Aligning Risks, Threats, and Vulnerabilities to COBIT P09 Risk Management Controls

  Introduction

Ask any IT manager about the challenges in conveying IT risks in terms of business risks, or about translating business goals into IT goals. It’s a common difficulty, as the worlds of business and IT do not inherently align. This lack of alignment was unresolved until ISACA developed a framework called COBIT, first released in 1996. ISACA is an IT professionals’ association centered on auditing and IT governance. This lab will focus on the COBIT framework. The lab covers two released versions: COBIT 4.1, which is currently the most implemented version, and COBIT 5, which was released in June 2012. A newer version, COBIT 2019, was released in 2019.

Because COBIT 4.1 is freely available, with registration, at the time of this writing, the lab uses this version to present the handling of risk management. COBIT presents this topic using a set of COBIT control objectives called P09. COBIT P09’s purpose is to guide the scope of risk management for an IT infrastructure. The COBIT P09 risk management controls help organize the identified risks, threats, and vulnerabilities, enabling you to manage and remediate them. This lab will also present how COBIT shifts from the term “control objectives” to a set of principles and enablers in later versions.

In this lab, you will define COBIT P09, you will describe COBIT P09’s six control objectives, you will explain how the threats and vulnerabilities align to the definition for the assessment and management of risks, and you will use COBIT P09 to determine the scope of risk management for an IT infrastructure.

  1. Define what COBIT (Control Objectives for Information and related Technology) P09 risk management is for an IT infrastructure.
  2. Describe COBIT P09’s six control objectives that are used as benchmarks for IT risk assessment and risk management.
  3. Explain how threats and vulnerabilities align to the COBIT P09 risk management definition for the assessment and management of IT risks.
  4. Use the COBIT P09 controls as a guide to define the scope of risk management for an IT infrastructure.
  5. Apply the COBIT P09 controls to help organize the identified IT risks, threats, and vulnerabilities.

 Deliverables

Upon completion of this lab, you are required to provide the following deliverables to your instructor:

  1. Lab Report file;
  2. Lab Assessment (worksheet or quiz – see instructor for guidance).
Tags: No tags