COBIT: The Framework for a Comprehensive Information Security Program
The Control Objectives for Information and related Technology (COBIT) is a comprehensive set of IT management best practices first established by the Information Systems Audit and Control Association (ISACA) in 1992, and now managed by the IT Governance Institute (ITGI). Currently in its fourth major iteration, COBIT serves as an IT governance framework to help enterprises understand and manage IT control requirements, technical issues and business risks. This enables clear policy development and good practice alignment for IT control that enables organizations to:
Divided into four domains (Plan, Build, Run and Monitor) and 34 high-level processes, COBIT provides IT best practices-derived through the consensus of experts-to present activities in a manageable and logical structure. COBIT is kept up to date and harmonized with regulations it is often used to support, such as
Sarbanes-Oxley (SOX). COBIT has become an important umbrella framework for IT governance that enables organizations to understand and manage the risks and benefits associated with IT.
COBIT: The Framework for a Comprehensive Information Security Program
The COBIT framework spans technology planning, implementation, monitoring and improvement to tie IT and business goals together. Whether you are addressing the first domain (Plan and Organize), the last domain (Monitor and Evaluate) or any domain in between, the framework requires significant monitoring, correlation, processing and analysis of enterprise-wide data across all technology components.
Because COBIT relies heavily on understanding the inter-relationship between technologies across the enterprise, real-time understanding of risks, impacts, and operational variables in support of COBIT is critical. Historically, this has meant relying on a large group of IT analysts who manually collect, evaluate, and correlate this broad range of information. If analysis fell to a few IT security analysts, or even an entire team, timely response to important security or compliance risks would be nearly impossible. To effectively address the broad requirements of COBIT, automation is essential.
eIQ's SecureVue
security, risk and audit management platform combines
security information and event management (SIEM) and compliance automation to help organizations fully address the COBIT framework. SecureVue contains over 250 reports mapped to individual sections of COBIT, and also contains a comprehensive compliance library - containing over 2,500 technical and functional controls - to enables organizations to define, monitor and measure COBIT system configuration compliance.
By collecting, archiving, correlating, analyzing and reporting on log, vulnerability, configuration, asset, performance and network flow data, SecureVue merges the complex monitoring, testing and auditing demands of COBIT into a single solution. The automated end-to-end correlation of data, alongside built-in analytics, makes COBIT compliance auditing and reporting an easily manageable task.
Emphasize regulatory compliance
