Professional Documents
Culture Documents
Cobit 5: Cobit 5 Online Collaborative Environment
Cobit 5: Cobit 5 Online Collaborative Environment
COBIT® 5
COBIT 5 Enabler Guides
COBIT® 5: COBIT® 5: Other Enabler
Enabling Processes Enabling Information Guides
COBIT 5 Principles
1. Meeting
Stakeholder
Needs
4. Enabling a 3. Applying a
Holistic Single
Approach Integrated
Framework
Stakeholder Drivers
(Environment, Technology Evolution, …)
Influence
Stakeholder Needs
Benefits Risk Resource
Realisation Optimisation Optimisation
Cascade to
Enterprise Goals
Cascade to
IT-related Goals
Cascade to
Enabler Goals
COBIT enables enterprises to maximize the value and minimize the risk related to information, which has become the
currency of the 21st century. COBIT 5 is a comprehensive framework of globally accepted principles, practices, analytical
tools and models that can help any enterprise effectively address critical business issues related to the governance and
management of information and technology. Additional information is available at www.isaca.org/cobit.
©2013 ISACA. A l l r i g h t s r e s e r v e d .
for Information Security
Governance Governance
Enablers Scope
Business Needs
Governance
Evaluate
Management
©2013 ISACA. A l l r i g h t s r e s e r v e d .
for Information Security
An indication of the nature of the relationship of the stakeholder for each information type:
A—Approver
O—Originator
I—Informed of information type
U—User of information type
©2013 ISACA. A l l r i g h t s r e s e r v e d .
for Information Security
Policy Framework
©2013 ISACA. A l l r i g h t s r e s e r v e d .
COBIT 5 Process Reference Model
EDM01 Ensure
Governance EDM02 Ensure EDM03 Ensure EDM04 Ensure EDM05 Ensure
Framework Setting Benefits Delivery Risk Optimisation Resource Stakeholder
and Maintenance Optimisation Transparency
MEA01 Monitor,
for Information
©2013 ISACA. A
Build, Acquire and Implement
Security
l l
BAI03 Manage BAI04 Manage BAI05 Manage BAI07 Manage
BAI01 Manage BAI02 Manage Solutions Organisational Change
Programmes and Requirements Availability BAI06 Manage
Identification and Capacity Change Changes Acceptance and MEA02 Monitor,
Projects Definition
r i g h t s
and Build Enablement Transitioning Evaluate and Assess
the System of Internal
Control
r e s e r v e d
.
Deliver, Service and Support
MEA03 Monitor,
DSS02 Manage DSS05 Manage DSS06 Manage Evaluate and Assess
DSS01 Manage DSS03 Manage DSS04 Manage Compliance With
Operations Service Requests Security Business
and Incidents Problems Continuity Services Process Controls External Requirements
6. Services, 7. People,
5. Information Infrastructure Skills and
and Applications Competencies
Resources
©2013 ISACA. A l l r i g h t s r e s e r v e d .
for Information Security
mentu
m going? 1 What a
the mo re th
ed
eep rive
ek Initiat rs?
viewness
w e pr
do Re ogr
ow ive am
fect me
7H
ef
Establ
is
stai
n to ch h des
Su ang ire
2W
e
Def opport
re?
efits
6 Did we get the
ine
Recog
here a
r
nito
Fo
Mo and need nise
rm team
• Programme management
probleities
Realise ben
ate act to
approach ew
alu
es
re we now?
impl
ev
Embed n
(outer ring)
un
ementation
Operate
Asseent
e
curr te
ms and
measur
• Change enablement
sta
and
ss
(middle ring)
I m p o ve m
rg n e
De
ta e t
fi
le m
r
e ta
te
en n t
m e te
s (inner ring)
ts B u il d co c a
O p d us
i m pro
ut u ni
ve m e nts
an
er
ap
e
m
m
at
E xe
e?
e Co o
dm
5H
to b
cu
I d e n tif y r o l e
oa
ow
te
ant
la
er
pla ye rs
n fi n
p
do
De ew
we
ow
ge
th e
ed
er
t
re ? P la n p ro g ra m m e Wh
3
4 W hat n eeds to be d one?
Source: COBIT 5, figure 17 and COBIT 5 Implementation, figure 6
©2013 ISACA. A l l r i g h t s r e s e r v e d .