COBIT Governance Framework
COBIT is an information technology governance framework that organizations can use to improve their cybersecurity management practices
IT standards and processes are integral to business growth. COBIT – Control Objectives for Information and Related Technologies – links business and IT goals so companies are better poised to follow industry regulations and meet compliance goals while managing underlying risks.
Control Objectives for Information and Related Technologies (COBIT)
ISACA created COBIT in 1996 as a set of controls for financial sector auditors. Over the years, ISACA released several versions that addressed the need for a more robust cybersecurity governance framework that applied to a wide range of industries. The most notable was COBIT 5, in 2012, which focused on improving governance and management as more organizations migrated their mission-critical workloads to the cloud. COBIT 2019 is the most recent iteration. It’s a more generic and flexible framework with an open-source model that all enterprises can use, regardless of their size, sector, or goals, and it’s designed to address rapidly changing technology.
COBIT bridges the gap between technical issues, business risks, and control requirements. It relies on clear requirements, maturity models, and metrics to measure and assess the state of each IT process and/or business improvement. Though still the most commonly used framework for businesses seeking compliance with the Sarbanes-Oxley Act, COBIT is agnostic across industries and various technological platforms. COBIT relates to other well-known standards such as NIST, ITIL, ISO 2700, and PMBOK.
COBIT 2019 is based on six principles
(one more than in COBIT 5):
- Provide stakeholder value
- Enable a holistic approach
- Employ a dynamic governance system
- Separate governance from management
- Tailored to enterprise needs
- Uses an end-to-end governance system
Speak With a CISO Global Security Specialist Today
Our experts maintain the most respected credentials in
the industry across cybersecurity, risk and compliance,
forensics, incident response, ethical hacking, security engineering, and more.