Вы находитесь на странице: 1из 94

COBIT 5: -

1
Personal Copy of: Sergey Yelhimov

ISACA
ISACA (www.isaca.org) - ,
, ,
(), .
1969 , 95000
160 . , ISACA
Journal, ,
.
- CISA (Certified
Information Systems Auditor), CISM (Certified Information Security Manager), CGEIT (Certified in the Governance
of Enterprise IT) CRISC (Certified in Risk and Information Systems Control). ISACA
- COBIT, -
, , ,
, .
Disclaimer
ISACA has designed this publication, COBIT 5 (the Work), primarily as an educational resource for governance of
enterprise IT (GEIT), assurance, risk and security professionals. ISACA makes no claim that use of any of the Work will
assure a successful outcome. The Work should not be considered inclusive of all proper information, procedures and tests or
exclusive of other information, procedures and tests that are reasonably directed to obtaining the same results. In determining
the propriety of any specific information, procedure or test, readers should apply their own professional judgement to the
specific GEIT, assurance, risk and security circumstances presented by the particular systems or information technology
environment.

ISACA , COBIT 5 (), ,
, ,
. ISACA .
, ,
, , ,
. , ,
, ,
, ,
.
Copyright
2012 ISACA. All rights reserved. For usage guidelines, see www.isaca.org/COBITuse.
Copyright
2012 ISACA. . : www.isaca.org/COBITuse
ISACA
3701 Algonquin Road, Suite 1010 Rolling Meadows, IL 60008 USA
: +1.847.253.1545 : +1.847.253.1443
: info@isaca.org
-: www.isaca.org
: www.isaca.org/cobit
ISACA: www.isaca.org/knowledge-center
ISACA : https://twitter.com/ISACANews
COBIT : #COBIT
ISACA : ISACA (Official), http://linkd.in/ISACAOfficial
ISACA : www.facebook.com/ISACAHQ
Quality Statement
This Work is translated into Russian from the English language version of COBIT 5 by the ISACA Moscow Chapter with
the permission of ISACA. The ISACA Moscow Chapter assumes sole responsibility for the accuracy and faithfulness of
the translation.

ISACA
ISACA. ISACA
.
COBIT 5
ISBN 978-1-60420-290-8

2

Personal Copy of: Sergey Yelhimov

ISACA :
, CGEIT, CISA, TOGAF,
, GSV
, CISA, CISM, CGEIT, KPMG
, ITIL Expert, Cleverics
, ITIL Expert, GSV
, Deloitte & Touche
, Cleverics
, ITIL Expert, Cleverics
, CISA, CISM, CGEIT, 44
ISACA :
COBIT 5 (20092011)
John W. Lainhart, IV, CISA, CISM, CGEIT, IBM Global Business Services, ,
Derek J. Oliver, Ph.D., DBA, CISA, CISM, CRISC, CITP, FBCS, FISM, MInstISP, Ravenswood Consultants Ltd.,
,
Pippa G. Andrews, CISA, ACA, CIA, KPMG,
Elisabeth Judit Antonsson, CISM, Nordea Bank,
Steven A. Babb, CGEIT, CRISC, Betfair,
Steven De Haes, Ph.D., University of Antwerp Management School,
Peter Harrison, CGEIT, FCPA, IBM Australia Ltd.,
Jimmy Heschl, CISA, CISM, CGEIT, ITIL Expert, bwin.party digital entertainment plc,
Robert D. Johnson, CISA, CISM, CGEIT, CRISC, CISSP, Bank of America,
Erik H.J.M. Pols, CISA, CISM, Shell International-ITCI,
Vernon Richard Poole, CISM, CGEIT, Sapphire,
Abdul Rafeq, CISA, CGEIT, CIA, FCA, A. Rafeq and Associates,

Floris Ampe, CISA, CGEIT, CIA, ISO 27000, PwC,
Gert du Preez, CGEIT, PwC,
Stefanie Grijp, PwC,
Gary Hardy, CGEIT, IT Winners,
Bart Peeters, PwC,
Geert Poels, Ghent University,
Dirk Steuperaert, CISA, CGEIT, CRISC, IT In Balance BVBA,

Gary Baker, CGEIT, CA,
Brian Barnier, CGEIT, CRISC, ValueBridge Advisors,
Johannes Hendrik Botha, MBCS-CITP, FSM, getITright Skills Development,
Ken Buechler, CGEIT, CRISC, PMP, Great-West Life,
Don Caniglia, CISA, CISM, CGEIT, FLMI,
Mark Chaplin,
Roger Debreceny, Ph.D., CGEIT, FCPA, University of Hawaii at Manoa,
Mike Donahue, CISA, CISM, CGEIT, CFE, CGFM, CICA, Towson University,
Urs Fischer, CISA, CRISC, CPA (Swiss), Fischer IT GRC Consulting & Training,
Bob Frelinger, CISA, CGEIT, Oracle Corporation,
James Golden, CISM, CGEIT, CRISC, CISSP, IBM,
Meenu Gupta, CISA, CISM, CBP, CIPP, CISSP, Mittal Technologies,
Gary Langham, CISA, CISM, CGEIT, CISSP, CPFA,
Nicole Lanza, CGEIT, IBM,
Philip Le Grand, PRINCE2, Ideagen Plc,
Debra Mallette, CISA, CGEIT, CSSBB, Kaiser Permanente IT,
Stuart MacGregor, Real IRM Solutions (Pty) Ltd.,
Christian Nissen, CISM, CGEIT, FSM, CFN People,
Jamie Pasfield, ITIL V3, MSP, PRINCE2, Pfizer,
Eddy J. Schuermans, CGEIT, Esras bvba,
3
Personal Copy of: Sergey Yelhimov

()
()
Michael Semrau, RWE Germany,
Max Shanahan, CISA, CGEIT, FCPA, Max Shanahan & Associates,
Alan Simmonds, TOGAF9, TCSA, PreterLex,
Cathie Skoog, CISM, CGEIT, CRISC, IBM,
Dejan Slokar, CISA, CGEIT, CISSP, Deloitte & Touche LLP,
Roger Southgate, CISA, CISM,
Nicky Tiesenga, CISA, CISM, CGEIT, CRISC, IBM,
Wim Van Grembergen, Ph.D., University of Antwerp Management School,
Greet Volders, CGEIT, Voquals N.V.,
Christopher Wilken, CISA, CGEIT, PwC,
Tim M. Wright, CISA, CRISC, CBCI, GSEC, QSA, Kingston Smith Consulting LLP,

Mark Adler, CISA, CISM, CGEIT, CRISC, Commercial Metals Company,
Wole Akpose, Ph.D., CGEIT, CISSP, Morgan State University,
Krzysztof Baczkiewicz, CSAM, CSOX, Eracent,
Roland Bah, CISA, MTN Cameroon,
Dave Barnett, CISSP, CSSLP,
Max Blecher, CGEIT, Virtual Alliance,
Ricardo Bria, CISA, CGEIT, CRISC, Meycor GRC,
Dirk Bruyndonckx, CISA, CISM, CGEIT, CRISC, MCA, KPMG Advisory,
Donna Cardall,
Debra Chiplin, Investors Group,
Sara Cosentino, CA, Great-West Life,
Kamal N. Dave, CISA, CISM, CGEIT, Hewlett Packard,
Philip de Picker, CISA, MCA, National Bank of ,
Abe Deleon, CISA, IBM,
Stephen Doyle, CISA, CGEIT, Department of Human Services,
Heidi L. Erchinger, CISA, CRISC, CISSP, System Security Solutions, Inc.,
Rafael Fabius, CISA, CRISC,
Urs Fischer, CISA, CRISC, CPA (Swiss), Fischer IT GRC Consulting & Training,
Bob Frelinger, CISA, CGEIT, Oracle Corporation,
Yalcin Gerek, CISA, CGEIT, CRISC, ITIL Expert, ITIL V3 Trainer, PRINCE2, ISO/IEC 20000 Consultant,
Edson Gin, CISA, CISM, CFE, CIPP, SSCP,
James Golden, CISM, CGEIT, CRISC, CISSP, IBM,
Marcelo Hector Gonzalez, CISA, CRISC, Banco Central Republic Argentina,
Erik Guldentops, University of Antwerp Management School,
Meenu Gupta, CISA, CISM, CBP, CIPP, CISSP, Mittal Technologies,
Angelica Haverblad, CGEIT, CRISC, ITIL, Verizon Business,
Kim Haverblad, CISM, CRISC, PCI QSA, Verizon Business,
J. Winston Hayden, CISA, CISM, CGEIT, CRISC,
Eduardo Hernandez, ITIL V3, HEME Consultores,
Jorge Hidalgo, CISA, CISM, CGEIT, ATC, Lic. Sistemas,
Michelle Hoben, Media 24,
Linda Horosko, Great-West Life,
Mike Hughes, CISA, CGEIT, CRISC, 123 Consultants,
Grant Irvine, Great-West Life,
Monica Jain, CGEIT, CSQA, CSSBB, Southern California Edison,
John E. Jasinski, CISA, CGEIT, SSBB, ITIL Expert,
Masatoshi Kajimoto, CISA, CRISC,
Joanna Karczewska, CISA,
Kamal Khan, CISA, CISSP, CITP, Saudi Aramco,
Eddy Khoo S. K., Prudential Services Asia,
Marty King, CISA, CGEIT, CPA, Blue Cross Blue Shield NC,
Alan S. Koch, ITIL Expert, PMP, ASK Process Inc.,
Gary Langham, CISA, CISM, CGEIT, CISSP, CPFA,
Jason D. Lannen, CISA, CISM, TurnKey IT Solutions, LLC,
4

Personal Copy of: Sergey Yelhimov

()
()
Nicole Lanza, CGEIT, IBM,
Philip Le Grand, PRINCE2, Ideagen Plc,
Kenny Lee, CISA, CISM, CISSP, Bank of America,
Brian Lind, CISA, CISM, CRISC, Topdanmark Forsikring A/S,
Bjarne Lonberg, CISSP, ITIL, A.P. Moller - Maersk,
Stuart MacGregor, Real IRM Solutions (Pty) Ltd.,
Debra Mallette, CISA, CGEIT, CSSBB, Kaiser Permanente IT,
Charles Mansour, CISA, Charles Mansour Audit & Risk Service,
Cindy Marcello, CISA, CPA, FLMI, Great-West Life & Annuity,
Nancy McCuaig, CISSP, Great-West Life,
John A. Mitchell, Ph.D., CISA, CGEIT, CEng, CFE, CITP, FBCS, FCIIA, QiCA, LHS Business Control,
Makoto Miyazaki, CISA, CPA, Bank of Tokyo-Mitsubishi, UFJ Ltd.,
Lucio Augusto Molina Focazzio, CISA, CISM, CRISC, ITIL, Independent Consultant,
Christian Nissen, CISM, CGEIT, FSM, ITIL Expert, CFN People,
Tony Noblett, CISA, CISM, CGEIT, CISSP,
Ernest Pages, CISA, CGEIT, MCSE, ITIL, Sciens Consulting LLC,
Jamie Pasfield, ITIL V3, MSP, PRINCE2, Pfizer,
Tom Patterson, CISA, CGEIT, CRISC, CPA, IBM,
Robert Payne, CGEIT, MBL, MCSSA, PrM, Lode Star Strategy Consulting,
Andy Piper, CISA, CISM, CRISC, PRINCE2, ITIL, Barclays Bank Plc,
Andre Pitkowski, CGEIT, CRISC, OCTAVE, ISO27000LA, ISO31000LA, APIT Consultoria de Informatica Ltd.,
Dirk Reimers, Hewlett-Packard,
Steve Reznik, CISA, ADP, Inc.,
Robert Riley, CISSP, University of Notre Dame,
Martin Rosenberg, Ph.D., Cloud Governance Ltd.,
Claus Rosenquist, CISA, CISSP, Nets Holding,
Jeffrey Roth, CISA, CGEIT, CISSP, L-3 Communications,
Cheryl Santor, CISSP, CNA, CNE, Metropolitan Water District,
Eddy J. Schuermans, CGEIT, ESRAS bvba,
Michael Semrau, RWE Germany,
Max Shanahan, CISA, CGEIT, FCPA, Max Shanahan & Associates,
Alan Simmonds, TOGAF9, TCSA, PreterLex,
Dejan Slokar, CISA, CGEIT, CISSP, Deloitte & Touche LLP,
Jennifer Smith, CISA, CIA, Salt River Pima Maricopa Indian Community,
Marcel Sorouni, CISA, CISM, CISSP, ITIL, CCNA, MCDBA, MCSE, Bupa Australia,
Roger Southgate, CISA, CISM,
Mark Stacey, CISA, FCA, BG Group Plc,
Karen Stafford Gustin, MLIS, London Life Insurance Company,
Delton Sylvester, Silver Star IT Governance Consulting,
Katalin Szenes, CISA, CISM, CGEIT, CISSP, University Obuda,
Halina Tabacek, CGEIT, Oracle Americas,
Nancy Thompson, CISA, CISM, CGEIT, IBM,
Kazuhiro Uehara, CISA, CGEIT, CIA, Hitachi Consulting Co., Ltd.,
Rob van der Burg, Microsoft,
Johan van Grieken, CISA, CGEIT, CRISC, Deloitte,
Flip van Schalkwyk, Centre for e-Innovation, Western Cape Government,
Jinu Varghese, CISA, CISSP, ITIL, OCA, Ernst & Young,
Andre Viviers, MCSE, IT Project+, Media 24,
Greet Volders, CGEIT, Voquals N.V.,
David Williams, CISA, Westpac,
Tim M. Wright, CISA, CRISC, CBCI, GSEC, QSA, Kingston Smith Consulting LLP,
Amanda Xu, PMP, Southern California Edison,
Tichaona Zororo, CISA, CISM, CGEIT, Standard Bank,
ISACA
Kenneth L. Vander Wal, CISA, CPA, Ernst & Young LLP (retired), ,
5
Personal Copy of: Sergey Yelhimov

()
Christos K. Dimitriadis, Ph.D., CISA, CISM, CRISC, INTRALOT S.A., , -
Gregory T. Grocholski, CISA, The Dow Chemical Co., , -
Tony Hayes, CGEIT, AFCHSE, CHE, FACS, FCPA, FIIA, Queensland Government, , -
Niraj Kapasi, CISA, Kapasi Bangad Tech Consulting Pvt. Ltd., , -
Jeff Spivey, CRISC, CPP, PSP, Security Risk Management, Inc., , -
Jo Stewart-Rattray, CISA, CISM, CGEIT, CRISC, CSEPS, RSM Bird Cameron, , -
Emil DAngelo, CISA, CISM, Bank of Tokyo-Mitsubishi UFJ Ltd. (retired), , -
Lynn C. Lawton, CISA, CRISC, FBCS CITP, FCA, FIIA, KPMG Ltd., , -
Allan Neville Boardman, CISA, CISM, CGEIT, CRISC, CA (SA), CISSP, Morgan Stanley, ,
Marc Vael, Ph.D., CISA, CISM, CGEIT, CISSP, Valuendo, ,

Marc Vael, Ph.D., CISA, CISM, CGEIT, CISSP, Valuendo, ,
Michael A. Berardi Jr., CISA, CGEIT, Bank of America,
John Ho Chi, CISA, CISM, CRISC, CBCP, CFE, Ernst & Young LLP,
Phillip J. Lageschulte, CGEIT, CPA, KPMG LLP,
Jon Singleton, CISA, FCA, Auditor General of Manitoba (retired),
Patrick Stachtchenko, CISA, CGEIT, Stachtchenko & Associates SAS,
(2009-2012)
Patrick Stachtchenko, CISA, CGEIT, Stachtchenko & Associates SAS, France,
Georges Ataya, CISA, CISM, CGEIT, CRISC, CISSP, Solvay Brussels School of Economics and Management, ,
--
Steven A. Babb, CGEIT, CRISC, Betfair,
Sushil Chatterji, CGEIT, Edutech Enterprises,
Sergio Fleginsky, CISA, Akzo Nobel,
John W. Lainhart, IV, CISA, CISM, CGEIT, CRISC, IBM Global Business Services,
Mario C. Micallef, CGEIT, CPAA, FIA,
Anthony P. Noble, CISA, CCP, Viacom,
Derek J. Oliver, Ph.D., DBA, CISA, CISM, CRISC, CITP, FBCS, FISM, MInstISP, Ravenswood Consultants Ltd.,

Robert G. Parker, CISA, CA, CMC, FCA, Deloitte & Touche LLP (retired),
Rolf M. von Roessing, CISA, CISM, CGEIT, CISSP, FBCI, Forfa AG,
Jo Stewart-Rattray, CISA, CISM, CGEIT, CRISC, CSEPS, RSM Bird Cameron,
Robert E. Stroud, CGEIT, CA Inc.,

ISACA Los Angeles Chapter -
ISACA IT Governance Institute (ITGI)
American Institute of Certified Public Accountants
Commonwealth Association for Corporate Governance Inc.
FIDA Inform
Information Security Forum
Institute of Management Accountants Inc.
ISACA
ITGI
ITGI
Norwich University
Solvay Brussels School of Economics and Management
Strategic Technology Management Institute (STMI) of the National University of Singapore
University of Antwerp Management School
Enterprise GRC Solutions Inc.
Hewlett-Packard
IBM
Symantec Corp.
6

Personal Copy of: Sergey Yelhimov

..................................................................................................................................................................... 9
COBIT 5: - ........................................................ 11
....................................................................................................................................................... 13
1. COBIT 5....................................................................................................................................................... 15
......................................................................................................................................................................... 16
2. 1: ........................................................ 17
............................................................................................................................................................................... 17
COBIT 5........................................................................................................................................................ 17
1. ............................................ 17
2. ................................... 17
3. -....................................................................................... 18
4. - .............................................................................. 18
COBIT 5........................................................................................................................... 20
COBIT 5.................................................................................................................... 20
COBIT 5.............................................................................................. 20
COBIT 5 .............................................................................................. 20
........................................................................................................................... 21
........................................................................................................................ 22
3. 2: ........................................................................................ 23
......................................................................................................................................................... 23
................................................................................................................................ 24
................................................................................................................................................... 24
, .................................................................................................................... 24
4. 3: .............................................................. 25
COBIT 5 .................................................................................................................................... 25
5. 4: ................................................................................................ 27
COBIT 5................................................................................................................................................ 27
.................................. 27
COBIT 5............................................................................................................................. 28
COBIT 5................................................................................................................. 28
...................................................................................... 29
............................................................................................. 29
6. 5: ......................................................................................... 31
................................................................................................................................................. 31
................................................................................................... 31
COBIT 5............................................................................................................................................... 32
7. .............................................................................................................................. 35
............................................................................................................................................................................... 35
.................................................................................................................................. 35
............................................................................................................................................. 36
-.................................................................................................... 36
..................................................................................................................................................... 37
...................................................................................................................................................... 37
: -............................................................................................................... 39

7
Personal Copy of: Sergey Yelhimov

8. COBIT 5...................................................................................................... 41
............................................................................................................................................................................... 41
COBIT 4.1 COBIT 5.............................. 41
........................................................................................................................................................... 43
............................................................................................................................................ 45
COBIT 5............................................................................................... 45
A. .................................................................................................................................................. 47
B. -............................... 49
C. - -......................................... 51
D. ....................................................... 55
E. COBIT 5 ........................... 57
............................................................................................................................................................................... 57
COBIT 5 ISO/IEC 38500.................................................................................................................................................. 57
ISO/IEC 38500.................................................................................................................................... 57
ISO/IEC 38500 , ......................................................................................... 60
................................................................................................................................... 61
ITIL V3 2011 ISO/IEC 20000........................................................................................................................... 61
ISO/IEC 27000....................................................................................................................................................... 61
ISO/IEC 31000....................................................................................................................................................... 61
TOGAF................................................................................................................................................................. 61
Capability Maturity Model Integration (CMMI) ( ).............................. 61
PRINCE2.............................................................................................................................................................. 61
F. COBIT 5 COBIT 4.1.... 63
G. COBIT 5............................................................................65
............................................................................................................................................................................... 65
............................................................................................................................... 65
...................................................................................... 66
COBIT 5: , ........................................................................................ 67
COBIT 5: ............................................................................................................................... 69
...................................................................................... 71
.......................................................................................... 71
COBIT 5.............................................................................................................. 71
COBIT 5: ............................................................................................... 75
COBIT 5: , ................................................................................................ 79
COBIT 5: .......................................................................................................................... 81
. ..................................................................................................................... 81
COBIT 5....................................................................................................... 81
COBIT 5: , ............................................................................. 85
COBIT 5: , ............................................................................................. 87
H. ................................................................................................................................................... 89

Personal Copy of: Sergey Yelhimov


1 COBIT 5....................................................................................................................11
2 COBIT 5..........................................................................................................................................13
3 ..............................................................................................................................................17
4 .........................................................................................................................................18
5 COBIT 5............................................................................................................19
6 -.............................................................................................................................................................19
7 ........................................................................................................22
8 COBIT 5.................................................................................23
9 , .......................................................................................24
10 COBIT 5..............................................................................................................25
11 COBIT 5.....................................................................................................................26
12 COBIT 5...............................................................................27
13 .................................................................................................................28
14 COBIT 5...........................................................31
15 COBIT 5...........................................................32
16 COBIT 5........................................................................................................33
17 COBIT 5......................................................................................38
18 COBIT 4.1........................................................................................................41
19 COBIT 5...............................................................................42
20 (COBIT 4.1) (COBIT 5) .44
21 COBIT 4.1 COBIT 5.........................................44
22 - - COBIT..........................................................50
23 - - COBIT 5.....................................................52
24 - COBIT 5..55
25 COBIT 5 ...............................................................................62
26 COBIT 5 COBIT 4.1.................................................63
27 .................................................................................................................65
28 COBIT 5: , , ...................................................................67
29 COBIT 5: .......................................................................................................69
30 COBIT 5...........................................................73
31 COBIT 5........................................................................................................74
32 COBIT 5: ........................................................................75
33 COBIT 5............................................................................................76
34 COBIT 5: , .......................................................................79
35 COBIT 5 - .........................................................................................81
36 COBIT 5: ..................................................................................................81
37 COBIT 5: , .....................................................85
38 COBIT 5: , .....................................................................87
39 COBIT 5.........................................................................................................................88

9
Personal Copy of: Sergey Yelhimov


COBIT 5
COBIT: , , .

, (,
ITIL, ITSM-) (,
15504-2:2009).
.
, COBIT 5 Governance Management .
COBIT 5 .
governance ,
.
:
:
,
;
;
,
.
, , ,
, , .
COBIT 5 6
5: .

10

Personal Copy of: Sergey Yelhimov

COBIT 5: -

COBIT 5: -

COBIT 5 .
COBIT 5, 1.

1 COBIT 5

COBIT 5
COBIT 5
COBIT 5:
Enabling Processes

COBIT 5:
Enabling Information

COBIT 5
COBIT 5 Implementation

COBIT 5
for Information
Security

COBIT 5
for Assurance

COBIT 5
for Risk

- COBIT 5
COBIT 5 , ,
,
.
COBIT 5 :
COBIT 5 (-)
, , :
COBIT 5:
COBIT 5: Enabling Information ()
 (. www.isaca.org/cobit)
COBIT 5 , :
COBIT 5:
COBIT 5 for Information Security
COBIT 5 for Assurance
COBIT 5 for Risk ()
 (. www.isaca.org/cobit)
- ,
COBIT 5.

11
Personal Copy of: Sergey Yelhimov

12

Personal Copy of: Sergey Yelhimov


.
.

: , .
, , -, :
.
, , ,
.
, .
-.
- .
, , , .
,
, ,
.
, , ,
, .
, ,
. ,
.
COBIT 5 ,
. , COBIT 5
, . COBIT 5
,
, ,
. COBIT 5
: , .

2 COBIT 5
1.

2.

5.

COBIT 5

4.

3.

13
Personal Copy of: Sergey Yelhimov

COBIT 5 , 2:
1: . ,
,
. COBIT 5 ,
- . ,
, , COBIT 5 ,
.
-
.
 2: . COBIT 5
, :

 . COBIT 5 , ,
, .

 , , ,
,
, .
3: .
, -. COBIT 5
. , COBIT 5
.
4: .
, .
COBIT 5 ,
. ,
. COBIT 5 :
,



 ,


,
,
5: . COBIT 5
. ,
. COBIT 5,
:

, :
,
;
;
.
,
.
, .

, , ,
, , .
,
, (CEO).
,

.
14

Personal Copy of: Sergey Yelhimov

1
COBIT 5

1
COBIT 5
COBIT 5 ISACA .
COBIT 5 15- COBIT
, , ,
. COBIT 5
:

(, )
.
, .
, . , , , ,
. , ,
, .
,
, , , , ,
.
.
, -?
,
.
,
. ,
. , -, ,
, , , . CIO (Chief Information Officer) . .
. , , ,
,
.
, ,
, .

, , ,
, , .
-, .
:
 ;
 - ;
 , , ;
 .
, ,
, Information Technology Infrastructure Library (ITIL), The Open Group Architecture
Framework (TOGAF), Project Management Body of Knowledge (PMBOK), PRojects IN Controlled Environments
2 (PRINCE2), Committee of Sponsoring Organizations of the Treadway Commission (COSO),
International Organization for Standardization (ISO).
.
ISACA,
COBIT, Val IT Risk IT, Business Model for Information Security (BMIS), IT Assurance Framework
(ITAF), Board Briefing on IT Governance Taking Governance Forward (TGF). COBIT 5
, .
COBIT 5 ,
. , COBIT 5
. COBIT 5 - ISACA
(www.isaca.org/cobit).

Personal Copy of: Sergey Yelhimov

15


, COBIT 5 :
2 1: .
.
. -, -
(Enablers), .
COBIT 5. ,
.
3 2: . ,
COBIT 5 ,
.
4 3: .
COBIT 5.
5 4: .
.
: .
6 5: ,
. COBIT 5.
7 . ,
, , , ,
. COBIT 5,
COBIT 5.
8 COBIT 5, COBIT
Assessment Programme. COBIT 4.1
.
, :
. , COBIT 5.
B. -. ,
-.
C. - -. , COBIT
-.
D. . ,
, COBIT 5.
E. COBIT 5 .
F. COBIT 5 COBIT 4.1.
G. COBIT 5. 5
, ,
. .
H.

16

Personal Copy of: Sergey Yelhimov

1:

2
1:

, . ,
, ,
.
(. 3). , ,
, , .

,
, . ,
. , , ,
. , ,
: ? ? ?

COBIT 5
. (,
, ..) (, ,
..),
, .
.
COBIT 5 ,
, - .
, ,

- .
COBIT 5 4.

1.

, , ,
- , .

2.

.
(Balanced Scorecard1)
,
. , , ,
.
D.
Kaplan, Robert S.; David P. Norton; The Balanced Scorecard: Translating Strategy Into Action, Harvard University Press, USA, 1996

17
Personal Copy of: Sergey Yelhimov

4

(, , )

D
5

COBIT 5 17 , 5. :
, .
.
,
(P , S , ).

3. -

-, -.
, -
. COBIT 5 17 -,
6.
- B. ,
-.

4. -

- .
5. ,
, ,
-.
, -
COBIT 5, .
2
, - .
, , , COBIT 5
- -.

18

Personal Copy of: Sergey Yelhimov

1:
5 COBIT 5

1.

2.

3. - ( )
5.

6.

S
S

8.

9.

10.

11. -

12. -

13. -

14.

S
P

S
P

15.

7. -

4.

16.

17.

6 -


01

- -

02

03

04

-,

05

06

-,

07

- -

08

09

10

11

-,

12

-, -

13

, ,

14

15

16

17

, -

19
Personal Copy of: Sergey Yelhimov

COBIT 5
COBIT 5

, ,

() , . :
.
COBIT 5 ,
, .
( ) ,
.

COBIT 5

3 ( -, -
COBIT 5 ( )) ,
, . , :
- , .
.
, .
, ,
, .

COBIT 5

,
. ,
, ,
COBIT.
, :
.
, , ..

3
, -
.

20

Personal Copy of: Sergey Yelhimov

1:
1
, .
, .
, ,
(. 5):
6.
7. -
8.
: -, .
B.
- ( P):
01
04 -,
07 - -
09
10 ,
14
17 , -
4 .
- (. 5), .
C - COBIT 5. -,
-, . , , ,
, .
, ,
, .

2 :
, ,
. , ,
.
, ,
:
1. -
4. ,

8.
16. ,
17. .
, .



( 7).

21
Personal Copy of: Sergey Yelhimov



(CEO)
(CFO)
(CIO)
(CRO)

-
-



(HR)



..


? -?
?
?
-?
? ?
?
?
?
?
? -
? ()?
-?
?
?
?
, -?
- , , ? -?
? , ?
- , -?
-? - ?
- , ,
?
-
?
?
?
?
?

-



/





..


, -
?
, ?
, ?
- ?

, 7,
, . D
,
7, .

22

Personal Copy of: Sergey Yelhimov

2:

3
2:
, COBIT 5
, . , COBIT 5:
.
COBIT 5
. COBIT 5 .
,
, .
, COBIT 5 , -.
COBIT 5
(. 4),
. ,
, , ,
, , -.
COBIT. , COBIT 5
,
,
-,
.


, COBIT 5, 8,
4.

8 COBIT 5

4
ISACA Taking Governance Forward (TGF).
www.takinggovernanceforward.org.

23
Personal Copy of: Sergey Yelhimov

( ), :
, , , .

, , ,
, ,
. , , (, ..), .
.
COBIT 5
(. 5).

, ,
.. , ,
, .
COBIT 5 ,
.

, . ,
,
. COBIT 5
( ), , .
9 8,
.
www.takinggovernanceforward.org.

9 ,
,

24

Personal Copy of: Sergey Yelhimov

3:

4
3:

COBIT 5 :
, , ,
COBIT 5 .
, ,
. ,
, .
,
.
, ISACA.
, ISACA
, COBIT, Val IT, Risk IT, BMIS, Board Briefing on IT
Governance ITAF. COBIT 5 .

COBIT 5
10 .

10 COBIT 5

ISACA
(COBIT, Val IT,
Risk IT, BMIS ...)

ISACA

COBIT 5


COBIT 5

COBIT 5
COBIT 5

COBIT 5

COBIT 5
-

COBIT 5

25
Personal Copy of: Sergey Yelhimov

 COBIT 5

(. 11) :
, :
ISACA (COBIT 4.1, Val IT 2.0, Risk IT, BMIS);
,
;
, ITIL,
TOGAF ISO. A.
,
.
COBIT 5,
.
() .

11 COBIT 5

COBIT 5
COBIT 5
COBIT 5:
Enabling Processes

COBIT 5:
Enabling Information

COBIT 5
COBIT 5 Implementation

COBIT 5
for Information
Security

COBIT 5
for Assurance

COBIT 5
for Risk

- COBIT 5

26

Personal Copy of: Sergey Yelhimov

4:

5
4:
COBIT 5
, , -.
.
, - .
COBIT 5 (. 12):
,
.
,
,
-.
.
,
.
,
. ,
,
.
, , ,
, .
, ,
.

12 COBIT 5

2.

3.

4. ,

1. ,

5.

6. ,

7. ,

,
. :
, . ,
-, .
, .
, .



12 ,
, .
. ,
:
,
. , , .
. , ,
.
27
Personal Copy of: Sergey Yelhimov

,
. ,
,
.
, .

3
- (, ),
, . ,
. , , .

4
. , ,
, . ,
.

COBIT 5
. ( 13) :
, ;
;
.

13



(, )


( )




/
/
/
/

/
/




(/)


( )

:
. (,
, ). ,
/ , . ,
, .
,
.
, , , -.
7.
. . , .
:
;
.
28

Personal Copy of: Sergey Yelhimov

4:
COBIT 5.
:
 , .
 ()
, . , , ,
, , , .

, :
.
, , .
. ,
. , , , ..
:
( );
;
///;
/;
/;
/.
() . .
.
, ,
. COBIT 5 ,
(, ).
, ..

.
,
( ) :
?
?
?
?
. ,
, .
,
.


5 , ,
.

5
, -
, .
, :
 . , , , , ,
( RACI) .
, RACI, COBIT 5: .
. . , Manage Relationships (
APO08 COBIT 5: ) , :
 : , -,
 : (), -
 : -
 : -,

29
Personal Copy of: Sergey Yelhimov

5 ()
. : , , .
. ,
. , ,
( ), COBIT 5: .
, () .
COBIT 5 Process Capability Model, ISO/IEC 15504, .
. , COBIT 5: .
.
, , :
 RACI, . ,
:
 , (,
) .
 RACI .
: , ( ) (,
, , ).
 , .
.

G. ,
, ,
.

30

Personal Copy of: Sergey Yelhimov

5:

6
5:

COBIT 5 .
, .
COBIT 5, :

 :
, ;
;

.
 ,
.

 , , ,
, , .
 ,
.


, ,
. ,
(, ),
.
14.

14 COBIT 5

COBIT 5 (COBIT 5: )
, .
RACI, .

,
. , ,
, ,
.

.
, .
, , (,
) , .

, . ,
( ) ( ).

.
,
.

,
, , .

,
,
, .

31
Personal Copy of: Sergey Yelhimov

COBIT 5
COBIT 5 ,
15 .

15 COBIT 5

(APO)

(BAI)

(DSS)

(MEA)

, , :
. ,
, .
COBIT 5 ,
. , ,
, - -.
, .
, , .

, . ,
, ,
.
COBIT 5
:
. ,
, (Evaluate, Direct and Monitor (EDM5)).
. -, :
, , (Plan, Build, Run, Monitor (PBRM)),
. COBIT 4.1.
:
, Align, Plan and Organise (APO)
, Build, Acquire and Implement (BAI)
, Deliver, Service and Support (DSS)
, Monitor, Evaluate and Assess (MEA)

5

.

32

Personal Copy of: Sergey Yelhimov

5:

. , ,
( )
, , ,
.
COBIT 5 COBIT 4.1
Risk IT Val IT.
16 37 COBIT 5.
, , COBIT 5: .

16 COBIT 5


,
EDM01

EDM02

EDM03

EDM04

EDM05

,
APO01



APO08

APO02

APO03

APO09

APO10

APO04

APO05

APO06

APO11

APO12

APO13

BAI04

BAI05

BAI06

DSS04

DSS05

DSS06

APO07

,

MEA01
,

,
BAI01

BAI02

BAI03

BAI08

BAI09

BAI010

,
DSS01

DSS02

DSS03

BAI07

MEA02
,

MEA03
,

33
Personal Copy of: Sergey Yelhimov

34

Personal Copy of: Sergey Yelhimov

COBIT 5 ,
, .
, .
ISACA COBIT 5
6, .
, , ,
, . :
, ;
;
.

COBIT 5 :
- ;
-;
;
COBIT , ,
, , , .


.
( ),
, :
;
, ;
, ;
;
- ;
;
;
;
, .
.
.
COBIT
. COBIT
,
.
:

, .
,
-.
.
.

.
www.isaca.org/cobit

35
Personal Copy of: Sergey Yelhimov


COBIT
. , , -
, .
COBIT.
,
. (, , )
.
COBIT , .
: .
, () COBIT
,
. ,
. -.
,
. .
.
.

.
,

.

-
,
.
-
, .
,
. , , ,
( ).

.
, ( )
, COBIT 5 .
:
,
.
, -, , .
,
.
.
.
-, .
.
, ,
.
36

Personal Copy of: Sergey Yelhimov


-,
- .
- -, , .
, ,
- .
.
, ,
. -
COBIT 5 :
, .
, .
- ().
.
.

.
: CEO, CFO, CIO ..
.
- -.


(
) .
( )
, , .
, , (
), .
/ . ,
. , , ,
.
(
, ), ,
, ( ,
). , ,
,
, .


COBIT
. :
1. . .
2. . .
3. .
, , ,
. 17.

37
Personal Copy of: Sergey Yelhimov

17 COBIT 5

4 ?

( )


(
)

( )

1 .
-,
.
2 ,
, - - COBIT,
.
, .
() .
.
, , .
3 .
COBIT .
, .
, , ,
.
4 : . . -
.

38

Personal Copy of: Sergey Yelhimov


5.
COBIT
. ,
.
6 ,
.
7 ,
, .

.

: -
,
. (
, ), , ,
.
, , .

. -. -
, , ,
- ,
. - ,
. , - :
, - (
, ). -
-.
, .

, .
, (
).
.
-.
, , (
).
, , .

, , ( COBIT).
- , ,
, ,
.
.
, .
,
.

39
Personal Copy of: Sergey Yelhimov

6
ITGI 7 PwC. 800
- 21 . -
; 28,1% , , 27,1%
. , , - (42,2%),
(39.6%) - - (37.3%).
ISACA 8, COBIT . ,
, ,
.
, 250 , , , ,
20 , , 9. ,
.
, ,
, - . ,
,
. ,
10.

I TGI, Global Status Report on the Governance of Enterprise IT (GEIT)2011, USA, 2011, www.isaca.org/Knowledge-Center/Research/ResearchDeliverables/
Pages/Global-Status-Report-on-the-Governance-of-Enterprise-IT-GEIT-2011.aspx
8
ISACA, Building the Business Case for COBIT and Val ITTM Executive Briefing, USA, 2009, www.isaca.org/Knowledge-Center/Research/
ResearchDeliverables/Pages/Building-the-Business-Case-for-COBIT-and-Val-IT-Executive-Briefing.aspx
9
Weill, Peter; Jeanne W. Ross; IT Governance: How Top Performers Manage IT Decision Rights for Superior Results, Harvard Business School Press, USA, 2004
10
De Haes, Steven; Dirk Gemke; John Thorp; Wim Van Grembergen; Analyzing IT Value Management @ KLM Through the Lens of Val IT, ISACA Journal,
2011, vol 4. Van Grembergen, Wim; Steven De Haes; Enterprise Governance of IT: Achieving Alignment and Value, Springer, USA, 2009
7

40

Personal Copy of: Sergey Yelhimov

8
COBIT 5

8
COBIT 5

COBIT 4.1, Risk IT Val IT ,


. (as-is) (to-be)
- ,
.
COBIT 5 ,
ISO/IEC 15504.
,
(EDM) (PBRM)
.
COBIT 4.1 ,
:
COBIT 5 COBIT 4.1;
COBIT 5;
, COBIT 5;
COBIT 5.
COBIT 5 ISACA COBIT Process Assessment
Model (PAM): Using COBIT 4.111.
, ,
. ,
.
.

COBIT 4.1
COBIT 5
COBIT 4.1 18.

18 COBIT 4.1

( )

COBIT 4.1

11

COBIT 4.1

www.isaca.org/cobit-pam

41
Personal Copy of: Sergey Yelhimov

COBIT 4.1 ( ,
)
COBIT 4.1:
, .
, ,
.
, COBIT 4.1 ,
, .
,
. .
COBIT 5 19.

19 COBIT 5


PA 2.1

PA 2.2
PA 3.1

PA 3.2
PA 4.1
1.1 - -

PA 4.2

PA 5.1
PA 5.2
-

COBIT 5

COBIT 5


(
/
)

(/
)

, ,
:
0 . .
,
.
1 ( ). .
2 ( ). (
, ). ,
.
3 ( ).
.
4 ( ).
.
5 .
, .
,
. , 3 ( ) ,
, ,
2 ( ).
42

Personal Copy of: Sergey Yelhimov

8
COBIT 5
1 .
1 , , , ,
.
.
.
( , ) ,
.
ISO/IEC 15504 COBIT 4.1 (
Val IT Risk IT):
, ISO 15504
COBIT 4.1.
ISO/IEC 15504 .
COBIT 4.1, .
,
ISO/IEC 15504. , COBIT 5:
.
( ), ,
1 .
,
. COBIT 5:
,
.
, , ,
COBIT 3, (PC) COBIT 4.1,
.

12
,
. , ,
.
, , :
COBIT 4.1 COBIT 5 ( ),
, - , (. 20).
, COBIT 5 (. 20). COBIT 4.1,
1 2, . COBIT 5
1 0.
COBIT 4.1 COBIT 5 20.
ISO/IEC 15504
, COBIT 5.
, ( ,
):
, ;
, COBIT 5 ;
, COBIT 5 .
COBIT 4.1 ,
, .
, ,
.
COBIT 5 ,
, .
COBIT 4.1 COBIT 5 .
, , 21.
, COBIT 4.1,
, COBIT 5 21.
12

 COBIT PAM, ISO/IEC 15504,

www.isaca.org/cobit-assessment-programme.

43
Personal Copy of: Sergey Yelhimov

20 (COBIT 4.1) (COBIT 5)


COBIT 4.1

ISO/IEC 15504

5:
5
,

. .
,
,
.
4
,
.
.
.

4:
.

3
.
;
.
, .

3:
.

2:
( ,
). ,
.
2 , ,
, ,
.
,
.
, .

1:
.
:
, 0 ()
ISO/IEC 15504.

1 /
,
, . ,
,
.
.
0 .
.

0:
.

, .

21 COBIT 4.1 COBIT 5

44

Personal Copy of: Sergey Yelhimov

COBIT 4.1

COBIT 5

8
COBIT 5

COBIT 5 COBIT 4.1 :
,
.
, , COBIT 4.1:
, , , .
,

.
,
, .
, , ,
.

COBIT 5
ISO/IEC 15504 ,
. ,
/ , ,
, .
COBIT 5, ISO/IEC 15504,
, COBIT 2000 , :
.

(as-is) (to-be) .
,
.
,
.
,
COBIT 5 .
COBIT 5 1 . ,
, 1 , .
. ,
.
, ( , 1) :
1. , ,
ISO/IEC 15504, ,
. :

N ( ). , ,

( 0 15% ).

P ( ). ,

, . ,

() ( 15% 50% ).

L ( ).

. (

50% 85% ).

F ( ).

.

( 85% 100% ).
2. ( ) ,
, .
3. ,
, .
45
Personal Copy of: Sergey Yelhimov

. ,
1,
? , 1 , ,
. :
1. ,
.
2. ,
, .
, ISO/IEC 15504:2.
.

46

Personal Copy of: Sergey Yelhimov

,
COBIT 5.
Association for Project Management (APM); APM Introduction to Programme Management, Latimer, Trend and Co.,
UK, 2007
British Standards Institute (BSI), BS25999:2007 Business Continuity Management Standard, UK, 2007
CIO Council, Federal Enterprise Architecture (FEA), ver 1.0, USA, 2005
European Commission, The Commission Enterprise IT Architecture Framework (CEAF), Belgium, 2006
Kotter, John; Leading Change, Harvard Business School Press, USA, 1996
HM Government, Best Management Practice Portfolio, Managing Successful Programmes (MSP), UK, 2009
HM Government, Best Management Practice Portfolio, PRINCE2, UK, 2009
HM Government, Best Management Practice Portfolio, Information Technology Infrastructure Library (ITIL), 2011
International Organization for Standardization (ISO), 9001:2008 Quality Management Standard, Switzerland, 2008
ISO/International Electrotechnical Commission (IEC), 20000:2006 IT Service Management Standard, Switzerland, 2006
ISO/IEC, 27005:2008, Information Security Risk Management Standard, Switzerland, 2008
ISO/IEC, 38500:2008, Corporate Governance of Information Technology Standard, Switzerland, 2008
King Code of Governance Principles (King III), South Africa, 2009
Organisation for Economic Co-operation and Development (OECD), OECD Principles of Corporate Governance,
France, 2004
The Open Group, TOGAF 9, UK, 2009
Project Management Institute, Project Management Body of Knowledge (PMBOK2), USA, 2008
UK Financial Reporting Council, Combined Code on Corporate Governance, UK, 2009

47
Personal Copy of: Sergey Yelhimov

48

Personal Copy of: Sergey Yelhimov

B
-

B

-
COBIT 5 2.
22 , , -
. :
17 , COBIT 5
(Balanced Scorecard, BSC).
17 -,
.
. :



P , , -
.
S , , , -
.

7
, :
7. :
-:
04 -,
10 ,
14
, , -:
01 - -
07 - -
08 ,
. 09.
:
():
2.
8. -
11. -
17.
():
1. -
3. - ( )
6.
13. -
14. -
16.

:

.
, COBIT 5.

49
Personal Copy of: Sergey Yelhimov

22, , , 2,
COBIT 5.

22 - - COBIT

- ( )

1.

2.

3.

4.

5.

6.

7.

8.

9.

10.

11.

12.

13.

14.

15.

16.

17.

50

01

- -

02

S
S

04

05

06

-,

07

-
-

08

09

10

11

-,

12

,
-

,
,

14

15

16

17

,
-

13

S
P

S
S

S
S
S

S
P

S
P

S
S

P
P

03

S
S

S
S

P
P

P
S

S
P

Personal Copy of: Sergey Yelhimov

P
S

C
- -

C
-
-
-
-, , 2.
23 :
17 -,
.
37 COBIT 5, .
- -.
:

P , , -
-.

S , , , -
-.

8 APO13
APO13 -:
:
02 -
04 -
06 -,
10 ,
14
:
07 - -
08 ,

:

.
, COBIT 5.
23, , , 2,
COBIT 5.

51
Personal Copy of: Sergey Yelhimov

,
,

52
- -

-


-


-,
- -
,


,

-,
-,
-
,
,



,
-

23 - - COBIT 5
-

01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17

COBIT 5

EDM01



P

EDM02

P

EDM03

EDM04

EDM05


S
S
P

APO01


P
P
S
S

APO02

P
S
S
S

APO03

P
S
S
S

APO04

S
S
P

APO05

P
S
S
P
S

APO06

S
S
S
P
P

APO07

P
S
S

APO08

APO09

APO10

APO11

APO12

APO13

S
S

S
P

S
P

S
S
S
S
P

P
P
P
S

P
S
S

S
S
S

P
P

S
S

S
P

P
S
S

S
S
P

P
P
P

S
S
S
S
P

S
S
S
S

P
P
S
P
P

Personal Copy of: Sergey Yelhimov

S
S
S
S

S
S
S
S

S
S

S
S
S
S

S
S

S
P

S
S

P
S
S

P
S
S
S
P
P
P

S
S
S
S
S
S
P

P
S
S
S

S
S
P

C
- -
23 - - COBIT 5 ()

- -

-,

- -

-,

-,
-

,
,

,
-

01

02

03

04

05

06

07

08

09

10

11

12

13

14

15

16

17

COBIT 5

BAI01

BAI02

BAI03

BAI04

BAI05

BAI06

BAI07

BAI08

BAI09

BAI10

DSS01

DSS02

DSS03

DSS04

DSS05

DSS06

MEA01

MEA02

MEA03

,

,

S
S

S
S

S
S

S
S

53
Personal Copy of: Sergey Yelhimov

54

Personal Copy of: Sergey Yelhimov

D

4
. 2 .
, .
24. ,
.
, -,
.
, , , .
, .
24 .

5.

4.

3.

2.

-
( )

1.

24 - COBIT 5

6.

7.

8.

9.

10.

11.

12.

13.

14.

15.

16.

17.

?

-?


?


?
?

?

?

?

?

?

?

?
-

?


()?

55
Personal Copy of: Sergey Yelhimov

5.

4.

3.

2.

-
( )

1.

24 - COBIT 5
()

6.

7.

8.

9.

10.

11.

12.

13.

14.

15.

16.

17.


-?


?

?

?
,
-?
-
, , ?

-?

?
,
?
,
-?

-?
-
?
-

,
,
?

-


?


?

?



?

?

56

Personal Copy of: Sergey Yelhimov

COBIT 5

E
COBIT 5

COBIT 5
. ISO/IEC 38500,
ISO/IEC 38500. COBIT 5
.

COBIT 5 ISO/IEC 38500


, COBIT 5
ISO/IEC 38500. ISO/IEC 38500:
.
COBIT 5 .

ISO/IEC 38500

1
:
( ) - ( ) ,
,
.
,
(
), . ,
,
, . ,
, ,
, -.
ISACA :
1.  COBIT 5 .
, RACI13.

.
2.  COBIT 5 ,
.
3.  COBIT 5 . .
EDM05
,
.
2
:
,
- . , ,
, ,
. ,
.
, ,
. , ,
-
.
13

 - , ,

57
Personal Copy of: Sergey Yelhimov

, - -,
. -
-. -
, -,
, /
. - - ,
.
(), ,
.
ISACA :
1. COBIT 5 -, (
EDM02 ) ,
- .
2.  APO COBIT 5 ,
-, : ,
, , , ,
, , .
-
,
-, .
3.  -
, - , .
17 17 -,
. , ,
, .
3
:
- -,
, . :
,

- . -
- .
- -
. , , ,
, -, .
- ,
,
.
ISACA :
1. EDM COBIT 5 -
(, ,
). APO05
,
.
2. APO COBIT 5 , ,
, , .
3. BAI COBIT 5 , . , , ,
, .
, , ,
- - .
4. BAI EDM05 COBIT 5 ,
,
, .

58

Personal Copy of: Sergey Yelhimov

COBIT 5
4
:
:
.
, ,
. ,
-, ,
- .

. ,
, ,
, .

ISACA :
1. COBIT 5 -
, , ,
.
2. COBIT 5 -
,
. ISO/IEC 15504.
3. :
a. APO02 ,
b. APO09 , ,
.
4. MEA01 , ,
COBIT 5 ,
.
5. COBIT 5 ,
.
5
:
,
, , ,
. ,
.
,
. ,
, , , -
,
, .

,
. ,
, ,
.
,
,
.
ISACA :
1. COBIT 5
.
.
2. COBIT 5 APO02
-, .
3. COBIT 5 MEA02 ,

.

59
Personal Copy of: Sergey Yelhimov

4. COBIT 5 MEA03 ,


, ,
,
.
5. COBIT 5
, (, ,
) ( ),

.
6
:
, ,
,
. ,
.

.
, .
: , , -,
- .
,
. -, ,
, . , ,
, , - .
, ,
.
ISACA :
COBIT 5 ( ) ,
:
1. COBIT 5 , , .
, .
2. COBIT 5 APO07 ,
, -
.
3. COBIT 5 BAI02
.
4. COBIT 5 BAI05 BAI08
.
, ISACA ,
COBIT 5 :
Certified in the Governance of Enterprise IT (CGEIT)
Certified Information Systems Auditor (CISA)
Certified Information Systems Manager (CISM)
Certified in Risk and Information Systems Control (CRISC)
.

ISO/IEC 38500 ,

ISACA :
COBIT 5 ,
EDM. .

60

Personal Copy of: Sergey Yelhimov

COBIT 5

COBIT 5 ;
A.

COBIT 5:
, .
, , COBIT 5
.

ITIL V3 2011 ISO/IEC 20000

COBIT 5 ITIL V3 2011 ISO/IEC 20000:


DSS
BAI
APO

ISO/IEC 27000

COBIT 5 ISO/IEC 27000:


, EDM, APO DSS
, ,
MEA

ISO/IEC 31000

COBIT 5 ISO/IEC 31000:


, , EDM APO

TOGAF

COBIT 5 TOGAF:
, EDM (). TOGAF Architecture
Board, Architecture Governance Architecture Maturity Models .
APO. TOGAF Architecture Development
Method, COBIT 5 ( A ADM),
( B, C, D ADM), ( E
ADM) ( F G ADM). TOGAF
COBIT 5 :
17 (ADM Architecture Requirements Management)
23 (Architecture Principles)
24 (Stakeholder Management)
30 (Business Transformation Readiness Assessment)
31 (Risk Management)
32 (Capability-based Planning)
48 (Architecture Compliance)
49 (Architecture Contracts)

Capability Maturity Model Integration (CMMI) ( )


COBIT 5 CMMI:
BAI
, APO

PRINCE2

COBIT 5 PRINCE2:
, APO
, BAI
25 COBIT 5 .

61
Personal Copy of: Sergey Yelhimov

25 COBIT 5
, (EDM)
ISO/IEC 38500

, (APO)

ISO/IEC 31000
TOGAF

ISO/IEC 27000

PRINCE2/PMBOK

CMMI

, (BAI)
ITIL V3 2011 ISO/IEC 20000

,

(MEA)
, (DSS)

62

Personal Copy of: Sergey Yelhimov

F
COBIT 5
COBIT 4.1

F
COBIT 5
COBIT 4.1
, COBIT 4.1
, , , , ,
COBIT 5,
32 G.
:
COBIT 4.1.
COBIT 5,
.

26 COBIT 5 COBIT 4.1

COBIT 4.1

COBIT 5

, ,
. , , .
: , , , ,
.

,
, . ,
, ( ,
, , ), .
: , , , .

, , .
: .

. , ,
, . ,
, . :
, , .

, .

, ,
.






,

.

, COBIT 4.1 COBIT 5.


COBIT 5 ,
COBIT 4.1.

63
Personal Copy of: Sergey Yelhimov

64

Personal Copy of: Sergey Yelhimov

G
COBIT 5

G
COBIT 5

, 5, ,
COBIT 5. 27.

27



(, )




/
/
/
/

/
/


( )




(/)


( )

:
 . (,
, ). ,
/ , . ,
, .
,
.
, -.
7.
. . , .
:
;
.

COBIT 5.
:
 , .
 ()
, . , , ,
, , , .

, :
, ;
, , .
 . :
. , , , ..
:
65
Personal Copy of: Sergey Yelhimov

 ( );
;
///;
/;
/;
/.
 () . .
.
, ,
. COBIT 5 ,
(, ).
, ..

.
,
:
?
?
?
?
. ,
, .
,
.
, , 27,
,
.
, ,
.
.
, COBIT 5
,
.

66

Personal Copy of: Sergey Yelhimov

G
COBIT 5
COBIT 5: ,
,
. ,
28.
, :
 .
. : ,
, , ,
. : ,
.
 . , ,
, ,
, .
:
;
.

 , , ,
. :
, ;
, ;
, , ,
.
: ,
? , , ?

28 COBIT 5: , ,



(, )




/
/
/
/

/
/


( )


, ,

, ,


(/):


( )


, ,
.
:
, ;
, ;
67
Personal Copy of: Sergey Yelhimov

, ;
.
 . .
, .
, ,
, .

 , ,
, , , .
:
, ,
(. ), ?
 ():
 ,
.
 :
;
;
;
.
 ,
.
 .
,
.
.
, .
 .
 :
, ,
, , ,
.
 .
 ,
.
 , , ,
.

9
.
, .
, .
, , .
, .
,
, . .
:
, .
, .
, .
, , , .

: , , , COBIT 5.

68

Personal Copy of: Sergey Yelhimov

G
COBIT 5
COBIT 5:

29.

29 COBIT 5:



(, )




/
/
/
/

/
/


(/)


( )


( )

, ,
( ),
(: , ).
:
.
, .
RACI. , -,
. ,
, .
. , .
,
. , -,
.
:
 . ?
? ?
 () .
? ?
 . ,
, .
  , ,
. ,
. SMART, , ,
, .
69
Personal Copy of: Sergey Yelhimov

 ,
. ,
.
, .
 . . , , ,
/ . ,
COBIT 5, ISO/IEC 15504,
, , .
 (). COBIT 5:
, :
, 14.
:
 COBIT 5 ,
.
:
- , , ;
- ;
- , , ;
- , -, .
 :
-  , , ;
-  , ;
-  , , -;
-  , .
. COBIT ,
.
 , ,
. COBIT 5 , ,
, /
- . :
-  , , -,
, , ;
-  ,
.
 ,
,
(Governance Practice, GP) (Management Practice, MP).
, GP/MP
. :
-  GP/MP;
-  ;
-  ;
-  ;
-  , ,
.

 . ,
:
-  , ITIL, ISO/IEC 20000
PRINCE2.
-  COBIT 5
.
 . COBIT 5 /,
. ,

. GP/MP ,
15.
. ,
.
, .
15
 COBIT 5 ,
, , .
14

70

Personal Copy of: Sergey Yelhimov

G
COBIT 5
.
, COBIT ,
, , ,
.

.
,
( ):
?
?
?
?
.
. COBIT 5:
.
,
.
. COBIT 5
, ISO/IEC 15504. 8,
ISACA, COBIT 5.
, .
.
:
 ( ), (
).
 , ,
RACI: , , , , CIO, CEO
.
 (): ,
.
 .
 , ,
.
, .

10 ,
. 5, .

COBIT 5


COBIT 5 .
, ,
.
:
: , ,
. ,
, (EDM,
ISO/IEC 38500).
: ,
PBRM .

71
Personal Copy of: Sergey Yelhimov

10
, -
, .
, :
 . , , , , ,
( RACI) .
, RACI, COBIT 5: .
. . , Manage Relationships (
APO08 COBIT 5: ) , :
: , -, .
: (), - .
: -.
: -, .
 . : , , .
. ,
. , ,
( ), COBIT 5: .
, () .
COBIT 5 Process Capability Model, ISO/IEC 15504, :
 2 :
. :
;
;.
;
;
.
 :
;
;
.
.
 . , COBIT 5: .
.
, , :
 RACI, . ,
:
-  , (,
) .
-  RACI .
: , ( ) (,
, , ).
 , .
.

,
, : , /, ,
.
COBIT 5
COBIT 5 ,
30 .
, , :
. ,
, .

72

Personal Copy of: Sergey Yelhimov

G
COBIT 5
30 COBIT 5

(APO)

(BAI)

(DSS)

(MEA)

COBIT 5 ,
. , ,
, -.
, .
, , .

, . ,
, ,
.
COBIT 5
:
. , ,
(Evaluate, Direct and Monitor (EDM)).
. -, :
, , (Plan, Build, Run, Monitor (PBRM)),
. COBIT 4.1.
. , ,
( )
, , ,
.
COBIT 5
. , .
COBIT 5 COBIT 4.1
Risk IT Val IT. 31 37
COBIT 5. , ,
COBIT 5: .

73
Personal Copy of: Sergey Yelhimov

31 COBIT 5


,
EDM01

EDM02

EDM03

EDM04

EDM05

,
APO01



APO08

APO02

APO03

APO09

APO10

APO04

APO05

APO06

APO11

APO12

APO13

BAI04

BAI05

BAI06

DSS04

DSS05

DSS06

APO07

,

MEA01
,

,
BAI01

BAI02

BAI03

BAI08

BAI09

BAI010

,
DSS01

DSS02

DSS03

74

Personal Copy of: Sergey Yelhimov

BAI07

MEA02
,

MEA03
,

G
COBIT 5
COBIT 5:


32.
:
 .
. : ,
, , , ,
. , ,
. .
. ,
.
.
 . . , ,
, , , .
.
 (). :
 : , ,
, .
: .
 : .
 / ,
.
 .
 :
.

32 COBIT 5:



(, )




/
/
/
/

/
/


( )

,
,
,

,


(/):


( )

:
 RACI .
: (Responsible),
(Accountable), (Consulting) (Informed).
,
, .
 .

.
75
Personal Copy of: Sergey Yelhimov

 .
, , , ,
.
, COBIT 5
, COBIT 5: .
RACI, . 33
.
:
. ,
, .
.
.

33 COBIT 5
/

,
.

CEO

, .

CFO

, , ,
, .


(COO)

, .

CRO

, .
, -, -.

CIO

, - -,
, -
-.

(CISO)

, .

, - -.

, ,
.

, ,
, ,
. , , - -,
. CIO,
.

, ,
, ,
.

, ,
.

, , ,
(ERM).
-.

, .

, ,
.

, .

, .

76

Personal Copy of: Sergey Yelhimov

G
COBIT 5
33 COBIT 5
/

, .

, .

, - .

, , ,
.


(VMO)

, ,
-,

.

, , ,
() ().

, , , .

, , , /
-, ,
.

,
,
. : .

77
Personal Copy of: Sergey Yelhimov

78

Personal Copy of: Sergey Yelhimov

G
COBIT 5
COBIT 5: ,

,
.
34.

34 COBIT 5: ,



(, )




/
/
/
/

/
/


( )


(/)


( )

, :
 . ,
. : ,
, .
: ,
(, , , ),
.
. :
 , .
 , ,
, , , - ,
.
 , .
, , :
. :
 . ? ?
 . / ?
 . , ,
? ,
, ?
 . ,
.
. , .
 (). ,
:

.

79
Personal Copy of: Sergey Yelhimov

 ,
.
 .
.
 , .
.
 :
 ,
( ), .
, ,
(, - ),
.

.

11
. ,
, - .
,
. . ,
, , .
, , (
). , , ,
.
.
: ,
.

12 -
-:
 , , .
,
. , ,
, , .
 . ,
. - -
. , .
- , .
, .
, .

80

Personal Copy of: Sergey Yelhimov

G
COBIT 5
COBIT 5:
.

, ,
.
, .
.
( 35), - , ,
, , .
, , , COBIT 5.

35 COBIT 5 -
-

COBIT 5

36.

36 COBIT 5:

(,
)




/
/
/
/

/
/

(, )

( )
(,
)
(),
, ,

(), :
, ,
()


( )


( )

81
Personal Copy of: Sergey Yelhimov

(Information model, IM) :


.
. ,
.
 ,
: (, , , , , ,
, , , )
( , ):

 ;
 ;

 .
 .
, IM
. ,
: , (), . , ,
.

 ,
.
. :

 .
:

 .

 , .

 .

 .
 ,
,
, :
 .
 .
 .

 .

 .
 .
 ,
, .
 .

.
 :

 / ,
.

 .
 F COBIT 5
COBIT 4.1. , COBIT 4.1
.
. ,
. COBIT 5 :

 . , .
,
, ,
.
.
/. .
, .
/:
82

Personal Copy of: Sergey Yelhimov

G
COBIT 5
. , (
).
( , ) ( ).
. , .
, ,
. ,
,
.
. , .
, ,
.
 , ,
, ,
.
 , 8.
, : , ,
, , , .
. , .
, , ,
, .
 . , ,
.
.
(). - :
, , , .
.
.
.
, , .
: ,
, , , ,
.
:
 . , .
 , . , : ,
, .
. , ,
.
 . , , ,
.
. .
.
/. , ,
, .
. .
.
 . , , -
, , /
, .
 . , ,
, , , .
 . , , ,
, .
. ,
. .
 . ,
83
Personal Copy of: Sergey Yelhimov

.
 . , , .

 . , ,
; .
. , , ,
.
. , ,
, , , , .
. , , , ,
, , .
.
-, .
, ,
, ,
.
, ,
( ). . ,
.
, .
. ,
13, 14 15 .

13
, .
, -, .
, :
?
?
?
? ?
? ,
?
, ,
.
, ..

14
.
, , :
?
?
? , ?
? ?
.
, , ,
. , , ,
. .

84

Personal Copy of: Sergey Yelhimov

G
COBIT 5
15 -
- ( ), ,
, .
, , , .
: .
, , ,
.
-.

COBIT 5: ,
, ,
-.
37.
:
 . (
, )
. ( -)
. - (-)
(, , ). ,
, .
. (, ,
) , ,
. , ,
, -.
 . .
,
, , , .

37 COBIT 5: ,



(,
)

,
,
,




/
/
/
/

/
/


( )


,
,

(/):


(,
, )


( )

85
Personal Copy of: Sergey Yelhimov

, , , . ,
, .
 (). :

 .
- . :

 .
.

 . ,
.

 . ,
.

 . , .

 . .
 : , ,
, . ,
, ,
.
 , , ,
, .
, :
, -;
 , ,
;
 .
 .
 . ,
, ,
, :
TOGAF16 Technical Reference Model Information Infrastructure Reference Model.
ITIL .
:
 .
.
 .
 COBIT 5
.

16

www.opengroup.org/togaf

86

Personal Copy of: Sergey Yelhimov

G
COBIT 5
COBIT 5: ,
38.

38 COBIT 5: ,


(,
)

, ,

, ,




/
/
/
/

/
/


,
,

(/):


( )


( )

, :
 .
. :
-, , , , , ,
, - .
. , , ,
. ,
.
.
 :
 .
. , ,
. ( ),
( ) .
, , .
 , , , , ,
.
 .
():

, . ,
.
. , ,
- .
 :
 , SFIA Skills Framework for the Information Age,
.

 , COBIT 5 39.
87
Personal Copy of: Sergey Yelhimov

39 COBIT 5

Evaluate, Direct and Monitor (EDM)

Align, Plan and Organise (APO)

-
-



Build, Acquire and Implement (BAI)

-




-

Deliver, Service and Support (DSS)

Monitor, Evaluate and Assess (MEA)

:

.
.
 , :
, .
 ,
.

88

Personal Copy of: Sergey Yelhimov

(RACI)

( , ), ,
.
RACI : ?

-,
, ,
, ,
. ,
,
.

COBIT: , .
.
:

.
.
.
.
, ,
.

,
.

,
.

, ,
.


.
: :
. .

, -,
.

. ,
, .

, .
,
, .
; ,
.

, ,
.

, , ,
.

, .
:
,
.

89
Personal Copy of: Sergey Yelhimov


COBIT

1.  COBIT 5 ( , Control Objectives for Information and Related Technology;


). ,
,

-. COBIT
, , ,
.
 : COBIT - ,
- .
COBIT (. www.isaca.org/cobit).
2.  COBIT 4.1 .
,
-,
, , . COBIT
, ( ,
, ) . COBIT
, .
 : COBIT
(Board Briefing on IT Governance, 2nd Edition), (COBIT
Quickstart, 2nd Edition; IT Governance Implementation Guide: Using COBIT and Val IT, 2nd Edition; and COBIT Control
Practices: Guidance to Achieve Control Objectives for Successful IT Governance),
(IT Assurance Guide Using COBIT). COBIT
(, IT Control Objectives
for Sarbanes-Oxley, IT Control Objectives for Basel II) (COBIT Security
Baseline). COBIT ,
,
.

, ,
, ,
. ,
.

, .


(RACI)

, ( ).

,
, , .

RACI :
? , . RACI,
(Responsible) (Accountable) ,
. , ,
, , ,
, .

: :
 ,
.
 , , .
 , , -.
 ;
.
 .

90

Personal Copy of: Sergey Yelhimov

, : , , ,
. , ,
.
.

, , , .

,
.

. -.

,
, ,
.
, ;
, .

, , \
(
, ).

,
.

:
, ;
; ,
.

COBIT,
.
.

, .

,
; ; , ,
- ,
, ( , ).
: COBIT COSOs Internal Control Integrated Framework.

,
,
. , ,
, .

, , ,
. , : , ,
.
. .


(RACI)

, (
).
RACI, : ? ,
. (Accountable)
, ,
.

91
Personal Copy of: Sergey Yelhimov

, .
,
,
. ,
, .
, COBIT 5, ,
,
.

, -,
.

,
. ,
.


. -,
, .

, , ,
.

,
, .

,
. SMART ( ,
, , ).
, , (
), .

. ,
, .
: .

. .

, - :
, , , .

, .

. , ,
, ,
.
: , .

, ,
( ),
(, ).
: -,
,
.

()

92

ISO/IEC 15504: ,
.

Personal Copy of: Sergey Yelhimov

ISO/IEC 15504:
.

, . ,

.



()

, ,
.

( ).


RACI

, , ,
.

, .

. ,
: , , , ..

(RACI)

, .

(ISO/IEC 73).

. ,
, , \
.
.

-, .

. -.

, , -. :
, , , , .

, , , ,
, ,
, .

, ,
( , ).

RACI : ? ,

.

93
Personal Copy of: Sergey Yelhimov

94

Personal Copy of: Sergey Yelhimov