• Bookmark

COBIT Focus Archives

Using COBIT 5 to Assess IT Processes Capabilities and Evaluate Compliance With the World Lottery Association Security Control Standard and ISO 27001

By Ioannis Panopoulos, CISA, CRISC, CGEIT, CSXF, ISO 27001 LA, and Maria Melliou, CISA, CAML, CCO, CIA, CRMA, ISO 27001 LA

COBIT Focus | 16 October 2017


Ioannis Panopoulos Maria Melliou The internal audit team of one of the biggest gaming operators in Europe implemented a cloud-based governance, risk and compliance (GRC) platform to improve the quality of its audit work papers and the productivity and collaboration with the other assurance teams (i.e., compliance, risk, security) of the company. MetricStream was selected as partner for this implementation. Read More >>

Focus on COBIT Adoption Rather Than Implementation

By Pam Erskine, COBIT Implementation and Assessor, DevOps Fundamentals ITIL Expert, Kepner-Fourie, Lean IT, Six Sigma

COBIT Focus | 25 September 2017


Pam Erskine Organizational change management (OCM) focuses on helping people adapt to change. Research shows that by acknowledging the importance of OCM and taking steps to address the people side of change, organizations will be 4 times more likely to be successful. Read More >>

Portfolio, Program and Project Management Using COBIT 5


COBIT Focus | 11 September 2017


Sunil Bakshi Many organizations attribute their success to being able to execute their strategic goals and objectives. Execution will be successful if it is measured and if corrective actions are taken at appropriate times when there are deviations. Thus, there has to be a plan that should enable measurement, help track progress and enable corrective action to be taken at the right time to keep the execution on track. Read More >>

Participatory Health Care Security

By Ed Moyle

COBIT Focus | 21 August 2017


Ed Moyle If you have ever wanted to be a doctor but ended up taking a different career path, participatory medicine may be just the new development for you. As its name implies, it is a philosophy of providing health care in which patients abandon their traditional passive stance and instead take an active role in their treatment. Read More >>

Using ISACA Privacy Principles for GDPR Compliance


COBIT Focus | 14 August 2017


Rebecca Herold I started addressing privacy risk within a large multinational financial and health care organization around 1993 when, generally, no legal requirements for addressing privacy existed, but certainly many privacy risk factors and concerns did indeed exist. (Note: Just because there are no laws governing privacy, it does not mean there is no privacy risk or potential privacy harms; there could be many.) How times have changed. Read More >>

A Group IT Governance System Model With a Pair of Wheels—Oversight and Shared IT—for a Financial Group in Japan

By Yuichi (Rich) Inaba, CISA

COBIT Focus | 31 July 2017 Japanese


Yuichi (Rich) Inaba The financial industry in Japan has seen a growing number of organizing financial groups or conglomerates since the Japanese antitrust law was revised in the late 1990s to make it easy to establish a holding company and formulate a company group. Read More >>

COBIT 5 Aids Transition to Smart and Sustainable Cities

By Graciela Braga, CGEIT, COBIT 5 Foundation, CSX Foundation

COBIT Focus | 24 July 2017


Graciela Braga A new edition of The Green Standards Week has finished, but the journey for cities has just begun.

The International Telecommunication Union (ITU), together with several organizations, including the United Nations Human Settlements Programme (UN-Habitat) and the Inter-American Association of Telecommunication Enterprises (ASIET), have organized the 7th edition of the Green Standards Week from 3 to 5 April 2017 in Manizales, Colombia. Read More >>

COBIT 5 for Risk—A Powerful Tool for Risk Management

By Hafiz Sheikh Adnan Ahmed, CGEIT, COBIT 5 Assessor, ISO 20000 LA, ISO 27001 LA, ISO 27032 Lead Cybersecurity Manager ISO 38500 Lead IT Corporate Governance Manager, Lean Six Sigma Green Belt

COBIT Focus | 10 July 2017


Hafiz Sheikh Adnan Ahmed Today, as we continue to adapt to a highly volatile environment, businesses are becoming more proactive about risk management. Risk management is on most corporate agendas, whether a private or public organization. Special attention to risk management is paid by governments, semigovernments, stock exchanges, shareholders and regulators. Read More >>

Which Screws Have to Tighten?

By Roberto Soriano, CISA, CRISC, CISM, ISO 27001 LA, PMP

COBIT Focus | 26 June 2017 Spanish


Roberto Soriano When most organizations undertake an important process improvement effort (e.g., compliance, cyber security, governance), they typically refer to different standards and prepare a complex process to implement the improvement. Read More >>


COBIT 5 for Risk: Making Sense of IT Risk Management

By Syed Salman, CISA

COBIT Focus | 12 June 2017


A leading Big 4 professional services firm in the Middle East was selected by a large retail bank in the region to assist in enabling IT risk management practices to deliver value to the enterprise in a cost-effective manner. The bank was facing and continues to face a growing and ever-changing IT risk landscape. Read More >>

COBIT 5 and the GDPR

By Joanna Karczewska, CISA

COBIT Focus | 29 May 2017


With just a year left until the European Union’s (EU’s) General Data Protection Regulation (GDPR) takes effect, it is time for any organization with European customers to get started with the implementation of its requirements. Most supervisory authorities in EU countries have published guidelines on how to get ready. Read More >>

Applying the Goals Cascade to the COBIT 5 Principle Meeting Stakeholder Needs

By Govind Kulkarni, COBIT 5, CSQA, DevOps Master, ISO 27000 Auditor, ITIL Expert, PMP

COBIT Focus | 24 April 2017


COBIT 5 is a renowned best practice framework for governing and managing enterprise information technology. This framework covers the entire enterprise from end to end in terms of processes, organization structures, policies, skills and talent, information, and other enablers, and top to bottom from the board of directors to incident management specialists working in operations. Read More >>

How COBIT 5 Can Help Reduce the Likelihood and Impact of the Top 5 Cyberthreats

By Sue Milton, CISA, CGEIT

COBIT Focus | 3 April 2017


2017 is here with cyberbreaches increasing, with their impacts rippling ever further into business and personal life.

Are these threats too big to manage? Is cyberthreat management the ‘elephant in the room’? Read More >>

Using Visual Models for Adopting IT Governance Practices

By Rafael Almeida, Pedro Linares Pinto, Renato Lourinho, Miguel Mira da Silva, Ph.D.

COBIT Focus | 20 March 2017


IT governance (ITG) can be adopted using a mixture of various structures, processes and relational mechanisms that encourage behaviors consistent with the organization’s mission, strategy, values, norms and culture. Examples of process mechanisms are ITG frameworks, best practices and International Organization for Standardization (ISO) standards such as COBIT 5, ITIL 2011 and ISO/IEC 27001. Read More >>

A Model Proposal for Organizational Prudence and Wisdom Within Governance of Business and Enterprise IT

By Ahmet Efe, Ph.D., CISA, COBIT 5 Foundation

COBIT Focus | 6 March 2017


The intimidatingly rapid growth of big data in the ever-changing, innovative information technology environment has created challenges for enterprises, such as the optimization of risk, costs and resources to best respond to the requirements of the ecosystem and the needs of stakeholders.

The Essence of Information

By Peter T. Davis, CISA, CISM, CGEIT, COBIT Foundation, COBIT Implementation, COBIT Assessor, COBIT INCS, CISSP, CPA, CMA, CMC, DevOps FC, ITIL FC, ISO 9001 FC, ISO 20000 FC/LI/LA, ISO 27001 LI/LA, ISO 27005 Lead Risk Manager, ISO 27032 Lead Cybersecurity Manager, ISO 28000 FC, ISO 31000 Lead Risk Manager, ISTQB CTFL, Lean IT FC, Open FAIR FC, PMI-RMP, PMP, PRINCE2 FC, RESILIA FC, SFC, SSGB

COBIT Focus | 13 February 2017


I was taught that information was processed data. While the definition was useful, it was not very enlightening. It raised as many questions as it answered. Who uses the information? Why do I need information? For what do I use information? Where do I use information? When do I use it? How do I use it? So many questions. Read More >>

Extending COBIT 5 Data Security and Governance Guidance

By Myles Suer, ITIL, and Les McMonagle, CISA, CISSP, ITIL

COBIT Focus | 30 January 2017


COBIT 5 contains highly relevant guidance for IT practitioners and business leaders regarding governing and protecting data and information. However, the question of whether COBIT 5 is enough should be asked. This article explores what COBIT 5 provides and does not provide, then suggests a series of appropriate additions. Read More >>

Developing Business Capabilities Using COBIT 5

By Oluwaseyi Ojo, CEng, CRISC, CISM, CGEIT, COBIT 5 Certified Assessor, CISSP, TOGAF 9

COBIT Focus | 16 January 2017


To execute your strategy, you need to build business capabilities. In order to ensure a business will be successful in the future, an organization must understand how it defines success and must know if it has the capability today to do better or to do more to achieve this success.

Setting the Record Straight: Convincing Management of COBIT’s Value in Risk Management

By Julian Marquez, CISA, CRISC, COBIT Foundation, ISO 27001 LA, ITIL Foundation

COBIT Focus | 3 January 2017


Although COBIT remains an extremely valuable tool for IT risk management, many Latin American companies still find themselves slightly confused when trying to understand what it takes to carry out a complete or partial COBIT implementation. In fact, organizations still struggle with how to achieve long-term business and IT goals through ... Read More >>

Using COBIT for IT Organizational Design

By Azhar Zia-ur-Rehman, CISA, CRISC, CISM, ISO 27001 LA

COBIT Focus | 19 December 2016


The organizational structure of an IT department is usually the result of a series of changes, trials, experiments and political manipulations. It is often adjusted to suit or accommodate individuals. As a result, the organization is sometimes cumbersome and the cause of problems, inefficiency and excess cost. Read More >>

COBIT 5 Mapping Exercise for Establishing Enterprise IT Strategy

By Christopher Oparaugo, CISM, CGEIT, CRISC

COBIT Focus | 5 December 2016


In recent years, (as demonstrated in my previous article titled “ISO/IEC 27001 Process Mapping to COBIT 4.1 to Derive a Balanced Scorecard for IT Governance”), the balanced scorecard (BSC) has been applied to enterprise IT and the first real-life IT security governance application has been developed based on mapping the control objectives from the... Read More >>

COBIT 5: Creating Buy-in and Empowering Teams to Change

By Paul Wilkinson and Gary Hardy

COBIT Focus | 28 November 2016


It is an inescapable fact that IT is changing the way organizations do business. There is a global emphasis on “digital transformation,” which means that IT is increasingly becoming a critical enabler to realizing business value. At the same time, IT represents a significant risk if not governed effectively. Read More >>

COBIT 5: Taking IT Governance and Management to the Next Level

By Syed Salman, CISA

COBIT Focus | 14 November 2016


A Big 4 professional services firm in the Middle East region was selected by a leading retail bank in the region to assist in finding solutions to pressing problems related to IT governance and IT management. The bank was and continues to be heavily dependent on IT infrastructure and IT application systems to deliver an efficient and effective banking experience to its customers. Read More >>

Ensuring Value From IT-enabled Investments

By Aamir Jamil, CISM, CGEIT

COBIT Focus | 31 October 2016


Ensuring that value is realized from IT investments is an essential component of enterprise governance. IT governance in practice ensures that IT investments deliver the promised benefits against the strategy at an agreed risk exposure. It also concentrates on optimizing resources throughout the economic life cycle—including the initial investment and the resulting IT services and other IT assets. Read More >>

A Partial Transition to COBIT 5 Demonstrates Value to IT

By Victor Antonio Jimenez

COBIT Focus | 24 October 2016


Several years ago, the IT department of the largest bakery factory in the world, with a presence in the United States, Mexico, Central America, South America, Asia, Europe, Canada and the United Kingdom, conducted a COBIT 4 assessment and implementation of a enterprise governance.

Change Enablement for GEIT Implementation and Improvement

By Peter Tessin, CISA, CRISC, CGEIT

COBIT Focus | 17 October 2016


Frameworks, best practices and standards are useful only if they are adopted and adapted effectively. A successful governance of enterprise IT (GEIT) implementation or improvement requires an enterprise culture that is accepting and supportive of the changes that a GEIT implementation brings to the enterprise. Read More >>

Using COBIT 5: Enabling Information to Perform an Information Quality Assessment

By Felipe da Silva Antonio, COBIT Foundation, CTFL, and Alessandro Manotti, CISA, CISM

COBIT Focus | 3 October 2016 Portuguese


Information is considered a main resource for any organization as the evolution of information technology in recent decades has reached almost all organizations. No matter their size—small, medium or large—organizations use computer systems to perform the most critical processes and provide them competitive advantage. Companies currently use the power of data analytics to decide where to open a branch, how to increase investments or when to launch a product in accordance with their target customers. Read More >>

Introduction to COBIT Videos Provide Insights into COBIT 5

By Mark Thomas, CRISC, CGEIT, and Peter Tessin, CISA, CRISC, CGEIT

COBIT Focus | 19 September 2016


The Introduction to COBIT Video Series is a collection of short videos that explain, in a straightforward, simple manner, the many features, tools and benefits of the COBIT 5 framework. The series can be viewed from start to finish or by module, based on individual needs and interests. Read More >>

Ambiguities in Translation of Information and Knowledge Concepts in COBIT 5

By Ahmet Efe, Ph.D., CISA, COBIT 5 Foundation

COBIT Focus | 12 September 2016


Data, information, knowledge, business intelligence and wisdom (DIKIW) are sequential, theoretical and conceptual stations of understanding. Some researchers assert that business intelligence (or intelligence) is different than knowledge and wisdom. Each concept of DIKIW has its place in guiding individuals and legal entities to take proper action to save more in assets while losing less in resources. Read More >>

The Importance of Planning a Governance of Enterprise IT Implementation

By Peter Tessin, CISA, CRISC, CGEIT

COBIT Focus | 29 August 2016


Embarking on a governance of enterprise IT (GEIT) implementation can be intimidating. There is plenty of anecdotal evidence describing failed GEIT projects and the problems associated with GEIT implementations. In my experience, common elements in failed GEIT implementations include a failure to obtain key executive commitment and not performing adequate analyses of the enterprise prior to embarking on the GEIT implementation itself. Read More >>


COBIT Focus Archives page 1 | 2 | 3 | 4