About COBIT 5
Information is the currency for enterprises in the 21st century. COBIT helps enterprises get the most value from this critical asset. COBIT is a comprehensive framework of globally accepted practices, analytical tools and models that can help any enterprise effectively address critical issues through governance and management of information and technology.
COBIT 5 helps enterprise leaders and IT professionals protect the integrity of their enterprise’s information so they can focus on the highest-value projects and make the best decisions. It helps them “get more” from the information systems already in place.
COBIT 5 creates a single point of reference for governance and management of information and technology through its five principles. It establishes seven critical areas (enablers) that are relevant to all enterprises in the governance and management of information. Using COBIT prepares enterprises for current and future compliance requirements.
COBIT is issued by the nonprofit, independent ISACA, a leading global provider of knowledge, certifications, community, advocacy and education on information systems assurance and security, enterprise governance of IT, and IT-related risk and compliance. The most recent edition, COBIT 5, was released in April 2012.
COBIT 5 builds on the previous COBIT framework (4.1), linking and reinforcing all other major ISACA frameworks and guidance, such as:
Benefits of Using COBIT 5
- Helps maximize the trust in, and value from, enterprise information and technology
- Helps address the needs of stakeholders across the enterprise
- Clarifies goals for more effective decision making
- Provides a systematic approach and common vocabulary for addressing today’s most challenging aspects of meeting enterprise performance goals
- Provides an end-to-end framework that integrates other approaches and standards, and simplifies complex approaches
Much of COBIT is available as a complimentary download at www.isaca.org/cobit. Print copies of COBIT publications are available for purchase from the ISACA Bookstore (www.isaca.org/bookstore).
Initial COBIT 5 Product Family volumes include:
- COBIT 5
- COBIT 5: Enabling Processes
- COBIT 5 Implementation
- COBIT 5 for Information Security
This family will grow over time. For current details, see www.isaca.org/cobit.
Case studies featuring companies such as National Stock Exchange (NSE) of India Limited, Met Life, Blue Cross and Blue Shield of North Carolina and IBM Business Consulting, Ecopetrol SA, Dongbu HiTek, US Department of Veterans Affairs, Prudential, Unisys, and Sun Microsystems/Oracle are available at www.isaca.org/casestudies.
COBIT has been recognized by the following organizations as a recommended framework for governance and management of IT:
- The Federal Government of Nigeria—has adopted COBIT 5 to help address the security challenges facing the country.
- IT Policy Compliance Group (ITPCG)—The “masters of IT” are using COBIT to improve alignment and deliver more value. (December 2010)
- South African Government—In 2002, and again in November 2010, the GITO Council adopted the implementation of COBIT as ICT Governance Framework for implementation in the Public Service.
- Insurance & Capital Market Supervisor in Israel—Declared COBIT an acceptable and recommended control framework. (August 2010)
- IT Policy Compliance Group (ITPCG)—Report, “Guidance for Best Practices in Information Security and IT Audit,” states COBIT is cited as 30 times more common among the top performing organizations. (September 2009)
- Government of Alberta Canada—COBIT is the basis for its Information Management and Technology (IMT) Governance Framework.
- Department of Defense—COBIT is used in a white paper titled U.S. Department of Homeland Security (DHS), Information Technology Governance.
- The U.S. Postal Service—COBIT was used to conduct an assessment of IT policies, processes and controls.
- Government of Kerala, India—Ordered the acceptance of COBIT as part of its national e-governance plan.
- Superintendencia Financiera de Colombia—Regulator of banks in Colombia adopted and requires the use of COBIT as a reference model for its evaluations.
- Financial Entities General Superintendence in Costa Rica (SUGEF)—issued a IT regulation (SUGEF 14-09): Financial institutions must comply with a minimum maturity level of 3 on 17 of the 34 COBIT processes.
- National Audit Office of the Lithuanian Republic—COBIT is used officially for auditing government IT activities, and private audit and consulting companies that have business relations with government institutions.
- Office of the Inspector General (OIG)—COBIT Security Baseline was found to be compatible with the National Institute of Standards and Technology (NIST) Framework for performing Federal Information Security Management Act (FISMA) evaluations.
- European Union—COBIT is the framework for its agricultural paying agencies.
COBIT in the News
- TechRepublic—“COBIT 5 for information security: The underlying principles,” states that COBIT 5 for Information Security provides a comprehensive framework for integrating security into business processes.
- Executivos Financeiros—“Audit and IT should talk,” states that COBIT 5 helps companies create the ideal value of IT, keeping a balance between the benefits to be harvested and optimization of risk levels and resource utilization.
- Gadget—In “Devices pose governance risk,” William Venter states, “COBIT 5 provides guidance for all such institutions regardless of size and helps them adhere to governance requirements along the way.”
- itil.org—“Keep the momentum! A simple and effective approach to define and drive your roadmap forwards” states that COBIT is useful when companies need to break down ITSM into manageable pieces.
- Ovum ~ In “COBIT 5: Helping Address Cultural Challenges,” Adam Holtby states, “Ovum believes that COBIT 5 offers valuable direction and tools on how the business and IT can better meet strategic objectives, while also addressing the cultural issues that are inherent with change initiatives and new implementations…Ovum believes that the business case becomes more valuable as a result of it being a continually updated resource.”
- Redmondmag.com (a site for the Microsoft IT community) ~ In “Amazon Unleashes Its Cloud Security Controls”, the blogger states that Amazon’s security policies are based on COBIT.
- “COBIT 5: A Control Framework Takes on IT Governance” states, “COBIT offers: common sense rendered in textbook form for those who want to make technology-driven processes more effective and efficient. IT World Canada, December 2011
- “Governance and innovation—mind the gaps”—states that “COBIT is an effective tool for realising stronger governance.” IT Web Business, December 2011
- A study of the use of cloud computing in German companies by the SRH Hochschule Berlin and the German Telekom showed that using COBIT and ITIL together can help with cloud services integrate system architecture. Silicon.de December 2011
- To achieve (IT maturity), companies adopt best practices, such as COBIT and Risk IT, to guide IT personnel. CIO Update, October 2011
- “Using COBIT to achieve green business-IT alignment”—states that COBIT can be used to green IT and align IT goals with business goals. ComputerWorld UK, January 2011