COBIT Foundation Student Handbook

COBIT is a registered trademark of the Information Systems Audit and Control Association © Copyright 2010 by ITpreneurs Nederland B.V. All rights reserved

STUDENT HANDBOOKversion 1.0

Sample

Mate

rial -

Not for

Rep

rint

The information contained in this classroom material is subject to change without notice. This material contains proprietary information that is protected by copyright. No part of this material may be photocopied, reproduced, or translated to another language without the prior consent of ITpreneurs Nederland B.V.

© Copyright 2010 by ITpreneurs Nederland B.V. All rights reserved.

COBIT is a registered trademark of ISACA and the IT Governance Institute. The course content is based on COBIT V4.1

The language used in this course is US English. Our sources of reference for grammar, syntax, and mechanics are The Chicago Manual of Style, The American Heritage Dictionary, and the Microsoft Manual of Style for Technical Publications.

Sample

Mate

rial -

Not for

Rep

rint

3

Copyright © 2010, ITpreneurs Nederland B.V. All rights reserved.

F O U N D A T I O N

4.1 Student Handbook

Contents


Module 1: Course Introduction 1

Module 2: Why COBIT: Context in organizations, and the need for IT Governance 11

Module 3: COBIT: An Introduction 51

Assignment I: IT Challenges for Callwick 77

Module 4: The COBIT Cube 81

Assignment II: Video on Demand is Launched 111

Module 5: The COBIT Components - Part 1 117

Assignment III: Preparing for the Management Meeting 149

Module 6: The COBIT Components - Part 2 155

Assignment IV: The Resolution for Callwick 189

Module 7: Assurance Guidance 197

Module 8: COBIT Resources 219

Module 9: Inter-relationships with other IT Frameworks, Standards and Regulations 247

Module 10: Exam Preparation Guide 285

Appendix I: Case Study: Callwick 311

Appendix II: Glossary 315

Appendix III: COBIT Foundation Exam Requirements 321

Appendix VI: Process Description of AI4 and ME1 331

Appendix V: Process Description of P010 and DS2 341

Appendix VI: COBIT Processes and Their Objectives 351

Appendix VII: Linking Business Goals and IT Goals 357

Appendix VIII: Mapping IT Process to IT Governance Focus Areas 361

Appendix IX: Answers 363

Feedback Form 383

Contents

Sample

Mate

rial -

Not for

Rep

rint

Sample

Mate

rial -

Not for

Rep

rint

F O U N D A T I O N

4.1


Module 1: Course Introduction

Sample

Mate

rial -

Not for

Rep

rint

F O U N D A T I O N

2Student Handbook4.1


Sample

Mate

rial -

Not for

Rep

rint

F O U N D A T I O N



Sample

Mate

rial -

Not for

Rep

rint

Sample

Mate

rial -

Not for

Rep

rint

F O U N D A T I O N

4.1


Module 2: Why COBIT: Context in organizations, and the need for IT Governance

Sample

Mate

rial -

Not for

Rep

rint

F O U N D A T I O N



Sample

Mate

rial -

Not for

Rep

rint

F O U N D A T I O N



Reading PointsThis module focuses on the need for and the context of an IT governance and control framework, such as COBIT. You will learn about:

y The key challenges encountered in IT and the business impact of those challenges.

y What governance is in the first place, followed by a discussion on what enterprise governance is

y IT governance, its key principles and business focus areas

y Stakeholders for IT governance implementation, their roles and responsibilities, and their specific concerns

Sample

Mate

rial -

Not for

Rep

rint

F O U N D A T I O N



Sub Topics: Overview Keeping IT Running Aligning IT with Business Value Security Regulatory Compliance Mastering Complexity CostsSam

ple M

ateria

l - Not

for R

eprin

t

F O U N D A T I O N



Most organizations also operate in a dynamic marketplace, with varying levels of business demands. It is no surprise, therefore, that managing complex technologies in the modern-day business environment is a complex and challenging task. We will look at some examples as we go.

Reading PointsOrganizations today commit heavily to IT. As a result, they invest significant amounts of money and resources in IT. Their dependency on IT to run normal business operations and enable new, strategic objectives has never been as high as it is today.

Sample

Mate

rial -

Not for

Rep

rint

F O U N D A T I O N



Here is some context: In 1969, mainframes were used to perform calculations and processing. It often took an entire day to complete one task. Today, we talk of processing millions of complex transactions within seconds. Without this, customer support departments would have looked very different than they do today; providing 24/7 on-demand support would be unimaginable.

Consequently, a single breakdown can incur losses to the tune of millions. As a result, fast computers and the Internet have now become a necessity rather than a luxury, as during the mainframe age.

Reading PointsModern organizations rely heavily on IT. The impact of any IT systems failure is huge. Take power failure for example. The business impact of power failure is almost unimaginable today.

Business-as-usual would come to a standstill if internal IT systems fail, for example, e-mail, document processing, tracking, reporting and so on

A seemingly simple failure, such as a server exceeding its storage capacity, can bring an entire department to a halt.

In even more critical business processes, such as Internet banking and order processing, the impact is, of course, far greater, and negatively impacts revenues and reputation.

Sample

Mate

rial -

Not for

Rep

rint

F O U N D A T I O N



The role of CIO, in several enterprises, is undergoing a change; CIOs are increasingly acting as a bridge between the business and IT.

ExampleTake the example of a builder. The builder constructs according to requirements and budgets. If requirements aren’t clear at the beginning and there is no coordination between budgets and eventual costs, the cost of construction will shoot up. The bottom line is that if an organization’s reliance on IT increases, the challenge lies in ensuring that IT meets business needs.

Reading PointsAligning IT with business is more important than ever these days.

In most organizations, business and IT are usually not aligned with the same goals. Consequently, their decisions and actions are not always synchronized, leading to failed IT projects, loss of money and time, and a sense of overall discouragement in undertaking larger IT projects.

Sample

Mate

rial -

Not for

Rep

rint

COBIT Foundation Student Handbook

Documents

Transcript of COBIT Foundation Student Handbook