Together with Common Criteria and ISO27001, COBIT (Control Objectives for Information and Related Technology), developed by ISACA (Information Systems Audit and Control Association), is the third international standard based on which the development of IT systems can be made more secure.
COBIT is a collection of internationally accepted IT management objectives that are generally applicable and accepted in the field of information security control and regulation.
When developing COBIT, consideration was primarily given to the system of criteria relating to three different professional groups:
- In managing risk in the continually changing IT environment of senior management, it provides assistance in evaluating the investments needed for the establishment of controls.
- For end users, it ensures the controlling and security of IT services.
For IT system auditors, however, it creates a sound basis for the classification of internal controls, and for the consultation and advisory tasks requested by management.