COBIT Management Guidelines

Senior managers in corporate and public organizations must consider expenditures to improve the control and security of their information infrastructure. While few would argue that this is not a good thing, all must occasionally ask themselves: “How far should we go, and is the cost justified by the benefit?” The answer to that question is provided in the COBIT Management Guidelines. The management guidelines also enhance and enable good enterprise management. They are intended to help the enterprise more effectively deal with the needs and requirements of IT security. In many organizations, there are extensive differences between the cultures of internal organizations who are responsible for different requirements. For example, cybersecurity may be interested in making sure that a system being built falls in alignment with the Federal Information Security Management Act requirements. Embedded in this culture, you may find IT auditing professionals who are certified information systems security professional. On the other hand, there is-a group of developers who are charged with formulating requirements for a customer and the traceability of those requirements through the requirements life cycle; these professionals are more concerned about being accurate

with documenting what the customer/stakeholder wants so that the building organization can acquire some sort of sign-off.