SF - 2.06.0 - COBIT
Cobit is a certification, primarily intended for those in the information security audit field, created by the organization ISACA (which was formerly the information systems audit and control association, but decided to go with the acronym rather than spelling out the name of the organization). It was very popular, around twenty years ago, even with those who were not working in the field of audit themselves.
There are approximately 135 items in the Cobit checklist, but they're grouped into four phases or domains. These phases are planning and organization, acquisition and implementation, delivery and support, and monitoring. Those who are familiar with the quality control community and standards will recognize the PDCA, or plan/do/check/act structure initiated and proposed by Walter Deming.
An interesting aspect of Cobit is that when you look at it carefully, you will notice that there is almost no technical material involved in the process. Cobit is primarily concerned with documentation and the ability to prove that the controls that you state are in place are actually in place.
Security frameworks (SF) series:
Introduction and ToC: https://fibrecookery.blogspot.com/2026/06/security-frameworks-sf-0000-intro-and.html
Next: TBA
No comments:
Post a Comment