ISACA issues latest version of COBIT infosec governance framework

ISACA explained that COBIT 5 provides globally accepted principles, practices, analytical tools, and models designed to help business and IT leaders maximize trust in their enterprise’s information and technology assets. This update is the result of a four-year initiative led by a global task force and has been reviewed by more than 95 experts worldwide.

The COBIT framework was developed by ISACA for IT management and governance professionals and is designed to allow managers to define the complex relationship that exists between security control requirements, technical issues, and business risks.

Some security analysts view COBIT as a baseline that companies should use to ensure that they are complying with various information security rules and regulations, such as PCI DSS, Sarbanes-Oxley, and Basel III.

COBIT 5 “will provide the blueprint for approaching all governance risk and compliance questions in a uniform manner. It will help IT security managers to have one single framework, like a Swiss army knife, so that they can pick and choose the right tool to make sure they are complying with whatever standards they have to adhere to by law or regulation”, Rolf von Roessing, president of Swiss consulting network Forfa and past international vice president of ISACA, told Infosecurity in a recent interview.

This update of the COBIT framework simplifies governance challenges with five principles and seven enablers. The principles are: meeting stakeholder needs, covering the enterprise end-to-end, applying a single, integrated framework, enabling a holistic approach, and separating governance from management.

The enablers, which help achieve enterprise goals, are: processes; principles, policies, and frameworks; organizational structures; people, skills, and competencies; culture, ethics, and behavior; services, infrastructure, and applications; and information.

What’s Hot on Infosecurity Magazine?