SlideShare a Scribd company logo

10 Introduction Ask any IT manager about the chall.docx

Download as DOCX, PDF
C
christiandean12115

The document outlines a lab focused on the COBIT framework, particularly version 4.1 and its risk management controls under P09. The objectives include defining COBIT P09, describing its six control objectives, and using these controls to assess and manage IT risks within an infrastructure. Students must complete specific deliverables and assessments to demonstrate their understanding of risk management using the COBIT framework.

Education
1 of 13
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
10 Introduction Ask any IT manager about the challenges in conveying IT risks in terms of business risks, or about translating business goals into IT goals. It’s a common difficulty, as the worlds of business and IT do not inherently align. This lack of alignment was unresolved until ISACA developed a framework called COBIT, first released in 1996. ISACA is an IT professionals’ association centered on auditing and IT governance. This lab will focus on the COBIT framework. The lab uses the latest two versions: COBIT 4.1, which is currently the most implemented version, and COBIT 5, which is the latest version released in June 2012. Because COBIT 4.1 is freely available at the time of this writing, the lab uses this version to present handling of risk management. Presentation is done making use of a set of COBIT control
objectives called P09. COBIT P09’s purpose is to guide the scope of risk management for an IT infrastructure. The COBIT P09 risk management controls help organize the identified risks, threats, and vulnerabilities, enabling you to manage and remediate them. This lab will also present how COBIT shifts from the term “control objectives” to a set of principles and enablers in version 5. In this lab, you will define COBIT P09, you will describe COBIT P09’s six control objectives, you will explain how the threats and vulnerabilities align to the definition for the assessment and management of risks, and you will use COBIT P09 to determine the scope of risk management for an IT infrastructure. Learning Objectives Upon completing this lab, you will be able to: Define what COBIT (Control Objectives for Information and related Technology) P09 risk management is for an IT infrastructure. Describe COBIT P09’s six control objectives that are used as benchmarks for IT risk
assessment and risk management. Explain how threats and vulnerabilities align to the COBIT P09 risk management definition for the assessment and management of IT risks. Use the COBIT P09 controls as a guide to define the scope of risk management for an IT infrastructure. Apply the COBIT P09 controls to help organize the identified IT risks, threats, and vulnerabilities. Lab #2 Aligning Risks, Threats, and Vulnerabilities to COBIT P09 Risk Management Controls 11 Copyright © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Student Lab Manual Deliverables Upon completion of this lab, you are required to provide the
following deliverables to your instructor: 1. Lab Report file; 2. Lab Assessments file. 12 | LAB #2 Aligning Risks, Threats, and Vulnerabilities to COBIT P09 Risk Management Controls Hands-On Steps This is a paper-based lab. To successfully complete the deliverables for this lab, you will need access to Microsoft® Word or another compatible word processor. For some labs, you may also need access to a graphics line drawing application, such as Visio or PowerPoint. Refer to the Preface of this manual for information on creating the lab deliverable files. 1. On your local computer, create the lab deliverable files. 2. Review the Lab Assessment Worksheet. You will find answers to these questions as you proceed through the lab steps. 3. Review the seven domains of a typical IT infrastructure (see Figure 1).
Figure 1 Seven domains of a typical IT infrastructure 4. On your local computer, open a new Internet browser window. 5. In the address box of your Internet browser, type the URL http://www.isaca.org/Knowledge-Center/cobit/Pages/FAQ.aspx and press Enter to open the Web site. 6. Review the information on the COBIT FAQs page. 13 Copyright © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Student Lab Manual ISACA—45 Years Serving Auditors and Business ISACA is a global organization that defines the roles of information systems governance, security, auditing, and assurance professionals worldwide. ISACA standardizes a level of understanding of these areas through two well- known certifications, the Certified Information Systems Auditor (CISA) and Certified Information Security Manager (CISM). In recent years, ISACA has expanded its certification offerings to include two other certifications around risk and IT governance.
ISACA was previously an acronym expanding to Information Systems Audit and Control Association, but today is known by the name ISACA alone to better serve its wider audience. Similarly, COBIT was originally an acronym for Control Objectives for Information and related Technology. Now, ISACA refers to the framework as just COBIT, in part because the concept of “control objectives” ends with COBIT version 4.1. COBIT 5 focuses on business-centric concepts and definitions, distinguishes between governance and management, and includes a product family of “enabler guides” and “practice guides.” The recent release of COBIT version 5 is a complete break from COBIT 4. In addition, COBIT 5 also incorporates other ISACA products, including Val IT and Risk IT. 7. In your Lab Report file, describe the primary goal of the COBIT v4.1 Framework. Define COBIT. 8. On the left side of the COBIT Web site, click the COBIT 4.1 Controls Collaboration link. 9. At the top of the page, read about the COBIT Controls area within ISACA’s Knowledge Center. 10. In your Lab Report file, describe the major objective of the Controls area. 11. Scroll down the Web page to the COBIT Domains and Control Objectives section. 12. Click the Text View tab.
13. In your Lab Report file, list each of the types of control objectives and briefly describe them based on the descriptions on the Web site. Include the following: 14. On the Web site, under the Plan and Organize Control Objective description, click the View all the PO Control Objectives link. 14 | LAB #2 Aligning Risks, Threats, and Vulnerabilities to COBIT P09 Risk Management Controls 15. Scroll down and find the P09 Control Objectives, which are labeled Assess and Manage IT Risks. ote: COBIT 5 is not an evolutionary but a revolutionary change.
Naturally, risk management is covered, but it is done in a holistic, end-to-end business approach, rather than in an IT- centered approach. 16. Click the P09.1, IT Risk Management Framework link. 17. Scroll down to about the middle of the page to read about the IT Risk Management Framework. 18. Expand the View value and Risk Drivers and View Control Practices links to learn more. 19. In your Lab Report file, describe what this objective covers. 20. Click the other P09 Control Objectives by first clicking the back button to return to the COBIT Domains and Control Objectives section of the COBIT 4.1 Controls Collaboration page. 21. Click the Text View tab. 22. Click the View all the PO Control Objectives link. 23. Scroll down to the P09 Control Objectives. 24. Finally, click the P09.2, Establishment of Risk Context link. 25. Repeat this set of instructions for each of the other P09 listings. 26. Read about each of these.
27. In your Lab Report file, explain how you use the P09 Control Objectives to organize identified IT risks, threats, and vulnerabilities so you can then manage and remediate the risks, threats, and vulnerabilities in a typical IT infrastructure. This completes the lab. Close the Web browser, if you have not already done so. 15 Copyright © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Student Lab Manual Evaluation Criteria and Rubrics The following are the evaluation criteria for this lab that students must perform: 1. Define what COBIT (Control Objectives for Information and related Technology) P09 risk management is for an IT infrastructure. – [20%] 2. Describe COBIT P09’s six control objectives that are used as benchmarks for IT risk
assessment and risk management. – [20%] 3. Explain how threats and vulnerabilities align to the COBIT P09 risk management definition for the assessment and management of IT risks. – [20%] 4. Use the COBIT P09 controls as a guide to define the scope of risk management for an IT infrastructure. – [20%] 5. Apply the COBIT P09 controls to help organize the identified IT risks, threats, and vulnerabilities. – [20%] Assessment Worksheet Aligning Risks, Threats, and Vulnerabilities to COBIT P09 Risk Management Controls Course Name and Number: _____________________________________________________ Student Name: _____________________________________________________ ___________ Instructor Name: _____________________________________________________ _________
Lab Due Date: _____________________________________________________ ___________ Overview In this lab, you defined COBIT P09, you described COBIT P09’s six control objectives, you explained how the threats and vulnerabilities align to the definition for the assessment and management of risks, and you used COBIT P09 to determine the scope of risk management for an IT infrastructure. Lab Assessment Questions & Answers 1. What is COBIT P09’s purpose? 2. Name three of COBIT’s six control objectives. 3. For each of the threats and vulnerabilities from the Identifying Threats and Vulnerabilities in an IT Infrastructure lab in this lab manual (list at least three and no more than five) that you have remediated, what must you assess as part of your overall COBIT P09 risk management approach for your IT infrastructure? 4. True or false: COBIT P09 risk management control objectives focus on assessment and
management of IT risk. 17 Copyright © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Student Lab Manual 5. What is the name of the organization that defined the COBIT P09 Risk Management Framework? 6. Describe three of the COBIT P09 control objectives. 7. Describe three of the COBIT P09.1 IT Risk Management Framework control objectives. Course Name and Number: Student Name: Instructor Name: Lab Due Date: Text16: Text17: Text18: Text19: Text20: Text21: Text22:
10 Introduction Ask any IT manager about the chall.docx

More Related Content

DOCX
10 Introduction Ask any IT manager about the chall.docx
aulasnilda
 
DOCX
1 Introduction The task of identifying risks in an.docx
jeremylockett77
 
DOCX
Assessment Worksheet Aligning Risks, Threats, and Vuln.docx
davezstarr61655
 
PPTX
COBIT
Ai Lun Wu
 
PPTX
Using COBIT PO9 to perform Project Risk Analysis
webmentorman
 
PPT
Cobit Foundation Training
vyomlabs
 
PPTX
COBIT Approach to Maintain Healthy Cyber Security Status Using NIST - CSF
aqel aqel
 
PPT
COBIT® Presentation Package.ppt
Emmacuet
 
10 Introduction Ask any IT manager about the chall.docx
aulasnilda
 
1 Introduction The task of identifying risks in an.docx
jeremylockett77
 
Assessment Worksheet Aligning Risks, Threats, and Vuln.docx
davezstarr61655
 
COBIT
Ai Lun Wu
 
Using COBIT PO9 to perform Project Risk Analysis
webmentorman
 
Cobit Foundation Training
vyomlabs
 
COBIT Approach to Maintain Healthy Cyber Security Status Using NIST - CSF
aqel aqel
 
COBIT® Presentation Package.ppt
Emmacuet
 

Similar to 10 Introduction Ask any IT manager about the chall.docx (20)

PPT
Use COBIT for IT SAVINGS
Sanjiv Arora
 
PPT
Accountability Corbit Overview 06262007
Humberto Bruno Pontes Silva
 
DOCX
Assessment Worksheet Aligning Risks, Threats, and Vuln.docx
festockton
 
PDF
Cobit 5 for information security
Elkanouni Mohamed
 
PPT
Cobit5 and-grc
Tatto Sugiopranoto
 
PDF
Cobit 5 for Information Security
Seto Joseles
 
DOCX
1 Introduction The task of identifying risks in an.docx
oswald1horne84988
 
PPTX
Uas dwi widiastuti
Dwi Widiastuti
 
PPTX
COBIT5 Framework Compare With41 Studying
ssuser8325ba
 
PDF
Comparación de CobiT 5 con CobiT 4.1
Slime Argentina
 
PPTX
Darmin ritonga 11353205418
darminritonga amy
 
PDF
Chapter 10 security standart
newbie2019
 
PDF
Cobi t 4.1-brochure
Deloitte
 
PPTX
Cobit
munib11b023bs
 
DOCX
For this lab assignment, you are identifying IT domains for identi.docx
hanneloremccaffery
 
PDF
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
Mark Constable
 
PPTX
Audit rizkie hafizzah
Rizkie Hafizzah
 
PPTX
information system and computers
9535814851
 
PDF
Cobi T Top Down Bottom Up
Dave Kohrell
 
PPTX
COBIT.pptx
HamzaJamil38
 
Use COBIT for IT SAVINGS
Sanjiv Arora
 
Accountability Corbit Overview 06262007
Humberto Bruno Pontes Silva
 
Assessment Worksheet Aligning Risks, Threats, and Vuln.docx
festockton
 
Cobit 5 for information security
Elkanouni Mohamed
 
Cobit5 and-grc
Tatto Sugiopranoto
 
Cobit 5 for Information Security
Seto Joseles
 
1 Introduction The task of identifying risks in an.docx
oswald1horne84988
 
Uas dwi widiastuti
Dwi Widiastuti
 
COBIT5 Framework Compare With41 Studying
ssuser8325ba
 
Comparación de CobiT 5 con CobiT 4.1
Slime Argentina
 
Darmin ritonga 11353205418
darminritonga amy
 
Chapter 10 security standart
newbie2019
 
Cobi t 4.1-brochure
Deloitte
 
Cobit
munib11b023bs
 
For this lab assignment, you are identifying IT domains for identi.docx
hanneloremccaffery
 
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
Mark Constable
 
Audit rizkie hafizzah
Rizkie Hafizzah
 
information system and computers
9535814851
 
Cobi T Top Down Bottom Up
Dave Kohrell
 
COBIT.pptx
HamzaJamil38
 
Ad

More from christiandean12115 (20)

DOCX
100 Original WorkZero PlagiarismGraduate Level Writing Required.docx
christiandean12115
 
DOCX
10.11771066480704270150THE FAMILY JOURNAL COUNSELING AND THE.docx
christiandean12115
 
DOCX
10.11771066480703252339 ARTICLETHE FAMILY JOURNAL COUNSELING.docx
christiandean12115
 
DOCX
10.11770022427803260263ARTICLEJOURNAL OF RESEARCH IN CRIME AN.docx
christiandean12115
 
DOCX
10.11770022487105285962Journal of Teacher Education, Vol. 57,.docx
christiandean12115
 
DOCX
10.11770011000002250638ARTICLETHE COUNSELING PSYCHOLOGIST M.docx
christiandean12115
 
DOCX
10.1 What are three broad mechanisms that malware can use to propa.docx
christiandean12115
 
DOCX
10.0 ptsPresentation of information was exceptional and included.docx
christiandean12115
 
DOCX
10-K1f12312012-10k.htm10-KUNITED STATESSECURIT.docx
christiandean12115
 
DOCX
10-K 1 f12312012-10k.htm 10-K UNITED STATESSECURITIES AN.docx
christiandean12115
 
DOCX
10 What does a golfer, tennis player or cricketer (or any othe.docx
christiandean12115
 
DOCX
10 September 2018· Watch video· Take notes withfor students.docx
christiandean12115
 
DOCX
10 Research-Based Tips for Enhancing Literacy Instruct.docx
christiandean12115
 
DOCX
10 Strategic Points for the Prospectus, Proposal, and Direct Pract.docx
christiandean12115
 
DOCX
10 Most Common Err.docx
christiandean12115
 
DOCX
10 Customer Acquisition and Relationship ManagementDmitry .docx
christiandean12115
 
DOCX
10 ELEMENTS OF LITERATURE (FROM A TO Z)   1  ​PLOT​ (seri.docx
christiandean12115
 
DOCX
10 ers. Although one can learn definitions favor- able to .docx
christiandean12115
 
DOCX
10 academic sources about the topic (Why is America so violent).docx
christiandean12115
 
DOCX
10 citations are distributed in a document below. Use these 10 s.docx
christiandean12115
 
100 Original WorkZero PlagiarismGraduate Level Writing Required.docx
christiandean12115
 
10.11771066480704270150THE FAMILY JOURNAL COUNSELING AND THE.docx
christiandean12115
 
10.11771066480703252339 ARTICLETHE FAMILY JOURNAL COUNSELING.docx
christiandean12115
 
10.11770022427803260263ARTICLEJOURNAL OF RESEARCH IN CRIME AN.docx
christiandean12115
 
10.11770022487105285962Journal of Teacher Education, Vol. 57,.docx
christiandean12115
 
10.11770011000002250638ARTICLETHE COUNSELING PSYCHOLOGIST M.docx
christiandean12115
 
10.1 What are three broad mechanisms that malware can use to propa.docx
christiandean12115
 
10.0 ptsPresentation of information was exceptional and included.docx
christiandean12115
 
10-K1f12312012-10k.htm10-KUNITED STATESSECURIT.docx
christiandean12115
 
10-K 1 f12312012-10k.htm 10-K UNITED STATESSECURITIES AN.docx
christiandean12115
 
10 What does a golfer, tennis player or cricketer (or any othe.docx
christiandean12115
 
10 September 2018· Watch video· Take notes withfor students.docx
christiandean12115
 
10 Research-Based Tips for Enhancing Literacy Instruct.docx
christiandean12115
 
10 Strategic Points for the Prospectus, Proposal, and Direct Pract.docx
christiandean12115
 
10 Most Common Err.docx
christiandean12115
 
10 Customer Acquisition and Relationship ManagementDmitry .docx
christiandean12115
 
10 ELEMENTS OF LITERATURE (FROM A TO Z)   1  ​PLOT​ (seri.docx
christiandean12115
 
10 ers. Although one can learn definitions favor- able to .docx
christiandean12115
 
10 academic sources about the topic (Why is America so violent).docx
christiandean12115
 
10 citations are distributed in a document below. Use these 10 s.docx
christiandean12115
 
Ad

Recently uploaded (20)

PPTX
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
PDF
Saundersa Comprehensive Review for the NCLEX-RN Examination.pdf
sreejithcareers
 
PPTX
Cell Types and Its function , kingdom of life
ClaireMangundayao1
 
PPTX
Renaissance Architecture: A Journey from Faith to Humanism
DrMonicaSharma
 
PPTX
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
NihumathunnisaH
 
PDF
FourierSeries-QuestionsWithAnswers(Part-A).pdf
Raji Murugan
 
PDF
Basic Mud Logging Guide for educational purpose
wdandworks
 
PPTX
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
PPTX
BOWEL ELIMINATION FACTORS AFFECTING AND TYPES
PreetiSawant10
 
PPTX
master seminar digital applications in india
ananyaray35
 
PDF
VCE English Exam - Section C Student Revision Booklet
jpinnuck
 
PDF
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
PDF
ANTIBIOTICS.pptx.pdf………………… xxxxxxxxxxxxx
HakHe
 
PPTX
Pharmacology of Heart Failure /Pharmacotherapy of CHF
Rajshri Ghogare
 
PDF
Sports Quiz easy sports quiz sports quiz
nikunj2757
 
PPTX
PPT- ENG7_QUARTER1_LESSON1_WEEK1. IMAGERY -DESCRIPTIONS pptx.pptx
KMDee
 
PDF
Classroom Observation Tools for Teachers
Nicaramirez
 
PDF
grade 11-chemistry_fetena_net_5883.pdf teacher guide for all student
banteamlakmebratu738
 
PPTX
Institutional Correction lecture only . . .
limvtheghins
 
PPTX
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
shilpa939953
 
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
Saundersa Comprehensive Review for the NCLEX-RN Examination.pdf
sreejithcareers
 
Cell Types and Its function , kingdom of life
ClaireMangundayao1
 
Renaissance Architecture: A Journey from Faith to Humanism
DrMonicaSharma
 
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
NihumathunnisaH
 
FourierSeries-QuestionsWithAnswers(Part-A).pdf
Raji Murugan
 
Basic Mud Logging Guide for educational purpose
wdandworks
 
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
BOWEL ELIMINATION FACTORS AFFECTING AND TYPES
PreetiSawant10
 
master seminar digital applications in india
ananyaray35
 
VCE English Exam - Section C Student Revision Booklet
jpinnuck
 
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
ANTIBIOTICS.pptx.pdf………………… xxxxxxxxxxxxx
HakHe
 
Pharmacology of Heart Failure /Pharmacotherapy of CHF
Rajshri Ghogare
 
Sports Quiz easy sports quiz sports quiz
nikunj2757
 
PPT- ENG7_QUARTER1_LESSON1_WEEK1. IMAGERY -DESCRIPTIONS pptx.pptx
KMDee
 
Classroom Observation Tools for Teachers
Nicaramirez
 
grade 11-chemistry_fetena_net_5883.pdf teacher guide for all student
banteamlakmebratu738
 
Institutional Correction lecture only . . .
limvtheghins
 
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
shilpa939953
 

10 Introduction Ask any IT manager about the chall.docx

  • 1. 10 Introduction Ask any IT manager about the challenges in conveying IT risks in terms of business risks, or about translating business goals into IT goals. It’s a common difficulty, as the worlds of business and IT do not inherently align. This lack of alignment was unresolved until ISACA developed a framework called COBIT, first released in 1996. ISACA is an IT professionals’ association centered on auditing and IT governance. This lab will focus on the COBIT framework. The lab uses the latest two versions: COBIT 4.1, which is currently the most implemented version, and COBIT 5, which is the latest version released in June 2012. Because COBIT 4.1 is freely available at the time of this writing, the lab uses this version to present handling of risk management. Presentation is done making use of a set of COBIT control
  • 2. objectives called P09. COBIT P09’s purpose is to guide the scope of risk management for an IT infrastructure. The COBIT P09 risk management controls help organize the identified risks, threats, and vulnerabilities, enabling you to manage and remediate them. This lab will also present how COBIT shifts from the term “control objectives” to a set of principles and enablers in version 5. In this lab, you will define COBIT P09, you will describe COBIT P09’s six control objectives, you will explain how the threats and vulnerabilities align to the definition for the assessment and management of risks, and you will use COBIT P09 to determine the scope of risk management for an IT infrastructure. Learning Objectives Upon completing this lab, you will be able to: Define what COBIT (Control Objectives for Information and related Technology) P09 risk management is for an IT infrastructure. Describe COBIT P09’s six control objectives that are used as benchmarks for IT risk
  • 3. assessment and risk management. Explain how threats and vulnerabilities align to the COBIT P09 risk management definition for the assessment and management of IT risks. Use the COBIT P09 controls as a guide to define the scope of risk management for an IT infrastructure. Apply the COBIT P09 controls to help organize the identified IT risks, threats, and vulnerabilities. Lab #2 Aligning Risks, Threats, and Vulnerabilities to COBIT P09 Risk Management Controls 11 Copyright © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Student Lab Manual Deliverables Upon completion of this lab, you are required to provide the
  • 4. following deliverables to your instructor: 1. Lab Report file; 2. Lab Assessments file. 12 | LAB #2 Aligning Risks, Threats, and Vulnerabilities to COBIT P09 Risk Management Controls Hands-On Steps This is a paper-based lab. To successfully complete the deliverables for this lab, you will need access to Microsoft® Word or another compatible word processor. For some labs, you may also need access to a graphics line drawing application, such as Visio or PowerPoint. Refer to the Preface of this manual for information on creating the lab deliverable files. 1. On your local computer, create the lab deliverable files. 2. Review the Lab Assessment Worksheet. You will find answers to these questions as you proceed through the lab steps. 3. Review the seven domains of a typical IT infrastructure (see Figure 1).
  • 5. Figure 1 Seven domains of a typical IT infrastructure 4. On your local computer, open a new Internet browser window. 5. In the address box of your Internet browser, type the URL http://www.isaca.org/Knowledge-Center/cobit/Pages/FAQ.aspx and press Enter to open the Web site. 6. Review the information on the COBIT FAQs page. 13 Copyright © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Student Lab Manual ISACA—45 Years Serving Auditors and Business ISACA is a global organization that defines the roles of information systems governance, security, auditing, and assurance professionals worldwide. ISACA standardizes a level of understanding of these areas through two well- known certifications, the Certified Information Systems Auditor (CISA) and Certified Information Security Manager (CISM). In recent years, ISACA has expanded its certification offerings to include two other certifications around risk and IT governance.
  • 6. ISACA was previously an acronym expanding to Information Systems Audit and Control Association, but today is known by the name ISACA alone to better serve its wider audience. Similarly, COBIT was originally an acronym for Control Objectives for Information and related Technology. Now, ISACA refers to the framework as just COBIT, in part because the concept of “control objectives” ends with COBIT version 4.1. COBIT 5 focuses on business-centric concepts and definitions, distinguishes between governance and management, and includes a product family of “enabler guides” and “practice guides.” The recent release of COBIT version 5 is a complete break from COBIT 4. In addition, COBIT 5 also incorporates other ISACA products, including Val IT and Risk IT. 7. In your Lab Report file, describe the primary goal of the COBIT v4.1 Framework. Define COBIT. 8. On the left side of the COBIT Web site, click the COBIT 4.1 Controls Collaboration link. 9. At the top of the page, read about the COBIT Controls area within ISACA’s Knowledge Center. 10. In your Lab Report file, describe the major objective of the Controls area. 11. Scroll down the Web page to the COBIT Domains and Control Objectives section. 12. Click the Text View tab.
  • 7. 13. In your Lab Report file, list each of the types of control objectives and briefly describe them based on the descriptions on the Web site. Include the following: 14. On the Web site, under the Plan and Organize Control Objective description, click the View all the PO Control Objectives link. 14 | LAB #2 Aligning Risks, Threats, and Vulnerabilities to COBIT P09 Risk Management Controls 15. Scroll down and find the P09 Control Objectives, which are labeled Assess and Manage IT Risks. ote: COBIT 5 is not an evolutionary but a revolutionary change.
  • 8. Naturally, risk management is covered, but it is done in a holistic, end-to-end business approach, rather than in an IT- centered approach. 16. Click the P09.1, IT Risk Management Framework link. 17. Scroll down to about the middle of the page to read about the IT Risk Management Framework. 18. Expand the View value and Risk Drivers and View Control Practices links to learn more. 19. In your Lab Report file, describe what this objective covers. 20. Click the other P09 Control Objectives by first clicking the back button to return to the COBIT Domains and Control Objectives section of the COBIT 4.1 Controls Collaboration page. 21. Click the Text View tab. 22. Click the View all the PO Control Objectives link. 23. Scroll down to the P09 Control Objectives. 24. Finally, click the P09.2, Establishment of Risk Context link. 25. Repeat this set of instructions for each of the other P09 listings. 26. Read about each of these.
  • 9. 27. In your Lab Report file, explain how you use the P09 Control Objectives to organize identified IT risks, threats, and vulnerabilities so you can then manage and remediate the risks, threats, and vulnerabilities in a typical IT infrastructure. This completes the lab. Close the Web browser, if you have not already done so. 15 Copyright © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Student Lab Manual Evaluation Criteria and Rubrics The following are the evaluation criteria for this lab that students must perform: 1. Define what COBIT (Control Objectives for Information and related Technology) P09 risk management is for an IT infrastructure. – [20%] 2. Describe COBIT P09’s six control objectives that are used as benchmarks for IT risk
  • 10. assessment and risk management. – [20%] 3. Explain how threats and vulnerabilities align to the COBIT P09 risk management definition for the assessment and management of IT risks. – [20%] 4. Use the COBIT P09 controls as a guide to define the scope of risk management for an IT infrastructure. – [20%] 5. Apply the COBIT P09 controls to help organize the identified IT risks, threats, and vulnerabilities. – [20%] Assessment Worksheet Aligning Risks, Threats, and Vulnerabilities to COBIT P09 Risk Management Controls Course Name and Number: _____________________________________________________ Student Name: _____________________________________________________ ___________ Instructor Name: _____________________________________________________ _________
  • 11. Lab Due Date: _____________________________________________________ ___________ Overview In this lab, you defined COBIT P09, you described COBIT P09’s six control objectives, you explained how the threats and vulnerabilities align to the definition for the assessment and management of risks, and you used COBIT P09 to determine the scope of risk management for an IT infrastructure. Lab Assessment Questions & Answers 1. What is COBIT P09’s purpose? 2. Name three of COBIT’s six control objectives. 3. For each of the threats and vulnerabilities from the Identifying Threats and Vulnerabilities in an IT Infrastructure lab in this lab manual (list at least three and no more than five) that you have remediated, what must you assess as part of your overall COBIT P09 risk management approach for your IT infrastructure? 4. True or false: COBIT P09 risk management control objectives focus on assessment and
  • 12. management of IT risk. 17 Copyright © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Student Lab Manual 5. What is the name of the organization that defined the COBIT P09 Risk Management Framework? 6. Describe three of the COBIT P09 control objectives. 7. Describe three of the COBIT P09.1 IT Risk Management Framework control objectives. Course Name and Number: Student Name: Instructor Name: Lab Due Date: Text16: Text17: Text18: Text19: Text20: Text21: Text22: