Risk management

User Generated

vfuzbgb1

Health Medical

Description

W2 Lab

COBIT

Ask any IT manager about the challenges in conveying IT risks in terms of business risks, or about translating business goals into IT goals. It’s a common difficulty, as the worlds of business and IT do not inherently align. This lack of alignment was unresolved until ISACA developed a framework called COBIT, first released in 1996. ISACA is an IT professionals’ association centered on auditing and IT governance. This lab will focus on the COBIT framework. The lab uses the latest two versions: COBIT 4.1, which is currently the most implemented version, and COBIT 5, which is the latest version released in June 2012.

Because COBIT 4.1 is freely available at the time of this writing, the lab uses this version to present handling of risk management. Presentation is done making use of a set of COBIT control objectives called P09. COBIT P09’s purpose is to guide the scope of risk management for an IT infrastructure. The COBIT P09 risk management controls help organize the identified risks, threats, and vulnerabilities, enabling you to manage and remediate them. This lab will also present how COBIT shifts from the term “control objectives” to a set of principles and enablers in version 5.

In this lab, you will define COBIT P09, you will describe COBIT P09’s six control objectives, you will explain how the threats and vulnerabilities align to the definition for the assessment and management of risks, and you will use COBIT P09 to determine the scope of risk management for an IT infrastructure.

Learning Objectives

Upon completing this lab, you will be able to:

Define what COBIT (Control Objectives for Information and related Technology) P09 risk management is for an IT infrastructure.

Describe COBIT P09’s six control objectives that are used as benchmarks for IT risk assessment and risk management.

Explain how threats and vulnerabilities align to the COBIT P09 risk management definition for the assessment and management of IT risks.

Use the COBIT P09 controls as a guide to define the scope of risk management for an IT infrastructure.

Apply the COBIT P09 controls to help organize the identified IT risks, threats, and vulnerabilities.

Deliverables

Upon completion of this lab, you are required to provide the following deliverables to your instructor:

1. Lab Report file;

2. Lab Assessments file.

Evaluation Criteria and Rubrics

The following are the evaluation criteria for this lab that students must perform:

1. Define what COBIT (Control Objectives for Information and related Technology) P09 risk management is for an IT infrastructure. – [20%]

2. Describe COBIT P09’s six control objectives that are used as benchmarks for IT risk assessment and risk management. – [20%]

3. Explain how threats and vulnerabilities align to the COBIT P09 risk management definition for the assessment and management of IT risks. – [20%]

4. Use the COBIT P09 controls as a guide to define the scope of risk management for an IT infrastructure. – [20%]

5. Apply the COBIT P09 controls to help organize the identified IT risks, threats, and vulnerabilities. – [20%]

User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Please find attached, the assignment had several terms that could not be altered. Let me know if you require any clarifications. Thank you.

Outline
I.

Introduction

II.

Conclusion

III.

References


Running Head: RISK MANAGEMENT

Risk Management
Student’s Name
Institution’s Name

1

RISK MANAGEMENT

2

Risk Management
1. Define what COBIT (Control Objectives for Information and related
Technology) P09 risk management is for an IT infrastructure. – [20%]
The main objective of the COBIT framework is the prescription of goals and requirements for
the security controls and it inspires the mapping of the ideals of IT into the objectives of the
business (ISACA, 2017). It can be generally defined as a set of best IT security practices
which have been documented by the ISACA (Information Systems Audit and Control
Association).
2. Describe COBIT P09’s six control objectives that are used as benchmarks for IT
risk assessment and risk management. – [20%]
There are 6 controls and domains which are associated with COBIT P09. The six control
objectives are:
PO1-PO10- PO: Plan and Organize
This are the ten controls that encompass the tactics and strategy and involves the
identification of the manner in which the application of IT can be used to achieved and
contribute in arriving at the business objectives(ISACA, 2017). The achievement of the
strategic vision of the company requires planning, communication and efficient management
of different perspectives. For this to happen, a good organization and technology will be
required. Some of the organization and infrastructure include;
Risk Management Control Objectives of COBIT PO9
COBIT PO9 has defined six risk control objectives

RISK MANAGEMENT

3

1. PO9.1 IT Risk Management Framework–This is a strategy for management of
risks that involves the entire fir...


Anonymous
Just what I needed. Studypool is a lifesaver!

Studypool
4.7
Indeed
4.5
Sitejabber
4.4

Similar Content

Related Tags