Get started Bring yourself up to speed with our introductory content.

Shape mobility plans with the COBIT 5 framework

The COBIT 5 framework helps IT organizations bring online new enterprise platforms like mobility without compromising data security and control.

The COBIT 5 framework allows IT to drive manageability, growth and sustainability in the enterprise. COBIT should...

enable -- not inhibit -- new platforms like mobility.

As IT's role in the manageability, growth and sustainability of the modern enterprise grows, so does the need for IT governance. The complex processes and frameworks to enable IT governance are difficult to implement. Basic security log audits and other forensic assessments aren't enough for the modern enterprise.

ISACA's Control Objectives for Information and Related Technology (COBIT) framework can help businesses meet these goals. COBIT is a framework of best practices for IT governance and management aimed at aligning business and IT goals. ISACA released the latest version of COBIT 5 in 2012.

COBIT only provides the framework for meeting IT and business governance and compliance; it doesn't address every conceivable compliance issue or regulatory requirement. New dynamics in the enterprise, such as mobile devices and the Internet of Things, complicate compliance issues and how IT teams must approach them.

Pairing COBIT with other IT standards

The COBIT 5 framework includes additional guidance in security and more content on IT compliance than version 4. COBIT 5 incorporates the IT governance framework Val IT and the IT risk management guidelines Risk IT. Consequently, it is now one of the most common frameworks for Sarbanes-Oxley Act (SOX) compliance within the U.S.

COBIT 5 was designed to integrate with almost any existing standard such as SOX, ITIL, Payment Card Industry Data Security Standard known as PCI DSS and several ISO standards. Many of the practices and processes used in COBIT 5 can be traced back to one or more of these detailed standards.

Potential COBIT 5 adopters should seek comprehensive training from ISACA, add experienced COBIT 5 experts to the in-house staff or pursue the support of a consultant to help streamline COBIT implementation.

COBIT 5 and the mobile world

Mobility poses an opportunity and a threat to the business; it gives end users greater freedom and can help increase productivity. However, it also creates greater risk of data loss through security and compliance breaches, lost or stolen devices, network traffic snooping, malware proliferation and poor security posture.

An internal IT goal of COBIT 5 is to enable and support business processes by integrating technologies and applications into them. This translates to business goals that often include maintaining a portfolio of competitive products and services, as well as optimizing business processes -- all entirely relevant as a foundation for mobile device deployment and support.

While a COBIT 5 framework will guide mobility initiatives, it doesn't describe specific practices or technologies for enterprise mobility. For example, a primary IT goal is to secure information, infrastructure and applications. From a COBIT 5 perspective, this corresponds to managing risk, ensuring regulatory compliance, providing business service continuity and availability, and adhering to internal business policies.

The relationship of these concerns embraces mobility and mobile device access to the enterprise. IT and business teams can use these relationships as a roadmap to implement subordinate standards and select the appropriate technologies to meet IT and business priorities for mobile devices.

With the IT and business goals of mobility understood and prioritized, IT teams can use COBIT processes to plan and organize, acquire and implement, deliver and support, monitor and evaluate, and then make any process improvements needed.

About the author:
Stephen J. Bigelow is the senior technology editor in the Data Center and Virtualization Media Group. He has more than 20 years of technical writing experience in the PC/technology industry. Bigelow holds a Bachelor of Science in electrical engineering, along with CompTIA A+, Network+, Security+ and Server+ certifications and has written hundreds of articles and more than 15 feature books on computer troubleshooting, including Bigelow’s PC Hardware Desk Reference and Bigelow’s PC Hardware Annoyances. He can be reached at sbigelow@techtarget.com.

Next Steps

Read more about COBIT 5

Choosing the right IT security framework

What it takes to acquire a COBIT 5 certification

This was last published in September 2015

Dig Deeper on IT compliance and governance strategies

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

2 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

How well do you know the COBIT 5 framework?
Cancel
Quite an informative article on the COBIT 5 framework
Cancel

-ADS BY GOOGLE

SearchWindowsServer

SearchServerVirtualization

SearchCloudComputing

Close