Risk Management in IT Infrastructure: COBIT v4.1 Framework

Assessment Worksheet.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

1. The purpose of COBIT P09 is to provide guidance on the risk management in an IT infrastructure. The risk management control aids in organizing the risks that have been identified, vulnerabilities and threats thus enable one to mediate and manage them.

2. Acquiring and implementation.

Monitoring and evaluation

Planning and organizing.

3. Access to unauthorized people on the public internet- change passwords often, software patches, software and hardware firewall and the operating system.

Destruction of data and deletion of all files by the user in application-minimizing of permissions to the owner of data only.

Software vulnerability in the Workstation OS-updating software application and window policy for the software vulnerability

4. True

5. ISACA

6. The structure records a typical and endless supply of IT risks, alleviation procedures, and residual risks.

Any potential effect on the objectives of the association brought on by spontaneous occasions is distinguished, broke down and evaluated.

Hazard alleviation techniques are embraced to lower residual risks to an acknowledged level

1. Describe the primary goal of the COBIT v4.1 Framework. Define COBIT.

COBIT is a control model for meeting the IT governance needs and ensures there is integrity in information and the information systems. The purpose for COBIT is to provide IT governance model to the business and management owners that help delivery of value from IT proper managing of IT-associated risks. It bridges the gaps amongst control needs, technical issues, and business requirements.

2. Describe the major objective of the Controls area

Within the ISACAs Knowledge Centre, COBIT control area promotes sharing and collaboration of information, experience, and solutions to the COBIT users

3. List each of the types of control objectives and briefly describe them based on the descriptions on the Web site

Plan and organize- it covers tactics and strategies, and concerns the recognizable proof of how IT can add to the accomplishment of the business targets. The acknowledgment of the vital vision should be planned, conveyed and managed for alternate points of view. A legitimate association and also innovative base ought to be set up."

Acquire and Implement - To understand the strategies of IT, solutions should be distinguished, created or procured, and also actualized and incorporated into the business process. Also, changes in and upkeep of existing frameworks are secured by this domain to ensure the solutions keep on meeting business goals.

Monitor and Evaluate - All IT forms should be routinely surveyed after some time for their compliance with the control requirements. Performance management, data and operational facilities management and provision of service support for users are addressed by this domain.

Delivery and support- The domain's concern is on the actual delivery of the services required which include service support, security management, and operational facilities management.

Process control- To have a complete view of the control requirements, process controls should be considered with the objectives.

Application controls- COBIT expect the configuration and usage of computerized application controls to be the obligation of IT, secured in the Acquire and Implement space, given business necessities characterized utilizing COBIT's data criteria

References

Gibson, Darril. Managing Risk In Information Systems. Sudbury, Mass.: Jones & Bartlett Learning, 2011. Print.