fbpx

What is COBIT? Why is COBIT 2019 Important for You?

Details
Category: Cybersecurity PRISM

What is COBIT?

It is a very well-known framework for IT governance and management for 'enterprises' as proposed by ISACA.
 
The core idea behind COBIT is to combine 2-aspects of enterprises: 'Governance' and 'Management' techniques. While it seeks the same, COBIT provides you with some principles, practices, models and some analytical tools to you to consistently increase the value of IT system in your company.
 
The part of COBIT's success comes from its smooth integration with other frameworks of IT, such as RISK Management, ITIL, CMMI, TOGAF, ISO 27001 etc.
 
The latest one is COBIT 2019 framework. The previous one was COBIT 5.
 

👉 Some Salient Features of COBIT 2019

 

1. Separation of Governance & Management.

The COBIT framework makes a clear distinction between governance and management. Because, these two disciplines encompass very different activities, and they require very different organizational structures and serve different purposes.
 
For example, you have to ensure that you have taken a very good care of Governance aspect. It means that you have taken elaborated approaches to fully understand and meet all the needs of key stakeholders. While doing so, you have understood and documented the all key 'conditions' and 'options' after a very careful evaluation of each, so that there is a consensus about enterprise objectives. The governance mandates that your company set the direction of IT through prioritization and clear decision-making. The on-going monitoring of performance of IT and its compliance-requirements is done 'against' the objectives and the direction as it was agreed upon.
 
In general, it is mandated the Board of Directors, (else Chairman) holds the responsibility of Governance. Though some of these responsibilities can be delegated to next appropriate level of special organizational structures, especially if yours is a big or complex enterprise.
 
Once the above aspect of governance is taken care of, now COBIT dwells onto Management aspect of it. The 'Management' aspect is about planning, building, running and monitoring all IT activities regularly, in the complete alignment with the direction as was set by the governance body, to support and achieve the business objectives of your enterprise.
 
By default, the management is the responsibility of the executive management under the leadership of the CEO of your company.
 

2. It envisages overall 40-objectives.

 
Since there is a separation of Governance & Management objectives, the total of 40 objectives have been divided in 5-domains, as given below:
 
Governance domain
  • Evaluate, Direct and Monitor (EDM)
Management domains
  • Align, Plan and Organize (APO)
  • Build, Acquire and Implement (BAI)
  • Deliver, Service and Support (DSS)
  • Monitor, Evaluate and Assess (MEA
 
Together all these 5-domains form the 'CORE' of COBIT framework.
 
You can prioritize or ignore these objectives based on the needs of your customers, stakeholders, users, and so on, allowing you to create comprehensive and bespoke IT strategies and frameworks for your company.
 

3. There are 6-governing principles of COBIT 2019.

 
Regardless of how you look at COBIT, it is built upon 5-fundamental principles:
 
I. It must identify your stakeholders' needs systematically and then meet them.
II. It must aim to achieve comprehensive 'End-to-end' coverage of your enterprise IT.
III. It must achieve integration with other frameworks, by offering or involving various models that support the communication between different software applications in a service-oriented architecture (SOA).
IV. It should follow a holistic approach, by looking at entire IT system as a whole and address its needs accordingly. It proscribe using small, micro solutions which are meant to improve isolated processes.
V. It must separate governance from management (explained above). Governance involves a system of checks and balances used to assess the effectiveness of a system, while management focuses on the approaches and decisions used to improve how an IT system functions.
VI. A governance system should be dynamic--If one or more of the design factors have changed (e.g., a change in strategy or technology), the enterprise must consider how this impacts the Entire IT system.
 

4. Focus-Area concepts

 
COBIT 2019 also introduced “focus area” concepts that describe specific governance topics and issues, which can be addressed by management or governance objectives. Some examples of these focus areas include small and medium enterprises, cybersecurity, digital transformation and cloud computing.
 
Focus areas will be added and changed as needed based on trends, research and feedback!
-
👉 How COBIT is different from ITIL?
 
COBIT and ITIL both complement each other perfectly. While COBIT outlines what needs to be done, ITIL describes ways to do it.
 
With each iteration of ITIL, IT professionals get concrete, actionable steps they can implement to improve their service delivery.
 
Fortinet suggests that one of the easiest ways to use COBIT and ITIL together, is to identify a way to improve services using COBIT and then use ITIL to define the structure and processes you will use to make the improvements.
 
-

👉 Who uses COBIT to do their job?

 
If someone is applying for one of the following positions, he/she should become familiar with COBIT and related governance frameworks (Source: techtarget.com)
 
  • Chief information security consultant
  • Chief information security officer (CISO)
  • Director, security assurance
  • GRC consultant
  • Information assurance analyst
  • Information security administrator
  • Information security assurance analyst
  • Infosec risk analyst
  • IT governance analyst
  • IT security engineer
  • Principal cybersecurity manager
  • Principal information assurance officer
  • Regional information security analyst
  • Risk officer
  • Security systems administrator
  • Senior director of cybersecurity
  • Senior GRC analyst
  • Senior information security assurance consultant
  • Senior information security risk officer
  • Senior IT security consultant
  • Senior IT security operations specialist
  • Third-party risk management compliance analyst
-
COBIT does not make or prescribe any IT-related decisions. It will not tell you what the best IT strategy is, what the best architecture is, or how much IT can or should cost you. Rather, COBIT defines all the components that describe which decisions should be taken, and how and by whom they should be taken. It is suggestive in nature...
 
The latest version of COBIT integrates well with existing frameworks such as ITIL and TOGAF, etc. That enables you to utilize a combination of tools according to specific tasks and practices.
-
 
👉 👉 Whether you realizes or not, all IT frameworks have an underlying thread of 'Strategic' management from enterprises' perspective. Though most technical professionals struggle to get hold of this aspect... All IT frameworks are inherently geared to help companies improving their 'Business Objectives.' COBIT framework is no exception either!
I guess, the working knowledge of COBIT is expected from all SENIOR Cybersecurity professionals... You should not miss this point from this post!
 
Kindly write 💚 your comments 💚 on the posts or topics, because when you do that you help me greatly in ✍️ designing new quality article/post on cybersecurity.
 
You can also share with all of us if the information shared here helps you in some manner.
 
Life is small and make the most of it!
Also take care of yourself and your beloved ones…
 
With thanks,
Meena R.
_