The COBIT 5 framework allows IT to drive manageability, growth and sustainability in the enterprise. COBIT should...
enable -- not inhibit -- new platforms like mobility.
As IT's role in the manageability, growth and sustainability of the modern enterprise grows, so does the need for IT governance. The complex processes and frameworks to enable IT governance are difficult to implement. Basic security log audits and other forensic assessments aren't enough for the modern enterprise.
ISACA's Control Objectives for Information and Related Technology (COBIT) framework can help businesses meet these goals. COBIT is a framework of best practices for IT governance and management aimed at aligning business and IT goals. ISACA released the latest version of COBIT 5 in 2012.
COBIT only provides the framework for meeting IT and business governance and compliance; it doesn't address every conceivable compliance issue or regulatory requirement. New dynamics in the enterprise, such as mobile devices and the Internet of Things, complicate compliance issues and how IT teams must approach them.
Pairing COBIT with other IT standards
The COBIT 5 framework includes additional guidance in security and more content on IT compliance than version 4. COBIT 5 incorporates the IT governance framework Val IT and the IT risk management guidelines Risk IT. Consequently, it is now one of the most common frameworks for Sarbanes-Oxley Act (SOX) compliance within the U.S.
COBIT 5 was designed to integrate with almost any existing standard such as SOX, ITIL, Payment Card Industry Data Security Standard known as PCI DSS and several ISO standards. Many of the practices and processes used in COBIT 5 can be traced back to one or more of these detailed standards.
Potential COBIT 5 adopters should seek comprehensive training from ISACA, add experienced COBIT 5 experts to the in-house staff or pursue the support of a consultant to help streamline COBIT implementation.
COBIT 5 and the mobile world
Mobility poses an opportunity and a threat to the business; it gives end users greater freedom and can help increase productivity. However, it also creates greater risk of data loss through security and compliance breaches, lost or stolen devices, network traffic snooping, malware proliferation and poor security posture.
An internal IT goal of COBIT 5 is to enable and support business processes by integrating technologies and applications into them. This translates to business goals that often include maintaining a portfolio of competitive products and services, as well as optimizing business processes -- all entirely relevant as a foundation for mobile device deployment and support.
While a COBIT 5 framework will guide mobility initiatives, it doesn't describe specific practices or technologies for enterprise mobility. For example, a primary IT goal is to secure information, infrastructure and applications. From a COBIT 5 perspective, this corresponds to managing risk, ensuring regulatory compliance, providing business service continuity and availability, and adhering to internal business policies.
The relationship of these concerns embraces mobility and mobile device access to the enterprise. IT and business teams can use these relationships as a roadmap to implement subordinate standards and select the appropriate technologies to meet IT and business priorities for mobile devices.
With the IT and business goals of mobility understood and prioritized, IT teams can use COBIT processes to plan and organize, acquire and implement, deliver and support, monitor and evaluate, and then make any process improvements needed.
About the author:
Stephen J. Bigelow is the senior technology editor in the Data Center and Virtualization Media Group. He has more than 20 years of technical writing experience in the PC/technology industry. Bigelow holds a Bachelor of Science in electrical engineering, along with CompTIA A+, Network+, Security+ and Server+ certifications and has written hundreds of articles and more than 15 feature books on computer troubleshooting, including Bigelow’s PC Hardware Desk Reference and Bigelow’s PC Hardware Annoyances. He can be reached at firstname.lastname@example.org.
Read more about COBIT 5
Choosing the right IT security framework
What it takes to acquire a COBIT 5 certification