Back in late 2018, a small group of COBIT enthusiasts were set to meet at ISACA Global in Schaumburg, Illinois, USA, to commence work on what an information security offering for the latest version of COBIT would look like. We were to be led by my dear friend, mentor and one of the founding fathers of COBIT back in 1995, John Lainhart.
I was working late in my den in the beautiful Clare Valley in South Australia about a week before the meeting was scheduled when my phone rang and I received the saddest news – John had passed away suddenly just a few hours before. Now as those who know me are aware, my catch cry is “We don’t cry in security,” but I did cry for the loss of my friend. I also was saddened for what that meant to COBIT and more broadly to ISACA given all that John (a past board chair and longtime stalwart of ISACA) has meant to the organization.
We decided, then and there on that call, that we would still meet the following week and that we would undertake the work as a mark of honor and respect to John for all the work he had done for so many years to establish COBIT as a world-renowned governance and management framework. So, the small group of enthusiasts dove in and began to determine what an information security focus area of COBIT should look like. Once we were happy that we had a solid starting point in place, we drew a great group of global subject matter experts together to develop the offering to the point of publication.
And now at last, the COBIT Focus Area: Information Security is here, and I am so excited! It has been quite a journey to arrive at this point.
So, what is a focus area? Essentially, it is putting a security lens over COBIT and addressing security-specific issues and topics using a range of governance and management objectives, and their relevant components. The focus area gives specific guidance, additional details and extra metrics for both information and cyber security. The COBIT Focus Area: Information Security also recognizes that information security is indeed a business enabler, a point that is often overlooked, and that it correlates with stakeholder trust by addressing risk and creating value, thereby creating a competitive advantage for any organization.
If you would like to learn more, download a copy of the COBIT Focus Area: Information Security, and see how your practice can be enhanced by the use of the focus area and how you can place a security lens on the critically important information and technology governance and practices in your organization.
And a final word … thank you, John Lainhart, for starting me on this journey. May you walk always in beauty.