COBIT Governance Framework

ISACA created COBIT in 1996 as a set of controls for financial sector auditors. Over the years, ISACA released several versions that addressed the need for a more robust cybersecurity governance framework that applied to a wide range of industries. The most notable was COBIT 5, in 2012, which focused on improving governance and management as more organizations migrated their mission-critical workloads to the cloud. COBIT 2019 is the most recent iteration. It’s a more generic and flexible framework with an open-source model that all enterprises can use, regardless of their size, sector, or goals, and it’s designed to address rapidly changing technology.

COBIT bridges the gap between technical issues, business risks, and control requirements. It relies on clear requirements, maturity models, and metrics to measure and assess the state of each IT process and/or business improvement. Though still the most commonly used framework for businesses seeking compliance with the Sarbanes-Oxley Act, COBIT is agnostic across industries and various technological platforms. COBIT relates to other well-known standards such as NIST, ITIL, ISO 2700, and PMBOK.