COBiT Flashcards
What are the 5 Domains of COBiT
Evaluate, Direct, Monitor--EDM Align, Plan, Organize--APO Build, Acquire, Implement--BAI Deliver, Service, Support--DSS Monitor, Evaluate, Assess--MEA
EDM
Evaluate Direct and Monitor
Processes for Governance
APO
Align, Plan, and organize
Processes for Management
BAI
Build, Acquire, and Implement
Processes for Management
DSS
Deliver, Service, and Support
Processes for Management
MEA
Ensure governance framework setting and maintenance
EDMO2
Ensure benefits delivery
EDMO3
Ensure risk optimization
What is COBIT
CoBIT stand for Control Objectives for Information and Related Technologies. It’s a good-practice framework created by ISACA (Information Systems Audit and Control Association) for IT management and governance.
What is the Latest Version of CoBIT
CoBIT 5, was released 2012, with the Information Security addon released later in the same year
Corporate ICT Governance AS 8015 – 2005 defines corporate ICT governance as
The system by which the current and future use of ICT is directed and controlled. It involves evaluating and directing plans for the use of ICT to support and monitor the organisations use to accomplish plans. It also includes strategies and policies for ICT within an organisation
What is ISO38500
Describes the governance of IT without going into details on processes and management systems. The framework is made up of definition, principles, model, and acceptable use of it. It also provides advise to those guiding, informing or assisting directors.
What are the six guiding principles for effective , efficient and acceptable use of IT.
Responsibility Strategy Acquisition Performance Conformance Human behaviour
What is CoBIT Framework
This is a framework with series of principles that links business goals to IT goals.
what are the 12 COBIT 5 for Information Security principles
A – Support the Business
A1 – Focus on the business
A2 – Deliver quality & value to the stakeholders
A3 – Comply with relevant legal & regulatory requirements
A4 – Provide timely & accurate information on security performance
A5 – Evaluate current & future information threats
A6 – Promote continuous improvement in Information Security
B – Defend the Business
B1 – Adopt a risk-based approach
B2 – Protect classified information
B3 – Concentrate on critical business applications
B4 – Develop systems securely
C – Promote Responsible Security Behaviour
C1 – Act in a professional & ethical manner
C2 – Foster a security-positive culture