It is practice norm of IT whichthe American information system control association (ISACA) and the like lectures as a guide of IT of the organization such as enterprise & the self-governing community. The framework and the guideline, it consists of the consecutive data of the maturity model and tool set etc.. It is used in risk of appraisal and IT of IT investment and judgementof control andstandard etc. of EDP audit.
It is old and in the control objective (control objectives) where the American EDP auditor foundation (EDPAF) compiles & issues the American information system control foundation (ISACF) which is the rear body of EDPAF with the beginning, this IT process of 34/five IT resources/rearranging into the shape of the framework which consists of seven IT standards, it issued in 1996 as the COBIT first edition. The 2nd edition which adds tool set issued in 1998, the 3rd edition which adopts the concept of the maturity model and the like from information system control association and IT association (ITGI) was issued in 2000. To 2005 December easily to apply paragraph, ITIL and ISO 17799,COBIT 4.0 which assuresthe harmonywithPMBOK and PRINCE2 and the like was issued by actual organization. In addition, by the fact that "VAL IT" is published to 2006, also IT investment appraisal was attached relation. COBIT 4.1 is released to 2007.
Executive summary of 3rd edition, the framework and control objective, it could collect to 1 volume the management guideline from COBIT 4.0, (title of this booklet itself is COBIT 4.0). As for COBIT, IT activity is defined in four territories (domain) and control objective (high level goal of 34 and detailed goal of 318), CSF / KGI / KPI are definedconcerningthe respectivecontrol objective, furthermore that maturity level is shown at 6 stages.
* Plan and organization
1. Definition of strategic IT plan
2. Definition of information architecture
3. Decision of technical guide
4. Definition related to IT organization
5. Management of IT investment
6. Operational goal and transmission of guide
7. Management of IT man-power resources
8. Quality control
9. Assessment and management of risk
10 Project management
* Acquisition and implement
1. Verification of the solution which is automated
2. Supply maintenance of application software
3. Supply maintenance of technical basis
4. Development maintenance of process
5. Supply of IT resource
6. Management of modification
7. Introduction recognition of solution and modification
* Supply and support
1. Definition and management of service level
2. Service management third party
3. Management of efficiency and capacity
4. Guarantee of continuous service
5. Guarantee of system security
6. Identification and cost distribution
7. Education training of user
8. Service desk and incident management
9. Configurations management
10 Problem management
11. Data management
12. Physical environmental control
13 Management of use
* The monitor you appraise
1. The monitor of IT performance you appraise
2. The monitor of internal control you appraise
3. Guarantee of compliance observance
Four domains of COBIT and IT process of 34
Level 5: It is optimized (Optimized)
Level 4: It is managed (Managed)
Level 3: It is defined (Defined)
Level 2: Repetitive possibility (Repeatable)
Level 1: Elementary (Initial)
Level 0: It does not exist (Non-Existent)
The maturity level of COBIT
CMM / CMMI etc. is famous in other things, asthe model whichmeasuresthe maturity of IT organization, but with COBIT the concept of "risk" is strongly set forth. You say here, "risk" other than technical risk such as system trouble, also management system such as the fact that regarding information leakage is included. With COBIT development side utilization side management both by the fact that it does, under secure environment, IT positive index of the formulation of the structure which can be utilized is presented then. In addition, also the point where it designates that IT "is supplied" from the bender as prerequisite is one of feature.
Furthermore "COBIT" is the trade mark of ISACA and ITGI, ISACA and ITGI have the copyright regarding the COBIT book. |
