Skip to main content

What is COBIT (Control Objectives for Information and Related Technology) ?

Approximately every business organization need IT ( Information Technology ) to drive success and growth. Most of those organization follows some business processes. People in those organization know how to set goals, organize their activities and drive quality into delivery of product and services. This is all done to achieve certainty, predictability and reliability to make sound decisions. 

When it comes to IT department that support those organizations, very few follow any sort of guidelines to make it certain and reliable. COBIT (Control Objectives for Information and Related Technology) enables organization to manage IT in a similar way as they manage other activities of organization.

COBIT provides guidance on how to organize activities that relate to IT within all business activity properly. There are three key cards 1) Process Model 2) Best Practices 3) Management Tools

  1. Process Model:-  It helps enterprise to understand the nature of all these activities that relate to IT and how to  organize in such a way that they can be reliably performed and can be understood by the people that are involved with that. Things like managing a change, define a strategy or even something operational are done in such a way that it is clear that what that process should do, how to organize and who should take part.
  2. Best Practice: -  COBIT approach is to give guideline in what to do in all of  those process in alignment to best practices . This emphasizes on what is important and what need to be done to make those process work well.
  3. Management Tools:- IT gives management tools so that management can ensure that things are really happening as they were supposed to. This is done in two ways : 1) By managing quality of those process against the requirement and 2) By tools to clearly set objectives around what IT needs to do for successful outcomes.

                       http://www.isaca.org/cobit/pages/default.aspx


Comments

Post a Comment

Popular posts from this blog

M.S in Cyber Law and Information Security(MS-CLIS) at IIIT Allahabad

The course provide an exhaustive blend of Technology and Legal requirement that are often sought after by the concerned industry. MS-CLIS students receives grounding in programming, security auditing, logic and cryptography, in addition to policy and legislative procedures. The education is at par with certifications like CISA, CISM and CISSP. “The knowledge that MS-CLIS students have at the end of the course is the same, as expected of a person holding all these certifications, and more,” says Dr. Abhishek Vaish , the faculty coordinator for placement at IIITA . Well, above is an objective view of the institute and the course, but this is my blog, and i possess the right to write my views and experiences with this course. I joined the course in july 2013 and within a fortnight after joining the course, I found out that i was quite naive before, my  understanding of information security was not holistic. It was a big surprise as i could never have had imagined the enormous d...
2 comments
Read more

Did i miss to assetize Virtual Machines !

Auditee : Hi There ! Welcome, What would you like to have? Tea or Coffee? Auditor: Asset Register ! A comprehensive Asset Register is something which is quintessential for any risk management program. Everything that has to do with risk, follows from here. Information Security Risks are no different that any other type of risks. Having a few people (rarely security pro) building asset register will probably mess up any risk management at the very first stage. It has been seen that people generally miss to address technologically advanced assets (The ones they did not understand a few years ago)  to register in their asset inventory. The most obvious are the virtual machines.  Every day ,Virtual Machines (VM) are being created on the fly as per business requirement, many of them persist for years and many not so much. There are many questions  like: if that particular VM is of some value? Do I need to consider it as valuable at this point of time, whe...
Post a Comment
Read more

Hustle and Tussle of Vendor Risk Management

There is no doubt that we humans would have never reached this world of connected Cars, 3d printing and Space travel without trading on each other's resources . We traded what we had for the things we didn't! The world has never been as interdependent as it is right now. This is true for us as an individual and certainly for organizations across geographies. The word "outsourcing" started getting traction in around 90s, but even before that organizations were heavily using it to reduce cost and allow themselves to focus of their core business area. Family owned businesses initially outsourced a small part of their work within their circle of friend and family considering the trust factor, but as the corporation grew and the economy went global , organizations started delegating part of their work to people living on the other side of the globe. Slowly and steadily organizations have reached to a state where they don't even know who their supplier is! The trus...
Post a Comment
Read more