LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

What is COBIT, and how does it differ from security-specific frameworks?

COBIT (Control Objectives for Information and Related Technology) is a framework for IT governance — it governs ALL of IT, with security as one concern among many.

COBIT governs all of IT vs ISO 27001 / NIST CSF which target security only.

* COBIT governs all of IT; ISO 27001 / NIST CSF are security-specific — often used together. *

Published by ISACA, COBIT answers: "is our IT organization doing the right things, efficiently, and under control?" — covering value delivery, resource and risk management, performance measurement, and compliance.

How it relates to the others:

  • Broader scope than ISO 27001 / NIST CSF: those target information security; COBIT targets IT governance overall
  • NIST CSF subcategories frequently cite COBIT 5 process IDs (e.g. APO08.04) as informative references
  • Often used alongside a security framework: COBIT for the governance layer, ISO 27001 or CSF for the security management layer
  • Frequently the lens of IT auditors — ISACA also runs the CISA certification

Tip: Same family as ITIL — ITIL focuses on IT service management (operations, incident, change), COBIT on governance and control. Both touch security but neither is a security standard.

Go deeper:

From Quiz: ISM / Frameworks — NIST CSF & IKT Minimalstandard | Updated: Jul 05, 2026