Building on the COBIT 5 framework, this guide focuses on assurance and provides more detailed and practical guidance for assurance professionals and other interested parties at all levels of the enterprise on how to use COBIT 5 to support a variety of IT assurance activities.

"This practical guidance was created for enterprises using or considering using cloud computing. It provides a governance and control framework based on COBIT 5 and an audit program using COBIT 5 for Assurance. This information can assist enterprises in assessing the potential value of cloud investments to determine whether the risk is within the acceptable level. In addition, it provides a list of publications and resources that can help determine if cloud computing is the appropriate solution for the data and processes being considered."--

Information is a key resource for all enterprises. From the time information is created to the moment it is destroyed, technology plays a significant role in containing, distributing and analysing information. Technology is increasingly advanced and has become pervasive in enterprises and the social, public and business environments.

Featuring numerous case examples from companies around the world, this second edition integrates theoretical advances and empirical data with practical applications, including in-depth discussion on the COBIT 5 framework which can be used to build, measure and audit enterprise governance of IT approaches. At the forefront of the field, the authors of this volume draw from years of research and advising corporate clients to present a comprehensive resource on enterprise governance of IT (EGIT). Information technology (IT) has become a crucial enabler in the support, sustainability and growth of enterprises. Given this pervasive role of IT, a specific focus on EGIT has arisen over the last two decades, as an integral part of corporate governance. Going well beyond the implementation of a superior IT infrastructure, enterprise governance of IT is about defining and embedding processes and structures throughout the organization that enable boards and business and IT people to execute their responsibilities in support of business/IT alignment and value creation from their IT-enabled investments. Featuring a variety of elements, including executive summaries and sidebars, extensive references and questions and activities (with additional materials available on-line), this book will be an essential resource for professionals, researchers and students alike

This book introduces two internationally recognized bodies of knowledge: COBIT 5 from a cybersecurity perspective and the NIST Framework for Improving Critical Infrastructure Cybersecurity (CSF). Emphasizing the processes directly related to governance, risk management, and audit, the book maps the CSF steps and activities to the methods defined in COBIT 5, extending the CSF objectives with practical and measurable activities that leverage operational risk understanding in a business context. This allows the ICT organization to convert high-level enterprise goals into manageable, specific goals rather than unintegrated checklist models.