LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

What is COBIT?

COBIT = Control Objectives for Information and Related Technology. A Governance, Risk and Compliance (GRC) framework by ISACA — the bridge between high-level corporate governance and IT-specific frameworks like ITIL and ISO 27001.

COBIT shown as a bridge: board governance (COSO) hands business goals down to COBIT (ISACA), which drives IT controls in ITIL, ISO 27001, and PCI DSS

* COBIT as the bridge: it translates board-level governance into the IT-specific controls implemented by ITIL, ISO 27001, PCI DSS and others. *

As Wikipedia puts it:

"Der Anspruch von COBIT ist, das Bindeglied zwischen den unternehmensweiten Steuerungs-Frameworks und den IT-spezifischen Modellen (z. B. ITIL, ISO 27001) zu sein."

Where COBIT sits:

Board governance (COSO etc.)
        │
       COBIT  ← bridges business goals ↔ IT controls
        │
ITIL  |  ISO 27001  |  PCI DSS  |  …

COBIT defines high-level control objectives (what should be true) and lets you pick the implementation framework. It's particularly popular for IT audit because audit work has historically been driven by ISACA-certified professionals (CISA, CISM).

Tip: If your client asks for a "COBIT assessment," they usually want a mapping showing how their existing controls satisfy COBIT objectives — not a wholesale rebuild.

Go deeper:

From Quiz: ISF / ISMS & Security Standards (ISO 27k, NIST, BSI) | Updated: Jul 05, 2026