Cobit 5 Rus
Cobit 5 Rus
Cobit 5 Rus
1
Personal Copy of: Sergey Yelhimov
ISACA
ISACA (www.isaca.org) - ,
, ,
(), .
1969 , 95000
160 . , ISACA
Journal, ,
.
- CISA (Certified
Information Systems Auditor), CISM (Certified Information Security Manager), CGEIT (Certified in the Governance
of Enterprise IT) CRISC (Certified in Risk and Information Systems Control). ISACA
- COBIT, -
, , ,
, .
Disclaimer
ISACA has designed this publication, COBIT 5 (the Work), primarily as an educational resource for governance of
enterprise IT (GEIT), assurance, risk and security professionals. ISACA makes no claim that use of any of the Work will
assure a successful outcome. The Work should not be considered inclusive of all proper information, procedures and tests or
exclusive of other information, procedures and tests that are reasonably directed to obtaining the same results. In determining
the propriety of any specific information, procedure or test, readers should apply their own professional judgement to the
specific GEIT, assurance, risk and security circumstances presented by the particular systems or information technology
environment.
ISACA , COBIT 5 (), ,
, ,
. ISACA .
, ,
, , ,
. , ,
, ,
, ,
.
Copyright
2012 ISACA. All rights reserved. For usage guidelines, see www.isaca.org/COBITuse.
Copyright
2012 ISACA. . : www.isaca.org/COBITuse
ISACA
3701 Algonquin Road, Suite 1010 Rolling Meadows, IL 60008 USA
: +1.847.253.1545 : +1.847.253.1443
: info@isaca.org
-: www.isaca.org
: www.isaca.org/cobit
ISACA: www.isaca.org/knowledge-center
ISACA : https://twitter.com/ISACANews
COBIT : #COBIT
ISACA : ISACA (Official), http://linkd.in/ISACAOfficial
ISACA : www.facebook.com/ISACAHQ
Quality Statement
This Work is translated into Russian from the English language version of COBIT 5 by the ISACA Moscow Chapter with
the permission of ISACA. The ISACA Moscow Chapter assumes sole responsibility for the accuracy and faithfulness of
the translation.
ISACA
ISACA. ISACA
.
COBIT 5
ISBN 978-1-60420-290-8
2
ISACA :
, CGEIT, CISA, TOGAF,
, GSV
, CISA, CISM, CGEIT, KPMG
, ITIL Expert, Cleverics
, ITIL Expert, GSV
, Deloitte & Touche
, Cleverics
, ITIL Expert, Cleverics
, CISA, CISM, CGEIT, 44
ISACA :
COBIT 5 (20092011)
John W. Lainhart, IV, CISA, CISM, CGEIT, IBM Global Business Services, ,
Derek J. Oliver, Ph.D., DBA, CISA, CISM, CRISC, CITP, FBCS, FISM, MInstISP, Ravenswood Consultants Ltd.,
,
Pippa G. Andrews, CISA, ACA, CIA, KPMG,
Elisabeth Judit Antonsson, CISM, Nordea Bank,
Steven A. Babb, CGEIT, CRISC, Betfair,
Steven De Haes, Ph.D., University of Antwerp Management School,
Peter Harrison, CGEIT, FCPA, IBM Australia Ltd.,
Jimmy Heschl, CISA, CISM, CGEIT, ITIL Expert, bwin.party digital entertainment plc,
Robert D. Johnson, CISA, CISM, CGEIT, CRISC, CISSP, Bank of America,
Erik H.J.M. Pols, CISA, CISM, Shell International-ITCI,
Vernon Richard Poole, CISM, CGEIT, Sapphire,
Abdul Rafeq, CISA, CGEIT, CIA, FCA, A. Rafeq and Associates,
Floris Ampe, CISA, CGEIT, CIA, ISO 27000, PwC,
Gert du Preez, CGEIT, PwC,
Stefanie Grijp, PwC,
Gary Hardy, CGEIT, IT Winners,
Bart Peeters, PwC,
Geert Poels, Ghent University,
Dirk Steuperaert, CISA, CGEIT, CRISC, IT In Balance BVBA,
Gary Baker, CGEIT, CA,
Brian Barnier, CGEIT, CRISC, ValueBridge Advisors,
Johannes Hendrik Botha, MBCS-CITP, FSM, getITright Skills Development,
Ken Buechler, CGEIT, CRISC, PMP, Great-West Life,
Don Caniglia, CISA, CISM, CGEIT, FLMI,
Mark Chaplin,
Roger Debreceny, Ph.D., CGEIT, FCPA, University of Hawaii at Manoa,
Mike Donahue, CISA, CISM, CGEIT, CFE, CGFM, CICA, Towson University,
Urs Fischer, CISA, CRISC, CPA (Swiss), Fischer IT GRC Consulting & Training,
Bob Frelinger, CISA, CGEIT, Oracle Corporation,
James Golden, CISM, CGEIT, CRISC, CISSP, IBM,
Meenu Gupta, CISA, CISM, CBP, CIPP, CISSP, Mittal Technologies,
Gary Langham, CISA, CISM, CGEIT, CISSP, CPFA,
Nicole Lanza, CGEIT, IBM,
Philip Le Grand, PRINCE2, Ideagen Plc,
Debra Mallette, CISA, CGEIT, CSSBB, Kaiser Permanente IT,
Stuart MacGregor, Real IRM Solutions (Pty) Ltd.,
Christian Nissen, CISM, CGEIT, FSM, CFN People,
Jamie Pasfield, ITIL V3, MSP, PRINCE2, Pfizer,
Eddy J. Schuermans, CGEIT, Esras bvba,
3
Personal Copy of: Sergey Yelhimov
()
()
Michael Semrau, RWE Germany,
Max Shanahan, CISA, CGEIT, FCPA, Max Shanahan & Associates,
Alan Simmonds, TOGAF9, TCSA, PreterLex,
Cathie Skoog, CISM, CGEIT, CRISC, IBM,
Dejan Slokar, CISA, CGEIT, CISSP, Deloitte & Touche LLP,
Roger Southgate, CISA, CISM,
Nicky Tiesenga, CISA, CISM, CGEIT, CRISC, IBM,
Wim Van Grembergen, Ph.D., University of Antwerp Management School,
Greet Volders, CGEIT, Voquals N.V.,
Christopher Wilken, CISA, CGEIT, PwC,
Tim M. Wright, CISA, CRISC, CBCI, GSEC, QSA, Kingston Smith Consulting LLP,
Mark Adler, CISA, CISM, CGEIT, CRISC, Commercial Metals Company,
Wole Akpose, Ph.D., CGEIT, CISSP, Morgan State University,
Krzysztof Baczkiewicz, CSAM, CSOX, Eracent,
Roland Bah, CISA, MTN Cameroon,
Dave Barnett, CISSP, CSSLP,
Max Blecher, CGEIT, Virtual Alliance,
Ricardo Bria, CISA, CGEIT, CRISC, Meycor GRC,
Dirk Bruyndonckx, CISA, CISM, CGEIT, CRISC, MCA, KPMG Advisory,
Donna Cardall,
Debra Chiplin, Investors Group,
Sara Cosentino, CA, Great-West Life,
Kamal N. Dave, CISA, CISM, CGEIT, Hewlett Packard,
Philip de Picker, CISA, MCA, National Bank of ,
Abe Deleon, CISA, IBM,
Stephen Doyle, CISA, CGEIT, Department of Human Services,
Heidi L. Erchinger, CISA, CRISC, CISSP, System Security Solutions, Inc.,
Rafael Fabius, CISA, CRISC,
Urs Fischer, CISA, CRISC, CPA (Swiss), Fischer IT GRC Consulting & Training,
Bob Frelinger, CISA, CGEIT, Oracle Corporation,
Yalcin Gerek, CISA, CGEIT, CRISC, ITIL Expert, ITIL V3 Trainer, PRINCE2, ISO/IEC 20000 Consultant,
Edson Gin, CISA, CISM, CFE, CIPP, SSCP,
James Golden, CISM, CGEIT, CRISC, CISSP, IBM,
Marcelo Hector Gonzalez, CISA, CRISC, Banco Central Republic Argentina,
Erik Guldentops, University of Antwerp Management School,
Meenu Gupta, CISA, CISM, CBP, CIPP, CISSP, Mittal Technologies,
Angelica Haverblad, CGEIT, CRISC, ITIL, Verizon Business,
Kim Haverblad, CISM, CRISC, PCI QSA, Verizon Business,
J. Winston Hayden, CISA, CISM, CGEIT, CRISC,
Eduardo Hernandez, ITIL V3, HEME Consultores,
Jorge Hidalgo, CISA, CISM, CGEIT, ATC, Lic. Sistemas,
Michelle Hoben, Media 24,
Linda Horosko, Great-West Life,
Mike Hughes, CISA, CGEIT, CRISC, 123 Consultants,
Grant Irvine, Great-West Life,
Monica Jain, CGEIT, CSQA, CSSBB, Southern California Edison,
John E. Jasinski, CISA, CGEIT, SSBB, ITIL Expert,
Masatoshi Kajimoto, CISA, CRISC,
Joanna Karczewska, CISA,
Kamal Khan, CISA, CISSP, CITP, Saudi Aramco,
Eddy Khoo S. K., Prudential Services Asia,
Marty King, CISA, CGEIT, CPA, Blue Cross Blue Shield NC,
Alan S. Koch, ITIL Expert, PMP, ASK Process Inc.,
Gary Langham, CISA, CISM, CGEIT, CISSP, CPFA,
Jason D. Lannen, CISA, CISM, TurnKey IT Solutions, LLC,
4
()
()
Nicole Lanza, CGEIT, IBM,
Philip Le Grand, PRINCE2, Ideagen Plc,
Kenny Lee, CISA, CISM, CISSP, Bank of America,
Brian Lind, CISA, CISM, CRISC, Topdanmark Forsikring A/S,
Bjarne Lonberg, CISSP, ITIL, A.P. Moller - Maersk,
Stuart MacGregor, Real IRM Solutions (Pty) Ltd.,
Debra Mallette, CISA, CGEIT, CSSBB, Kaiser Permanente IT,
Charles Mansour, CISA, Charles Mansour Audit & Risk Service,
Cindy Marcello, CISA, CPA, FLMI, Great-West Life & Annuity,
Nancy McCuaig, CISSP, Great-West Life,
John A. Mitchell, Ph.D., CISA, CGEIT, CEng, CFE, CITP, FBCS, FCIIA, QiCA, LHS Business Control,
Makoto Miyazaki, CISA, CPA, Bank of Tokyo-Mitsubishi, UFJ Ltd.,
Lucio Augusto Molina Focazzio, CISA, CISM, CRISC, ITIL, Independent Consultant,
Christian Nissen, CISM, CGEIT, FSM, ITIL Expert, CFN People,
Tony Noblett, CISA, CISM, CGEIT, CISSP,
Ernest Pages, CISA, CGEIT, MCSE, ITIL, Sciens Consulting LLC,
Jamie Pasfield, ITIL V3, MSP, PRINCE2, Pfizer,
Tom Patterson, CISA, CGEIT, CRISC, CPA, IBM,
Robert Payne, CGEIT, MBL, MCSSA, PrM, Lode Star Strategy Consulting,
Andy Piper, CISA, CISM, CRISC, PRINCE2, ITIL, Barclays Bank Plc,
Andre Pitkowski, CGEIT, CRISC, OCTAVE, ISO27000LA, ISO31000LA, APIT Consultoria de Informatica Ltd.,
Dirk Reimers, Hewlett-Packard,
Steve Reznik, CISA, ADP, Inc.,
Robert Riley, CISSP, University of Notre Dame,
Martin Rosenberg, Ph.D., Cloud Governance Ltd.,
Claus Rosenquist, CISA, CISSP, Nets Holding,
Jeffrey Roth, CISA, CGEIT, CISSP, L-3 Communications,
Cheryl Santor, CISSP, CNA, CNE, Metropolitan Water District,
Eddy J. Schuermans, CGEIT, ESRAS bvba,
Michael Semrau, RWE Germany,
Max Shanahan, CISA, CGEIT, FCPA, Max Shanahan & Associates,
Alan Simmonds, TOGAF9, TCSA, PreterLex,
Dejan Slokar, CISA, CGEIT, CISSP, Deloitte & Touche LLP,
Jennifer Smith, CISA, CIA, Salt River Pima Maricopa Indian Community,
Marcel Sorouni, CISA, CISM, CISSP, ITIL, CCNA, MCDBA, MCSE, Bupa Australia,
Roger Southgate, CISA, CISM,
Mark Stacey, CISA, FCA, BG Group Plc,
Karen Stafford Gustin, MLIS, London Life Insurance Company,
Delton Sylvester, Silver Star IT Governance Consulting,
Katalin Szenes, CISA, CISM, CGEIT, CISSP, University Obuda,
Halina Tabacek, CGEIT, Oracle Americas,
Nancy Thompson, CISA, CISM, CGEIT, IBM,
Kazuhiro Uehara, CISA, CGEIT, CIA, Hitachi Consulting Co., Ltd.,
Rob van der Burg, Microsoft,
Johan van Grieken, CISA, CGEIT, CRISC, Deloitte,
Flip van Schalkwyk, Centre for e-Innovation, Western Cape Government,
Jinu Varghese, CISA, CISSP, ITIL, OCA, Ernst & Young,
Andre Viviers, MCSE, IT Project+, Media 24,
Greet Volders, CGEIT, Voquals N.V.,
David Williams, CISA, Westpac,
Tim M. Wright, CISA, CRISC, CBCI, GSEC, QSA, Kingston Smith Consulting LLP,
Amanda Xu, PMP, Southern California Edison,
Tichaona Zororo, CISA, CISM, CGEIT, Standard Bank,
ISACA
Kenneth L. Vander Wal, CISA, CPA, Ernst & Young LLP (retired), ,
5
Personal Copy of: Sergey Yelhimov
()
Christos K. Dimitriadis, Ph.D., CISA, CISM, CRISC, INTRALOT S.A., , -
Gregory T. Grocholski, CISA, The Dow Chemical Co., , -
Tony Hayes, CGEIT, AFCHSE, CHE, FACS, FCPA, FIIA, Queensland Government, , -
Niraj Kapasi, CISA, Kapasi Bangad Tech Consulting Pvt. Ltd., , -
Jeff Spivey, CRISC, CPP, PSP, Security Risk Management, Inc., , -
Jo Stewart-Rattray, CISA, CISM, CGEIT, CRISC, CSEPS, RSM Bird Cameron, , -
Emil DAngelo, CISA, CISM, Bank of Tokyo-Mitsubishi UFJ Ltd. (retired), , -
Lynn C. Lawton, CISA, CRISC, FBCS CITP, FCA, FIIA, KPMG Ltd., , -
Allan Neville Boardman, CISA, CISM, CGEIT, CRISC, CA (SA), CISSP, Morgan Stanley, ,
Marc Vael, Ph.D., CISA, CISM, CGEIT, CISSP, Valuendo, ,
Marc Vael, Ph.D., CISA, CISM, CGEIT, CISSP, Valuendo, ,
Michael A. Berardi Jr., CISA, CGEIT, Bank of America,
John Ho Chi, CISA, CISM, CRISC, CBCP, CFE, Ernst & Young LLP,
Phillip J. Lageschulte, CGEIT, CPA, KPMG LLP,
Jon Singleton, CISA, FCA, Auditor General of Manitoba (retired),
Patrick Stachtchenko, CISA, CGEIT, Stachtchenko & Associates SAS,
(2009-2012)
Patrick Stachtchenko, CISA, CGEIT, Stachtchenko & Associates SAS, France,
Georges Ataya, CISA, CISM, CGEIT, CRISC, CISSP, Solvay Brussels School of Economics and Management, ,
--
Steven A. Babb, CGEIT, CRISC, Betfair,
Sushil Chatterji, CGEIT, Edutech Enterprises,
Sergio Fleginsky, CISA, Akzo Nobel,
John W. Lainhart, IV, CISA, CISM, CGEIT, CRISC, IBM Global Business Services,
Mario C. Micallef, CGEIT, CPAA, FIA,
Anthony P. Noble, CISA, CCP, Viacom,
Derek J. Oliver, Ph.D., DBA, CISA, CISM, CRISC, CITP, FBCS, FISM, MInstISP, Ravenswood Consultants Ltd.,
Robert G. Parker, CISA, CA, CMC, FCA, Deloitte & Touche LLP (retired),
Rolf M. von Roessing, CISA, CISM, CGEIT, CISSP, FBCI, Forfa AG,
Jo Stewart-Rattray, CISA, CISM, CGEIT, CRISC, CSEPS, RSM Bird Cameron,
Robert E. Stroud, CGEIT, CA Inc.,
ISACA Los Angeles Chapter -
ISACA IT Governance Institute (ITGI)
American Institute of Certified Public Accountants
Commonwealth Association for Corporate Governance Inc.
FIDA Inform
Information Security Forum
Institute of Management Accountants Inc.
ISACA
ITGI
ITGI
Norwich University
Solvay Brussels School of Economics and Management
Strategic Technology Management Institute (STMI) of the National University of Singapore
University of Antwerp Management School
Enterprise GRC Solutions Inc.
Hewlett-Packard
IBM
Symantec Corp.
6
..................................................................................................................................................................... 9
COBIT 5: - ........................................................ 11
....................................................................................................................................................... 13
1. COBIT 5....................................................................................................................................................... 15
......................................................................................................................................................................... 16
2. 1: ........................................................ 17
............................................................................................................................................................................... 17
COBIT 5........................................................................................................................................................ 17
1. ............................................ 17
2. ................................... 17
3. -....................................................................................... 18
4. - .............................................................................. 18
COBIT 5........................................................................................................................... 20
COBIT 5.................................................................................................................... 20
COBIT 5.............................................................................................. 20
COBIT 5 .............................................................................................. 20
........................................................................................................................... 21
........................................................................................................................ 22
3. 2: ........................................................................................ 23
......................................................................................................................................................... 23
................................................................................................................................ 24
................................................................................................................................................... 24
, .................................................................................................................... 24
4. 3: .............................................................. 25
COBIT 5 .................................................................................................................................... 25
5. 4: ................................................................................................ 27
COBIT 5................................................................................................................................................ 27
.................................. 27
COBIT 5............................................................................................................................. 28
COBIT 5................................................................................................................. 28
...................................................................................... 29
............................................................................................. 29
6. 5: ......................................................................................... 31
................................................................................................................................................. 31
................................................................................................... 31
COBIT 5............................................................................................................................................... 32
7. .............................................................................................................................. 35
............................................................................................................................................................................... 35
.................................................................................................................................. 35
............................................................................................................................................. 36
-.................................................................................................... 36
..................................................................................................................................................... 37
...................................................................................................................................................... 37
: -............................................................................................................... 39
7
Personal Copy of: Sergey Yelhimov
8. COBIT 5...................................................................................................... 41
............................................................................................................................................................................... 41
COBIT 4.1 COBIT 5.............................. 41
........................................................................................................................................................... 43
............................................................................................................................................ 45
COBIT 5............................................................................................... 45
A. .................................................................................................................................................. 47
B. -............................... 49
C. - -......................................... 51
D. ....................................................... 55
E. COBIT 5 ........................... 57
............................................................................................................................................................................... 57
COBIT 5 ISO/IEC 38500.................................................................................................................................................. 57
ISO/IEC 38500.................................................................................................................................... 57
ISO/IEC 38500 , ......................................................................................... 60
................................................................................................................................... 61
ITIL V3 2011 ISO/IEC 20000........................................................................................................................... 61
ISO/IEC 27000....................................................................................................................................................... 61
ISO/IEC 31000....................................................................................................................................................... 61
TOGAF................................................................................................................................................................. 61
Capability Maturity Model Integration (CMMI) ( ).............................. 61
PRINCE2.............................................................................................................................................................. 61
F. COBIT 5 COBIT 4.1.... 63
G. COBIT 5............................................................................65
............................................................................................................................................................................... 65
............................................................................................................................... 65
...................................................................................... 66
COBIT 5: , ........................................................................................ 67
COBIT 5: ............................................................................................................................... 69
...................................................................................... 71
.......................................................................................... 71
COBIT 5.............................................................................................................. 71
COBIT 5: ............................................................................................... 75
COBIT 5: , ................................................................................................ 79
COBIT 5: .......................................................................................................................... 81
. ..................................................................................................................... 81
COBIT 5....................................................................................................... 81
COBIT 5: , ............................................................................. 85
COBIT 5: , ............................................................................................. 87
H. ................................................................................................................................................... 89
1 COBIT 5....................................................................................................................11
2 COBIT 5..........................................................................................................................................13
3 ..............................................................................................................................................17
4 .........................................................................................................................................18
5 COBIT 5............................................................................................................19
6 -.............................................................................................................................................................19
7 ........................................................................................................22
8 COBIT 5.................................................................................23
9 , .......................................................................................24
10 COBIT 5..............................................................................................................25
11 COBIT 5.....................................................................................................................26
12 COBIT 5...............................................................................27
13 .................................................................................................................28
14 COBIT 5...........................................................31
15 COBIT 5...........................................................32
16 COBIT 5........................................................................................................33
17 COBIT 5......................................................................................38
18 COBIT 4.1........................................................................................................41
19 COBIT 5...............................................................................42
20 (COBIT 4.1) (COBIT 5) .44
21 COBIT 4.1 COBIT 5.........................................44
22 - - COBIT..........................................................50
23 - - COBIT 5.....................................................52
24 - COBIT 5..55
25 COBIT 5 ...............................................................................62
26 COBIT 5 COBIT 4.1.................................................63
27 .................................................................................................................65
28 COBIT 5: , , ...................................................................67
29 COBIT 5: .......................................................................................................69
30 COBIT 5...........................................................73
31 COBIT 5........................................................................................................74
32 COBIT 5: ........................................................................75
33 COBIT 5............................................................................................76
34 COBIT 5: , .......................................................................79
35 COBIT 5 - .........................................................................................81
36 COBIT 5: ..................................................................................................81
37 COBIT 5: , .....................................................85
38 COBIT 5: , .....................................................................87
39 COBIT 5.........................................................................................................................88
9
Personal Copy of: Sergey Yelhimov
COBIT 5
COBIT: , , .
, (,
ITIL, ITSM-) (,
15504-2:2009).
.
, COBIT 5 Governance Management .
COBIT 5 .
governance ,
.
:
:
,
;
;
,
.
, , ,
, , .
COBIT 5 6
5: .
10
COBIT 5: -
COBIT 5: -
COBIT 5 .
COBIT 5, 1.
1 COBIT 5
COBIT 5
COBIT 5
COBIT 5:
Enabling Processes
COBIT 5:
Enabling Information
COBIT 5
COBIT 5 Implementation
COBIT 5
for Information
Security
COBIT 5
for Assurance
COBIT 5
for Risk
- COBIT 5
COBIT 5 , ,
,
.
COBIT 5 :
COBIT 5 (-)
, , :
COBIT 5:
COBIT 5: Enabling Information ()
(. www.isaca.org/cobit)
COBIT 5 , :
COBIT 5:
COBIT 5 for Information Security
COBIT 5 for Assurance
COBIT 5 for Risk ()
(. www.isaca.org/cobit)
- ,
COBIT 5.
11
Personal Copy of: Sergey Yelhimov
12
.
.
: , .
, , -, :
.
, , ,
.
, .
-.
- .
, , , .
,
, ,
.
, , ,
, .
, ,
. ,
.
COBIT 5 ,
. , COBIT 5
, . COBIT 5
,
, ,
. COBIT 5
: , .
2 COBIT 5
1.
2.
5.
COBIT 5
4.
3.
13
Personal Copy of: Sergey Yelhimov
COBIT 5 , 2:
1: . ,
,
. COBIT 5 ,
- . ,
, , COBIT 5 ,
.
-
.
2: . COBIT 5
, :
. COBIT 5 , ,
, .
, , ,
,
, .
3: .
, -. COBIT 5
. , COBIT 5
.
4: .
, .
COBIT 5 ,
. ,
. COBIT 5 :
,
,
,
,
5: . COBIT 5
. ,
. COBIT 5,
:
, :
,
;
;
.
,
.
, .
, , ,
, , .
,
, (CEO).
,
.
14
1
COBIT 5
1
COBIT 5
COBIT 5 ISACA .
COBIT 5 15- COBIT
, , ,
. COBIT 5
:
(, )
.
, .
, . , , , ,
. , ,
, .
,
, , , , ,
.
.
, -?
,
.
,
. ,
. , -, ,
, , , . CIO (Chief Information Officer) . .
. , , ,
,
.
, ,
, .
, , ,
, , .
-, .
:
;
- ;
, , ;
.
, ,
, Information Technology Infrastructure Library (ITIL), The Open Group Architecture
Framework (TOGAF), Project Management Body of Knowledge (PMBOK), PRojects IN Controlled Environments
2 (PRINCE2), Committee of Sponsoring Organizations of the Treadway Commission (COSO),
International Organization for Standardization (ISO).
.
ISACA,
COBIT, Val IT Risk IT, Business Model for Information Security (BMIS), IT Assurance Framework
(ITAF), Board Briefing on IT Governance Taking Governance Forward (TGF). COBIT 5
, .
COBIT 5 ,
. , COBIT 5
. COBIT 5 - ISACA
(www.isaca.org/cobit).
15
, COBIT 5 :
2 1: .
.
. -, -
(Enablers), .
COBIT 5. ,
.
3 2: . ,
COBIT 5 ,
.
4 3: .
COBIT 5.
5 4: .
.
: .
6 5: ,
. COBIT 5.
7 . ,
, , , ,
. COBIT 5,
COBIT 5.
8 COBIT 5, COBIT
Assessment Programme. COBIT 4.1
.
, :
. , COBIT 5.
B. -. ,
-.
C. - -. , COBIT
-.
D. . ,
, COBIT 5.
E. COBIT 5 .
F. COBIT 5 COBIT 4.1.
G. COBIT 5. 5
, ,
. .
H.
16
1:
2
1:
, . ,
, ,
.
(. 3). , ,
, , .
,
, . ,
. , , ,
. , ,
: ? ? ?
COBIT 5
. (,
, ..) (, ,
..),
, .
.
COBIT 5 ,
, - .
, ,
- .
COBIT 5 4.
1.
, , ,
- , .
2.
.
(Balanced Scorecard1)
,
. , , ,
.
D.
Kaplan, Robert S.; David P. Norton; The Balanced Scorecard: Translating Strategy Into Action, Harvard University Press, USA, 1996
17
Personal Copy of: Sergey Yelhimov
4
(, , )
D
5
COBIT 5 17 , 5. :
, .
.
,
(P , S , ).
3. -
-, -.
, -
. COBIT 5 17 -,
6.
- B. ,
-.
4. -
- .
5. ,
, ,
-.
, -
COBIT 5, .
2
, - .
, , , COBIT 5
- -.
18
1:
5 COBIT 5
1.
2.
3. - ( )
5.
6.
S
S
8.
9.
10.
11. -
12. -
13. -
14.
S
P
S
P
15.
7. -
4.
16.
17.
6 -
01
- -
02
03
04
-,
05
06
-,
07
- -
08
09
10
11
-,
12
-, -
13
, ,
14
15
16
17
, -
19
Personal Copy of: Sergey Yelhimov
COBIT 5
COBIT 5
, ,
() , . :
.
COBIT 5 ,
, .
( ) ,
.
COBIT 5
3 ( -, -
COBIT 5 ( )) ,
, . , :
- , .
.
, .
, ,
, .
COBIT 5
,
. ,
, ,
COBIT.
, :
.
, , ..
3
, -
.
20
1:
1
, .
, .
, ,
(. 5):
6.
7. -
8.
: -, .
B.
- ( P):
01
04 -,
07 - -
09
10 ,
14
17 , -
4 .
- (. 5), .
C - COBIT 5. -,
-, . , , ,
, .
, ,
, .
2 :
, ,
. , ,
.
, ,
:
1. -
4. ,
8.
16. ,
17. .
, .
( 7).
21
Personal Copy of: Sergey Yelhimov
(CEO)
(CFO)
(CIO)
(CRO)
-
-
(HR)
..
? -?
?
?
-?
? ?
?
?
?
?
? -
? ()?
-?
?
?
?
, -?
- , , ? -?
? , ?
- , -?
-? - ?
- , ,
?
-
?
?
?
?
?
-
/
..
, -
?
, ?
, ?
- ?
, 7,
, . D
,
7, .
22
2:
3
2:
, COBIT 5
, . , COBIT 5:
.
COBIT 5
. COBIT 5 .
,
, .
, COBIT 5 , -.
COBIT 5
(. 4),
. ,
, , ,
, , -.
COBIT. , COBIT 5
,
,
-,
.
, COBIT 5, 8,
4.
8 COBIT 5
4
ISACA Taking Governance Forward (TGF).
www.takinggovernanceforward.org.
23
Personal Copy of: Sergey Yelhimov
( ), :
, , , .
, , ,
, ,
. , , (, ..), .
.
COBIT 5
(. 5).
, ,
.. , ,
, .
COBIT 5 ,
.
, . ,
,
. COBIT 5
( ), , .
9 8,
.
www.takinggovernanceforward.org.
9 ,
,
24
3:
4
3:
COBIT 5 :
, , ,
COBIT 5 .
, ,
. ,
, .
,
.
, ISACA.
, ISACA
, COBIT, Val IT, Risk IT, BMIS, Board Briefing on IT
Governance ITAF. COBIT 5 .
COBIT 5
10 .
10 COBIT 5
ISACA
(COBIT, Val IT,
Risk IT, BMIS ...)
ISACA
COBIT 5
COBIT 5
COBIT 5
COBIT 5
COBIT 5
COBIT 5
-
COBIT 5
25
Personal Copy of: Sergey Yelhimov
COBIT 5
(. 11) :
, :
ISACA (COBIT 4.1, Val IT 2.0, Risk IT, BMIS);
,
;
, ITIL,
TOGAF ISO. A.
,
.
COBIT 5,
.
() .
11 COBIT 5
COBIT 5
COBIT 5
COBIT 5:
Enabling Processes
COBIT 5:
Enabling Information
COBIT 5
COBIT 5 Implementation
COBIT 5
for Information
Security
COBIT 5
for Assurance
COBIT 5
for Risk
- COBIT 5
26
4:
5
4:
COBIT 5
, , -.
.
, - .
COBIT 5 (. 12):
,
.
,
,
-.
.
,
.
,
. ,
,
.
, , ,
, .
, ,
.
12 COBIT 5
2.
3.
4. ,
1. ,
5.
6. ,
7. ,
,
. :
, . ,
-, .
, .
, .
12 ,
, .
. ,
:
,
. , , .
. , ,
.
27
Personal Copy of: Sergey Yelhimov
,
. ,
,
.
, .
3
- (, ),
, . ,
. , , .
4
. , ,
, . ,
.
COBIT 5
. ( 13) :
, ;
;
.
13
(, )
( )
/
/
/
/
/
/
(/)
( )
:
. (,
, ). ,
/ , . ,
, .
,
.
, , , -.
7.
. . , .
:
;
.
28
4:
COBIT 5.
:
, .
()
, . , , ,
, , , .
, :
.
, , .
. ,
. , , , ..
:
( );
;
///;
/;
/;
/.
() . .
.
, ,
. COBIT 5 ,
(, ).
, ..
.
,
( ) :
?
?
?
?
. ,
, .
,
.
5 , ,
.
5
, -
, .
, :
. , , , , ,
( RACI) .
, RACI, COBIT 5: .
. . , Manage Relationships (
APO08 COBIT 5: ) , :
: , -,
: (), -
: -
: -,
29
Personal Copy of: Sergey Yelhimov
5 ()
. : , , .
. ,
. , ,
( ), COBIT 5: .
, () .
COBIT 5 Process Capability Model, ISO/IEC 15504, .
. , COBIT 5: .
.
, , :
RACI, . ,
:
, (,
) .
RACI .
: , ( ) (,
, , ).
, .
.
G. ,
, ,
.
30
5:
6
5:
COBIT 5 .
, .
COBIT 5, :
:
, ;
;
.
,
.
, , ,
, , .
,
.
, ,
. ,
(, ),
.
14.
14 COBIT 5
COBIT 5 (COBIT 5: )
, .
RACI, .
,
. , ,
, ,
.
.
, .
, , (,
) , .
, . ,
( ) ( ).
.
,
.
,
, , .
,
,
, .
31
Personal Copy of: Sergey Yelhimov
COBIT 5
COBIT 5 ,
15 .
15 COBIT 5
(APO)
(BAI)
(DSS)
(MEA)
, , :
. ,
, .
COBIT 5 ,
. , ,
, - -.
, .
, , .
, . ,
, ,
.
COBIT 5
:
. ,
, (Evaluate, Direct and Monitor (EDM5)).
. -, :
, , (Plan, Build, Run, Monitor (PBRM)),
. COBIT 4.1.
:
, Align, Plan and Organise (APO)
, Build, Acquire and Implement (BAI)
, Deliver, Service and Support (DSS)
, Monitor, Evaluate and Assess (MEA)
5
.
32
5:
. , ,
( )
, , ,
.
COBIT 5 COBIT 4.1
Risk IT Val IT.
16 37 COBIT 5.
, , COBIT 5: .
16 COBIT 5
,
EDM01
EDM02
EDM03
EDM04
EDM05
,
APO01
APO08
APO02
APO03
APO09
APO10
APO04
APO05
APO06
APO11
APO12
APO13
BAI04
BAI05
BAI06
DSS04
DSS05
DSS06
APO07
,
MEA01
,
,
BAI01
BAI02
BAI03
BAI08
BAI09
BAI010
,
DSS01
DSS02
DSS03
BAI07
MEA02
,
MEA03
,
33
Personal Copy of: Sergey Yelhimov
34
COBIT 5 ,
, .
, .
ISACA COBIT 5
6, .
, , ,
, . :
, ;
;
.
COBIT 5 :
- ;
-;
;
COBIT , ,
, , , .
.
( ),
, :
;
, ;
, ;
;
- ;
;
;
;
, .
.
.
COBIT
. COBIT
,
.
:
, .
,
-.
.
.
.
www.isaca.org/cobit
35
Personal Copy of: Sergey Yelhimov
COBIT
. , , -
, .
COBIT.
,
. (, , )
.
COBIT , .
: .
, () COBIT
,
. ,
. -.
,
. .
.
.
.
,
.
-
,
.
-
, .
,
. , , ,
( ).
.
, ( )
, COBIT 5 .
:
,
.
, -, , .
,
.
.
.
-, .
.
, ,
.
36
-,
- .
- -, , .
, ,
- .
.
, ,
. -
COBIT 5 :
, .
, .
- ().
.
.
.
: CEO, CFO, CIO ..
.
- -.
(
) .
( )
, , .
, , (
), .
/ . ,
. , , ,
.
(
, ), ,
, ( ,
). , ,
,
, .
COBIT
. :
1. . .
2. . .
3. .
, , ,
. 17.
37
Personal Copy of: Sergey Yelhimov
17 COBIT 5
4 ?
( )
(
)
( )
1 .
-,
.
2 ,
, - - COBIT,
.
, .
() .
.
, , .
3 .
COBIT .
, .
, , ,
.
4 : . . -
.
38
5.
COBIT
. ,
.
6 ,
.
7 ,
, .
.
: -
,
. (
, ), , ,
.
, , .
. -. -
, , ,
- ,
. - ,
. , - :
, - (
, ). -
-.
, .
, .
, (
).
.
-.
, , (
).
, , .
, , ( COBIT).
- , ,
, ,
.
.
, .
,
.
39
Personal Copy of: Sergey Yelhimov
6
ITGI 7 PwC. 800
- 21 . -
; 28,1% , , 27,1%
. , , - (42,2%),
(39.6%) - - (37.3%).
ISACA 8, COBIT . ,
, ,
.
, 250 , , , ,
20 , , 9. ,
.
, ,
, - . ,
,
. ,
10.
I TGI, Global Status Report on the Governance of Enterprise IT (GEIT)2011, USA, 2011, www.isaca.org/Knowledge-Center/Research/ResearchDeliverables/
Pages/Global-Status-Report-on-the-Governance-of-Enterprise-IT-GEIT-2011.aspx
8
ISACA, Building the Business Case for COBIT and Val ITTM Executive Briefing, USA, 2009, www.isaca.org/Knowledge-Center/Research/
ResearchDeliverables/Pages/Building-the-Business-Case-for-COBIT-and-Val-IT-Executive-Briefing.aspx
9
Weill, Peter; Jeanne W. Ross; IT Governance: How Top Performers Manage IT Decision Rights for Superior Results, Harvard Business School Press, USA, 2004
10
De Haes, Steven; Dirk Gemke; John Thorp; Wim Van Grembergen; Analyzing IT Value Management @ KLM Through the Lens of Val IT, ISACA Journal,
2011, vol 4. Van Grembergen, Wim; Steven De Haes; Enterprise Governance of IT: Achieving Alignment and Value, Springer, USA, 2009
7
40
8
COBIT 5
8
COBIT 5
COBIT 4.1
COBIT 5
COBIT 4.1 18.
18 COBIT 4.1
( )
COBIT 4.1
11
COBIT 4.1
www.isaca.org/cobit-pam
41
Personal Copy of: Sergey Yelhimov
COBIT 4.1 ( ,
)
COBIT 4.1:
, .
, ,
.
, COBIT 4.1 ,
, .
,
. .
COBIT 5 19.
19 COBIT 5
PA 2.1
PA 2.2
PA 3.1
PA 3.2
PA 4.1
1.1 - -
PA 4.2
PA 5.1
PA 5.2
-
COBIT 5
COBIT 5
(
/
)
(/
)
, ,
:
0 . .
,
.
1 ( ). .
2 ( ). (
, ). ,
.
3 ( ).
.
4 ( ).
.
5 .
, .
,
. , 3 ( ) ,
, ,
2 ( ).
42
8
COBIT 5
1 .
1 , , , ,
.
.
.
( , ) ,
.
ISO/IEC 15504 COBIT 4.1 (
Val IT Risk IT):
, ISO 15504
COBIT 4.1.
ISO/IEC 15504 .
COBIT 4.1, .
,
ISO/IEC 15504. , COBIT 5:
.
( ), ,
1 .
,
. COBIT 5:
,
.
, , ,
COBIT 3, (PC) COBIT 4.1,
.
12
,
. , ,
.
, , :
COBIT 4.1 COBIT 5 ( ),
, - , (. 20).
, COBIT 5 (. 20). COBIT 4.1,
1 2, . COBIT 5
1 0.
COBIT 4.1 COBIT 5 20.
ISO/IEC 15504
, COBIT 5.
, ( ,
):
, ;
, COBIT 5 ;
, COBIT 5 .
COBIT 4.1 ,
, .
, ,
.
COBIT 5 ,
, .
COBIT 4.1 COBIT 5 .
, , 21.
, COBIT 4.1,
, COBIT 5 21.
12
www.isaca.org/cobit-assessment-programme.
43
Personal Copy of: Sergey Yelhimov
ISO/IEC 15504
5:
5
,
. .
,
,
.
4
,
.
.
.
4:
.
3
.
;
.
, .
3:
.
2:
( ,
). ,
.
2 , ,
, ,
.
,
.
, .
1:
.
:
, 0 ()
ISO/IEC 15504.
1 /
,
, . ,
,
.
.
0 .
.
0:
.
, .
44
COBIT 4.1
COBIT 5
8
COBIT 5
COBIT 5 COBIT 4.1 :
,
.
, , COBIT 4.1:
, , , .
,
.
,
, .
, , ,
.
COBIT 5
ISO/IEC 15504 ,
. ,
/ , ,
, .
COBIT 5, ISO/IEC 15504,
, COBIT 2000 , :
.
(as-is) (to-be) .
,
.
,
.
,
COBIT 5 .
COBIT 5 1 . ,
, 1 , .
. ,
.
, ( , 1) :
1. , ,
ISO/IEC 15504, ,
. :
N ( ). , ,
( 0 15% ).
P ( ). ,
, . ,
() ( 15% 50% ).
L ( ).
. (
50% 85% ).
F ( ).
.
( 85% 100% ).
2. ( ) ,
, .
3. ,
, .
45
Personal Copy of: Sergey Yelhimov
. ,
1,
? , 1 , ,
. :
1. ,
.
2. ,
, .
, ISO/IEC 15504:2.
.
46
,
COBIT 5.
Association for Project Management (APM); APM Introduction to Programme Management, Latimer, Trend and Co.,
UK, 2007
British Standards Institute (BSI), BS25999:2007 Business Continuity Management Standard, UK, 2007
CIO Council, Federal Enterprise Architecture (FEA), ver 1.0, USA, 2005
European Commission, The Commission Enterprise IT Architecture Framework (CEAF), Belgium, 2006
Kotter, John; Leading Change, Harvard Business School Press, USA, 1996
HM Government, Best Management Practice Portfolio, Managing Successful Programmes (MSP), UK, 2009
HM Government, Best Management Practice Portfolio, PRINCE2, UK, 2009
HM Government, Best Management Practice Portfolio, Information Technology Infrastructure Library (ITIL), 2011
International Organization for Standardization (ISO), 9001:2008 Quality Management Standard, Switzerland, 2008
ISO/International Electrotechnical Commission (IEC), 20000:2006 IT Service Management Standard, Switzerland, 2006
ISO/IEC, 27005:2008, Information Security Risk Management Standard, Switzerland, 2008
ISO/IEC, 38500:2008, Corporate Governance of Information Technology Standard, Switzerland, 2008
King Code of Governance Principles (King III), South Africa, 2009
Organisation for Economic Co-operation and Development (OECD), OECD Principles of Corporate Governance,
France, 2004
The Open Group, TOGAF 9, UK, 2009
Project Management Institute, Project Management Body of Knowledge (PMBOK2), USA, 2008
UK Financial Reporting Council, Combined Code on Corporate Governance, UK, 2009
47
Personal Copy of: Sergey Yelhimov
48
B
-
B
-
COBIT 5 2.
22 , , -
. :
17 , COBIT 5
(Balanced Scorecard, BSC).
17 -,
.
. :
P , , -
.
S , , , -
.
7
, :
7. :
-:
04 -,
10 ,
14
, , -:
01 - -
07 - -
08 ,
. 09.
:
():
2.
8. -
11. -
17.
():
1. -
3. - ( )
6.
13. -
14. -
16.
:
.
, COBIT 5.
49
Personal Copy of: Sergey Yelhimov
22, , , 2,
COBIT 5.
22 - - COBIT
- ( )
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
50
01
- -
02
S
S
04
05
06
-,
07
-
-
08
09
10
11
-,
12
,
-
,
,
14
15
16
17
,
-
13
S
P
S
S
S
S
S
S
P
S
P
S
S
P
P
03
S
S
S
S
P
P
P
S
S
P
P
S
C
- -
C
-
-
-
-, , 2.
23 :
17 -,
.
37 COBIT 5, .
- -.
:
P , , -
-.
S , , , -
-.
8 APO13
APO13 -:
:
02 -
04 -
06 -,
10 ,
14
:
07 - -
08 ,
:
.
, COBIT 5.
23, , , 2,
COBIT 5.
51
Personal Copy of: Sergey Yelhimov
,
,
52
- -
-
-
-,
- -
,
,
-,
-,
-
,
,
,
-
23 - - COBIT 5
-
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
COBIT 5
EDM01
P
EDM02
P
EDM03
EDM04
EDM05
S
S
P
APO01
P
P
S
S
APO02
P
S
S
S
APO03
P
S
S
S
APO04
S
S
P
APO05
P
S
S
P
S
APO06
S
S
S
P
P
APO07
P
S
S
APO08
APO09
APO10
APO11
APO12
APO13
S
S
S
P
S
P
S
S
S
S
P
P
P
P
S
P
S
S
S
S
S
P
P
S
S
S
P
P
S
S
S
S
P
P
P
P
S
S
S
S
P
S
S
S
S
P
P
S
P
P
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
S
P
S
S
P
S
S
P
S
S
S
P
P
P
S
S
S
S
S
S
P
P
S
S
S
S
S
P
C
- -
23 - - COBIT 5 ()
- -
-,
- -
-,
-,
-
,
,
,
-
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
COBIT 5
BAI01
BAI02
BAI03
BAI04
BAI05
BAI06
BAI07
BAI08
BAI09
BAI10
DSS01
DSS02
DSS03
DSS04
DSS05
DSS06
MEA01
MEA02
MEA03
,
,
S
S
S
S
S
S
S
S
53
Personal Copy of: Sergey Yelhimov
54
D
4
. 2 .
, .
24. ,
.
, -,
.
, , , .
, .
24 .
5.
4.
3.
2.
-
( )
1.
24 - COBIT 5
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
?
-?
?
?
?
?
?
?
?
?
?
?
-
?
()?
55
Personal Copy of: Sergey Yelhimov
5.
4.
3.
2.
-
( )
1.
24 - COBIT 5
()
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
-?
?
?
?
,
-?
-
, , ?
-?
?
,
?
,
-?
-?
-
?
-
,
,
?
-
?
?
?
?
?
56
COBIT 5
E
COBIT 5
COBIT 5
. ISO/IEC 38500,
ISO/IEC 38500. COBIT 5
.
ISO/IEC 38500
1
:
( ) - ( ) ,
,
.
,
(
), . ,
,
, . ,
, ,
, -.
ISACA :
1. COBIT 5 .
, RACI13.
.
2. COBIT 5 ,
.
3. COBIT 5 . .
EDM05
,
.
2
:
,
- . , ,
, ,
. ,
.
, ,
. , ,
-
.
13
- , ,
57
Personal Copy of: Sergey Yelhimov
, - -,
. -
-. -
, -,
, /
. - - ,
.
(), ,
.
ISACA :
1. COBIT 5 -, (
EDM02 ) ,
- .
2. APO COBIT 5 ,
-, : ,
, , , ,
, , .
-
,
-, .
3. -
, - , .
17 17 -,
. , ,
, .
3
:
- -,
, . :
,
- . -
- .
- -
. , , ,
, -, .
- ,
,
.
ISACA :
1. EDM COBIT 5 -
(, ,
). APO05
,
.
2. APO COBIT 5 , ,
, , .
3. BAI COBIT 5 , . , , ,
, .
, , ,
- - .
4. BAI EDM05 COBIT 5 ,
,
, .
58
COBIT 5
4
:
:
.
, ,
. ,
-, ,
- .
. ,
, ,
, .
ISACA :
1. COBIT 5 -
, , ,
.
2. COBIT 5 -
,
. ISO/IEC 15504.
3. :
a. APO02 ,
b. APO09 , ,
.
4. MEA01 , ,
COBIT 5 ,
.
5. COBIT 5 ,
.
5
:
,
, , ,
. ,
.
,
. ,
, , , -
,
, .
,
. ,
, ,
.
,
,
.
ISACA :
1. COBIT 5
.
.
2. COBIT 5 APO02
-, .
3. COBIT 5 MEA02 ,
.
59
Personal Copy of: Sergey Yelhimov
ISO/IEC 38500 ,
ISACA :
COBIT 5 ,
EDM. .
60
COBIT 5
COBIT 5 ;
A.
COBIT 5:
, .
, , COBIT 5
.
ISO/IEC 27000
ISO/IEC 31000
TOGAF
COBIT 5 TOGAF:
, EDM (). TOGAF Architecture
Board, Architecture Governance Architecture Maturity Models .
APO. TOGAF Architecture Development
Method, COBIT 5 ( A ADM),
( B, C, D ADM), ( E
ADM) ( F G ADM). TOGAF
COBIT 5 :
17 (ADM Architecture Requirements Management)
23 (Architecture Principles)
24 (Stakeholder Management)
30 (Business Transformation Readiness Assessment)
31 (Risk Management)
32 (Capability-based Planning)
48 (Architecture Compliance)
49 (Architecture Contracts)
PRINCE2
COBIT 5 PRINCE2:
, APO
, BAI
25 COBIT 5 .
61
Personal Copy of: Sergey Yelhimov
25 COBIT 5
, (EDM)
ISO/IEC 38500
, (APO)
ISO/IEC 31000
TOGAF
ISO/IEC 27000
PRINCE2/PMBOK
CMMI
, (BAI)
ITIL V3 2011 ISO/IEC 20000
,
(MEA)
, (DSS)
62
F
COBIT 5
COBIT 4.1
F
COBIT 5
COBIT 4.1
, COBIT 4.1
, , , , ,
COBIT 5,
32 G.
:
COBIT 4.1.
COBIT 5,
.
COBIT 4.1
COBIT 5
, ,
. , , .
: , , , ,
.
,
, . ,
, ( ,
, , ), .
: , , , .
, , .
: .
. , ,
, . ,
, . :
, , .
, .
, ,
.
,
.
63
Personal Copy of: Sergey Yelhimov
64
G
COBIT 5
G
COBIT 5
, 5, ,
COBIT 5. 27.
27
(, )
/
/
/
/
/
/
( )
(/)
( )
:
. (,
, ). ,
/ , . ,
, .
,
.
, -.
7.
. . , .
:
;
.
COBIT 5.
:
, .
()
, . , , ,
, , , .
, :
, ;
, , .
. :
. , , , ..
:
65
Personal Copy of: Sergey Yelhimov
( );
;
///;
/;
/;
/.
() . .
.
, ,
. COBIT 5 ,
(, ).
, ..
.
,
:
?
?
?
?
. ,
, .
,
.
, , 27,
,
.
, ,
.
.
, COBIT 5
,
.
66
G
COBIT 5
COBIT 5: ,
,
. ,
28.
, :
.
. : ,
, , ,
. : ,
.
. , ,
, ,
, .
:
;
.
, , ,
. :
, ;
, ;
, , ,
.
: ,
? , , ?
28 COBIT 5: , ,
(, )
/
/
/
/
/
/
( )
, ,
, ,
(/):
( )
, ,
.
:
, ;
, ;
67
Personal Copy of: Sergey Yelhimov
, ;
.
. .
, .
, ,
, .
, ,
, , , .
:
, ,
(. ), ?
():
,
.
:
;
;
;
.
,
.
.
,
.
.
, .
.
:
, ,
, , ,
.
.
,
.
, , ,
.
9
.
, .
, .
, , .
, .
,
, . .
:
, .
, .
, .
, , , .
: , , , COBIT 5.
68
G
COBIT 5
COBIT 5:
29.
29 COBIT 5:
(, )
/
/
/
/
/
/
(/)
( )
( )
, ,
( ),
(: , ).
:
.
, .
RACI. , -,
. ,
, .
. , .
,
. , -,
.
:
. ?
? ?
() .
? ?
. ,
, .
, ,
. ,
. SMART, , ,
, .
69
Personal Copy of: Sergey Yelhimov
,
. ,
.
, .
. . , , ,
/ . ,
COBIT 5, ISO/IEC 15504,
, , .
(). COBIT 5:
, :
, 14.
:
COBIT 5 ,
.
:
- , , ;
- ;
- , , ;
- , -, .
:
- , , ;
- , ;
- , , -;
- , .
. COBIT ,
.
, ,
. COBIT 5 , ,
, /
- . :
- , , -,
, , ;
- ,
.
,
,
(Governance Practice, GP) (Management Practice, MP).
, GP/MP
. :
- GP/MP;
- ;
- ;
- ;
- , ,
.
. ,
:
- , ITIL, ISO/IEC 20000
PRINCE2.
- COBIT 5
.
. COBIT 5 /,
. ,
. GP/MP ,
15.
. ,
.
, .
15
COBIT 5 ,
, , .
14
70
G
COBIT 5
.
, COBIT ,
, , ,
.
.
,
( ):
?
?
?
?
.
. COBIT 5:
.
,
.
. COBIT 5
, ISO/IEC 15504. 8,
ISACA, COBIT 5.
, .
.
:
( ), (
).
, ,
RACI: , , , , CIO, CEO
.
(): ,
.
.
, ,
.
, .
10 ,
. 5, .
COBIT 5
COBIT 5 .
, ,
.
:
: , ,
. ,
, (EDM,
ISO/IEC 38500).
: ,
PBRM .
71
Personal Copy of: Sergey Yelhimov
10
, -
, .
, :
. , , , , ,
( RACI) .
, RACI, COBIT 5: .
. . , Manage Relationships (
APO08 COBIT 5: ) , :
: , -, .
: (), - .
: -.
: -, .
. : , , .
. ,
. , ,
( ), COBIT 5: .
, () .
COBIT 5 Process Capability Model, ISO/IEC 15504, :
2 :
. :
;
;.
;
;
.
:
;
;
.
.
. , COBIT 5: .
.
, , :
RACI, . ,
:
- , (,
) .
- RACI .
: , ( ) (,
, , ).
, .
.
,
, : , /, ,
.
COBIT 5
COBIT 5 ,
30 .
, , :
. ,
, .
72
G
COBIT 5
30 COBIT 5
(APO)
(BAI)
(DSS)
(MEA)
COBIT 5 ,
. , ,
, -.
, .
, , .
, . ,
, ,
.
COBIT 5
:
. , ,
(Evaluate, Direct and Monitor (EDM)).
. -, :
, , (Plan, Build, Run, Monitor (PBRM)),
. COBIT 4.1.
. , ,
( )
, , ,
.
COBIT 5
. , .
COBIT 5 COBIT 4.1
Risk IT Val IT. 31 37
COBIT 5. , ,
COBIT 5: .
73
Personal Copy of: Sergey Yelhimov
31 COBIT 5
,
EDM01
EDM02
EDM03
EDM04
EDM05
,
APO01
APO08
APO02
APO03
APO09
APO10
APO04
APO05
APO06
APO11
APO12
APO13
BAI04
BAI05
BAI06
DSS04
DSS05
DSS06
APO07
,
MEA01
,
,
BAI01
BAI02
BAI03
BAI08
BAI09
BAI010
,
DSS01
DSS02
DSS03
74
BAI07
MEA02
,
MEA03
,
G
COBIT 5
COBIT 5:
32.
:
.
. : ,
, , , ,
. , ,
. .
. ,
.
.
. . , ,
, , , .
.
(). :
: , ,
, .
: .
: .
/ ,
.
.
:
.
32 COBIT 5:
(, )
/
/
/
/
/
/
( )
,
,
,
,
(/):
( )
:
RACI .
: (Responsible),
(Accountable), (Consulting) (Informed).
,
, .
.
.
75
Personal Copy of: Sergey Yelhimov
.
, , , ,
.
, COBIT 5
, COBIT 5: .
RACI, . 33
.
:
. ,
, .
.
.
33 COBIT 5
/
,
.
CEO
, .
CFO
, , ,
, .
(COO)
, .
CRO
, .
, -, -.
CIO
, - -,
, -
-.
(CISO)
, .
, - -.
, ,
.
, ,
, ,
. , , - -,
. CIO,
.
, ,
, ,
.
, ,
.
, , ,
(ERM).
-.
, .
, ,
.
, .
, .
76
G
COBIT 5
33 COBIT 5
/
, .
, .
, - .
, , ,
.
(VMO)
, ,
-,
.
, , ,
() ().
, , , .
, , , /
-, ,
.
,
,
. : .
77
Personal Copy of: Sergey Yelhimov
78
G
COBIT 5
COBIT 5: ,
,
.
34.
34 COBIT 5: ,
(, )
/
/
/
/
/
/
( )
(/)
( )
, :
. ,
. : ,
, .
: ,
(, , , ),
.
. :
, .
, ,
, , , - ,
.
, .
, , :
. :
. ? ?
. / ?
. , ,
? ,
, ?
. ,
.
. , .
(). ,
:
.
79
Personal Copy of: Sergey Yelhimov
,
.
.
.
, .
.
:
,
( ), .
, ,
(, - ),
.
.
11
. ,
, - .
,
. . ,
, , .
, , (
). , , ,
.
.
: ,
.
12 -
-:
, , .
,
. , ,
, , .
. ,
. - -
. , .
- , .
, .
, .
80
G
COBIT 5
COBIT 5:
.
, ,
.
, .
.
( 35), - , ,
, , .
, , , COBIT 5.
35 COBIT 5 -
-
COBIT 5
36.
36 COBIT 5:
(,
)
/
/
/
/
/
/
(, )
( )
(,
)
(),
, ,
(), :
, ,
()
( )
( )
81
Personal Copy of: Sergey Yelhimov
;
;
.
.
, IM
. ,
: , (), . , ,
.
,
.
. :
.
:
.
, .
.
.
,
,
, :
.
.
.
.
.
.
,
, .
.
.
:
/ ,
.
.
F COBIT 5
COBIT 4.1. , COBIT 4.1
.
. ,
. COBIT 5 :
. , .
,
, ,
.
.
/. .
, .
/:
82
G
COBIT 5
. , (
).
( , ) ( ).
. , .
, ,
. ,
,
.
. , .
, ,
.
, ,
, ,
.
, 8.
, : , ,
, , , .
. , .
, , ,
, .
. , ,
.
.
(). - :
, , , .
.
.
.
, , .
: ,
, , , ,
.
:
. , .
, . , : ,
, .
. , ,
.
. , , ,
.
. .
.
/. , ,
, .
. .
.
. , , -
, , /
, .
. , ,
, , , .
. , , ,
, .
. ,
. .
. ,
83
Personal Copy of: Sergey Yelhimov
.
. , , .
. , ,
; .
. , , ,
.
. , ,
, , , , .
. , , , ,
, , .
.
-, .
, ,
, ,
.
, ,
( ). . ,
.
, .
. ,
13, 14 15 .
13
, .
, -, .
, :
?
?
?
? ?
? ,
?
, ,
.
, ..
14
.
, , :
?
?
? , ?
? ?
.
, , ,
. , , ,
. .
84
G
COBIT 5
15 -
- ( ), ,
, .
, , , .
: .
, , ,
.
-.
COBIT 5: ,
, ,
-.
37.
:
. (
, )
. ( -)
. - (-)
(, , ). ,
, .
. (, ,
) , ,
. , ,
, -.
. .
,
, , , .
37 COBIT 5: ,
(,
)
,
,
,
/
/
/
/
/
/
( )
,
,
(/):
(,
, )
( )
85
Personal Copy of: Sergey Yelhimov
, , , . ,
, .
(). :
.
- . :
.
.
. ,
.
. ,
.
. , .
. .
: , ,
, . ,
, ,
.
, , ,
, .
, :
, -;
, ,
;
.
.
. ,
, ,
, :
TOGAF16 Technical Reference Model Information Infrastructure Reference Model.
ITIL .
:
.
.
.
COBIT 5
.
16
www.opengroup.org/togaf
86
G
COBIT 5
COBIT 5: ,
38.
38 COBIT 5: ,
(,
)
, ,
, ,
/
/
/
/
/
/
,
,
(/):
( )
( )
, :
.
. :
-, , , , , ,
, - .
. , , ,
. ,
.
.
:
.
. , ,
. ( ),
( ) .
, , .
, , , , ,
.
.
():
, . ,
.
. , ,
- .
:
, SFIA Skills Framework for the Information Age,
.
, COBIT 5 39.
87
Personal Copy of: Sergey Yelhimov
39 COBIT 5
-
-
-
-
:
.
.
, :
, .
,
.
88
(RACI)
( , ), ,
.
RACI : ?
-,
, ,
, ,
. ,
,
.
COBIT: , .
.
:
.
.
.
.
, ,
.
,
.
,
.
, ,
.
.
: :
. .
, -,
.
. ,
, .
, .
,
, .
; ,
.
, ,
.
, , ,
.
, .
:
,
.
89
Personal Copy of: Sergey Yelhimov
COBIT
, ,
, ,
. ,
.
, .
(RACI)
, ( ).
,
, , .
RACI :
? , . RACI,
(Responsible) (Accountable) ,
. , ,
, , ,
, .
: :
,
.
, , .
, , -.
;
.
.
90
, : , , ,
. , ,
.
.
, , , .
,
.
. -.
,
, ,
.
, ;
, .
, , \
(
, ).
,
.
:
, ;
; ,
.
COBIT,
.
.
, .
,
; ; , ,
- ,
, ( , ).
: COBIT COSOs Internal Control Integrated Framework.
,
,
. , ,
, .
, , ,
. , : , ,
.
. .
(RACI)
, (
).
RACI, : ? ,
. (Accountable)
, ,
.
91
Personal Copy of: Sergey Yelhimov
, .
,
,
. ,
, .
, COBIT 5, ,
,
.
, -,
.
,
. ,
.
. -,
, .
, , ,
.
,
, .
,
. SMART ( ,
, , ).
, , (
), .
. ,
, .
: .
. .
, - :
, , , .
, .
. , ,
, ,
.
: , .
, ,
( ),
(, ).
: -,
,
.
()
92
ISO/IEC 15504: ,
.
ISO/IEC 15504:
.
, . ,
.
()
, ,
.
( ).
RACI
, , ,
.
, .
. ,
: , , , ..
(RACI)
, .
(ISO/IEC 73).
. ,
, , \
.
.
-, .
. -.
, , -. :
, , , , .
, , , ,
, ,
, .
, ,
( , ).
RACI : ? ,
.
93
Personal Copy of: Sergey Yelhimov
94