|
The Control Objectives for Information and related Technology (COBIT) are IT
management best practices created by the Information Systems Audit and
Control Association (ISACA) and the IT Governance Institute (ITGI) in 1992.
Currently in its fourth major iteration, COBIT serves as an IT governance
framework to help enterprises understand and manage IT control requirements,
technical issues and business risks. This enables clear policy development
and good practice alignment for IT control that enables organizations to:
-
Emphasize regulatory compliance
-
Increase the value attained from IT
-
Communicate control levels to stakeholders
Divided into four domains (plan, build, run and monitor) and 34 high-level
processes, COBIT provides IT best practices—derived through the consensus of
experts—to present activities in a manageable and logical structure. COBIT
is kept up to date and harmonized with regulations it is often used to
support, such as Sarbanes-Oxley (SOX). COBIT has become an important
umbrella framework for IT governance that enables organizations to
understand and manage the risks and benefits associated with IT.
The Business Challenge
The COBIT framework spans technology planning, implementation, monitoring
and improvement to tie IT and business goals together. Whether you are
addressing the first domain (Plan and Organize), the last domain (Monitor
and Evaluate) or any domain in between, the framework requires significant
monitoring, correlation, processing and analysis of enterprise-wide data
across all technology components.
Processing includes the correlation, analysis and reporting of data. If
analysis fell to a few IT security analysts, or even an entire team, timely
response to important security or compliance risks would be nearly
impossible. Thus, to round out effective support of all twelve PCI DSS
requirements, automation is essential.
The eIQ Solution
eIQ’s SecureVue security, risk and audit management platform combines
enterprise security management (ESM) and IT governance, risk and compliance
(GRC) to support the COBIT framework. By collecting, archiving, correlating
and analyzing log, vulnerability, configuration, asset, performance and
network behavioral anomaly data, SecureVue merges the complex monitoring,
testing and auditing demands of COBIT and other standards into a single
solution. The automated end-to-end correlation of data—alongside built-in
analytics—renders processing an easily manageable task.
SecureVue’s comprehensive compliance library—containing over 5,000 technical
and functional controls—enables organizations to define, monitor and measure
COBIT compliance. The platform’s wizard-based policy mapping also allows
organizations to add and modify regulations and best practices to address a
broad range of unique business drivers, including internal practices,
service level agreements and business partner requirements.
The following COBIT monitoring support chart compares SecureVue’s integrated
platform against traditional security information management (SIM) and IT
GRC solutions:
Supported
Partial Support
Not Supported
For More Information
SecureVue
Solution
ISACA / IT Governance Institute COBIT 4.1 Excerpt |
