What is CobiT?
The Control Objectives for Information and related Technology (CobiT)
It is a framework and set of best practices developed by the Information Systems Audig and Control Association (ISACA) and the IT Governance Institute (ITGI).
It defines goals fo rthe controls that should be used to properly manage IT nad to ensure that IT maps to business needs.
CobiT is broken down into 4 domains.
Access Controls
Access controls are use to permit/deny users from accessing data, which helps to protect its integrity.
Masquerading
Masquerading is a term that describes a person who pretends to be an authorized user to circumvent established controls.
Asset
Any resource of value to the organization
Threat
Potential danger to an asset should a threat-agent take advantage of an asset’s vulnerability.
Threat-source / Threat-agent
Anyone or anything that has the potential to cause a threat.
Vulnerability
A flaw or weakness of an asset. Assessment of whether you’re susceptible to a threat. Something that can be controlled.
Asset Exposure Factor
An asset’s exposure factor (EF) is its degree or percent of damage that would be realized in the event of a disaster. EF is used to calculate a single loss expectancy.
4 Domains of CobiT
Control Objectives for Information and related Technology
Plan and organize
Acquire and implement
Deliver and support
Monitor and Evaluate
Data Owner
Data owners decide:
- decide how data sets are classified
- how data is protected
- ensures the agreed upon mechanisms are in place and working
- typically department heads
6 CobiT Elements
CobiT provides
- Control objectives
- Control practices
- goal indicators
- performance indicators
- success factors
- maturity models
Exposure Factor (EF)
An asset’s EXPOSURE FACTOR is its degree or percent of damage that would be realized in the event of a disaster.
