Rick Howard: The word is: Cobit
Rick Howard: Spelled: C for control, O and B for objectives, I for information, and T for technologies.
Rick Howard: Definition: An IT governance framework developed by ISACA.
Rick Howard: Example sentence: The organization used the COBIT framework to coordinate its IT operations.
Rick Howard: Origin and context: In a 2021 LinkedIn essay by Edwin Covert at the time of this episode, the Director of Risk Assessments and Testing at Warner Bros. Discovery. He explains that experts define IT security auditing as those independent activities undertaken to verify whether an organization's internal cybersecurity controls are in place and functioning as intended.
Rick Howard: But he says, in order to audit something, there needs to be a standard to audit against COBIT is one of those standards. In the essay, Mr. Covert describes how IT security auditing components align as a pyramid of concepts that begin at the top and flow down into each other. The pyramid starts with the official laws at the top, followed by best practice frameworks. These generate control objectives and finally at the base of the pyramid, specific controls designed to meet the objectives. COBIT is not specifically a security framework, but an IT management framework that has some security components.
Rick Howard: It was created by ISACA, an international non-profit, founded in 1969 to provide guidance and education for governing IT systems. COBIT was released in 1996, and was originally meant to help financial auditors deal with the proliferation of IT systems. ISACA has released updated versions of the COBIT framework over the years, with the most recent being COBIT 2019. Not to be confused with COVID 19, the scary virus we've been dealing with for the past few years. According to Sarah White at CIO Online, "one major difference between COBIT and other frameworks from the International Standards Organization, ISO, the National Institute of Standards and Technology, NIST and the Information Technology Infrastructure Library, ITIL, is that COBIT 2019 isn't a framework for organizing business processes, managing technology, making IT related decisions, or determining IT strategies or architecture. Rather, it's designed strictly as a framework for governance and management of enterprise IT across the organization".
Rick Howard: Nerd Reference: Mark Pardee, back in 2016 was the IT Governance Program Manager for a company called DART Container. As of this episode, he's still there. He said back then that when he explains what COBIT is to his leadership team, he likes to think of his 85 year old dad as the receiver of the information.
Mark Pardee: My dad's, uh, a little over 80 years old, and he asked me what I do now, and I was trying to explain what governance is, what IT governance is, and how COBIT ties into that, that it's, it's a framework. It gives me a structure to work within for creating policies and procedures and the different practices. Um, and he's not technical at all, so it really forces me to look at it from a, a business language that he understands versus a technical language.
Mark Pardee: So, COBIT lends itself to that. Um, when we're talking to business leaders, we don't talk about COBIT. We talk about the principles and the goals cascade and tying IT work to what's important to the business and the enablers around processes and, and, uh, people and skills and culture and those are the things that, that make sense to the business leaders and so if you can relate that to my dad in this case then I know the, the, our CEO and our C-Suite people are going to understand it.
Rick Howard: Word Note is written by Tim Nodar, executive produced by Peter Kilpe and edited by John Petrik and me, Rick Howard. The mix, sound design, and original music have all been crafted by the ridiculously talented Elliot Peltzman. Thanks for listening.