Request A Consultation
COBIT Governance Framework

COBIT Governance Framework

COBIT is an information technology governance framework that organizations can use to improve their cybersecurity management practices

ISACA created COBIT in 1996 as a set of controls for financial sector auditors. Over the years, ISACA released several versions that addressed the need for a more robust cybersecurity governance framework that applied to a wide range of industries. The most notable was COBIT 5, in 2012, which focused on improving governance and management as more organizations migrated their mission-critical workloads to the cloud. COBIT 2019 is the most recent iteration. It’s a more generic and flexible framework with an open-source model that all enterprises can use, regardless of their size, sector, or goals, and it’s designed to address rapidly changing technology.

COBIT bridges the gap between technical issues, business risks, and control requirements. It relies on clear requirements, maturity models, and metrics to measure and assess the state of each IT process and/or business improvement. Though still the most commonly used framework for businesses seeking compliance with the Sarbanes-Oxley Act, COBIT is agnostic across industries and various technological platforms. COBIT relates to other well-known standards such as NIST, ITIL, ISO 2700, and PMBOK.

COBIT 2019 is based on six principles
(one more than in COBIT 5):

  1. Provide stakeholder value
  2. Enable a holistic approach
  3. Employ a dynamic governance system
  4. Separate governance from management
  5. Tailored to enterprise needs
  6. Uses an end-to-end governance system

Speak With a CISO Global Security Specialist Today

Our experts maintain the most respected credentials in
the industry across cybersecurity, risk and compliance,
forensics, incident response, ethical hacking, security engineering, and more.

Cybersecurity expert managing CISO Global's security operations center