Файловый архив студентов. Файловый архив студентов.
1304 вуза, 5163 предмета.
/ Регистрация
FAQ Обратная связь Вопросы и предложения
Добавил:
Upload Опубликованный материал нарушает ваши авторские права? Сообщите нам.
Вуз:
Санкт-Петербургский государственный университет информационных технологий, механики и оптики
Предмет:
[НЕСОРТИРОВАННОЕ]
Файл:

Иванов Р.В. (Методика внедрения ИС) / ЛР 8 (Эссе) / Эссе

.docx
Скачиваний:
60
Добавлен:
21.03.2016
Размер:
18.27 Кб
Скачать

CoBiT

COBIT stands for Control OBjectives for Information and related Technology. It’s a set of best practices used for performing IT audits in an organization and assessing the corresponding risks to the IT systems. It facilitates external audits by offering a common framework for investigations and supports a strategic alignment between business and IT.

 This methodology distinguishes 4 interrelated domains:

  • Plan & Organize

  • Acquire & Implement

  • Deliver & Support

  • Monitor & Evaluate

 

COBIT defines 34 IT processes which are generally used in these four domains. The use of indicators and collecting data are another core element of this methodology. Every process has its own list of indicators with key objectives and key performance indicators. Additionally, COBIT disposes of a 6-level maturity model to assess each IT process.

Advantages and disadvantages

Pros 

  • It’s widely used by audit firms and internal control departments because compliance with the Sarbanes-Oxley Act (SOX) is achieved by using an internal control framework (e.g. COBIT).

  • This model uses balanced scorecards (BSC) to represent a common view on IT governance, making it a tool for strategic guidance. It helps prioritize and visualize IT security risks and control.

  • COBIT integrates ISO 9001 principles (processes orientation and continuous improvement) and allows benchmarking.

  • It provides a common vocabulary for IT governance.

 Cons 

  • It’s considered to be a specialist method with a lot of criteria and it requires a certain degree of expertise to use the methodology effectively.

  • The level of detail available in COBIT can pose a practical problem, e.g. it has 318 recommended control objectives. Satisfying all of these can prove to be a challenge.

  • It does not provide more details about how processes should be implemented to support internal control.

http://placio.tudor.lu/Toolbox/index.php?id=129

http://www.kacit.ru/upload/iblock/c54/c5448cab7bc15fb7c41bc512facad24f.pdf

http://www.osp.ru/cio/2002/07-08/172230/

http://vernikov.ru/informacionnye-tehnologii/it-standards/item/298-vvedenie-v-cobit.html

http://www.pera.net/Methodologies/ARIS/ARIS_Paper_by_Ted_Williams.html

http://www.semture.de/en/presentation-techniques/aris

Соседние файлы в папке ЛР 8 (Эссе)
Помощь Обратная связь Вопросы и предложения Пользовательское соглашение Политика конфиденциальности