CobiT
The IT Governance Institute first published Control Objectives for Information and related Technology (CobiT) in 1992 to offer management, audit and information security groups a way to consistently implement and measure controls over their IT infrastructure. CobiT breaks down the control structure into four major areas: Planning & Organization, Acquisition & Implementation, Delivery & Support and Monitoring, which are then further broken down into 34 subcategories. At NetIQ, we develop easy-to-use, integrated security management solutions that assist customers with all CobiT categories.
Business Problem
CobiT lays out best practices for IT controls, but companies must determine which controls make sense for their organization. With NetIQ solutions and professional services you can identify, implement and automate your most critical controls. Key issues for customers implementing CobiT include:
- Ensuring the implementation that also meets your regulatory requirements
- Selecting the controls appropriate for your organization
- Monitoring and reporting on the program
The NetIQ Solution
NetIQ's Security Management solutions offers a number of products and features that can enhance an institution's information security program and facilitate compliance with CobiT. Specific benefits include:
- Performance Management – Meet service level commitment, end-user expectation and business-driven IT performance objectives, while reducing your operating costs.
- Security Management – Monitor your diverse security environment, resolve incidents and satisfy log management requirements without consuming all your time and resources.
- Configuration Management – Demonstrate IT compliance with policies and regulations through security configuration management, regulatory mapping and reporting.
- Change Control – Control and audit system changes to assure the integrity of your distributed IT infrastructure through time-based, task-specific permissions management.
- Windows Administration – Delegate and automate administrative tasks to streamline your work, while maximizing your return on Windows and Active Directory.
Key Features
NetIQ offers a range of products that help organizations define, manage and report on a consistent set of internal controls over their corporate data and systems.
- Planning and Organization. Use NetIQ VigilEnt Policy Center to develop planning, Information Security Strategy and policy documents, then distribute those documents to the appropriate people in your organization and ensure they read and understood the documents through e-signatures and quizzes. Sample policies, standards, program, strategy, and roles and responsibilities definitions are included to help you speed up this process.
- Acquisition and Implementation. Whether new systems have been developed internally or acquired from outside vendors, it is critical that they are properly tested and configured before they are implemented in to your production environment. NetIQ Secure Configuration Manager can be used to audit these systems in the test environment to ensure they meet your configuration policy requirements before they are implemented. The NetIQ AppManager Suite (AppManager) can be used to monitor the performance availability of systems to ensure that they do not have a negative impact on your environment.
- Manage Performance & Capacity. AppManager collects monitoring data over time and reporting features enable advanced analysis of data. It comes with pre-configured reports in areas such as service levels, events, performance, trends, prediction and watch lists. In addition, an interactive console allows for point-and-click report creation and customization.
- Access Control. NetIQ Security Administration Suite allows you to control access by internal and third party (partners, suppliers, contractors) individuals via roles-based access control for managing user accounts, computers, groups and local resources. The product also ensures consistency between the access controls of multiple systems and provides separation of duty enforcement between development and operation teams.
- Incident Detection and Management. With real-time security incident monitoring and log analysis capabilities, NetIQ Security Manager delivers the protection, detection, containment and correction of security breaches, along with providing the necessary communication and response to security incidents required by CobiT. Its log management and analysis brings you additional auditing for security applications and devices (firewalls, anti-virus, intrusion detection systems), as well as network devices.
- Configuration & Change Management is an underlying process for many other ITIL processes. NetIQ Secure Configuration Manager helps detect and report on configurations and configuration changes while NetIQ Security Administration Suite can help with change control, managing approvals and changes for critical Active Directory changes, such as user deletes and Group Policy.
- IT Security Risk Assessment. The NetIQ Risk and Compliance Center solution measures IT security risk in your environment using innovative metric models that factor in the nature of compliance exceptions and vulnerabilities and the business value of IT assets. From a web browser, you can view results such as the average risk score by asset group.
