《Cobit Framework - International Institute of Information COBIT框架-国际信息研究所》由会员分享,可在线阅读,更多相关《Cobit Framework - International Institute of Information COBIT框架-国际信息研究所(40页珍藏版)》请在金锄头文库上搜索。
1、Cobit FrameworkIntroduction What is COBIT? Control OBjectives for Information and related Technologies Businesses use IT but do not understand it or manage it properly. Cobit is a control framework that achieves the following Links to business requirements Organizes IT activities into a general proc
2、ess model Identifies major IT resources to be leveraged Defines management control objectives that need to be consideredManagement Goals Business objectives are achieved Undesired events are prevented or detected and corrected A measure of where the organization stands and how it can be improved Cob
3、it Defines Benchmarking guidelines Goals and metrics Activity goalsCobit Products Executive management and boards Business and IT management Governance, assurance, control and security professionalsGovernance, Assurance and Security Professionals FrameworkExplaining how COBIT organizes IT governance
4、 objectives and best practices by IT domains and processes, and links them to business requirements Control objectivesProviding generic best practice management objectives for all IT activities Control PracticesProviding guidance on why controls are worth implementing and how to implement them IT As
5、surance GuideProviding a generic audit approach and supporting guidance for audits of all COBITs IT processes IT Control Objectives for Sarbanes-OxleyProviding guidance on how to ensure compliance for the IT environment based on the COBIT control objectivesGovernance, Assurance and Security Professi
6、onals IT Governance Implementation GuideProviding a generic road map for implementing IT governance using the COBIT resources and a supporting tool kit COBIT Quickstart Providing a baseline of control for the smaller organisation and a possible first step for the larger enterprise COBIT Security Bas
7、eline Focusing the organization on essential steps for implementing information security within the enterprise Cobit implementation is supported by several products, refer: www.isaca.org/cobitPrinciples of Cobit Framework Cobit meets the need of integrating business requirements with IT and leveragi
8、ng for performance Business-focused Process-oriented Controls-based Measurement-driven.inter-relationship among cobit components (Business Focused)Cobit PrincipleIT Goals and Enterprise Architecture for ITManaging IT Resources for IT Goalscobit framework (Process Oriented) Plan and Organize Acquire
9、and Implement Deliver and Support Monitor and EvaluatePlan and Organize The strategy and domain of IT planning Are IT and business aligned? Is Enterprise achieving optimum use of its resources? Does everyone understand IT objectives? Are IT risks understood and managed? Is quality of IT systems appr
10、opriate for business needs?Acquire and Implement To realize business goals IT solutions need to be developed or acquired and integrated into the business process Are new projects likely to deliver to business needs? Are new projects likely to be delivered on time? Will new systems work properly when
11、 implemented? Will changes be inter-operable and compatible?Deliver and Support Service delivery, management of security and continuity, service support for users, and management of data Are IT services delivered in line with business priorities? Are IT costs optimized? Is the workforce able to use
12、IT systems productively and safely? Are adequate confidentiality, integrity and availability in place?Monitor and Evaluate Regular assessment of IT processes for quality and compliance with control requirements Is ITs performance measured to detect problems before it is too late? Does management ens
13、ure that internal controls are effective and efficient? Can IT performance be linked back to business goals? Are risk, control, compliance and performance measured and reported?Process Controls (Control Driven)Process Controls Controls are policies, procedures that provide reasonable assurance for a
14、chieving business objectives Each of COBITs IT process has high-level and fine grained objectives identified by PCn which identifies the process control numberControl Objectives in COBIT PC1 : Process Owner Assign an owner for each COBIT process such that responsibility is clear PC2 : Repeatability
15、Define each COBIT process such that it is repeatable. PC3 : Goals and Objectives Establish clear goals and objectives for each COBIT process for effective execution PC4 : Roles and Responsibilities Define unambiguous roles, activities and responsibilities for each COBIT process for efficient executi
16、on PC5 : Process Performance Measure the performance of each COBIT process against its goals PC6 : Policy, Plans and Procedures Document, review, keep up to date, sign off on and communicate to all involved parties any policy, plan or procedure that drives a COBIT processBusiness and General Controls At the e