Skip Links

COBIT 5: New evolution of COBIT guidance

Now Available for Public Comment

Security Strategies Alert By M. E. Kabay, Network World
August 29, 2011 10:44 AM ET
Sign up for this newsletter now!

The long view of security strategies for your network.

Ken Vander Wal, CISA, CPA is International President of ISACA. COBIT is the well known framework formerly known as Control OBjectives for Information and related Technology. Mr. Vander Wal contributed the following announcement and I hope that readers will participate in improving COBIT. Everything that follows is Mr. Vander Wal's work with minor edits.

* * *

Information is the currency of the 21st-century business enterprise. Organizations depend on their information for their survival and must constantly maximize the return on their investments in information and the technology that supports it.

According to the IT Governance Institute's 2011 Global Status Report on the Governance of Enterprise IT, business leaders reported facing the following IT-related issues in the past year:
• Increasing IT costs — 42%
• Insufficient IT skills — 33%
• Problems implementing new IT systems — 30%
• Problems with external IT service providers — 29%
• Serious operational IT incidents — 21%
• Return on investment not as expected — 19%
• IT security or privacy incidents — 18%

To help enterprises worldwide address these concerns and better manage and govern their information, an international team of volunteer subject-matter experts from the global association ISACA is developing COBIT 5. A comprehensive and flexible framework of good practices, tools and process models for managing and governing information and technology, COBIT 5 is now in public exposure and will be published in early 2012.

One of the much-anticipated features of COBIT 5 is its increased focus on integrating business and IT. This orientation will improve communication, clarify roles and responsibilities, and reduce information- and technology-related incidents that harm the enterprise.

"COBIT helps ensure governance and management of information and technology across the complete enterprise, provides a common language that unites the business and IT, and addresses the critical business issues related to information and technology," said John Lainhart, CISA, CISM, CGEIT, CRISC, Partner with IBM Global Business Services, who implemented COBIT at the U.S. House of Representatives as inspector general. "This helps enterprises identify their strengths and weaknesses and maximize their control over their information assets."

Lainhart, who is co-chair of the COBIT 5 development team, notes that the new edition is a major evolution of COBIT 4.1. Changes include elements from ISACA's
Val IT
Risk IT
• Business Model for Information Security (BMIS)
• IT Assurance Framework (ITAF)
Taking Governance Forward guidance and
• Board Briefing on IT Governance.

The new version  increases its focus on various stakeholders involved and shifts from control objectives to management processes.

"COBIT 5 is based on sound enterprise governance principles and will help organizations manage constantly evolving operational risks and stay on top of increasing regulatory compliance requirements," Lainhart said. "It builds and expands on COBIT's 15-year history and is being developed by senior IT and business leaders around the world to ensure that it meets stakeholders' current needs and expectations."

M. E. Kabay, PhD, CISSP-ISSMP, specializes in security and operations management consulting services and teaching. He is Chief Technical Officer of Adaptive Cyber Security Instruments, Inc. and Professor of Information Assurance & Statistics in the School of Business and Management at Norwich University. Visit his Web site for white papers and course materials.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News