ISACA Revamps COBIT 5 Core Principles

ISACA has issued new guidance that outlines five principles organizations can use to effectively govern and manage their information and technology

ISACA has issued fresh guidance that outlines five principles organizations can use to effectively govern and manage their information and technology.

The principles form the core of the COBIT 5 governance and management framework, and represent a refresh of focus for the initiative. The COBIT framework was developed by ISACA for IT management and governance professionals and is designed to allow managers to define the complex relationship that exists between security control requirements, technical issues, and business risks.

The new prinicples are:

Meeting Stakeholder Needs – It is critical to define and link enterprise goals and IT-related goals to best support stakeholder needs.
Covering the Enterprise End to End – Companies must shift from managing IT as a cost to managing IT as an asset, and business managers must take on the accountability for governing and managing IT-related assets within their own functions.
Applying a Single Integrated Framework – Using a single, integrated governance framework can help organizations deliver optimum value from their IT assets and resources.
Enabling a Holistic Approach – Governance of enterprise IT (GEIT) requires a holistic approach that takes into account many components, also known as enablers. Enablers influence whether something will work. COBIT 5 features seven enablers for improving GEIT, including principles, policies and frameworks; processes; culture; information and people.
Separating Governance from Management – Governance processes ensure goals are achieved by evaluating stakeholder needs, setting direction through prioritization and decision making; and monitoring performance, compliance and progress. Based on the results from governance activities, business and IT management then plan, build, run and monitor activities to ensure alignment with the direction that was set.

“Understanding these principles will help a company effectively use COBIT to make better IT-related investments and decisions, and to drive more value from their information and technology assets,” said Robert Stroud, international president of ISACA, in a statement. “COBIT is practical and effective for all types of enterprises, helping to ensure everyone is moving in the same direction and speaking the same language.”

That's important considering that some security analysts view COBIT as a baseline that companies should use to ensure that they are complying with various information security rules and regulations, such as PCI DSS, Sarbanes-Oxley, and Basel III.

COBIT 5 “will provide the blueprint for approaching all governance risk and compliance questions in a uniform manner. It will help IT security managers to have one single framework, like a Swiss army knife, so that they can pick and choose the right tool to make sure they are complying with whatever standards they have to adhere to by law or regulation," said Rolf von Roessing, president of Swiss consulting network Forfa and past international vice president of ISACA.

ISACA Revamps COBIT 5 Core Principles

You may also like

ISACA issues latest version of COBIT infosec governance framework

ISACA issues information security implementation guidance for COBIT 5

ISACA Releases COBIT 5 Guide for Managing Vendor-based Security Risks

ISACA Issues First COBIT 5 Audit Programs

20% of enterprises fall victim to APT attacks

What’s hot on Infosecurity Magazine?

Linux Cerber Ransomware Variant Exploits Atlassian Servers

US Government and OpenSSF Partner on New SBOM Management Tool

Insider Threats Surge 14% Annually as Cost-of-Living Crisis Bites

UK Police Lead Disruption of £1m Phishing-as-a-Service Site LabHost

EU Elections: Pro-Russian Propaganda Exploits Meta's Failure to Moderate Political Ads

Cybersecurity Pros Urge US Congress to Help NIST Restore NVD Operation

Banning Ransomware Payments Will Do More Harm Than Good

Cybersecurity Pros Urge US Congress to Help NIST Restore NVD Operation

Palo Alto Networks Warns About Critical Zero-Day in PAN-OS

Russian Sandworm Group Using Novel Backdoor to Target Ukraine and Allies

Russia and Ukraine Top Inaugural World Cybercrime Index

FBI Warns of Massive Toll Services Smishing Scam

Is MFA Enough? Strategies for Next-Level Identity Security in 2024

Beyond Passwords: Securing the Digital Age with MFA, 2FA, and Passwordless Authentication

Adapting to Tomorrow's Threat Landscape: AI's Role in Cybersecurity and Security Operations in 2024

Cracking the Culture Code: Building a Cybersecurity-Aware Workforce

Navigating the Evolving Cybersecurity Compliance Landscape in 2024

Untangling the Web: Navigating Third-Party Risk in a Hyperconnected World

Infosecurity Magazine Spring Online Summit 2024: Day One

Infosecurity Magazine Spring Online Summit 2024: Day Two

Russia’s Midnight Blizzard Accesses Microsoft Source Code

I-Soon GitHub Leak: What Cyber Experts Learned About Chinese Cyber Espionage

LockBit Takedown: What You Need to Know about Operation Cronos

Women in Cybersecurity at Infosecurity Europe 2024