COBIT
The Control Objectives
for Information and related Technology (COBIT) is a set of best practices
(framework) for information technology (IT) management created by the
Information Systems Audit and Control Association (ISACA), and the IT Governance
Institute (ITGI) in 1996.
COBIT provides managers, auditors, and IT users with a
set of generally accepted measures, indicators, processes and best practices to
assist them in maximizing the benefits derived through the use of information
technology and developing appropriate IT governance and control in a company.
COBIT 4.1 has 34 high level processes
(listed below) that cover 210 control objectives categorized in four domains:
Planning and Organization, Acquisition and Implementation, Delivery and Support,
and Monitoring and Evaluation.
Plan and Organize
This domain
covers strategy and tactics, and concerns the identification of the way IT
can best contribute to the achievement of the business objectives. The
realisation of the strategic vision needs to be planned, communicated and
managed for different perspectives. A proper organisation as well as
technological infrastructure should be put in place.
-
ME1
Monitor and evaluate IT performance
-
ME2
Monitor and evaluate internal control
-
ME3
Ensure compliance with external requirements
-
ME4 Provide IT governance
Acquire and Implement
To realise
the IT strategy, IT solutions need to be identified, developed or acquired,
as well as implemented and integrated into the business process. In
addition, changes in and maintenance of existing systems are covered by this
domain to make sure the solutions continue to meet business objectives
-
AI1
Identify automated solutions
-
AI2
Acquire and maintain application software
-
AI3
Acquire and maintain technology infrastructure
-
AI4
Enable operation and use
-
AI5
Procure IT resources
-
AI6
Manage changes
-
AI7 Install and accredit solutions
and changes
Deliver and Support
This domain
is concerned with the actual delivery of required services, which includes
service delivery, management of security and continuity, service support for
users, and management of data and operational facilities.
-
DS1
Define and manage service levels
-
DS2
Manage third-party services
-
DS3
Manage performance and capacity
-
DS4
Ensure continuous service
-
DS5
Ensure systems security
-
DS6
Identify and allocate costs
-
DS7
Educate and train users
-
DS8
Manage service desk and incidents
-
DS9
Manage the configuration
-
DS10
Manage problems
-
DS11
Manage data
-
DS12
Manage the physical environment
-
DS13 Manage operations
Monitor and Evaluate
All IT
processes need to be regularly assessed over time for their quality and
compliance with control requirements. This domain addresses performance
management, monitoring of internal control, regulatory compliance and
governance.
-
ME1 Monitor and evaluate IT
performance
-
ME2 Monitor and evaluate internal
control
-
ME3 Ensure compliance with external
requirements
-
ME4 Provide IT governance
Registration
Procedure for the on-line ISACA COBIT 4.1 Foundation exam (no mandatory
prerequisite)
-
Go to
http://www.isaca.org/elearning
-
Click "Go to Campus" in the
e-Learning tab
-
Register if you have not already done so
-
Search
COBIT or browse the catalogue
-
Select
COBIT Foundation Exam v4.1
-
Order the exam
Go to COBIT 4.1
Training Courses
Go
To COBIT Mind Map
|
