A Right-sized Governance Solution Tailor-fit for Your Enterprise.
COBIT 2019 IS THE MOST RECENT EVOLUTION OF ISACA’S GLOBALLY RECOGNIZED AND UTILIZED COBIT FRAMEWORK.
There has never been a better time to evaluate your enterprise governance program
The globally recognized COBIT® Framework, the leader in ensuring effective and strategic enterprise governance of information and technology (EGIT), has been updated with new information and guidance—facilitating easier, tailored implementation.
Effective governance over information and technology is critical to business success, and this new release further cements COBIT’s continuing role as an important driver of innovation and business transformation. COBIT 2019 is an evolution of the previous version, COBIT 5, building on its solid foundation by adding the latest developments affecting enterprise information and technology. But that’s not the whole story.
COBIT now offers more implementation resources, practical guidance and insights, as well as comprehensive training opportunities. COBIT 2019 helps enterprises govern information and technology regardless of where it lives. Position your entire enterprise for future success:
-
Coverage of data, projects and compliance—all critical to an enterprise—as well as activities such as cybersecurity and privacy, plus linkages to all relevant standards, guidelines, regulations and best practices. COBIT is still your master framework for all your enterprise’s governance activities.
-
Training opportunities for COBIT 2019 will ensure you derive maximum ROI from your governance program, and because of the evolving nature of COBIT 2019, your training won’t become obsolete.
-
Implementation of COBIT 2019 is flexible, with guidance offering both targeted project-based uses for specific problem-solving situations or comprehensive enterprise- wide adoption to drive business transformation. Customize a right-sized governance solution tailored to fit the unique needs of your enterprise.
-
Therefore, COBIT 2019 training becomes an investment that retains its value while also opening pathways to innovation. Information and technology are the crown jewels of every enterprise seeking to increase value, spur new growth, create competitive advantages, and fortify against threats and risks.
The COBIT 2019 governance framework goes well beyond information technology and IT department functions. Good governance is a vital element to strategy formulation and business transformation success. COBIT 2019 can help you chart that path to success for your enterprise as well as for your career and lifetime learning.
Build your expertise in the globally accepted framework for optimizing enterprise IT governance
COBIT 2019 FRAMEWORK: INTRODUCTION AND METHODOLOGY
The heart of the COBIT framework incorporates an expanded definition of governance and COBIT principles while laying out the structure of the overall framework. The COBIT Core Model and its 40 management objectives provide the platform for establishing your governance program; the performance management system allows the flexibility to use maturity measurements as well as capability measurements; design factors and focus areas offer additional practical guidance on flexible adoption of COBIT 2019, whether for specific projects or full implementation.
COBIT 2019 FRAMEWORK: GOVERNANCE AND
MANAGEMENT OBJECTIVES
This publication contains a detailed description of the COBIT Core Model and its 40 governance/management objectives. Each governance/ management objective and its purpose are defined and then matched up with the related process, Alignment Goals and
Enterprise Goals. The information presented here can be used similarly to that found in COBIT 5 Enabling Process.
COBIT 2019 DESIGN GUIDE: DESIGNING AN INFORMATION AND TECHNOLOGY GOVERNANCE SOLUTION
This publication fills an important need for COBIT users—how to put COBIT to practical use. It offers prescriptive how-to information for the user: tailoring a governance system to the enterprise’s unique circumstances and context, defining and listing various design factors and how they relate to COBIT 2019 concepts, describing the potential impact these design factors have on implementation of a governance system, and recommending workflows for creating the right-sized design for your governance system.
COBIT 2019 IMPLEMENTATION GUIDE: IMPLEMENTING AND OPTIMIZING AN INFORMATION AND TECHNOLOGY GOVERNANCE SOLUTION
This guide is an updated version of the COBIT 5 Implementation Guide, taking a similar approach to implementation. However, the new terminology and concepts of COBIT 2019, including the design factors, are built into this guidance. When combined with the COBIT 2019 Design Guide, COBIT implementation has never been more practical and custom-tailored to specific governance needs.
IMPLEMENTING THE NIST CYBERSECURITY
FRAMEWORK USING COBIT 2019
Many enterprises lack an approach that integrates cybersecurity standards and enterprise governance of I&T (EGIT) to establish systematic— yet flexible and achievable—governance and management objectives, processes and capability levels to make measured improvements toward cybersecurity goals This publication describes proven practices to anticipate, understand and optimize I&T risk by implementing the US National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity version 1.1 using COBIT 2019.
COBIT FOCUS AREA: INFORMATION SECURITY
This guide provides guidance related to information security and how to apply COBIT to specific information security topics/ practices within an enterprise. The publication is based on the COBIT core guidance for governance and management objectives and enhances the core guidance by highlighting security-specific practices and activities as well as providing information security-specific metrics.
COBIT FOCUS AREA: DEVOPS
This publication offers guidance for the governance and management of DevOps. It provides stakeholders with an understanding of a governance and management system that is applicable to DevOps. It describes the need to understand the relationship and alignment of DevOps with enterprise goals and strategic objectives, the uncertainty around the risk associated with DevOps practices, the demands for investments in DevOps tools and resources and more.
COBIT FOCUS AREA: INFORMATION AND TECHNOLOGY RISK
This guide provides guidance related to information and technology (I&T) risk and how to apply COBIT to I&T risk practices. The publication is based on the COBIT core guidance for governance and management objectives, and it enhances the core guidance by highlighting risk-specific practices and activities as well as providing risk-specific metrics.
COBIT FOR SMALL AND MEDIUM ENTERPRISES
This is a focused publication that can serve IT governance functionaries in small and medium enterprises looking for detailed guidance on applying the COBIT 2019 Model to their organizations.
Affirm your ability to optimize enterprise governance of I&T with a globally accepted COBIT® credential
COBIT FOUNDATION CERTIFICATE
COBIT DESIGN AND IMPLEMENTATION CERTIFICATE
IMPLEMENTING THE NIST CYBERSECURITY FRAMEWORK USING COBIT 2019 CERTIFICATE
Build your confidence on exam day—with test prep solutions from deltamine.
Virtual Instructor-Led Training
On-Demand Review Courses
Review Manuals
Q&A Database
Plus, exam prep and discussion forums on engage.isaca.org
Featured links
Get in touch
-
1140 Avenue of the Americas, 9th Floor
New York, NY 10036 -
learning@deltamine.com
-
+1 (212) 537-5899
Connect with us
Three principles of security control and management. Also known as the information security triad. Also referred to in reverse order as the AIC triad.
The fundamental security goal of keeping information and communications private and protecting them from unauthorized access.
The fundamental security goal of keeping organizational information accurate, free of errors, and without unauthorized modifications.
The fundamental security goal of ensuring that computer systems operate continuously and that authorized persons can access data that they need.
The security goal of ensuring that the party that sent a transmission or created data remains associated with that data and cannot deny sending or creating that data.
Develops computer security standards used by US federal agencies and publishes cybersecurity best practice guides and research.
Standards, best practices, and guidelines for effective security risk management. Some frameworks are general in nature, while others are specific to industry or technology types.
A technology or procedure put in place to mitigate vulnerabilities and risk and to ensure the confidentiality, integrity, and availability (CIA) of information.
An analysis that measures the difference between the current and desired states in order to help assess the scope of work included in a project.
A security process that provides identification, authentication, and authorization mechanisms for users, computers, and other entities to work with organizational assets like networks, operating systems, and applications.
The process by which a user account (and its credentials) is issued to the correct person. Sometimes referred to as enrollment.
A method of validating a particular entity's or individual's unique credentials.
The process of determining what rights and privileges a particular entity has.
Tracking authorized usage of a resource or use of rights by a subject and alerting when unauthorized use is detected or attempted.
A security concept where a centralized platform verifies subject identification, ensures the subject is assigned relevant permissions, and then logs these actions to create an audit trail.
A category of security control that gives oversight of the information system.
A category of security control that is implemented by people.
A category of security control that is implemented as a system (hardware, software, or firmware). Technical controls may also be described as logical controls.
A category of security control that acts against in-person intrusion attempts.
A type of security control that acts before an incident to eliminate or reduce the likelihood that an attack can succeed.
A type of security control that acts during an incident to identify or record that it is happening.
A type of security control that acts after an incident to eliminate or minimize its impact.
A type of control that enforces a rule of behavior through a policy or contract.
A type of security control that discourages intrusion attempts.
A security measure that takes on risk mitigation when a primary control fails or cannot completely meet expectations.
A company officer with the primary responsibility for management of information technology assets and procedures.
A company officer with the primary role of making effective use of new and emerging computing platforms and innovations.
Typically the job title of the person with overall responsibility for information assurance and systems security.
Organizational role with technical responsibilities for implementation of security policies, frameworks, and controls.
The location where security professionals monitor and protect critical information assets in an organization.
A combination of software development and systems operations, and refers to the practice of integrating one discipline with the other.
A combination of software development, security operations, and systems operations, and refers to the practice of integrating each discipline with the others.
Team with responsibility for incident response. The CSIRT must have expertise across a number of business domains (IT, HR, legal, and marketing, for instance).
A weakness that could be triggered accidentally or exploited intentionally to cause a security breach.
A potential for an entity to exercise a vulnerability (that is, to breach security).
Likelihood and impact (or consequence) of a threat actor exercising a vulnerability.
The degree of access that a threat actor possesses before initiating an attack. An external threat actor has no standing privileges, while an internal actor has been granted some access permissions.
A person or entity responsible for an event that has been identified as a security incident or as a risk.
A formal classification of the resources and expertise available to a threat actor.
The ability of threat actors to draw upon funding to acquire personnel, tools, and to develop novel attack types.
A type of attack that compromises the availability of an asset or business process.
The process by which an attacker takes data that is stored inside of a private network and moves it to an external network.
A type of security control that discourages inA type of attack that falsifies an information resource that is normally trusted by others.trusion attempts.
Demanding payment to prevent the release of information.
Demanding payment to prevent or halt some type of attack.
Falsifying records, such as an internal fraud that involves tampering with accounts.
Often used to refer to someone who breaks into computer systems or spreads viruses, ethical hackers prefer to think of themselves as experts on and explorers of computer security systems.
A hacker operating with malicious intent.
A hacker engaged in authorized penetration testing or other security consultancy.
An inexperienced, unskilled attacker that typically uses tools or scripts created by others.
A threat actor that is motivated by a social issue or political cause.