1. CobiT 4.1 Information Technology Control Objectives & Control Practices John W. Beveridge Office of the State Auditor Enterprise Security Board Security Awareness Day June 26, 2007
2.
3.
4.
5.
6. To Achieve Business Objectives To Avoid Risks, Threats and Exposures Control (as defined by COBIT) The policies, procedures, practices and organizational structures designed to provide reasonable assurance that business objectives will be achieved and that undesired events will be prevented or detected and corrected. Source: COBIT Control Objectives. P. 12.
7. CobiT promotes a healthy understanding about “reasonable assurance” and “residual risk” Knowing the acceptable levels for reasonable assurance and residual risk is a critical success factor for designing and managing an adequate framework of control
22. COBIT Cube The COBIT framework describes how IT processes deliver the information that the business needs to achieve its objectives. For controlling this delivery, COBIT provides three key components, each forming a dimension of the COBIT cube. Business Requirements for Information Criteria IT Resources IT Processes
23.
24.
25. COBIT Domains : Information Processes (3rd Component) Feedback Feedback Feedback Plan and Organize Acquire and Implement Deliver and Support Monitor and Evaluate