COBIT Governance Framework
COBIT is an information technology governance framework that organizations can use to improve their cybersecurity management practices
IT standards and processes are integral to business growth. COBIT links business and IT goals, so companies are better poised to follow industry regulations and meet compliance goals while managing underlying risks.
Control Objectives for Information and Related Technologies (COBIT)
ISACA created COBIT – Control Objectives for Information and Related Technologies – in 1996 as a set of controls for financial sector auditors. Over the years, ISACA released several versions that addressed the need for a more robust cybersecurity governance framework that applied to a wide range of industries. The most notable of this was COBIT 5, in 2012, which focused on improving governance and management as more organizations migrated their mission-critical workloads to the cloud. COBIT 2019 is the most recent iteration. It’s a more generic and flexible framework with an open-source model that all enterprises can use, regardless of their size, sector, or goals, and it’s designed to address rapidly changing technology.
COBIT bridges the gap between technical issues, business risks, and control requirements. It relies on clear requirements, maturity models, and metrics to measure and assess the state of each IT process and/or business improvement. Though still the most commonly used framework for businesses seeking compliance with the Sarbanes-Oxley Act, COBIT is agnostic across industries and various technological platforms. COBIT relates to other well-known standards such as NIST, ITIL, ISO 2700, and PMBOK.
COBIT 2019 is based on six principals
(one more than those in COBIT 5):
- Provide stakeholder value
- Enable a holistic approach
- Employ a dynamic governance system
- Separate governance from management
- Tailored to enterprise needs
- Uses an end-to-end governance system
Get Started with Cerberus Sentinel
Start protecting your business and reduce risk and exposure.