ISACA is currently updating the audit/assurance programs for COBIT 5. The first group of programs to be released will be a series of programs for the COBIT 5 processes, based on the generic structure developed in the COBIT 5 for Assurance publication. The new audit/assurance programs will be fully aligned with COBIT 5, and will explicitly reference all seven enablers. The programs will be released by domain.
- Evaluate, Direct and Monitor (EDM) February 2014
- Align, Plan and Organise (APO) are scheduled to be available in August 2014
- Build, Acquire and Implement (BAI) are scheduled to be available in August 2014
- Deliver, Service and Support (DSS) are scheduled to be available in August 2014
- Monitor, Evaluate and Access (MEA) are not in development at this time
DevOps refers to the movement within IT to improve relationships between development and operations. It relies on agile-like development methods, allowing smaller code changes to be released more frequently (e.g., every 5 to 6 days) when compared with traditional development and release management (e.g., with long cycle times). These methods may be especially promising for new web-based applications (e.g., more than legacy applications). The first publication in this series is an overview white paper scheduled to be issued in the second quarter of 2014.
Implementation Guidance for US Cybersecurity Framework
In 2013 President Obama issued executive order 13636, which directed NIST to work with stakeholders to develop a voluntary framework for reducing cyber risks. This deliverable will provide enterprises that wish to implement the framework guidance on how to do so leveraging COBIT 5. The book is scheduled to be issued in second quarter 2014 and the sector-specific appendices are scheduled to be available in third quarter 2014.
Operational Risk Management/Basel Using COBIT 5
This will provide an update of the existing publication “IT Control Objectives Basel II” to align it with COBIT 5 and related publications. Concepts will be updated to reflect the current state of the technology, challenges, risk and necessary assurance practices. This book is scheduled to be available in first quarter 2015.
The book will describe the importance of protecting credit card and customer data and the role that compliance with the PCI DSS requirements plays in helping organizations develop and implement a security model that ensures the protection of data used for credit card processing. It will provide practical guidance related to the PCI DSS compliance requirements to help members understand how to achieve and maintain compliance with the standard through a robust security program that covers all six domains described in the PCI DSS standard. This book is scheduled to be available in fourth quarter 2014.
Risk Scenarios for COBIT 5 for Risk
This professional guide will provide practical guidance on how to use COBIT 5 for Risk to solve for current business issues. Specific risk scenarios, along with other pragmatic application methods, will be demonstrated. The issue date is still to be determined.
Sarbanes-Oxley: Using COBIT 5
This publication updates the 2006 edition of this practical guide for executive management and IT control professionals when evaluating an organization's IT controls required by the US Sarbanes-Oxley Act of 2002. It will provide practical guidance on using COBIT 5 when performing SOX engagements. It is scheduled to be available in third quarter 2014.
Security, Audit and Control Features SAP ERP, 4th Edition
This publication updates the 2009 edition of this practical, how-to guide in the technical and risk management series. It enables assurance, security and risk professionals (both IT and non-IT) to evaluate risks and controls in existing ERP implementations and facilitates the design and building of better practice controls into system upgrades and enhancements. It is scheduled to be available in third quarter 2014.