COBIT (Control Objectives for Information and Related Technology) - Revision history

User at 18:26, 30 August 2023

2023-08-30T18:26:09Z

User at 19:38, 10 August 2023

2023-08-10T19:38:54Z

User at 19:17, 10 August 2023

2023-08-10T19:17:21Z

User at 18:58, 18 July 2023

2023-07-18T18:58:34Z

User at 19:05, 14 April 2023

2023-04-14T19:05:42Z

Show changes

User at 15:12, 19 December 2022

2022-12-19T15:12:49Z

User at 14:56, 21 November 2022

2022-11-21T14:56:04Z

User at 12:46, 11 November 2022

2022-11-11T12:46:57Z

User at 16:47, 6 November 2022

2022-11-06T16:47:19Z

Show changes

User at 00:11, 23 July 2022

2022-07-23T00:11:27Z

@@ Line 66: / Line 66: @@
 However, ISACA has overlooked or set aside some areas for this update:
-*It ignores the blurring boundary between operational technology and information technology, which will have an increasing impact on the management of risk and delivery of value and will require additional controls.
+*It ignores the blurring boundary between operational technology and [[Information Technology (IT)]], which will have an increasing impact on the management of risk and delivery of value and will require additional controls.
 *It is just about acknowledging but does not explicitly deal with or provide any useful guidance on sustainability.
 *It still complements the Information Technology Infrastructure Library (ITIL) without replacing it.

@@ Line 97: / Line 97: @@
 == See Also ==
 *[[IT Governance]]
 *[[Val IT Framework]]

@@ Line 1: / Line 1: @@
-'''COBIT''' is a framework of the best practices for IT management (IT Governance). It is a set of best practices and procedures that help the organization to achieve strategic objectives through the effective use of available resources and minimization of IT risks. COBIT interconnects Enterprise governance and IT Governance. This connection is realized by linking business and IT goals, defining metrics and maturity models to measure the achievement of objectives, and defining the responsibilities of owners of the business and IT processes.<ref>[https://cioindex.com/reference/case-study-implementing-it-governance-using-the-cobit-framework/ Case Study – Implementing IT Governance Using The COBIT Framework]</ref>
+'''COBIT''' is a framework of the best practices for IT management (IT Governance). It is a set of best practices and procedures that help the organization to achieve strategic objectives through the effective use of available resources and minimization of IT risks. COBIT interconnects [[Corporate Governance|Enterprise governance]] and [[IT Governance]]. This connection is realized by linking business and IT goals, defining metrics and maturity models to measure the achievement of objectives, and defining the responsibilities of owners of the business and IT processes.<ref>[https://cioindex.com/reference/case-study-implementing-it-governance-using-the-cobit-framework/ Case Study – Implementing IT Governance Using The COBIT Framework]</ref>
-The first COBIT version was released by the [[Information Systems Audit and Control Association (ISACA)|ISACA organization]] in 1996. The first edition consisted of the framework, and the second one was extended to include audit guidelines, an implementation toolset, and control objectives. The third edition added management guidelines. The third edition of COBIT has been released by the ITG Institute (IT Governance Institute). The current edition is the fifth (COBIT 5), and the fifth version is available from April 2012. COBIT 5 consolidates and integrates the COBIT 4.1, Val IT 2.0, and Risk IT Framework and also draws significantly from the Business Model for Information Security (BMIS) and ITAF.<ref>[https://managementmania.com/en/cobit-control-objectives-for-information-and-related-technology  History of COBIT]</ref>
+The first COBIT version was released by the [[Information Systems Audit and Control Association (ISACA)|ISACA organization]] in 1996. The first edition consisted of the framework, and the second one was extended to include audit guidelines, an implementation toolset, and control objectives. The third edition added management guidelines. The third edition of COBIT has been released by the ITG Institute (IT Governance Institute). The current edition is the fifth (COBIT 5), and the fifth version is available from April 2012. COBIT 5 consolidates and integrates the COBIT 4.1, Val IT 2.0, and [[Risk IT Framework]] and also draws significantly from the Business Model for Information Security (BMIS) and ITAF.<ref>[https://managementmania.com/en/cobit-control-objectives-for-information-and-related-technology  History of COBIT]</ref>
 The latest version, COBIT 2019, was released in 2018. New insights from experts in IT and governance were included in the new version.
@@ Line 9: / Line 9: @@
 COBIT was initially "Control Objectives for Information and Related Technologies," though, before the release of the framework, people talked of "CobiT" as "Control Objectives for IT" or "Control Objectives for Information and Related Technology." The framework defines a set of generic processes for the management of IT, with each process defined together with process inputs and outputs, key process activities, process objectives, performance measures, and an elementary maturity model. COBIT also provides a set of recommended best practices for the governance and control process of information systems and technology with the essence of aligning IT with business. COBIT 5 consolidates COBIT 4.1, Val IT, and Risk IT into a single framework acting as an enterprise framework aligned and interoperable with other frameworks and standards.
 The business orientation of COBIT consists of linking business goals to IT goals, providing metrics and maturity models to measure their achievement, and identifying the associated responsibilities of business and IT process owners.
-The process focus of COBIT is illustrated by a process model subdividing IT into four domains (Plan and Organize; Acquire and Implement; Deliver and Support; and Monitor and Evaluate) and 34 processes in line with the responsibility areas of plan, build, run, and monitor. It is positioned at a high level and has been aligned and harmonized with other, more detailed IT standards and good practices such as COSO, ITIL, BiSL, ISO 27000, CMMI, TOGAF, and PMBOK. COBIT acts as an integrator of these different guidance materials, summarizing key objectives under one umbrella framework that links the good practice models with governance and business requirements. COBIT 5 further consolidated and integrated the COBIT 4.1, Val IT 2.0, and Risk IT frameworks and drew from ISACA's IT Assurance Framework (ITAF) and the Business Model for Information Security (BMIS).
+The process focus of COBIT is illustrated by a process model subdividing IT into four domains (Plan and Organize; Acquire and Implement; Deliver and Support; and Monitor and Evaluate) and 34 processes in line with the responsibility areas of plan, build, run, and monitor. It is positioned at a high level and has been aligned and harmonized with other, more detailed IT standards and good practices such as [[COSO Internal Control Integrated Framework|COSO]], [[ITIL (Information Technology Infrastructure Library)|ITIL]], BiSL, [[ISO 27000]], [[Capability Maturity Model Integration (CMMI)|CMMI]], [[The Open Group Architecture Framework (TOGAF)|TOGAF]], and PMBOK. COBIT acts as an integrator of these different guidance materials, summarizing key objectives under one umbrella framework that links the good practice models with governance and business requirements. COBIT 5 further consolidated and integrated the COBIT 4.1, [[Val IT Framework|Val IT 2.0]], and Risk IT frameworks and drew from ISACA's IT Assurance Framework (ITAF) and the [[Business Model for Information Security (BMIS)]].
 The framework and its components can, when utilized well, also contribute to ensuring regulatory compliance. It can encourage less wasteful information management, improve retention schedules, increase business agility, and lower costs while better complying with data retention and management regulations.

@@ Line 1: / Line 1: @@
 '''COBIT''' is a framework of the best practices for IT management (IT Governance). It is a set of best practices and procedures that help the organization to achieve strategic objectives through the effective use of available resources and minimization of IT risks. COBIT interconnects Enterprise governance and IT Governance. This connection is realized by linking business and IT goals, defining metrics and maturity models to measure the achievement of objectives, and defining the responsibilities of owners of the business and IT processes.<ref>[https://cioindex.com/reference/case-study-implementing-it-governance-using-the-cobit-framework/ Case Study – Implementing IT Governance Using The COBIT Framework]</ref>
-The first COBIT version was released by the ISACA organization in 1996. The first edition consisted of the framework, and the second one was extended to include audit guidelines, an implementation toolset, and control objectives. The third edition added management guidelines. The third edition of COBIT has been released by the ITG Institute (IT Governance Institute). The current edition is the fifth (COBIT 5), and the fifth version is available from April 2012. COBIT 5 consolidates and integrates the COBIT 4.1, Val IT 2.0, and Risk IT Framework and also draws significantly from the Business Model for Information Security (BMIS) and ITAF.<ref>[https://managementmania.com/en/cobit-control-objectives-for-information-and-related-technology  History of COBIT]</ref>
+The first COBIT version was released by the [[Information Systems Audit and Control Association (ISACA)|ISACA organization]] in 1996. The first edition consisted of the framework, and the second one was extended to include audit guidelines, an implementation toolset, and control objectives. The third edition added management guidelines. The third edition of COBIT has been released by the ITG Institute (IT Governance Institute). The current edition is the fifth (COBIT 5), and the fifth version is available from April 2012. COBIT 5 consolidates and integrates the COBIT 4.1, Val IT 2.0, and Risk IT Framework and also draws significantly from the Business Model for Information Security (BMIS) and ITAF.<ref>[https://managementmania.com/en/cobit-control-objectives-for-information-and-related-technology  History of COBIT]</ref>
 The latest version, COBIT 2019, was released in 2018. New insights from experts in IT and governance were included in the new version.

← Older revision		Revision as of 15:12, 19 December 2022
Line 2:		Line 2:


−	The first COBIT version was released by ISACA organization in 1996. The first edition consisted of the framework, and the second one was extended to include audit guidelines, an implementation toolset, and control objectives. The third edition added management guidelines. The third edition of COBIT has been released by the ITG Institute (IT Governance Institute). The current edition is the fifth (COBIT 5), and the fifth version is available from April 2012. COBIT 5 consolidates and integrates the COBIT 4.1, [[Val_IT_Framework\|Val IT]] 2.0, and [[Risk IT ~~framework]]~~ and also draws significantly from the [[Business Model for Information Security (BMIS)]] and [[IT_Assurance_Framework_(ITAF)\|ITAF]].<ref>History of COBIT [https://managementmania.com/en/cobit-control-objectives-for-information-and-related-technology Management Mania]</ref>	+	The first COBIT version was released by ISACA organization in 1996. The first edition consisted of the framework, and the second one was extended to include audit guidelines, an implementation toolset, and control objectives. The third edition added management guidelines. The third edition of COBIT has been released by the ITG Institute (IT Governance Institute). The current edition is the fifth (COBIT 5), and the fifth version is available from April 2012. COBIT 5 consolidates and integrates the COBIT 4.1, [[Val_IT_Framework\|Val IT]] 2.0, and Risk IT Framework and also draws significantly from the [[Business Model for Information Security (BMIS)]] and [[IT_Assurance_Framework_(ITAF)\|ITAF]].<ref>History of COBIT [https://managementmania.com/en/cobit-control-objectives-for-information-and-related-technology Management Mania]</ref>

@@ Line 1: / Line 1: @@
-'''COBIT''' is a [[framework]] of the best practices for IT [[management]] (IT Governance). It is a set of the [[Best Practice|best practices]] and procedures that help the [[Organization|organization]] to achieve strategic objectives through the effective use of available resources and minimization of IT risks. COBIT interconnects [[Corporate Governance|Enterprise governance]] and IT Governance. This connection is realized by [[Business IT Alignment|linking business and IT goals]], defining [[metrics]] and maturity models to measure the achievement of objectives and defining the responsibilities of owners of [[business]] and IT processes.<ref>[https://cioindex.com/reference/case-study-implementing-it-governance-using-the-cobit-framework/ Case Study – Implementing IT Governance Using The COBIT Framework]</ref>
+'''COBIT''' is a framework of the best practices for IT management (IT Governance). It is a set of best practices and procedures that help the organization to achieve strategic objectives through the effective use of available resources and minimization of IT risks. COBIT interconnects [[Corporate Governance|Enterprise governance]] and IT Governance. This connection is realized by [[Business IT Alignment|linking business and IT goals]], defining metrics and maturity models to measure the achievement of objectives and defining the responsibilities of owners of the business and IT processes.<ref>[https://cioindex.com/reference/case-study-implementing-it-governance-using-the-cobit-framework/ Case Study – Implementing IT Governance Using The COBIT Framework]</ref>
-The first COBIT version was released by ISACA [[organization]] in 1996. The first edition consisted of the framework, and the second one was extended to include audit guidelines, an implementation toolset, and [[control]] objectives. The third edition added management guidelines. The third edition of COBIT has been released by the ITG Institute (IT [[Governance]] Institute). The current edition is the fifth (COBIT 5), and the fifth version is available from April 2012. COBIT 5 consolidates and integrates the COBIT 4.1, [[Val_IT_Framework|Val IT]] 2.0, and [[Risk_IT_Framework|Risk IT]] frameworks and also draws significantly from the [[Business_Model_for_Information_Security_(BMIS)|Business Model for Information Security (BMIS)]] and [[IT_Assurance_Framework_(ITAF)|ITAF]].<ref>History of COBIT  [https://managementmania.com/en/cobit-control-objectives-for-information-and-related-technology  Management Mania]</ref>
+The first COBIT version was released by ISACA organization in 1996. The first edition consisted of the framework, and the second one was extended to include audit guidelines, an implementation toolset, and control objectives. The third edition added management guidelines. The third edition of COBIT has been released by the ITG Institute (IT Governance Institute). The current edition is the fifth (COBIT 5), and the fifth version is available from April 2012. COBIT 5 consolidates and integrates the COBIT 4.1, [[Val_IT_Framework|Val IT]] 2.0, and [[Risk IT framework]] and also draws significantly from the [[Business Model for Information Security (BMIS)]] and [[IT_Assurance_Framework_(ITAF)|ITAF]].<ref>History of COBIT  [https://managementmania.com/en/cobit-control-objectives-for-information-and-related-technology  Management Mania]</ref>
 == Framework and Components of COBIT ==
 '''Framework and Components of COBIT'''<ref> Framework and Components of COBIT [https://en.wikipedia.org/wiki/COBIT Wikipedia]</ref><br />
-COBIT was initially "Control Objectives for Information and Related Technologies," though before the release of the framework people talked of "CobiT" as "Control Objectives for IT" or "Control Objectives for Information and Related Technology." The framework defines a set of generic processes for the management of IT, with each [[process]] defined together with process inputs and outputs, key process activities, process objectives, performance measures, and an elementary maturity [[model]]. COBIT also provides a set of recommended best practices for the governance and control process of [[Information System (IS)|information systems]] and [[Information Technology (IT)|technology]] with the essence of [[Business IT Alignment|aligning IT with business]]. COBIT 5 consolidates COBIT 4.1, Val IT, and Risk IT into a single framework acting as an enterprise framework aligned and interoperable with other frameworks and standards.
+COBIT was initially "Control Objectives for Information and Related Technologies," though before the release of the framework people talked of "CobiT" as "Control Objectives for IT" or "Control Objectives for Information and Related Technology." The framework defines a set of generic processes for the management of IT, with each process defined together with process inputs and outputs, key process activities, process objectives, performance measures, and an elementary maturity model. COBIT also provides a set of recommended best practices for the governance and control process of information systems and technology with the essence of aligning IT with business]]. COBIT 5 consolidates COBIT 4.1, Val IT, and Risk IT into a single framework acting as an enterprise framework aligned and interoperable with other frameworks and standards.
-The business orientation of COBIT consists of linking business [[goals]] to IT goals, providing metrics and maturity models to measure their achievement, and identifying the associated responsibilities of business and IT process owners.
+The business orientation of COBIT consists of linking business goals to IT goals, providing metrics and maturity models to measure their achievement, and identifying the associated responsibilities of business and IT process owners.
-The process focus of COBIT is illustrated by a process model that subdivides IT into four domains (Plan and Organize; Acquire and Implement; Deliver and Support; and Monitor and Evaluate) and 34 processes in line with the responsibility areas of plan, build, run, and monitor. It is positioned at a high level and has been aligned and harmonized with other, more detailed IT standards and good practices such as [[Committee_of_Sponsoring_Organizations_of_the_Treadway_Commission_(COSO)|COSO]], [[ITIL_(Information_Technology_Infrastructure_Library)|ITIL]], BiSL, [[ISO 27000]], [[Capability_Maturity_Model_Integration_(CMMI)|CMMI]], [[The Open Group Architecture Framework (TOGAF)|TOGAF]] and [[Project Management Body of Knowledge (PMBOK®)|PMBOK]]. COBIT acts as an integrator of these different guidance materials, summarizing key objectives under one umbrella framework that links the good practice models with governance and business requirements. COBIT 5 further consolidated and integrated the COBIT 4.1, Val IT 2.0, and Risk IT frameworks and drew from ISACA's IT Assurance Framework (ITAF) and the Business Model for Information Security (BMIS).
+The process focus of COBIT is illustrated by a process model that subdivides IT into four domains (Plan and Organize; Acquire and Implement; Deliver and Support; and Monitor and Evaluate) and 34 processes in line with the responsibility areas of plan, build, run, and monitor. It is positioned at a high level and has been aligned and harmonized with other, more detailed IT standards and good practices such as [[Committee_of_Sponsoring_Organizations_of_the_Treadway_Commission_(COSO)|COSO]], [[ITIL_(Information_Technology_Infrastructure_Library)|ITIL]], BiSL, ISO 27000, [[Capability_Maturity_Model_Integration_(CMMI)|CMMI]], [[The Open Group Architecture Framework (TOGAF)|TOGAF]] and PMBOK. COBIT acts as an integrator of these different guidance materials, summarizing key objectives under one umbrella framework that links the good practice models with governance and business requirements. COBIT 5 further consolidated and integrated the COBIT 4.1, Val IT 2.0, and Risk IT frameworks and drew from ISACA's IT Assurance Framework (ITAF) and the Business Model for Information Security (BMIS).
-The framework and its components can, when utilized well, also contribute to ensuring regulatory [[compliance]]. It can encourage less wasteful information management, improve retention schedules, increase business [[agility]], and lower costs while better complying with [[data]] retention and management regulations.
+The framework and its components can, when utilized well, also contribute to ensuring regulatory compliance. It can encourage less wasteful information management, improve retention schedules, increase business agility, and lower costs while better complying with data retention and management regulations.
@@ Line 24: / Line 24: @@
 '''The Principles of COBIT'''<ref>The Five Principles of COBIT 5 [https://www.bitsighttech.com/blog/cobit-vs-itil BitSight]</ref><br />
 There are five principles that makeup COBIT: (see figure below)
-*Meeting [[stakeholder]] needs. This is incredibly general, but COBIT points out that meeting the needs of the [[Stakeholder|stakeholder]] while still meeting the needs of the company is valuable.
+*Meeting stakeholder needs. This is incredibly general, but COBIT points out that meeting the needs of the stakeholder while still meeting the needs of the company is valuable.
-*Covering the enterprise end-to-end. You must have a complete solution—not just pieces here and there. It’s important to take an in-depth look at [[network]] devices, endpoint solutions, as well as signature, non-signature, and heuristic base protection (and much more).
+*Covering the enterprise end-to-end. You must have a complete solution—not just pieces here and there. It’s important to take an in-depth look at network devices, endpoint solutions, as well as signature, non-signature, and heuristic base protection (and much more).
-*Applying a single integrated framework. This isn’t to say you need only a single [[vendor]] for your framework, but rather that your framework must be organized and well thought-out.
+*Applying a single integrated framework. This isn’t to say you need only a single vendor for your framework, but rather that your framework must be organized and well thought-out.
 *Enabling a holistic approach. You must have a plan of action that attacks an IT problem from multiple angles.
 *Separating governance from management. Governance ensures that there is oversight, while management deals with the necessary processes and steps needed.
@@ Line 36: / Line 36: @@
 == The COBIT Reference Model ==
-'''The COBIT 5 Process [[Reference Model]]'''<ref>The COBIT 5 Process Reference Model [https://www.isaca.org/Knowledge-Center/Blog/Lists/Posts/Post.aspx?ID=193 isaca.org]</ref><br />
+'''The COBIT 5 Process Reference Model'''<ref>The COBIT 5 Process Reference Model [https://www.isaca.org/Knowledge-Center/Blog/Lists/Posts/Post.aspx?ID=193 isaca.org]</ref><br />
-COBIT 5 is not delivered as a prescriptive model; rather, it advocates the implementation of governance and management processes within enterprises, as per the figure below.  The COBIT 5 process reference model defines and describes in detail the governance and management processes normally found within an enterprise relating to IT activities, providing a common reference model understandable to operational IT and business managers. The COBIT 5 model delivers an [[Operating Model|operational model]] with a common language for all parts of the business involved in IT activities and provides a framework for measuring and monitoring IT performance, communicating with [[service]] providers, and integrating best management practices.
+COBIT 5 is not delivered as a prescriptive model; rather, it advocates the implementation of governance and management processes within enterprises, as per the figure below.  The COBIT 5 process reference model defines and describes in detail the governance and management processes normally found within an enterprise relating to IT activities, providing a common reference model understandable to operational IT and business managers. The COBIT 5 model delivers an operational model with a common language for all parts of the business involved in IT activities and provides a framework for measuring and monitoring IT performance, communicating with service providers, and integrating best management practices.
@@ Line 52: / Line 52: @@
 **Monitor, Evaluate and Assess (MEA)
-The COBIT 5 process reference model is the successor of the COBIT 4.1 process model, incorporating both the [[Risk]] IT and Val IT frameworks.
+The COBIT 5 process reference model is the successor of the COBIT 4.1 process model, incorporating both the Risk IT and Val IT frameworks.
@@ Line 58: / Line 58: @@
 == Analyzing COBIT ==
 '''COBIT - An Analysis'''<ref>COBIT - An Analysis [https://www.gartner.com/doc/1982323/updates-cobit--aim-greater Gartner]</ref><br />
-A significant refresh of COBIT 4.1, COBIT 5 improves this useful framework by integrating several of ISACA's frameworks, notably [[Val IT Framework|Val IT]] and [[Risk IT Framework|Risk IT]]. The changes have made COBIT 5 broader and more complex. The scope of its guidance could overwhelm new users and inhibit its adoption; consequently, the online version of COBIT 5 will need to provide role-specific versions or logical views to make it more user-friendly.
+A significant refresh of COBIT 4.1, COBIT 5 improves this useful framework by integrating several of ISACA's frameworks, notably [[Val IT Framework|Val IT]] and Risk IT. The changes have made COBIT 5 broader and more complex. The scope of its guidance could overwhelm new users and inhibit its adoption; consequently, the online version of COBIT 5 will need to provide role-specific versions or logical views to make it more user-friendly.
-Changes in COBIT 5 likely to have the greatest [[impact]] on organizations currently using COBIT include:
+Changes in COBIT 5 likely to have the greatest impact on organizations currently using COBIT include:
 *A new process capability assessment approach, based on ISO/IEC 15504, which replaces the [[Capability Maturity Model (CMM)]]-based modeling.
 *Modifications to the process model, including changed processes and some new processes.
@@ Line 68: / Line 68: @@
 *Improved process capability assessments.
 *Linkage between specific IT and enabler goals to broader enterprise-level goals.
-*Greater emphasis on [[value]] creation through focusing on benefits realization, risk optimization, and resource optimization.
+*Greater emphasis on value creation through focusing on benefits realization, risk optimization, and resource optimization.
 However, ISACA has overlooked or set aside some areas for this update:
@@ Line 79: / Line 79: @@
 *[[OCTAVE (Operationally Critical Threat, Asset and Vulnerability Evaluation)]]
 *[[Factor Analysis of Information Risk (FAIR)]]

← Older revision		Revision as of 12:46, 11 November 2022
Line 80:		Line 80:
	*[[Factor Analysis of Information Risk (FAIR)]]		*[[Factor Analysis of Information Risk (FAIR)]]
	*[[ICT_Investment_Framework\|ICT Investment Framework]]		*[[ICT_Investment_Framework\|ICT Investment Framework]]
−	*[[IT_Investment_Management_Framework_(ITIM)\|Information Technology Investment Management (ITIM)]]

← Older revision		Revision as of 00:11, 23 July 2022
Line 1:		Line 1:
−	'''COBIT''' is a [[framework]] of the best practices for IT [[management]] ([[IT_Governance\|IT Governance]]). It is a set of the [[Best Practice\|best practices]] and procedures that help the [[Organization\|organization]] to achieve strategic objectives through an effective use of available resources and minimization of the IT risks. COBIT interconnects [[Corporate Governance\|Enterprise governance]] and [[IT_Governance\|IT Governance]]. This connection is realized by [[Business IT Alignment\|linking business and IT goals]], defining [[metrics]] and maturity models to measure achievement of objectives and defining the responsibilities of owners of [[business]] and IT processes.<ref>[https://cioindex.com/reference/an-~~introduction~~-to-cobit-ii/ ~~An Introduction To~~ COBIT II]</ref>	+	'''COBIT''' is a [[framework]] of the best practices for IT [[management]] ([[IT_Governance\|IT Governance]]). It is a set of the [[Best Practice\|best practices]] and procedures that help the [[Organization\|organization]] to achieve strategic objectives through an effective use of available resources and minimization of the IT risks. COBIT interconnects [[Corporate Governance\|Enterprise governance]] and [[IT_Governance\|IT Governance]]. This connection is realized by [[Business IT Alignment\|linking business and IT goals]], defining [[metrics]] and maturity models to measure achievement of objectives and defining the responsibilities of owners of [[business]] and IT processes.<ref>[https://cioindex.com/reference/case-study-implementing-it-governance-using-the-cobit-framework/ Case Study – Implementing IT Governance Using The COBIT Framework]</ref>