数字化转型的关键：COBIT 2019框架与方法

COBIT2019

信息安全治理

需积分: 11 124 浏览量更新于2024-07-16 1 收藏 1.14MB PDF 举报

身份认证购VIP最低享 7 折!

30元优惠券

"COBIT-2019-简介和方法英文版是ISACA组织发布的一个框架，旨在帮助企业和个人实现技术的积极潜力，尤其是在数字化转型的背景下，信息和技术（I&T）对于企业的发展和生存至关重要。COBIT 2019提供了关于企业信息技术治理的介绍和方法，适用于信息和网络安全、治理、保证、风险和创新领域的专业人士。" COBIT（Control Objectives for Information and Related Technology）2019框架是一个全面的指导工具，旨在帮助企业更好地管理、控制和利用信息和技术资源，确保其与业务目标的一致性。该框架的最新版本——COBIT 2019，不仅考虑了技术的快速发展，还强调了数字化转型对企业的影响。在这个高度数字化的时代，企业必须有效治理其I&T活动，以创造价值、优化风险并降低运营成本。 COBIT 2019框架包括以下几个关键组成部分： 1. **治理和管理目标（Governance and Management Objectives, GMOs）**：这些目标为企业提供了一套通用的语言，明确了在信息技术治理和管理中的期望结果，涵盖从战略到操作层面的各项活动。 2. **过程模型（Process Model）**：COBIT定义了一组相互关联的过程，覆盖了I&T的整个生命周期，包括规划与构建、获取与实施、交付与支持以及监控与改进等方面。 3. **绩效指标（Performance Indicators, PI）**：框架提供了度量标准，帮助企业评估其在实现GMOs方面的表现，以便持续改进。 4. **价值体系（Value Streams and Domains）**：COBIT将I&T活动与业务价值流相连接，帮助组织理解技术如何驱动业务价值，并管理相关风险。 5. **最佳实践（Best Practices）**：框架包含了一系列最佳实践，为企业提供了实现目标的指导，涵盖了各个管理领域，如安全、隐私、合规性和效率。 6. **风险管理**：COBIT强调了识别、评估、优先级排序和管理风险的重要性，以确保在追求技术优势的同时，能够有效应对潜在的威胁。使用COBIT 2019框架时，企业应根据自身的特点和需求进行定制，确保它能够适应不断变化的技术环境和业务需求。此外，ISACA强调，虽然COBIT提供了一个结构化的指南，但不能保证采用框架就一定能实现成功。企业应灵活运用，结合其他工具和方法，以实现最佳效果。 ISACA是一个全球性协会，致力于通过提供知识、证书、教育和社区支持，来促进技术专业人员的职业发展和组织创新。它旗下的CMMI® Institute则专注于推动技术创新。ISACA在全球188多个国家设有分支机构，覆盖超过217个章节，影响力广泛。 COBIT 2019框架是企业进行有效信息技术治理的重要参考，通过其系统性的方法，企业可以更好地应对数字化转型带来的挑战，实现业务价值的最大化。

资源详情

资源推荐

CHAPTER 1

INTRODUCTION

Chapter 1

Introduction

1.1 Enterprise Governance of Information and Technology

In the light of digital transformation, information and technology (I&T) have become crucial in the support,

sustainability and growth of enterprises. Previously, governing boards (boards of directors) and senior management

could delegate, ignore or avoid I&T-related decisions. In most sectors and industries, such attitudes are now ill-

advised. Stakeholder value creation (i.e., realizing benefits at an optimal resource cost while optimizing risk) is often

driven by a high degree of digitization in new business models, efficient processes, successful innovation, etc.

Digitized enterprises are increasingly dependent on I&T for survival and growth.

Given the centrality of I&T for enterprise risk management and value generation, a specific focus on enterprise

governance of information and technology (EGIT) has arisen over the last three decades. EGIT is an integral part of

corporate governance. It is exercised by the board that oversees the definition and implementation of processes,

structures and relational mechanisms in the organization that enable both business and IT people to execute their

responsibilities in support of business/IT alignment and the creation of business value from I&T-enabled business

investments (figure 1.1).

Enterprise governance of information and technology is complex and multifaceted. There is no silver bullet (or ideal

way) to design, implement and maintain effective EGIT within an organization. As such, members of the governing

boards and senior management typically need to tailor their EGIT measures and implementation to their own specific

context and needs. They must also be willing to accept more accountability for I&T and drive a different mindset and

culture for delivering value from I&T.

1.2 Beneﬁts of Information and Technology Governance

Fundamentally, EGIT is concerned with value delivery from digital transformation and the mitigation of business

risk that results from digital transformation. More specifically, three main outcomes can be expected after successful

adoption of EGIT:

Benefits realization—This consists of creating value for the enterprise through I&T, maintaining and increasing



value derived from existing I&T

investments, and eliminating IT initiatives and assets that are not creating

sufficient value. The basic principle of I&T value are delivery of fit-for-purpose services and solutions, on time

Throughout this text, IT is used to refer to the organizational department with main responsibility for technology. I&T as used in this text refers to all

the information the enterprise generates, processes and uses to achieve its goals, as well as the technology to support that throughout the enterprise.

Figure 1.1—The Context of Enterprise Governance of Information and Technology

Enterprise

Governance of IT

Business/IT

Alignment

Value

Creation

Source: De Haes, Steven; W. Van Grembergen; Enterprise Governance of Information Technology: Achieving Alignment and Value,

Featuring COBIT 5, 2

ed., Springer International Publishing, Switzerland, 2015, https://www.springer.com/us/book/9783319145464

COBIT

2019 FRAMEWORK: INTRODUCTION & METHODOLOGY

and within budget, that generate the intended financial and nonfinancial benefits. The value that I&T delivers

should be aligned directly with the values on which the business is focused. IT value should also be measured in a

way that shows the impact and contributions of IT-enabled investments in the value creation process of the

enterprise.

Risk optimization—This entails addressing the business risk associated with the use, ownership, operation,



involvement, influence and adoption of I&T within an enterprise. I&T-related business risk consists of I&T-related

events that could potentially impact the business. While value delivery focuses on the creation of value, risk

management focuses on the preservation of value. The management of I&T-related risk should be integrated within

the enterprise risk management approach to ensure a focus on IT by the enterprise. It should also be measured in a

way that shows the impact and contributions of optimizing I&T-related business risk on preserving value.

Resource optimization—This ensures that the appropriate capabilities are in place to execute the strategic plan



and sufficient, appropriate and effective resources are provided. Resource optimization ensures that an integrated,

economical IT infrastructure is provided, new technology is introduced as required by the business, and obsolete

systems are updated or replaced. Because it recognizes the importance of people, in addition to hardware and

software, it focuses on providing training, promoting retention and ensuring competence of key IT personnel. An

important resource is data and information, and exploiting data and information to gain optimal value is another

key element of resource optimization.

Strategic alignment and performance measurement are of paramount importance and apply overall to all activities to

ensure that I&T-related objectives are aligned with the enterprise goals.

In a large case study of an international airline company, EGIT’s benefits were demonstrated to include: lower IT-

related continuity costs, increased IT-enabled innovation capacity, increased alignment between digital investments

and business goals and strategy, increased trust between business and IT, and a shift toward a “value mindset” around

digital assets.

Research has shown that enterprises with poorly designed or adopted approaches to EGIT perform worse in aligning

business and I&T strategies and processes. As a result, such enterprises are much less likely to achieve their

intended business strategies and realize the business value they expect from digital transformation.

From this, it is clear that governance has to be understood and implemented much beyond the often encountered (i.e.,

narrow) interpretation suggested by the governance, risk and compliance (GRC) acronym. The GRC acronym itself

implicitly suggests that compliance and related risk represent the spectrum of governance.

1.3 COBIT as an I&T Governance Framework

Over the years, best-practice frameworks have been developed and promoted to assist in the process of

understanding, designing and implementing EGIT. COBIT

2019 builds on and integrates more than 25 years of

development in this field, not only incorporating new insights from science, but also operationalizing these insights

as practices.

From its foundation in the IT audit community, COBIT

has developed into a broader and more comprehensive I&T

governance and management framework and continues to establish itself as a generally accepted framework for I&T

governance.

De Haes, S.; W. van Grembergen; Enterprise Governance of IT: Achieving Alignment and Value, Featuring COBIT 5, Springer International

Publishing, Switzerland, 2nd ed. 2015, https://www.springer.com/us/book/9783319145464

De Haes, Steven; A. Joshi; W. van Grembergen; “State and Impact of Governance of Enterprise IT in Organizations: Key Findings of an International

Study,” ISACA

Journal, vol. 4, 2015, https://www.isaca.org/Journal/archives/2015/Volume-4/Pages/state-and-impact-of-governance-of-enterprise-it-

in-organizations.aspx. See also op cit De Haes and van Grembergen.

CHAPTER 1

INTRODUCTION

1.3.1 What Is COBIT and What Is It Not?

Before describing the updated COBIT framework, it is important to explain what COBIT is and is not:

COBIT is a framework for the governance and management of enterprise information and technology,

aimed at the

whole enterprise. Enterprise I&T means all the technology and information processing the enterprise puts in place to

achieve its goals, regardless of where this happens in the enterprise. In other words, enterprise I&T is not limited to

the IT department of an organization, but certainly includes it.

The COBIT framework makes a clear distinction between governance and management. These two disciplines

encompass different activities, require different organizational structures and serve different purposes.

Governance ensures that:



Stakeholder needs, conditions and options are evaluated to determine balanced, agreed-on enterprise objectives.

Direction is set through prioritization and decision making.

Performance and compliance are monitored against agreed-on direction and objectives.

In most enterprises, overall governance is the responsibility of the board of directors, under the leadership of the

chairperson. Specific governance responsibilities may be delegated to special organizational structures at an

appropriate level, particularly in larger, complex enterprises.

Management plans, builds, runs and monitors activities, in alignment with the direction set by the governance



body, to achieve the enterprise objectives.

In most enterprises, management is the responsibility of the executive management, under the leadership of the chief

executive officer (CEO).

COBIT defines the components to build and sustain a governance system: processes, organizational structures,

policies and procedures, information flows, culture and behaviors, skills, and infrastructure.

COBIT defines the design factors that should be considered by the enterprise to build a best-fit governance system.

COBIT addresses governance issues by grouping relevant governance components into governance and management

objectives that can be managed to the required capability levels.

Several misconceptions about COBIT should be dispelled:

COBIT is not a full description of the whole IT environment of an enterprise.



COBIT is not a framework to organize business processes.

COBIT is not an (IT-)technical framework to manage all technology.

COBIT does not make or prescribe any IT-related decisions. It will not decide what the best IT strategy is, what the

best architecture is, or how much IT can or should cost. Rather, COBIT defines all the components that describe

which decisions should be taken, and how and by whom they should be taken.

Throughout this publication, references to the “framework for the governance of IT” imply the entirety of this description.

These components were termed enablers in COBIT

剩余63页未读，继续阅读

lth989898

粉丝: 1
资源: 7

数字化转型的关键：COBIT 2019框架与方法

COBIT-2019框架：简介和方法中文.pdf

COBIT2019.zip

COBIT2019全套中文可复制版本

cobit-2019 治理和管理目标中文

cobit 2019 全部文档

cobit 2019 csdn

cobit应用案例-作业

cobit 5 foundation中文版

cobit 5 for ofc

cobit治理模块翻译

COBIT34个高级别控制目标是什么

togaf version 9.2 英文版

dama数据管理知识体系指南第二版中文 pdf

数据治理有哪些制度和标准

book 数据治理 Data Governance.pdf

全套ITIL学习教材及讲义PPT汇编.zip

COBIT2019最新中英版本

cobit5中文以及英文版框架、指南

COBIT 词汇表（还不详细吗）

COBIT5-中文版-ISACA官方发布

最新资源