact.
The assurance guide is intended for assurance professionals who require guidance in providing reliable assurance on internal controls, process improvement, financial support audit, etc. In addition, the assurance guide can be used by IT professionals who may be asked for their opinions and recommendations regarding proposed improvements.
File Pages Language Size Book Code 286 English 1.1 MB E-Book-COBIT-Ass
IT Manager must be responsible for all IT activities to support for business strategic objectives. The usual objectives are focus on: IT strategy, technology system; budget, investment, organization and staff motivation;
The necessary requirements for an IT manager or IT leaders are: Ability to develop strategies and leadership; customer relationship management; suppliers and employees; project management; solving business problems with MIS systems; ensure continuous operation and disaster recovery of IT system.