Control Objectives for Information and related Technology (COBIT) Compliance
The IT Governance Institute first published Control Objectives for Information and related Technology (COBIT) in 1992 to offer management, audit and information security groups a way to consistently implement and measure controls over their IT infrastructure.
COBIT breaks down the control structure into four major areas:
- Planning & Organization
- Acquisition & Implementation
- Delivery & Support
These four areas are then further broken down into 34 subcategories. At our company, we develop easy-to-use, integrated security management solutions that assist customers with all COBIT categories.
COBIT lays out best practices for IT controls, but companies must determine which controls make sense for their organization. With our solutions and professional services you can identify, implement and automate your most critical controls. Key issues for customers implementing COBIT include:
- Ensuring the implementation that also meets your regulatory requirements
- Selecting the controls appropriate for your organization
- Monitoring and reporting on the program
Our COBIT solutions
We offer a range of products that help you define, manage and report on a consistent set of internal controls over your corporate data and systems.
- Planning and Organization. Use VigilEnt Policy Center to develop planning, Information Security Strategy and policy documents. You then distribute those documents to the appropriate people in your organization and ensure they read and understood the documents through e-signatures and quizzes. Sample policies, standards, program, strategy, and roles and responsibilities definitions are included to help you speed up this process.
- Acquisition and Implementation. Whether new systems have been developed internally or acquired from outside vendors, it is critical that they are properly tested and configured before they are implemented in to your production environment. Secure Configuration Manager can be used to audit these systems in the test environment to ensure they meet your configuration policy requirements before they are implemented. The AppManager Suite (AppManager®) can be used to monitor the performance availability of systems to ensure that they do not have a negative impact on your environment.
- Manage Performance & Capacity. AppManager collects monitoring data over time and reporting features enable advanced analysis of data. It comes with pre-configured reports in areas such as service levels, events, performance, trends, prediction and watch lists. In addition, an interactive console allows for point-and-click report creation and customization.
Incident Detection and Management. With real-time security incident monitoring and log analysis capabilities, Security Manager delivers the protection, detection, containment and correction of security breaches, along with providing the necessary communication and response to security incidents required by COBIT. Its log management and analysis brings you additional auditing for security applications and devices (firewalls, anti-virus, intrusion detection systems), as well as network devices.
By simplifying, automating and auditing the access certification process, Identity Governance enables security teams to hold business managers accountable and to integrate certifications into corporate compliance processes.
Anomaly detection in Sentinel Enterprise enables you to automate identification and alert on anomalous activity without the need to know exactly what you are looking for. With alerts and evidence of unknown threat in hand, you can speed remediation and better mitigate risk.
- Configuration & Change Management is an underlying process for many other ITIL processes. Secure Configuration Manager helps detect and report on configurations and configuration changes.