Misplaced Pages

COBIT

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.

COBIT ( Control Objectives for Information and Related Technologies ) is a framework created by ISACA for information technology (IT) management and IT governance .

#201798

28-810: The framework is business focused and defines a set of generic processes for the management of IT, with each process defined together with process inputs and outputs, key process-activities, process objectives, performance measures and an elementary maturity model . Business and IT goals are linked and measured to create responsibilities of business and IT teams. Five processes are identified: Evaluate, Direct and Monitor (EDM); Align, Plan and Organize (APO); Build, Acquire and Implement (BAI); Deliver, Service and Support (DSS); and Monitor, Evaluate and Assess (MEA). The COBIT framework ties in with COSO , ITIL , BiSL , ISO 27000 , CMMI , TOGAF and PMBOK . The framework helps companies follow law, be more agile and earn more. Below are COBIT components: The standard meets all

56-511: A general and powerful tool for understanding and then improving general business process performance. Watts Humphrey's Capability Maturity Model (CMM) was published in 1988 and as a book in 1989, in Managing the Software Process . Organizations were originally assessed using a process maturity questionnaire and a Software Capability Evaluation method devised by Humphrey and his colleagues at

84-545: A general model of the maturity of process (e.g., IT service management processes) in IS/IT (and other) organizations. A maturity model can be viewed as a set of structured levels that describe how well the behaviors, practices and processes of an organization can reliably and sustainably produce required outcomes. A maturity model can be used as a benchmark for comparison and as an aid to understanding - for example, for comparative assessment of different organizations where there

112-497: A master of science in physics from Illinois Institute of Technology physics department , and a master of business administration from the University of Chicago Graduate School of Business . In 1953 he went to Boston and worked at Sylvania Labs . In 1959 he joined IBM . In the late 1960s, Humphrey headed the IBM software team that introduced the first software license . Humphrey was

140-468: A study of data collected from organizations that contracted with the U.S. Department of Defense , who funded the research. The term "maturity" relates to the degree of formality and optimization of processes, from ad hoc practices, to formally defined steps, to managed result metrics, to active optimization of the processes. The model's aim is to improve existing software development processes, but it can also be applied to other processes. In 2006,

168-538: A vice president at IBM. In the 1980s at the Software Engineering Institute (SEI) at Carnegie Mellon University Humphrey founded the Software Process Program, and served as director of that program from 1986 until the early 1990s. This program was aimed at understanding and managing the software engineering process because this is where big and small organizations or individuals encounter

196-443: Is Free". Humphrey's approach differed because of his unique insight that organizations mature their processes in stages based on solving process problems in a specific order. Humphrey based his approach on the staged evolution of a system of software development practices within an organization, rather than measuring the maturity of each separate development process independently. The CMMI has thus been used by different organizations as

224-528: Is almost ideal in its characteristics. COBIT was initially "Control Objectives for Information and Related Technologies," though before the release of the framework people talked of "CobiT" as "Control Objectives for IT" or "Control Objectives for Information and Related Technology." ISACA first released COBIT in 1996, originally as a set of control objectives to help the financial audit community better maneuver in IT-related environments. Seeing value in expanding

252-518: Is something in common that can be used as a basis for comparison. In the case of the CMM, for example, the basis for comparison would be the organizations' software development processes. The model involves five aspects: There are five levels defined along the continuum of the model and, according to the SEI: "Predictability, effectiveness, and control of an organization's software processes are believed to improve as

280-563: The Business Model for Information Security (BMIS). ISACA currently offers certification tracks on both COBIT 2019 (COBIT Foundations, COBIT Design & Implementation, and Implementing the NIST Cybersecurity Framework Using COBIT 2019) as well as certification in the previous version (COBIT 5). Capability Maturity Model The Capability Maturity Model ( CMM ) is a development model created in 1986 after

308-551: The stages of growth model for IT organizations. Watts Humphrey began developing his process maturity concepts during the later stages of his 27-year career at IBM. Active development of the model by the US Department of Defense Software Engineering Institute (SEI) began in 1986 when Humphrey joined the Software Engineering Institute located at Carnegie Mellon University in Pittsburgh, Pennsylvania after retiring from IBM. At

SECTION 10

#1732890847202

336-407: The 1980s, the use of computers grew more widespread, more flexible and less costly. Organizations began to adopt computerized information systems, and the demand for software development grew significantly. Many processes for software development were in their infancy, with few standard or " best practice " approaches defined. As a result, the growth was accompanied by growing pains: project failure

364-484: The CMM was not necessarily mandatory for successful software development. The software process framework documented is intended to guide those wishing to assess an organization's or project's consistency with the Key Process Areas. For each maturity level there are five checklist types: Watts Humphrey Watts S. Humphrey (July 4, 1927 – October 28, 2010) was an American pioneer in software engineering who

392-558: The Software Engineering Institute at Carnegie Mellon University developed the Capability Maturity Model Integration , which has largely superseded the CMM and addresses some of its drawbacks. The Capability Maturity Model was originally developed as a tool for objectively assessing the ability of government contractors' processes to implement a contracted software project. The model is based on

420-797: The Software Engineering Institute. The full representation of the Capability Maturity Model as a set of defined process areas and practices at each of the five maturity levels was initiated in 1991, with Version 1.1 being published in July 1993. The CMM was published as a book in 1994 by the same authors Mark C. Paulk, Charles V. Weber, Bill Curtis , and Mary Beth Chrissis. The CMMI model's application in software development has sometimes been problematic. Applying multiple models that are not integrated within and across an organization could be costly in training, appraisals, and improvement activities. The Capability Maturity Model Integration (CMMI) project

448-551: The framework beyond just the auditing realm, ISACA released a broader version 2 in 1998 and expanded it even further by adding management guidelines in 2000's version 3. The development of both the AS 8015 : Australian Standard for Corporate Governance of Information and Communication Technology in January 2005 and the more international draft standard ISO/IEC DIS 29382 (which soon after became ISO/IEC 38500 ) in January 2007 increased awareness of

476-564: The most serious difficulties and where, thereafter, lies the best opportunity for significant improvement. The program resulted in the development of the Capability Maturity Model , published in 1989 in Humphrey's " Managing the Software Process " and inspired the later development of the personal software process (PSP) and the team software process (TSP) concepts. Humphrey received an honorary doctor of software engineering from

504-459: The need for more information and communication technology (ICT) governance components. ISACA inevitably added related components/frameworks with versions 4 and 4.1 in 2005 and 2007 respectively, "addressing the IT-related business processes and responsibilities in value creation ( Val IT ) and risk management ( Risk IT )." COBIT 5 (2012) is based on COBIT 4.1, Val IT 2.0 and Risk IT frameworks, and draws on ISACA's IT Assurance Framework (ITAF) and

532-409: The needs of the practice, while maintaining independence from specific manufacturers, technologies and platforms. When developing the standard, it was possible to use it both for auditing a company's IT system and for designing an IT system. In the first case, COBIT allows you to determine the degree of conformity of the system under study to the best examples, and in the second, to design a system that

560-441: The organization moves up these five levels. While not rigorous, the empirical evidence to date supports this belief". Within each of these maturity levels are Key Process Areas which characterise that level, and for each such area there are five factors: goals, commitment, ability, measurement, and verification. These are not necessarily unique to CMMI, representing — as they do — the stages that organizations must go through on

588-535: The process maturity framework first described in IEEE Software and, later, in the 1989 book Managing the Software Process by Watts Humphrey . It was later published as an article in 1993 and as a book by the same authors in 1994. Though the model comes from the field of software development , it is also used as a model to aid in business processes generally, and has also been used extensively worldwide in government offices, commerce, and industry. In

SECTION 20

#1732890847202

616-548: The request of the U.S. Air Force he began formalizing his Process Maturity Framework to aid the U.S. Department of Defense in evaluating the capability of software contractors as part of awarding contracts. The result of the Air Force study was a model for the military to use as an objective evaluation of software subcontractors' process capability maturity. Humphrey based this framework on the earlier Quality Management Maturity Grid developed by Philip B. Crosby in his book "Quality

644-525: The software-development processes. In the 1980s, several US military projects involving software subcontractors ran over-budget and were completed far later than planned, if at all. In an effort to determine why this was occurring, the United States Air Force funded a study at the Software Engineering Institute (SEI). The first application of a staged maturity model to IT was not by CMU/SEI, but rather by Richard L. Nolan , who, in 1973 published

672-525: The way to becoming mature. The model provides a theoretical continuum along which process maturity can be developed incrementally from one level to the next. Skipping levels is not allowed/feasible. Between 2008 and 2019, about 12% of appraisals given were at maturity levels 4 and 5. The model was originally intended to evaluate the ability of government contractors to perform a software project. It has been used for and may be suited to that purpose, but critics pointed out that process maturity according to

700-591: Was called the "father of software quality ." Watts Humphrey (whose grandfather and father also had the same name) was born in Battle Creek, Michigan on July 4, 1927. His uncle was US Secretary of the Treasury George M. Humphrey . In 1944, he graduated from high school and served in the United States Navy . Despite dyslexia , he received a bachelor of science in physics from the University of Chicago ,

728-415: Was common, the field of computer science was still in its early years, and the ambitions for project scale and complexity exceeded the market capability to deliver adequate products within a planned budget. Individuals such as Edward Yourdon , Larry Constantine , Gerald Weinberg , Tom DeMarco , and David Parnas began to publish articles and books with research results in an attempt to professionalize

756-548: Was formed to sort out the problem of using multiple models for software development processes, thus the CMMI model has superseded the CMMI model, though the CMMI model continues to be a general theoretical process capability model used in the public domain. In 2016, the responsibility for CMMI was transferred to the Information Systems Audit and Control Association (ISACA). ISACA subsequently released CMMI v2.0 in 2021. It

784-460: Was upgraded again to CMMI v3.0 in 2023. CMMI now places a greater emphasis on the process architecture which is typically realized as a process diagram. Copies of CMMI are available now only by subscription. The CMMI was originally intended as a tool to evaluate the ability of government contractors to perform a contracted software project. Though it comes from the area of software development, it can be, has been, and continues to be widely applied as

#201798