Explore topic-wise InterviewSolutions in .

Overlap in the control objectives, although not occurring OFTEN, was intentional. Some control objectives TRANSCEND domains and processes and, THEREFORE, must be repeated to ensure that they exist in each DOMAIN or process. Some control objectives are meant to be cross-checks of one ANOTHER and, therefore, must be repeated to ensure consistent application in more than one domain or process. Thus, although potentially perceived as overlapping, COBIT intentionally repeats some control objectives to ensure appropriate coverage of these IT controls.

Overlap in the control objectives, although not occurring often, was intentional. Some control objectives transcend domains and processes and, therefore, must be repeated to ensure that they exist in each domain or process. Some control objectives are meant to be cross-checks of one another and, therefore, must be repeated to ensure consistent application in more than one domain or process. Thus, although potentially perceived as overlapping, COBIT intentionally repeats some control objectives to ensure appropriate coverage of these IT controls.

The application controls were originally fully integrated in the COBIT model. This option had been taken considering that COBIT is business-process-oriented and that at this level application controls are MERELY part of the overall controls to be exercised over information systems and related TECHNOLOGY. In most cases, however, this part cannot be outsourced. Hence, the question is of prime importance.

Before the PUBLICATION of COBIT 4.0, there was one process, Manage data, where the traditional transactions and file controls COULD be found. In COBIT 4.0 the application controls were taken out of DS10 and MADE part of the COBIT framework using the ACn prefix, because it was decided that they had become accepted as being owned by business process owners and not part of an IT process. With COBIT 4.1, they have been simplified to six key application control objectives, AC1 to 6.

The application controls were originally fully integrated in the COBIT model. This option had been taken considering that COBIT is business-process-oriented and that at this level application controls are merely part of the overall controls to be exercised over information systems and related technology. In most cases, however, this part cannot be outsourced. Hence, the question is of prime importance.

Before the publication of COBIT 4.0, there was one process, Manage data, where the traditional transactions and file controls could be found. In COBIT 4.0 the application controls were taken out of DS10 and made part of the COBIT framework using the ACn prefix, because it was decided that they had become accepted as being owned by business process owners and not part of an IT process. With COBIT 4.1, they have been simplified to six key application control objectives, AC1 to 6.

The COBIT control objectives are generic in nature and address activities or tasks within IT processes. This way they are platform-independent. However, they are the OVERALL structure wherein more specific platform-related controls are to be defined. In fact, the general control objectives should REMAIN valid regardless of WHETHER one is controlling, for example, a mainframe platform or an office automation platform. It is obvious that CERTAIN aspects will require more emphasis in a GIVEN environment.

The COBIT control objectives are generic in nature and address activities or tasks within IT processes. This way they are platform-independent. However, they are the overall structure wherein more specific platform-related controls are to be defined. In fact, the general control objectives should remain valid regardless of whether one is controlling, for example, a mainframe platform or an office automation platform. It is obvious that certain aspects will require more emphasis in a given environment.

The LIST of primary references was developed as a COLLECTIVE CONSENSUS based on the experience of the PROFESSIONALS who participated in the CSC's research, expert review and quality assurance efforts.

The list of primary references was developed as a collective consensus based on the experience of the professionals who participated in the CSC's research, expert review and quality assurance efforts.

To assure the high level of quality of COBIT, several measures have been taken. The most important are:

• The whole research process has been overseen by the IT GOVERNANCE Committee (ITGC), which is responsible for all ITGI research, and directed by the COBIT Steering Committee (CSC). Besides preconceiving the deliverables, the CSC has also been responsible for the final quality of these deliverables.
• A CIO panel provides insights and suggestions for further developments.
• The detailed research results have been quality-controlled throughout.
• The preliminary research involved several COBIT development groups based around the world.
• Before being issued, the final texts were DISTRIBUTED to more than 100 specialists, including process owners, business managers and analysts, such as Gartner, to OBTAIN their comments.
• Overall, experience shows that the COBIT model appeals to members of business management as a whole; they appreciate the added value of it in view of improving their control over IT. In this regard, ITGI is confident that the required quality level, beyond customer satisfaction, has been achieved, ALTHOUGH feedback is always welcomed and considered. Because COBIT development is a CONTINUOUS improvement process based on real experience by users, there will always be potential improvements to quality and usefulness.

To assure the high level of quality of COBIT, several measures have been taken. The most important are:

COBIT is used globally by those who have the PRIMARY RESPONSIBILITIES for business PROCESSES and technology, those who DEPEND on technology for RELEVANT and reliable information, and those providing quality, reliability and control of information technology.

COBIT is used globally by those who have the primary responsibilities for business processes and technology, those who depend on technology for relevant and reliable information, and those providing quality, reliability and control of information technology.

The purpose of COBIT is to provide management and business process owners with an information technology (IT) governance model that helps in DELIVERING value from IT and understanding and managing the RISKS associated with IT. COBIT helps BRIDGE the gaps amongst business requirements, control needs and technical issues. It is a control model to MEET the needs of IT governance and ensure the integrity of information and information systems.

The purpose of COBIT is to provide management and business process owners with an information technology (IT) governance model that helps in delivering value from IT and understanding and managing the risks associated with IT. COBIT helps bridge the gaps amongst business requirements, control needs and technical issues. It is a control model to meet the needs of IT governance and ensure the integrity of information and information systems.

COBIT 5 is CLOSELY related to most frameworks, controls and standards which includes ISO27001, Prince 2, ITIL, ISO20000, TOGAF, SOX and many such frameworks. It looks after all the internal as well as external services of IT which are RELEVANT. And it also looks after the PROCESSES of business which are external as well as internal. It also gives an overall systematic view of the MANAGEMENT and governance of the IT enterprises which is BASED on the enablers and their total numbers. 

COBIT 5 is closely related to most frameworks, controls and standards which includes ISO27001, Prince 2, ITIL, ISO20000, TOGAF, SOX and many such frameworks. It looks after all the internal as well as external services of IT which are relevant. And it also looks after the processes of business which are external as well as internal. It also gives an overall systematic view of the management and governance of the IT enterprises which is based on the enablers and their total numbers. 

Yes, because the organizations fail to look at the numerous vulnerabilities in a system and they usually FIX that particular problem and not take into account those numerous vulnerabilities. One method of doing this is to create and manage the control matrix. This should incorporate areas of controls which are critical and the interest. These can be developed either during assessments of risks or by the usage of the standards which are essential for the better practice. Processes are used by the BUSINESS organizations as well as the IT for getting outcomes and they need to be consistent. Security teams must have a security program and a framework.

A organizational hierarchy is essential to monitor an d reach the strategic objectives. The decision makers at EVERY level are the stakeholders in the processes and the outcomes. The cultural differences of the employees must be CONSIDERED when securing the workplace. The information delivered by the IT is through applications, services and the infrastructure. The implementation of the control of security calls for attention to competencies, people and the skills which are both inside and outside of the IT. It is necessary to integrate the enablers and frameworks, principles and policies are the means for that. The expected outcomes are achieved by the help of enablers and also in the development of the frameworks, policies and the principles.

Yes, because the organizations fail to look at the numerous vulnerabilities in a system and they usually fix that particular problem and not take into account those numerous vulnerabilities. One method of doing this is to create and manage the control matrix. This should incorporate areas of controls which are critical and the interest. These can be developed either during assessments of risks or by the usage of the standards which are essential for the better practice. Processes are used by the business organizations as well as the IT for getting outcomes and they need to be consistent. Security teams must have a security program and a framework.

A organizational hierarchy is essential to monitor an d reach the strategic objectives. The decision makers at every level are the stakeholders in the processes and the outcomes. The cultural differences of the employees must be considered when securing the workplace. The information delivered by the IT is through applications, services and the infrastructure. The implementation of the control of security calls for attention to competencies, people and the skills which are both inside and outside of the IT. It is necessary to integrate the enablers and frameworks, principles and policies are the means for that. The expected outcomes are achieved by the help of enablers and also in the development of the frameworks, policies and the principles.

GOVERNANCE looks after the perspectives and LAWS which are REQUIRED in the organization. Compliance is the measures taken up by the company to follow to governance in various MANNERS. 

Governance looks after the perspectives and laws which are required in the organization. Compliance is the measures taken up by the company to follow to governance in various manners. 

There is a publication developed which ACTS as a guide with respect to what needs to be done in order to MAKE the transition SMOOTHER and effective. 

There is a publication developed which acts as a guide with respect to what needs to be done in order to make the transition smoother and effective. 

It HELPS in differentiating between the ROLES of the management and the board and to direct and MONITOR the OBJECTIVES, priorities and decisions related to IT. 

It helps in differentiating between the roles of the management and the board and to direct and monitor the objectives, priorities and decisions related to IT. 

It will be ruled by the management and it will be USED as an INVESTMENT which is supported by any of the cases of business. COBIT 5 helps in a dialogue amongst the security and the management which is easy for understanding the security PRACTICES. 

It will be ruled by the management and it will be used as an investment which is supported by any of the cases of business. COBIT 5 helps in a dialogue amongst the security and the management which is easy for understanding the security practices. 

MOSTLY people CHOOSE both COBIT and ITIL they are mostly complementary TOGETHER and not MUCH competing against each other. 

Mostly people choose both COBIT and ITIL they are mostly complementary together and not much competing against each other. 

It is an acronym for Information Technology Infrastructure Library. It is an all-inclusive set of practices that are developed and executed in the IT. It has a series of 5 VOLUMES and each of these volumes have a DIFFERENT stage of the IT. ITIL supports the previous BS 15000 there is STILL a difference between the framework of ITIL and the BS 15000 which is now known as the ISO 20000.

It describes the tasks, procedures, processes, checklists which aren’t specific to the organization but they can be applied by any organization which are trying to establish integration. It lets the organization to have a baseline which helps them to measure, implement and plan which can be HELPFUL in the demonstration of compliance and to measure the improvement. AXELOS has ownership over ITIL and it provides licenses to the organization for the usage of ITIL. It provides accreditation to the institutes which are licensed for the examination and managing the updates of the framework.

It is an acronym for Information Technology Infrastructure Library. It is an all-inclusive set of practices that are developed and executed in the IT. It has a series of 5 volumes and each of these volumes have a different stage of the IT. ITIL supports the previous BS 15000 there is still a difference between the framework of ITIL and the BS 15000 which is now known as the ISO 20000.

It describes the tasks, procedures, processes, checklists which aren’t specific to the organization but they can be applied by any organization which are trying to establish integration. It lets the organization to have a baseline which helps them to measure, implement and plan which can be helpful in the demonstration of compliance and to measure the improvement. AXELOS has ownership over ITIL and it provides licenses to the organization for the usage of ITIL. It provides accreditation to the institutes which are licensed for the examination and managing the updates of the framework.

It is a FRAMEWORK of governance and a tool of SUPPORT that allows the participants to bridge the distance between any issues of TECHNICALITY, risks involved in BUSINESS and the requirements of control. 

It is a framework of governance and a tool of support that allows the participants to bridge the distance between any issues of technicality, risks involved in business and the requirements of control. 

COBIT 5 CLEARLY differentiates between MANAGEMENT and GOVERNANCE. It also calls for different DIMENSIONS and inputs to the regime of the governance. COBIT 5 also incorporates the different FRAMEWORKS that were developed by ISACA. 

COBIT 5 clearly differentiates between management and governance. It also calls for different dimensions and inputs to the regime of the governance. COBIT 5 also incorporates the different frameworks that were developed by ISACA. 

The amount and level of training necessary is a function of how comfortable ONE FEELS with the product; however, practical experience has shown that successful implementation is directly related to the amount of COBIT knowledge ACQUIRED. THEREFORE, training is considered to be very important but the training also has to be properly and correctly provided, which is why ISACA developed a portfolio of courses. The IT Governance Implementation Guide: Using COBIT and Val IT, 2nd Edition, and the IT Assurance Guide provide valuable support FOLLOWING attendance at training courses.

The amount and level of training necessary is a function of how comfortable one feels with the product; however, practical experience has shown that successful implementation is directly related to the amount of COBIT knowledge acquired. Therefore, training is considered to be very important but the training also has to be properly and correctly provided, which is why ISACA developed a portfolio of courses. The IT Governance Implementation Guide: Using COBIT and Val IT, 2nd Edition, and the IT Assurance Guide provide valuable support following attendance at training courses.

COBIT 5 is supposed to recognize that information SECURITY is a prevalent ENABLER which AFFECTS the ENTIRE enterprise and not just one service. 

COBIT 5 is supposed to recognize that information security is a prevalent enabler which affects the entire enterprise and not just one service. 

Most senior managers are aware of the IMPORTANCE of the general control frameworks with respect to their FIDUCIARY responsibility, such as COSO, Cadbury, COCO or King II; however, they may not necessarily be aware of the details of each. In addition, management is increasingly aware of the more technical security guidance such as ISO 17799, and service delivery guidance such as ITIL.

Although the aforementioned models emphasize business control and IT security and service issues, only COBIT attempts to deal with IT-specific control issues from a business perspective. It should be noted that COSO was used as source material for the business model and ISO 17799 and ITIL, amongst many others, were used to develop the control objectives. COBIT is not meant to replace any of these control models. It is intended to emphasize what control is required in the IT environment while WORKING with and BUILDING on the strengths of these other control models.

Most senior managers are aware of the importance of the general control frameworks with respect to their fiduciary responsibility, such as COSO, Cadbury, CoCo or King II; however, they may not necessarily be aware of the details of each. In addition, management is increasingly aware of the more technical security guidance such as ISO 17799, and service delivery guidance such as ITIL.

Although the aforementioned models emphasize business control and IT security and service issues, only COBIT attempts to deal with IT-specific control issues from a business perspective. It should be noted that COSO was used as source material for the business model and ISO 17799 and ITIL, amongst many others, were used to develop the control objectives. COBIT is not meant to replace any of these control models. It is intended to emphasize what control is required in the IT environment while working with and building on the strengths of these other control models.

Yes, it has been accepted in many organizations globally, and new cases continue to be documented. However, it should not surprise anyone that in those entities where the CIO has embraced COBIT as a usable IT framework, this has come as a direct consequence of one or more COBIT champions within the audit and/or IT department(s). Even more important than acceptance by the CIO is acceptance by the board and executive management. Successful implementation of IT governance using COBIT depends greatly on the COMMITMENT of top management.

The addition of the management guidelines should also increase the acceptance of COBIT by enterprise and IT management. The emphasis on alignment of IT with enterprise goals, self-assessment and performance measurement will ensure that COBIT is seen not only as a control framework, but also as providing a SET of tools for improving the effectiveness of information and IT resources. The INTEGRATION of the management guidelines with the COBIT framework and control OBJECTIVES provide additional emphasis for management to use COBIT as the authoritative, up-to-date and established model for IT control and governance.

Yes, it has been accepted in many organizations globally, and new cases continue to be documented. However, it should not surprise anyone that in those entities where the CIO has embraced COBIT as a usable IT framework, this has come as a direct consequence of one or more COBIT champions within the audit and/or IT department(s). Even more important than acceptance by the CIO is acceptance by the board and executive management. Successful implementation of IT governance using COBIT depends greatly on the commitment of top management.

The addition of the management guidelines should also increase the acceptance of COBIT by enterprise and IT management. The emphasis on alignment of IT with enterprise goals, self-assessment and performance measurement will ensure that COBIT is seen not only as a control framework, but also as providing a set of tools for improving the effectiveness of information and IT resources. The integration of the management guidelines with the COBIT framework and control objectives provide additional emphasis for management to use COBIT as the authoritative, up-to-date and established model for IT control and governance.

The framework provided by COBIT provides utmost benefits and breadth unlike any other framework. It helps in maintaining high level of information to provide the needed support for any decisions regarding BUSINESS and it also helps in achieving the strategic set goals through innovative and effective USAGE of the IT. It also helps in ATTAINING OPTIMAL cost of the TECHNOLOGY and services provided by the IT. 

The framework provided by COBIT provides utmost benefits and breadth unlike any other framework. It helps in maintaining high level of information to provide the needed support for any decisions regarding business and it also helps in achieving the strategic set goals through innovative and effective usage of the IT. It also helps in attaining optimal cost of the technology and services provided by the IT. 

The reality is that probably no two COBIT maturity assessments are performed in exactly the same manner. COBIT PROVIDES some tools and techniques, and the COBIT user will follow an approach based on specific enterprise needs. The assessments can be high-level, often in a workshop discussion, or detailed with careful gap analysis.

Generically, the following common principles usually apply:

• The maturity requirements should be DRIVEN by business requirements IDEALLY expressed as business and IT goals.
• The requirements depend on the scope being considered and can be very specific for a particular scope or high-level if the scope is for the enterprise as a whole.
• The maturity models help assess capability (defined in COBIT to mean how well the process is being MANAGED in comparison to the COBIT maturity models and attributes).
• The maturity attributes can be used to analyze current maturity levels in detail and are required to do a proper gap analysis.
• COBIT's control objectives provide a way to measure how well the process addresses key controls needed to minimize risk and deliver value.
• COBIT's control practices can be used to help DESIGN improved processes and to increase process maturity, together with other industry standards and best practices.
• It is recommended that that the maturity attributes be used to assess at a detailed level and to carry out a gap analysis, so that the root causes of immaturity can be identified and business decisions can be taken on where to invest to improve maturity for least cost and maximum benefit. IT Governance Implementation Guide: Using COBIT and Val IT, 2nd Edition, provides a road map that includes guidance on the above steps.

The reality is that probably no two COBIT maturity assessments are performed in exactly the same manner. COBIT provides some tools and techniques, and the COBIT user will follow an approach based on specific enterprise needs. The assessments can be high-level, often in a workshop discussion, or detailed with careful gap analysis.

Generically, the following common principles usually apply:

The MMs in COBIT , like all the COBIT GUIDANCE, are intended to be tailored and developed to suit the specific needs of the enterprise. The guidance is also at a high LEVEL with the intention that it provides generic guidance, not specific, detailed criteria. In particular, the maturity attributes are very generic and high-level, intended to be a simple guide for any process. When performing a COBIT maturity assessment, specific attribute details will need to be identified for the process under review, and compared to COBIT's control objectives, control practices, and GOALS and metrics to the desired level of detail. COBIT does not prescribe the assessment approach, which is a management decision, ranging from a high-level WORKSHOP discussion to an in-depth analysis, as appropriate, driven by business needs.

In CMM/CMMI, although the guidance would always need to be tailored for a given appraisal situation, the standard guidance is much more specific and detailed, due to its much narrower focus on software product delivery and more formal appraisal/assessment PROCEDURE.

The MMs in COBIT , like all the COBIT guidance, are intended to be tailored and developed to suit the specific needs of the enterprise. The guidance is also at a high level with the intention that it provides generic guidance, not specific, detailed criteria. In particular, the maturity attributes are very generic and high-level, intended to be a simple guide for any process. When performing a COBIT maturity assessment, specific attribute details will need to be identified for the process under review, and compared to COBIT's control objectives, control practices, and goals and metrics to the desired level of detail. COBIT does not prescribe the assessment approach, which is a management decision, ranging from a high-level workshop discussion to an in-depth analysis, as appropriate, driven by business needs.

In CMM/CMMI, although the guidance would always need to be tailored for a given appraisal situation, the standard guidance is much more specific and detailed, due to its much narrower focus on software product delivery and more formal appraisal/assessment procedure.

It was initially KNOWN as the Information Technology Infrastructure Library and it is known as a set of the practices for the ITSM that is the IT SERVICE and management. This focuses on make even the SERVICES provided by the IT along with the business needs.

It was initially known as the Information Technology Infrastructure Library and it is known as a set of the practices for the ITSM that is the IT service and management. This focuses on make even the services provided by the IT along with the business needs.

The initial was COBIT which was followed by COBIT 2 then by COBIT 3, then there was COBIT 4 then COBIT 4.1 and the latest version in use is COBIT 5. 

The initial was COBIT which was followed by COBIT 2 then by COBIT 3, then there was COBIT 4 then COBIT 4.1 and the latest version in use is COBIT 5. 

The components included in COBIT are the framework, the process descriptions, the control objectives, the management GUIDELINES and the maturity MODELS. In the framework the basic idea is to ORGANIZE the good practice and governance of IT by its domains and processes and LINK them to the requirements of the business. In control objectives there is list of requirements which are to be measured by the management for EFFICIENT control of various processes of IT. The maturity models assess the maturity and the capabilities and address redressal regarding any gaps. 

The components included in COBIT are the framework, the process descriptions, the control objectives, the management guidelines and the maturity models. In the framework the basic idea is to organize the good practice and governance of IT by its domains and processes and link them to the requirements of the business. In control objectives there is list of requirements which are to be measured by the management for efficient control of various processes of IT. The maturity models assess the maturity and the capabilities and address redressal regarding any gaps. 

The add-on which was assurance related was out in the MONTH of JUNE in the year of 2013 and the INFORMATION security related was out in the month of December in the year of 2012.

The add-on which was assurance related was out in the month of June in the year of 2013 and the information security related was out in the month of December in the year of 2012.

There were SEVERAL reasons for the DEVELOPMENT of COBIT 5. There was a necessity for a business which covers the entire functions of IT and business. There was an utmost need for organization of the information and dissemination of the information which was CONCERNED with the framework. There was a need to integrate COBIT with other recommendations, FRAMEWORKS and researches of ISACA. 

There were several reasons for the development of COBIT 5. There was a necessity for a business which covers the entire functions of IT and business. There was an utmost need for organization of the information and dissemination of the information which was concerned with the framework. There was a need to integrate COBIT with other recommendations, frameworks and researches of ISACA. 

COBIT 5 has been recently RELEASED in the year of 2012 in the MONTH of APRIL.

COBIT 5 has been recently released in the year of 2012 in the month of April.

It is used by the people who have certain responsibilities regarding the PROCESSES of the business and its technology. The information NEEDS to be reliable and RELEVANT and it must have some quality and control of the information being provided as WELL as that of technology.

It is used by the people who have certain responsibilities regarding the processes of the business and its technology. The information needs to be reliable and relevant and it must have some quality and control of the information being provided as well as that of technology.

It was formed in the year of 1969 and it was run by a small circle of individuals who REALIZED that there was a need for a source of guidance and information in the then upcoming field of computer system’s control of auditing. But now it serves various professionals. As of now ISACA has 140,000 and more CONSTITUENCY which is present worldwide. And it is known for its diversity. These CONSTITUENTS are known to work and live in not less than one hundred and eight countries and take up most of the positions related to IT.

These positions include the chief information officer, IS auditor, internal auditor, IS SECURITY professional, regulator etc. Some can be new in the field but most of them are at the ranks of the seniors. They are known to work in most of the categories in any of the industries which includes utilities, manufacturing, public and government sector, FINANCE and banking etc.

It was formed in the year of 1969 and it was run by a small circle of individuals who realized that there was a need for a source of guidance and information in the then upcoming field of computer system’s control of auditing. But now it serves various professionals. As of now ISACA has 140,000 and more constituency which is present worldwide. And it is known for its diversity. These constituents are known to work and live in not less than one hundred and eight countries and take up most of the positions related to IT.

These positions include the chief information officer, IS auditor, internal auditor, IS security professional, regulator etc. Some can be new in the field but most of them are at the ranks of the seniors. They are known to work in most of the categories in any of the industries which includes utilities, manufacturing, public and government sector, finance and banking etc.

It was initially CALLED the Information SYSTEMS Audit and Control ASSOCIATION. It is a global nonprofit association that DEVELOPS, ADOPTS practices and knowledge which are accepted universally for information systems. 

It was initially called the Information Systems Audit and Control Association. It is a global nonprofit association that develops, adopts practices and knowledge which are accepted universally for information systems. 

COBIT is an acronym for CONTROL Objectives for Information and Related TECHNOLOGY. ISACA created this FRAMEWORK for the GOVERNANCE and management of IT. 

COBIT is an acronym for Control Objectives for Information and Related Technology. ISACA created this framework for the governance and management of IT.