NAFISA NOOR ABDIRAHMAN

BIT-1-2682-2/2016

BBIT 443

DOMAINS OF COBIT

COBIT (control objectives for information and related technologies)

Evaluate, Direct and Monitor (EDM)

Governance ensures that enterprise objectives are achieved by evaluating stakeholder needs,
conditions and options; setting direction through prioritization and decision making;
and monitoring performance, compliance and progress against agreed-on direction and
objectives (EDM).

2) Align, Plan and Organize (APO)

The Align, Planning and Organization domain covers the use of information & and how best it
can be used in a company to help achieve the companys technology goals and objectives. It also
highlights the organizational and infrastructural form IT is to take in order to achieve the optimal
results and to generate the most benefits from the use of IT.

3) Build, Acquire and Implement (BAI)

The Build, Acquire and Implement domain covers identifying IT requirements, acquiring the
technology, and implementing it within the companys current business processes. The following
table lists the high level control objectives for the BAI domain.

4) Deliver, Service and Support (DSS)

The Deliver, Service and Support domain focuses on the delivery aspects of the information
technology. It covers areas such as the execution of the applications within the IT system and its
results, as well as, the support processes that enable the effective and efficient execution of these
IT systems

5) The Monitor, Evaluate and Assess (EMA)

This domain deals with a companys strategy in assessing the needs of the company and whether
or not the current IT system still meets the objectives for which it was designed and the controls
necessary to comply with regulatory requirements. Monitoring also covers the issue of an
independent assessment of the effectiveness of IT system in its ability to meet business
objectives and the companys control processes by internal and external auditors.

PRINCIPLES OF COBIT

1) Meeting Stakeholder Needs:

It allows the definition of priorities for implementation, improvement and assurance of enterprise
governance of IT based on (strategic) objectives of the enterprise and the related risk.

2) Covering the Enterprise End-to-end:

COBIT addresses the governance and management of information and related technology from
an enterprise wide, end-to-end perspective

3) Applying a Single Integrated Framework:

COBIT aligns with the latest relevant other standards and frameworks used by enterprises:

4) Enabling a Holistic Approach

Factors that, individually and collectively, influence whether something will workin the case
of COBIT, governance and management over enterprise IT

Driven by the goals cascade, i.e., higher-level IT-related goals define what the different enablers
should achieve

5) Separating Governance from Management:

The COBIT framework makes a clear distinction between governance and management.

These two disciplines:

Encompass different types of activities

Require different organisational structures

 prevention detection recovery
Physical damage Fire threats Fire alarm backup data
Internal damage like could be Smoke Restore data
fire and unstable prevented by monitoring. recovery point.
power supply the use of
2. External damage automatic fire
like lightening and detectors and
earthquake. extinguishers

Lightening
protection
systems can be
used to protect
computer
systems.
Application Regular System being Restore data
malfunction checkup of the slow recovery point.
1)system failure system
performance.
Install system
cleaning
software.
Data attack Use of Slow speed of Use backup data
Virus antivirus the machine Restore recovery
Hacking software. Abrupt shut point.
sniffing Scanning down
Trojans Use of Fire Hanging of a
Worms wall and data machine
Spyware encryption.
Control
measures on
the usage of
external
storage
devices and
visiting
website that
are most likely
to download
unauthorized
programs onto
the users
computer.