by Leigh Goessl

Created on: November 06, 2009

Developed in the 1990s, COBIT is an open standard that can help organizations measure quality and create internal controls over data. COBIT is a framework organizations can use to achieve a stronger level of control and security of their data.

The framework is comprised of many sections, however there are four domains of COBIT that lie within the heart of the framework and are essentially the "meat" of the framework. Each domain deals with specific areas of IT that can be useful to help ensure compliance or strengthen control measures and reduce IT risk.

These four domains, Planning and Organization, Acquisition and Implementation, Delivery and Support, and Monitoring and Auditing each play a pivotal role in the development and maintenance of control measures. Each one helps a company address different areas of IT that help lead to a higher degree of security controls over data, which is also beneficial because it can address many of the compliance issues many businesses face.

Through the use of COBIT and applying approaches structured by the four domains, managers can have a straightforward way to monitor their information security control practices in a non-technical way that is understandable.

*Planning and Organization

This domain covers business strategy and determines ways that IT can be used to help a business meet it's company's objectives.

*Acquisition and Implementation

This domain covers how IT is acquired and ways it can be integrated into the company's operational processes to help reach the business goals that have been set in the planning and organization phrase.

This domain also covers any changes or modifications that will need to be made to existing IT that will help the company reach organizational goals.

*Delivery and Support

The third domain covers the delivery of IT and its services, which includes software, hardware and any other kind of support system or service needed to run the equipment. It also covers the processing of the system and applications contained within.

*Monitoring and Auditing

This domain spans over monitoring of IT services and watches the performances of how they operate. As a part of this area, it also deals with the control mechanisms that are put in place for both internal and external needs.

It is important to keep in mind that no level of risk is ever 100% eliminated, but by using COBIT methodologies and applying principles from the four domains of COBIT, this places a sequential approach that can help keep practices in place to reduce risk as much as possible and identify deficiencies or vulnerabilities.

While COBIT and its domains are not a one size fits all strategy or solution, the benefit is that businesses can choose the aspects of COBIT that can be applied to benefit the business. However, the domains each address specific areas of an organization and each component is useful as a methodological procedure to improve upon processes.

Learn more about this author, Leigh Goessl.
Click here to send this author comments or questions.