第1页 / 共94页
第2页 / 共94页
第3页 / 共94页
第4页 / 共94页
第5页 / 共94页
第6页 / 共94页
第7页 / 共94页
第8页 / 共94页
COBIT5-Framework中文版.pdf
COBIT 5(p61)20130926 for ebook of web version (8.25x11.75).pdf
Executive Summary
Overview of This Publication
Chapter 2. Principle 1: Meeting Stakeholder Needs
Introduction
Chapter 3. Principle 2: Covering the Enterprise End-to-end
Governance Approach
Governance Scope
Roles, Activities and Relationships
Example of Enablers in Practice
COBIT 5 Enabler Dimensions
Enabler Dimensions
Enabler Performance Management
Chapter 6. Principle 5: Separating Governance From Management
Governance and Management
Interactions Between Governance and Management
COBIT 5 Process Reference Model
Chapter 7. Implementation Guidance
Considering the Enterprise Context
Creating the Appropriate Environment
Recognising Pain Points and Trigger Events
Chapter 8. The COBIT 5 Process Capability Model
Benefits of the Changes
Appendix A References
Appendix B Detailed Mapping Enterprise Goals—IT-related Goals
Appendix D Stakeholder Needs and Enterprise Goals
Appendix E Mapping of COBIT 5 With the Most Relevant Related Standards and Frameworks
Introduction
ISO/IEC 38500 Principles
Comparison With Other Standards
ITIL
ISO/IEC 27000 Series
ISO/IEC 31000 Series
TOGAF
PRINCE2
ISO/IEC 38500 Evaluate, Direct and Monitor
Appendix F Comparison Between the COBIT 5 Information Model and COBIT 4.1 Information Criteria
Appendix G Detailed Description of COBIT 5 Enablers
Introduction
Enabler Dimensions
Enabler Performance Management
COBIT 5 Process Reference Model
Example of Process Enabler in Practice
Enabler Performance Management
COBIT 5 Information Enabler
Introduction—The Information Cycle
COBIT 5 Enabler: Services, Infrastructure and Applications
Appendix H Glossary
IT
Personal Copy of: Mr. Ping Wang
ISACA®
ISACA®www.isaca.orgIS
IT IT
180 100,000 ISACA® 1969
ISACA® Journal IS
IT ISACA
Certified Information Systems Auditor®, CISA®
Certified Information Security Manager®, CISM®Certified in the Governance
of Enterprise IT®, CGEIT®Certified in Risk and Information Systems Control™,
CRISC™ISACA COBIT® COBIT IT
IT
Quality Statement
This Work is translated into Chinese Simplified from English language version of COBIT® 5 by the ISACA® China/Hong
Kong Chapter with the permission of ISACA®. The ISACA® China/Hong Kong Chapter assumes sole responsibility for
the accuracy and faithfulness of the translation.
COBIT® 5ISACA®ISACA®
ISACA®
Copyright
© 2012 ISACA. All rights reserved. For usage guidelines, see www.isaca.org/COBITuse.
© 2012 ISACA www.isaca.org/COBITuse
Disclaimer
ISACA has designed this publication, COBIT® 5 (the ‘Work’), primarily as an educational resource for governance of
enterprise IT (GEIT), assurance, risk and security professionals. ISACA makes no claim that use of any of the Work will
assure a successful outcome. The Work should not be considered inclusive of all proper information, procedures and
tests or exclusive of other information, procedures and tests that are reasonably directed to obtaining the same results.
In determining the propriety of any specific information, procedure or test, readers should apply their own professional
judgement to the specific GEIT, assurance, risk and security circumstances presented by the particular systems or
information technology environment.
ISACA®COBIT® 5 IT GEIT
ISACA®
IT
ISACA
3701 Algonquin Road, Suite 1010
Rolling Meadows, IL 60008 USA
+1.847.253.1545
+1.847.253.1443
info@isaca.org
www.isaca.org
www.isaca.org/cobit
ISACA www.isaca.org/knowledge-center
Twitter ISACA https://twitter.com/ISACANews
Twitter COBIT #COBIT
LinkedIn ISACAISACA http://linkd.in/ISACAOfficial
Facebook ISACA www.facebook.com/ISACAHQ
COBIT® 5
COBIT® 5
ISBN 978-1-60420-242-7
ISBN 978-1-60420-280-9
2
Personal Copy of: Mr. Ping Wang
ISACA
COBIT 52009–2011
John W. Lainhart, IV, CISA, CISM, CGEIT, IBM Global Business Services, USA, Co-chair
Derek J. Oliver, Ph.D., DBA, CISA, CISM, CRISC, CITP, FBCS, FISM, MInstISP,
Ravenswood Consultants Ltd., UK, Co-chair
Pippa G. Andrews, CISA, ACA, CIA, KPMG, Australia
Elisabeth Judit Antonsson, CISM, Nordea Bank, Sweden
Steven A. Babb, CGEIT, CRISC, Betfair, UK
Steven De Haes, Ph.D., University of Antwerp Management School, Belgium
Peter Harrison, CGEIT, FCPA, IBM Australia Ltd., Australia
Jimmy Heschl, CISA, CISM, CGEIT, ITIL Expert, bwin.party digital entertainment plc, Austria
Robert D. Johnson, CISA, CISM, CGEIT, CRISC, CISSP, Bank of America, USA
Erik H.J.M. Pols, CISA, CISM, Shell International-ITCI, The Netherlands
Vernon Richard Poole, CISM, CGEIT, Sapphire, UK
Abdul Rafeq, CISA, CGEIT, CIA, FCA, A. Rafeq and Associates, India
Floris Ampe, CISA, CGEIT, CIA, ISO 27000, PwC, Belgium
Gert du Preez, CGEIT, PwC, Canada
Stefanie Grijp, PwC, Belgium
Gary Hardy, CGEIT, IT Winners, South Africa
Bart Peeters, PwC, Belgium
Geert Poels, Ghent University, Belgium
Dirk Steuperaert, CISA, CGEIT, CRISC, IT In Balance BVBA, Belgium
Gary Baker, CGEIT, CA, Canada
Brian Barnier, CGEIT, CRISC, ValueBridge Advisors, USA
Johannes Hendrik Botha, MBCS-CITP, FSM, getITright Skills Development, South Africa
Ken Buechler, CGEIT, CRISC, PMP, Great-West Life, Canada
Don Caniglia, CISA, CISM, CGEIT, FLMI, USA
Mark Chaplin, UK
Roger Debreceny, Ph.D., CGEIT, FCPA, University of Hawaii at Manoa, USA
Mike Donahue, CISA, CISM, CGEIT, CFE, CGFM, CICA, Towson University, USA
Urs Fischer, CISA, CRISC, CPA (Swiss), Fischer IT GRC Consulting & Training, Switzerland
Bob Frelinger, CISA, CGEIT, Oracle Corporation, USA
James Golden, CISM, CGEIT, CRISC, CISSP, IBM, USA
Meenu Gupta, CISA, CISM, CBP, CIPP, CISSP, Mittal Technologies, USA
Gary Langham, CISA, CISM, CGEIT, CISSP, CPFA, Australia
Nicole Lanza, CGEIT, IBM, USA
Philip Le Grand, PRINCE2, Ideagen Plc, UK
Debra Mallette, CISA, CGEIT, CSSBB, Kaiser Permanente IT, USA
Stuart MacGregor, Real IRM Solutions (Pty) Ltd., South Africa
Christian Nissen, CISM, CGEIT, FSM, CFN People, Denmark
Jamie Pasfield, ITIL V3, MSP, PRINCE2, Pfizer, UK
Eddy J. Schuermans, CGEIT, ESRAS bvba, Belgium
Michael Semrau, RWE Germany, Germany
Max Shanahan, CISA, CGEIT, FCPA, Max Shanahan & Associates, Australia
Alan Simmonds, TOGAF9, TCSA, PreterLex, UK
Cathie Skoog, CISM, CGEIT, CRISC, IBM, USA
Dejan Slokar, CISA, CGEIT, CISSP, Deloitte & Touche LLP, Canada
Roger Southgate, CISA, CISM, UK
Nicky Tiesenga, CISA, CISM, CGEIT, CRISC, IBM, USA
Wim Van Grembergen, Ph.D., University of Antwerp Management School, Belgium
Greet Volders, CGEIT, Voquals N.V., Belgium
Christopher Wilken, CISA, CGEIT, PwC, USA
Tim M. Wright, CISA, CRISC, CBCI, GSEC, QSA, Kingston Smith Consulting LLP, UK
Personal Copy of: Mr. Ping Wang
3
Mark Adler, CISA, CISM, CGEIT, CRISC, Commercial Metals Company, USA
Wole Akpose, Ph.D., CGEIT, CISSP, Morgan State University, USA
Krzysztof Baczkiewicz, CSAM, CSOX, Eracent, Poland
Roland Bah, CISA, MTN Cameroon, Cameroon
Dave Barnett, CISSP, CSSLP, USA
Max Blecher, CGEIT, Virtual Alliance, South Africa
Ricardo Bria, CISA, CGEIT, CRISC, Meycor GRC, Argentina
Dirk Bruyndonckx, CISA, CISM, CGEIT, CRISC, MCA, KPMG Advisory, Belgium
Donna Cardall, UK
Debra Chiplin, Investors Group, Canada
Sara Cosentino, CA, Great-West Life, Canada
Kamal N. Dave, CISA, CISM, CGEIT, Hewlett Packard, USA
Philip de Picker, CISA, MCA, National Bank of Belgium, Belgium
Abe Deleon, CISA, IBM, USA
Stephen Doyle, CISA, CGEIT, Department of Human Services, Australia
Heidi L. Erchinger, CISA, CRISC, CISSP, System Security Solutions, Inc., USA
Rafael Fabius, CISA, CRISC, Uruguay
Urs Fischer, CISA, CRISC, CPA (Swiss), Fischer IT GRC Consulting & Training, Switzerland
Bob Frelinger, CISA, CGEIT, Oracle Corporation, USA
Yalcin Gerek, CISA, CGEIT, CRISC, ITIL Expert, ITIL V3 Trainer, PRINCE2, ISO/IEC 20000 Consultant, Turkey
Edson Gin, CISA, CISM, CFE, CIPP, SSCP, USA
James Golden, CISM, CGEIT, CRISC, CISSP, IBM, USA
Marcelo Hector Gonzalez, CISA, CRISC, Banco Central Republic Argentina, Argentina
Erik Guldentops, University of Antwerp Management School, Belgium
Meenu Gupta, CISA, CISM, CBP, CIPP, CISSP, Mittal Technologies, USA
Angelica Haverblad, CGEIT, CRISC, ITIL, Verizon Business, Sweden
Kim Haverblad, CISM, CRISC, PCI QSA, Verizon Business, Sweden
J. Winston Hayden, CISA, CISM, CGEIT, CRISC, South Africa
Eduardo Hernandez, ITIL V3, HEME Consultores, Mexico
Jorge Hidalgo, CISA, CISM, CGEIT, ATC, Lic. Sistemas, Argentina
Michelle Hoben, Media 24, South Africa
Linda Horosko, Great-West Life, Canada
Mike Hughes, CISA, CGEIT, CRISC, 123 Consultants, UK
Grant Irvine, Great-West Life, Canada
Monica Jain, CGEIT, CSQA, CSSBB, Southern California Edison, USA
John E. Jasinski, CISA, CGEIT, SSBB, ITIL Expert, USA
Masatoshi Kajimoto, CISA, CRISC, Japan
Joanna Karczewska, CISA, Poland
Kamal Khan, CISA, CISSP, CITP, Saudi Aramco, Saudi Arabia
Eddy Khoo S. K., Prudential Services Asia, Malaysia
Marty King, CISA, CGEIT, CPA, Blue Cross Blue Shield NC, USA
Alan S. Koch, ITIL Expert, PMP, ASK Process Inc., USA
Gary Langham, CISA, CISM, CGEIT, CISSP, CPFA, Australia
Jason D. Lannen, CISA, CISM, TurnKey IT Solutions, LLC, USA
Nicole Lanza, CGEIT, IBM, USA
Philip Le Grand, PRINCE2, Ideagen Plc, UK
Kenny Lee, CISA, CISM, CISSP, Bank of America, USA
Brian Lind, CISA, CISM, CRISC, Topdanmark Forsikring A/S, Denmark
Bjarne Lonberg, CISSP, ITIL, A.P. Moller - Maersk, Denmark
Stuart MacGregor, Real IRM Solutions (Pty) Ltd., South Africa
Debra Mallette, CISA, CGEIT, CSSBB, Kaiser Permanente IT, USA
Charles Mansour, CISA, Charles Mansour Audit & Risk Service, UK
Cindy Marcello, CISA, CPA, FLMI, Great-West Life & Annuity, USA
Nancy McCuaig, CISSP, Great-West Life, Canada
John A. Mitchell, Ph.D., CISA, CGEIT, CEng, CFE, CITP, FBCS, FCIIA, QiCA, LHS Business Control, UK
Makoto Miyazaki, CISA, CPA, Bank of Tokyo-Mitsubishi, UFJ Ltd., Japan
4
Personal Copy of: Mr. Ping Wang
Lucio Augusto Molina Focazzio, CISA, CISM, CRISC, ITIL, Independent Consultant, Colombia
Christian Nissen, CISM, CGEIT, FSM, ITIL Expert, CFN People, Denmark
Tony Noblett, CISA, CISM, CGEIT, CISSP, USA
Ernest Pages, CISA, CGEIT, MCSE, ITIL, Sciens Consulting LLC, USA
Jamie Pasfield, ITIL V3, MSP, PRINCE2, Pfizer, UK
Tom Patterson, CISA, CGEIT, CRISC, CPA, IBM, USA
Robert Payne, CGEIT, MBL, MCSSA, PrM, Lode Star Strategy Consulting, South Africa
Andy Piper, CISA, CISM, CRISC, PRINCE2, ITIL, Barclays Bank Plc, UK
Andre Pitkowski, CGEIT, CRISC, OCTAVE, ISO27000LA, ISO31000LA, APIT Consultoria de Informatica Ltd., Brazil
Dirk Reimers, Hewlett-Packard, Germany
Steve Reznik, CISA, ADP, Inc., USA
Robert Riley, CISSP, University of Notre Dame, USA
Martin Rosenberg, Ph.D., Cloud Governance Ltd., UK
Claus Rosenquist, CISA, CISSP, Nets Holding, Denmark
Jeffrey Roth, CISA, CGEIT, CISSP, L-3 Communications, USA
Cheryl Santor, CISSP, CNA, CNE, Metropolitan Water District, USA
Eddy J. Schuermans, CGEIT, ESRAS bvba, Belgium
Michael Semrau, RWE Germany, Germany
Max Shanahan, CISA, CGEIT, FCPA, Max Shanahan & Associates, Australia
Alan Simmonds, TOGAF9, TCSA, PreterLex, UK
Dejan Slokar, CISA, CGEIT, CISSP, Deloitte & Touche LLP, Canada
Jennifer Smith, CISA, CIA, Salt River Pima Maricopa Indian Community, USA
Marcel Sorouni, CISA, CISM, CISSP, ITIL, CCNA, MCDBA, MCSE, Bupa Australia, Australia
Roger Southgate, CISA, CISM, UK
Mark Stacey, CISA, FCA, BG Group Plc, UK
Karen Stafford Gustin, MLIS, London Life Insurance Company, Canada
Delton Sylvester, Silver Star IT Governance Consulting, South Africa
Katalin Szenes, CISA, CISM, CGEIT, CISSP, University Obuda, Hungary
Halina Tabacek, CGEIT, Oracle Americas, USA
Nancy Thompson, CISA, CISM, CGEIT, IBM, USA
Kazuhiro Uehara, CISA, CGEIT, CIA, Hitachi Consulting Co., Ltd., Japan
Rob van der Burg, Microsoft, The Netherlands
Johan van Grieken, CISA, CGEIT, CRISC, Deloitte, Belgium
Flip van Schalkwyk, Centre for e-Innovation, Western Cape Government, South Africa
Jinu Varghese, CISA, CISSP, ITIL, OCA, Ernst & Young, Canada
Andre Viviers, MCSE, IT Project+, Media 24, South Africa
Greet Volders, CGEIT, Voquals N.V., Belgium
David Williams, CISA, Westpac, New Zealand
Tim M. Wright, CISA, CRISC, CBCI, GSEC, QSA, Kingston Smith Consulting LLP, UK
Amanda Xu, PMP, Southern California Edison, USA
Tichaona Zororo, CISA, CISM, CGEIT, Standard Bank, South Africa
ISACA
Kenneth L. Vander Wal, CISA, CPA, Ernst & Young LLP (retired), USA, International President
Christos K. Dimitriadis, Ph.D., CISA, CISM, CRISC, INTRALOT S.A., Greece, Vice President
Gregory T. Grocholski, CISA, The Dow Chemical Co., USA, Vice President
Tony Hayes, CGEIT, AFCHSE, CHE, FACS, FCPA, FIIA, Queensland Government, Australia, Vice President
Niraj Kapasi, CISA, Kapasi Bangad Tech Consulting Pvt. Ltd., India, Vice President
Jeff Spivey, CRISC, CPP, PSP, Security Risk Management, Inc., USA, Vice President
Jo Stewart-Rattray, CISA, CISM, CGEIT, CRISC, CSEPS, RSM Bird Cameron, Australia, Vice President
Emil D’Angelo, CISA, CISM, Bank of Tokyo-Mitsubishi UFJ Ltd. (retired), USA, Past International President
Lynn C. Lawton, CISA, CRISC, FBCS CITP, FCA, FIIA, KPMG Ltd., Russian Federation, Past International President
Allan Neville Boardman, CISA, CISM, CGEIT, CRISC, CA (SA), CISSP, Morgan Stanley, UK, Director
Marc Vael, Ph.D., CISA, CISM, CGEIT, CISSP, Valuendo, Belgium, Director
Personal Copy of: Mr. Ping Wang
5
Marc Vael, Ph.D., CISA, CISM, CGEIT, CISSP, Valuendo, Belgium, Chairman
Michael A. Berardi Jr., CISA, CGEIT, Bank of America, USA
John Ho Chi, CISA, CISM, CRISC, CBCP, CFE, Ernst & Young LLP, Singapore
Phillip J. Lageschulte, CGEIT, CPA, KPMG LLP, USA
Jon Singleton, CISA, FCA, Auditor General of Manitoba (retired), Canada
Patrick Stachtchenko, CISA, CGEIT, Stachtchenko & Associates SAS, France
2009-2012
Patrick Stachtchenko, CISA, CGEIT, Stachtchenko & Associates SAS, France, Chairman
Georges Ataya, CISA, CISM, CGEIT, CRISC, CISSP, Solvay Brussels School of Economics and Management,
Belgium, Past Vice President
Steven A. Babb, CGEIT, CRISC, Betfair, UK
Sushil Chatterji, CGEIT, Edutech Enterprises, Singapore
Sergio Fleginsky, CISA, Akzo Nobel, Uruguay
John W. Lainhart, IV, CISA, CISM, CGEIT, CRISC, IBM Global Business Services, USA
Mario C. Micallef, CGEIT, CPAA, FIA, Malta
Anthony P. Noble, CISA, CCP, Viacom, USA
Derek J. Oliver, Ph.D., DBA, CISA, CISM, CRISC, CITP, FBCS, FISM, MInstISP,
Ravenswood Consultants Ltd., UK
Robert G. Parker, CISA, CA, CMC, FCA, Deloitte & Touche LLP (retired), Canada
Rolf M. von Roessing, CISA, CISM, CGEIT, CISSP, FBCI, Forfa AG, Switzerland
Jo Stewart-Rattray, CISA, CISM, CGEIT, CRISC, CSEPS, RSM Bird Cameron, Australia
Robert E. Stroud, CGEIT, CA Inc., USA
ISACA Los Angeles Chapter for its financial support
ISACA IT ®ITGI®
American Institute of Certified Public Accountants
Commonwealth Association for Corporate Governance Inc.
FIDA Inform
Information Security Forum
Institute of Management Accountants Inc.
ISACA chapters
ITGI France
ITGI Japan
Norwich University
Solvay Brussels School of Economics and Management
Strategic Technology Management Institute (STMI) of the National University of Singapore
University of Antwerp Management School
Enterprise GRC Solutions Inc.
Hewlett-Packard
IBM
Symantec Corp.
6
Personal Copy of: Mr. Ping Wang
.............................................................................................................................................................................................9
COBIT 5 ........................................................................................................................... 11
...........................................................................................................................................................................................13
COBIT 5 ....................................................................................................................................................................15
..............................................................................................................................................................................16
1 .......................................................................................................................................17
...............................................................................................................................................................................................17
COBIT 5 ......................................................................................................................................................................17
1. ....................................................................................................17
2. ............................................................................................................17
3. IT ..............................................................................................................18
4. IT ...............................................................................................................18
COBIT 5 ............................................................................................................................................................20
COBIT 5 .............................................................................................................................................20
COBIT 5 ........................................................................................................................................20
COBIT 5 ................................................................................................................................20
IT .......................................................................................................................................................21
.............................................................................................................................................22
2 ...............................................................................................................................................23
.......................................................................................................................................................................................23
.........................................................................................................................................................................24
.........................................................................................................................................................................24
.........................................................................................................................................................24
3 ......................................................................................................................................25
COBIT 5 .................................................................................................................................................................25
4 ..............................................................................................................................27
COBIT 5 ..............................................................................................................................................................................27
......................................................................................................................27
COBIT 5 ......................................................................................................................................................................28
.........................................................................................................................................................................28
.................................................................................................................................................................29
.....................................................................................................................................................................29
5 ...............................................................................................................................................31
..................................................................................................................................................................................31
........................................................................................................................................................31
COBIT 5 .............................................................................................................................................................32
............................................................................................................................................................................35
...............................................................................................................................................................................................35
.................................................................................................................................................................35
..........................................................................................................................................................................36
.................................................................................................................................................................36
.......................................................................................................................................................................................37
..................................................................................................................................................................................37
.................................................................................................................................................................38
Personal Copy of: Mr. Ping Wang
7
COBIT 5 ..................................................................................................................................................41
...............................................................................................................................................................................................41
COBIT 4.1 COBIT 5 ........................................................................................41
..............................................................................................................................................................................43
..................................................................................................................................................................................44
COBIT 5 ...................................................................................................................................................45
A. .............................................................................................................................................................................47
B. IT ......................................................................................................................49
C. IT IT .................................................................................................................51
D. ..........................................................................................................................................55
E. COBIT 5 .......................................................................................................57
...............................................................................................................................................................................................57
COBIT 5 ISO/IEC 38500 .......................................................................................................................................................57
ISO/IEC 38500 .......................................................................................................................................................57
ISO/IEC 38500 .......................................................................................................................60
.....................................................................................................................................................................60
ITIL® V3 2011 ISO/IEC 20000..................................................................................................................................60
ISO/IEC 27000 .......................................................................................................................................................60
ISO/IEC 31000 .......................................................................................................................................................60
TOGAF® .........................................................................................................................................................................60
CMMI ..................................................................................................................61
PRINCE2® ......................................................................................................................................................................61
F.COBIT 5 COBIT 4.1 ........................................................................................63
G. COBIT 5 ................................................................................................................................................65
...............................................................................................................................................................................................65
.........................................................................................................................................................................65
.................................................................................................................................................................66
COBIT 5 .......................................................................................................................................67
COBIT 5 .................................................................................................................................................................69
.................................................................................................................................................................70
.................................................................................................................................................71
COBIT 5 .................................................................................................................................................71
COBIT 5 ........................................................................................................................................................75
COBIT 5 .......................................................................................................................................79
COBIT 5 .................................................................................................................................................................81
.............................................................................................................................................................81
COBIT 5 .........................................................................................................................................................81
COBIT 5 ......................................................................................................................85
COBIT 5 .......................................................................................................................................87
H. ................................................................................................................................................................................89
8
Personal Copy of: Mr. Ping Wang
相关推荐
2023年江西萍乡中考道德与法治真题及答案.doc
2012年重庆南川中考生物真题及答案.doc
2013年江西师范大学地理学综合及文艺理论基础考研真题.doc
2020年四川甘孜小升初语文真题及答案I卷.doc
2020年注册岩土工程师专业基础考试真题及答案.doc
2023-2024学年福建省厦门市九年级上学期数学月考试题及答案.doc
2021-2022学年辽宁省沈阳市大东区九年级上学期语文期末试题及答案.doc
2022-2023学年北京东城区初三第一学期物理期末试卷及答案.doc
2018上半年江西教师资格初中地理学科知识与教学能力真题及答案.doc
2012年河北国家公务员申论考试真题及答案-省级.doc
2020-2021学年江苏省扬州市江都区邵樊片九年级上学期数学第一次质量检测试题及答案.doc
2022下半年黑龙江教师资格证中学综合素质真题及答案.doc
