Term paper on Exercises on Information Security Management

The main aim of this paper is to discuss COBIT: to explain its meaning and understand where it stands with respects to security standards.

COBIT is a short abbreviation of the long title Control Objectives for Information and Related Technology. It is a package of public documents, which consists of something about 40 international and national standards, the guidelines for the management of IT, audit and IT-security. In the beginning of its implementation, COBIT’s creators and sponsors made a standard analysis and assessment of the new standard; they merged the best of international technical standards, quality management standards of auditing, as well as the practical requirements and experience, and as a result they combine everything that somehow relates to the achievement of management objectives in one integral.

The task of COBIT is to bridge the gap between company’s management with its vision on business goals and IT-department, to provide support to the information infrastructure, which should contribute the achievement of the above mentioned business goals.

COBIT accomplishes to be a kind of platform-buffer for a constructive dialogue between all stakeholders of business. It includes the detailed descriptions of the objectives and principles of management, the facilities of management; it also clearly defined all the IT-processes (tasks) that take place in the company and their requirements, in addition, it also describes the possible tools (practices) for the purpose of to implement them in a proper way. According to the respect to security standards, COBIT provides practical guidelines for managing IT-security in the description of IT-processes.

To sum up, COBIT is a maintaining of the unified approach to data collection, data analysis, preparation of findings and conclusions in all phases of management, control and audit of IT; it is the ability to compare existing IT processes with the ‘best’ popular practices in this sphere.