W2 Lab
COBIT
Ask any IT manager about the challenges in conveying IT risks in terms of business risks, or about translating business goals into IT goals. It’s a common difficulty, as the worlds of business and IT do not inherently align. This lack of alignment was unresolved until ISACA developed a framework called COBIT, first released in 1996. ISACA is an IT professionals’ association centered on auditing and IT governance. This lab will focus on the COBIT framework. The lab uses the latest two versions: COBIT 4.1, which is currently the most implemented version, and COBIT 5, which is the latest version released in June 2012.
Because COBIT 4.1 is freely available at the time of this writing, the lab uses this version to present handling of risk management. Presentation is done making use of a set of COBIT control objectives called P09. COBIT P09’s purpose is to guide the scope of risk management for an IT infrastructure. The COBIT P09 risk management controls help organize the identified risks, threats, and vulnerabilities, enabling you to manage and remediate them. This lab will also present how COBIT shifts from the term “control objectives” to a set of principles and enablers in version 5.
In this lab, you will define COBIT P09, you will describe COBIT P09’s six control objectives, you will explain how the threats and vulnerabilities align to the definition for the assessment and management of risks, and you will use COBIT P09 to determine the scope of risk management for an IT infrastructure.
Learning Objectives
Upon completing this lab, you will be able to:
Define what COBIT (Control Objectives for Information and related Technology) P09 risk management is for an IT infrastructure.
Describe COBIT P09’s six control objectives that are used as benchmarks for IT risk assessment and risk management.
Explain how threats and vulnerabilities align to the COBIT P09 risk management definition for the assessment and management of IT risks.
Use the COBIT P09 controls as a guide to define the scope of risk management for an IT infrastructure.
Apply the COBIT P09 controls to help organize the identified IT risks, threats, and vulnerabilities.
Deliverables
Upon completion of this lab, you are required to provide the following deliverables to your instructor:
1. Lab Report file;
2. Lab Assessments file.
Evaluation Criteria and Rubrics
The following are the evaluation criteria for this lab that students must perform:
1. Define what COBIT (Control Objectives for Information and related Technology) P09 risk management is for an IT infrastructure. – [20%]
2. Describe COBIT P09’s six control objectives that are used as benchmarks for IT risk assessment and risk management. – [20%]
3. Explain how threats and vulnerabilities align to the COBIT P09 risk management definition for the assessment and management of IT risks. – [20%]
4. Use the COBIT P09 controls as a guide to define the scope of risk management for an IT infrastructure. – [20%]
5. Apply the COBIT P09 controls to help organize the identified IT risks, threats, and vulnerabilities. – [20%]
Expert Solution Preview
Introduction:
The following content discusses a lab for medical college students on the COBIT framework. COBIT is a framework developed by ISACA to align IT and business goals. The lab focuses on the COBIT P09 control objectives, which guide the scope of risk management for an IT infrastructure. The lab aims to help students define COBIT P09, describe its control objectives, align threats and vulnerabilities to its risk management definition, and apply its controls to organize IT risks for an infrastructure.
Answer:
The lab aims to help students define COBIT P09 risk management for an IT infrastructure. The students will understand the purpose and scope of COBIT P09 and how it helps organizations manage and remediate IT risks, threats, and vulnerabilities.
The lab requires students to describe COBIT P09’s six control objectives, which are benchmarks for IT risk assessment and management. The control objectives aim to ensure that an organization adequately identifies, manages, and mitigates its IT risks.
The lab aims to help students align threats and vulnerabilities to COBIT P09’s risk management definition for IT risks’ assessment and management. The lab will help learners understand how the framework guides the risk management process and aligns IT risks to the broader organizational context.
The lab requires students to use COBIT P09 controls as a guide to defining the scope of risk management for an IT infrastructure. The control objectives will help learners understand the scope of risk management activities and how an organization can use COBIT P09 to ensure that its IT infrastructure is secure.
Finally, students will apply the COBIT P09 controls to help organize identified IT risks, threats, and vulnerabilities. The lab aims to help learners understand how the framework can help organizations manage their IT risks effectively.
