Control Objectives for Information and related Technology (COBIT) is an acronym for the IT governance and control framework.
COBIT provides an operational framework for compliance laws mandating information security. It is an "intermediary standard" because its accepted best practices are checked by an organization's auditors for IT security compliance with laws such as Sarbanes-Oxley and Gramm-Leach-Bliley.
COBIT is important because it provides organizations with an actionable framework that auditors rely on for verification of compliance with security mandates in public laws. Typically, legislators focus on setting policy and leave implementation details to standards set by accredited organizations.
Codec Networks help Implementation of COBIT entails understanding and using its key concepts, principles and controls. We begin with COBIT's four domains:
- Plan and Organize
- Acquire and Implement
- Deliver and Support and
- Monitor and Evaluate