Todd Fitzgerald A variety of laws and regulations have surfaced over the past decade in an attempt to strengthen the security of information stored within the companies to which the information assets are entrusted. As a result of the laws and regulations, various security control "standards" and "frameworks" have evolved and become popular means to meet the requirements of the laws. Because laws and regulations are intentionally developed at a higher, "what needs to happen" level vs.
The Cobit Framework Essay - Paper Example The Cobit Framework Essay With the increased use of IT within organizations there is a need to develop mechanisms that help management to satisfy the reliability, availability and security requirements for the information they produce, transmit and store - The Cobit Framework Essay introduction.
To support management in addressing these needs, a number of different frameworks are being used to evaluate the IS function. Cubit is a framework that was originally designed to be used as a benchmark for best control practices by the Information Technology Governance Institute.
In the following paper, the Cubit framework will be reviewed including a description of TTS main features and how it supports management with IT governance. Furthermore, the article will assess some of the main benefits offered The cobit framework Cubit.
The Need for a Framework As the IT function has continued to expand and has gained a prominent role within organizations, there are pressures from different stakeholders including regulatory bodies, customers, and suppliers, among other, to have standardized control mechanisms which make IT comprehensible and manageable.
The frameworks are used as a guide to design internal controls that are comprehensive and reliable when objectives, there needs to be a control framework that conceptualizes the main treasures of internal control inside an IT context in a logical and understandable way.
While COOS has been used mostly as the basis for management evaluation, at the international level organizations are supplementing their control standards for the ones offered by Cubit Tuttle and Vanderbilt, Each domain contains precise processes which enable organizations to meet their IT control objectives.
Additionally, each control objective is complemented with auditing procedures for each of the processes. Tuttle and Vanderbilt believe that one of the main advantages of Cubit is that control objectives are on one hand explicit enough that they can be straightforwardly implemented, and on the other hand general enough to be adaptable to different types of audits.
In the following section, the Cubit framework and its main characteristics will be described. Meeting Internal Control Objectives: The Cubit Framework One of the major problems related to IT is the fact that the IT function tends to operate isolated from the business components, providing technological support instead of enabling more efficient processes, solving information issues or creating new opportunities.
Some of the reasons for such apathy towards IT include the perceived risks of depending on systems that are not understood, differences in engages, metrics and goals, or fear of losing control over the value-generating processes.
Considering these issues, Cubit emerges as a tool that can be used to create better control over IT. The framework states that for IT to properly deliver against the business needs, there should be an internal control system that allows management to determine the links between IT and business requirements, align IT into the existing processes, and leverage better IT investments.
Another management need that has been identified is the increasing pressure for more transparency about the real costs, value and risks of IT. Cubit tackles this problem by setting the basis for the establishment of a solid IT governance structure with defined goals and metrics to measure the performance of IT.
The Cubit framework departs from the principle that states: The key distinguishing features of Cubit involve the management and control of information and making sure that it is aligned with the business.
Given these features, it is evident that information is the element Cubit focuses the most on. In essence, the criteria ensure that information is being created, transmitted, delivered and stored in appropriate conditions and that those who need it, have access to it on time and at a low exposure risk, and generating value to the business.COBIT® COBIT is a globally recognised framework, developed by ISACA®, to help organisations govern and manage IT efficiently.
It helps organisations meet business challenges in the areas of regulatory compliance, risk management and aligning IT strategy with organisational goals. The COBIT framework is used by the financial sector for carrying out IT general controls, external audits.
Consequently, having a COBIT aligned Unlock this course's transcripts with your free trial. COBIT: Mission, Framework, Governance and Controls Introduction Information Technology Governance is the structure of relationships and processes within an enterprise which add value to a corporation's goals while balancing risk with return-on-investment.
The COBiT COBIT (Control Objectives for Information and related Technology) framework was designed to help implement governance and control over technology processes and systems. Published by the IT Governance Institute and the Information Systems Audit and Control Association (ISACA), COBIT is designed to allow managers to bridge the gap.
the cobit framework the analysis of the level of maturity of information technology to the academic services by using. the cobit framework: a case study of the. postgraduate of stmik nusa mandiri. supriyadi.
stmik nusa mandiri jakarta. abstract. CobiT identifies critical steps for information security. The CobiT framework process model consists of 34 generic IT processes grouped into four domains: plan and organize; acquire and implement, deliver and support; and monitor and evaluate.