An introduction to CobiT® Version 4.0 as a security management tool presented at AUScert 2007

by Rupert Dodds,

Summary : The presentation will seek to inform the audience on the objectives and structure of CobiT with respect to security management. The presentation will describe what CobiT is, how it is developed and the composition of the framework. The presentation will drill down into the IT processes outlined in CobiT and highlight those with particular relevance to security. In this way, the presentation will explain the key elements of the framework which contribute to optimising security management processes.
The presentation will examine the detail within an example CobiT process and will choose DS5 as the process most closely aligned with the audience's interests. The presentation will show the high level and detailed control statements, the RACI (Responsibility / Accountability / Consultation / Information) chart, and the specimen KPIs.
The presentation will introduce a comparison of CobiT with ITL and ISO 17799, showing the relative breadth and depth, strengths and weakness of each and suggesting how the se frameworks may complement each other.
The presentation will conclude by summarising the key messages - the benefits of CobiT and how the framework supports improvements in security management processes.