Talk:COBIT

From Wikipedia, the free encyclopedia

<bHey all - I don't know how to use this editing feature, but I feel compelled to make a comment. Maybe someone can edit the article for me. I am of the view (as I believe many others are) that the Sarbanes-Oxley Act (and any associated reference to controls) was a direct reaction to the WorldCom accounting scandal, and not to Enron. Enron had nothing to do with an internal control failure. The worst Enron did was obfuscate what their business model was, and having off-balance sheet backed by poor assets (Enron's common stock, in this case.) If anything, the Enron + WorldCom + The other scandals helped create an environment that allowed SoX to be passed, but it was WolrdCom's wrongful accounting (and bypassing controls designed to stop improper accounting journal entries) that passed all this control broo-ha-ha.

Just an FYI.

Concerns regarding the comparison to ISO/IEC 17799:2000...

This release of the ISO Code of Practice has only 12 sections, of which Section 1 is the Scope of the Standard and Section 2 is the Terms and Definitions (so the first two sections have no Controls or Objectives). The table that is presented in this article shows 13 sections, and therefore cannot be correct (what is the source?). The latest release of the Code of Practice is ISO/IEC 17799:2005 which has 15 sections.

Refer to the ISO 17799 Directory

Contents 1 New version of Cobit: 4.0 2 Large chunks taken without attribution, difficult to understand 3 Information Security Criticism of COBIT 4 ITIL 5 how many specific control objectives? 6 ghjfgh 7 High-level IT Processes vs High-level Control Objetives 8 Translation

[edit] New version of Cobit: 4.0

Hi,

This is a question on how to document new versions of a "standard". Should a new article be created and the old article be renamed to "Cobit v3.0"?

Tommy from Belgium 07:37, 27 December 2005 (UTC)

I think that if there was a History section with major changes from previous version it would be sufficient. ParaDox 14:15, 10 March 2006 (UTC)

--Alan.rezende (talk) 02:39, 13 May 2008 (UTC)User:alan.rezende : In my opinion, the versioning page must be used when someone's altering the contents of an article by refining it, correcting it or whatever. When the subject is a framework, and it makes sense considering each version a separate piece of information, then there should be different articles like: COBIT v3.0, COBIT v4.0, COBIT v4.1 and a major one called COBIT that would point to the others and gather general information concerning it. If we just keep on altering the article, then the information about what was COBIT v3.0 (dates, patterns, etc) will be lost or more difficult to find. Well, these are my thoughts about that.

[edit] Large chunks taken without attribution, difficult to understand

Large chunks of this article seem to come from an old version of the ISACA COBIT website. For example, Google searches for "while identifying COBIT's four domains" or "controlled through 34 high-level control objectives" restricted to the site "isaca.org" yield much of their surrounding text from this article.

Substantially more importantly, this article is laden with impenetrable jargon. Just what is "IT governance"? How about a "control objective"? This article should synthesize the cloud of COBIT buzzwords into a succinct whole instead of enumerating all 34 control objectives.

Daviddavid

I agree. Very large chunks seem to have been taken verbatim from [1] . Some more senior Wikipedian, please speak up - is this enough to warrant flagging it with a copyvio tag? Gzabers 20:59, 31 March 2006 (UTC)

Someone spent the effort and time to get the info up there so that I could find out what COBIT was (at a high level). Don't just complain, be a good Wiki community member and change it, refine it, define it; but please don't just recommend it's destroyed...--LordNemesis 08:17, 27 September 2006 (UTC)

[edit] Information Security Criticism of COBIT

The new update of COBIT did not address the control issues arising from distributed networking. The very language describing controls assumes by default that a centrally controllable computing system exists. The omission of controls or even suggestions on how to address controls to non-centralized networks, servers, authentication systems, distributed financial computing processes, semi-autonomous middleware applications, leaves unanticipated controls to be devised. Rather than selecting subsets of controls that apply and fit corporate governance objectives, control confounding appears. This control confounding effect does not appear where ever the network architecture is designed with technical top down control mechanisms. I thought it was the goal of COBIT to facilitate control rather than dictating business function and IT architecture. Can COBIT extend some controls to fit non-centralized network architectures in its next revision?

Don Turnblade MS, CISSP, CISM, CISA

[edit] ITIL

Surely there should be some mention of the relationship/comparison/contrast with ITIL?

[edit] how many specific control objectives?

In this article it says COBIT defines 215 specific control objectives. However, in ITGovernance Institute's Cobit_regulations, it says there are 318 specific control objectives. It appears to me this article is the wrong one. Which one is right? If is the wiki, someone fix it. SSPecter ^talk ♠ _{14:07, 13 January 2007 (UTC)}.

[edit] ghjfgh

  fghgfh  —Preceding unsigned comment added by 213.166.17.11 (talk) 12:55, 25 March 2008 (UTC) 

[edit] High-level IT Processes vs High-level Control Objetives

As stated in the 4.1 version of COBIT Executive Summary (and the overall documentation as well), the formerly named 34 high-level control objetives are now called just high-level IT processes. Each one has its own set of Control Objetives. This was probably done for a better underestanding of what is a Control Objetive and what is an IT Process (which has its Control Objetives). Since I am checking the sources for this text, adding citations and such, I am also correcting the references to Control Objetives. They must mow be called High-Level IT Processes as in the newest version of COBIT.

This is also why I mentioned in another section that there should be an article with the former version solely, for us to have an explict Wikipedia back reference. Alan.rezende (talk) 04:04, 13 May 2008 (UTC)

[edit] Translation

I am about to begin a translation of this article to Brazilian Portuguese. There's some text there already, built by someone else, but is some kind of a few cut, translate and paste. The whole contents are not there. That's why am I specially interested in the accuracy of this original article. Alan.rezende (talk) 04:04, 13 May 2008 (UTC)