W2 Lab

COBIT

Ask any IT manager about the challenges in conveying IT risks in terms of business risks, or about translating business goals into IT goals. It’s a common difficulty, as the worlds of business and IT do not inherently align. This lack of alignment was unresolved until ISACA developed a framework called COBIT, first released in 1996. ISACA is an IT professionals’ association centered on auditing and IT governance. This lab will focus on the COBIT framework. The lab uses the latest two versions: COBIT 4.1, which is currently the most implemented version, and COBIT 5, which is the latest version released in June 2012.

Because COBIT 4.1 is freely available at the time of this writing, the lab uses this version to present handling of risk management. Presentation is done making use of a set of COBIT control objectives called P09. COBIT P09’s purpose is to guide the scope of risk management for an IT infrastructure. The COBIT P09 risk management controls help organize the identified risks, threats, and vulnerabilities, enabling you to manage and remediate them. This lab will also present how COBIT shifts from the term “control objectives” to a set of principles and enablers in version 5.

In this lab, you will define COBIT P09, you will describe COBIT P09’s six control objectives, you will explain how the threats and vulnerabilities align to the definition for the assessment and management of risks, and you will use COBIT P09 to determine the scope of risk management for an IT infrastructure.

Learning Objectives

Upon completing this lab, you will be able to:

Define what COBIT (Control Objectives for Information and related Technology) P09 risk management is for an IT infrastructure.

Describe COBIT P09’s six control objectives that are used as benchmarks for IT risk assessment and risk management.

Explain how threats and vulnerabilities align to the COBIT P09 risk management definition for the assessment and management of IT risks.

Use the COBIT P09 controls as a guide to define the scope of risk management for an IT infrastructure.

Apply the COBIT P09 controls to help organize the identified IT risks, threats, and vulnerabilities.

Deliverables

Upon completion of this lab, you are required to provide the following deliverables to your instructor:

1. Lab Report file;

2. Lab Assessments file.

Evaluation Criteria and Rubrics

The following are the evaluation criteria for this lab that students must perform:

1. Define what COBIT (Control Objectives for Information and related Technology) P09 risk management is for an IT infrastructure. – [20%]

2. Describe COBIT P09’s six control objectives that are used as benchmarks for IT risk assessment and risk management. – [20%]

3. Explain how threats and vulnerabilities align to the COBIT P09 risk management definition for the assessment and management of IT risks. – [20%]

4. Use the COBIT P09 controls as a guide to define the scope of risk management for an IT infrastructure. – [20%]

5. Apply the COBIT P09 controls to help organize the identified IT risks, threats, and vulnerabilities. – [20%]