COBIT
What is COBIT?
COBITAn ISACA framework for the governance and management of enterprise information and technology, linking business goals to IT objectives and controls.
COBIT (Control Objectives for Information and Related Technologies) is a governance framework developed by ISACA. Its current edition, COBIT 2019, separates governance objectives (Evaluate, Direct, Monitor) from management objectives (Plan, Build, Run, Monitor) across 40 governance and management objectives. COBIT helps organizations align IT to enterprise goals, manage risk, optimize resources, and ensure compliance. It uses design factors (strategy, threat landscape, regulatory requirements, size, technology adoption) to tailor a governance system. COBIT is often combined with ITIL, ISO/IEC 27001, and NIST frameworks, and it underpins many IT audits and regulatory examinations.
● Examples
- 01
A bank using COBIT 2019 to map its IT controls to regulatory expectations from its supervisor.
- 02
An internal auditor referencing COBIT objectives to scope an IT general controls review.
● Frequently asked questions
What is COBIT?
An ISACA framework for the governance and management of enterprise information and technology, linking business goals to IT objectives and controls. It belongs to the Compliance & Frameworks category of cybersecurity.
What does COBIT mean?
An ISACA framework for the governance and management of enterprise information and technology, linking business goals to IT objectives and controls.
How do you defend against COBIT?
Defences for COBIT typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for COBIT?
Common alternative names include: Control Objectives for Information and Related Technologies.