COBIT

COBIT is an acronym for Control Objectives for Information and related Technology. It is developed by ISACA.

COBIT is a framework for IT management and governance, and it can be considered more specifically an enterprise governance for IT (EGIT).

COBIT is not a frameworks specific for security, but it includes one process called “Manage Enterprise Architecture” that deals this topic.

It can also be considered an audit framework, as auditors may use COBIT control objectives, management guidelines, and maturity models to evaluate the effectiveness of IT processes and controls.

COBIT is mentioned in CISM Review Manual 15th Edition.

COBIT official website

COBIT Versions

COBIT versions:

  • 1
  • 2
  • 3
  • 4
  • 5 (2012)
  • 2019

As of 2024, latest version is COBIT 2019 (released in 2018), but COBIT 5 (released in 2012) is still popular.

COBIT Concepts

There are principles:

  • Government framework (3)
    • Based on a conceptual framework
    • Open and flexible
    • Aligned with main norms
  • Government system (6)
    • Add value to stakeholders
    • Holistic approach
    • Dynamic government system
    • Separate government and management
    • Adapt to enterprise needs
    • Integrated government system

Government system components (or enablers, as defined in COBIT 5 and before):

  1. Process
  2. Organization structures
  3. Principles, policies and procedures
  4. Information
  5. Culture, ethics and behavior
  6. People, skills and competency
  7. Services, infrastructure and applications

Spanish norm UNE 0079 has the same components for Data Quality Management System as COBIT.

There are 40 objectives grouped in 5 domains.

COBIT domain:

  1. Governance
    • Evaluate, Direct and Monitor (EDM)
  2. Management
    • Align, Plan and Organize (APO)
    • Build, acquire and implement (BAI)
    • Deliver, Supply Service and Support (DSS)
    • Monitor, Evaluate and Assess (MEA)

COBIT objectives have some similarities with ITIL SVS activities.

COBIT includes a list of design factors that affects an enterprise.

There are COBIT maturity levels, that corresponds to CMMI levels, that is also an ISACA organization.

There is a white paper from AXELOS and ISACA about similarities of ITIL and COBIT.

You might also be interested in…

External References

  • Wikipedia community; “COBIT“; Wikipedia

Leave a Reply

Your email address will not be published. Required fields are marked *