This post will provide you with the essential questions and the answers that might be asked for the COBIT Interview. These are some of the questions which can be helpful for the preparation of the interview. These questions are related to COBIT and their provided applications.
Q. What is COBIT and what does it stand for?
COBIT is an acronym for Control Objectives for Information and Related Technology. ISACA created this framework for the governance and management of IT.
Q. What is ISACA and what does it stand for?
It was initially called the Information Systems Audit and Control Association. It is a global nonprofit association that develops, adopts practices and knowledge which are accepted universally for information systems.
Q. What is the history of ISACA?
It was formed in the year of 1969 and it was run by a small circle of individuals who realized that there was a need for a source of guidance and information in the then upcoming field of computer system’s control of auditing. But now it serves various professionals. As of now ISACA has 140,000 and more constituency which is present worldwide. And it is known for its diversity. These constituents are known to work and live in not less than one hundred and eight countries and take up most of the positions related to IT. These positions include the chief information officer, IS auditor, internal auditor, IS security professional, regulator etc. Some can be new in the field but most of them are at the ranks of the seniors. They are known to work in most of the categories in any of the industries which includes utilities, manufacturing, public and government sector, finance and banking etc.
Q. What is COBIT used for?
It is used by the people who have certain responsibilities regarding the processes of the business and its technology. The information needs to be reliable and relevant and it must have some quality and control of the information being provided as well as that of technology.
COBIT was released by ISACA in the year of 1996. It was formed with an objective to maneuver the financial audit of the IT related workforce. Expanding it further than just auditing a better version was released in the year of 1998. And the third version with the guidelines for management was released in the year of 2000. The later versions of 4 was released in 2005 and the 4.1 was released in the year of 2007.
Q. What is the latest version that has been in the field?
COBIT 5 has been recently released in the year of 2012 in the month of April.
Q. Why was COBIT 5 developed?
There were several reasons for the development of COBIT 5. There was a necessity for a business which covers the entire functions of IT and business. There was an utmost need for organization of the information and dissemination of the information which was concerned with the framework. There was a need to integrate COBIT with other recommendations, frameworks and researches of ISACA.
Q. The COBIT 5 had an add when was is released?
The add-on which was assurance related was out in the month of June in the year of 2013 and the information security related was out in the month of December in the year of 2012.
The process used by COBIT divides the IT into 4 main domains and there are 34 processes involved which are responsible for the planning, building, running and monitoring. It has been placed at a level and been harmonized and united with other good practices like ITIL, TOGAF, COSO, CMMI etc.
Q. What are the certain components which are included in COBIT?
The components included in COBIT are the framework, the process descriptions, the control objectives, the management guidelines and the maturity models. In the framework the basic idea is to organize the good practice and governance of IT by its domains and processes and link them to the requirements of the business. In control objectives there is list of requirements which are to be measured by the management for efficient control of various processes of IT. The maturity models assess the maturity and the capabilities and address redressal regarding any gaps.
Q. What are the different versions of COBIT?
The initial was COBIT which was followed by COBIT 2 then by COBIT 3, then there was COBIT 4 then COBIT 4.1 and the latest version in use is COBIT 5.
It is a foundation exam and it is based on the publication by ISACA and it is an exam of self-study. It provides certification with help of an examination and foundation training.
Q. What is ITIL?
It was initially known as the Information Technology Infrastructure Library and it is known as a set of the practices for the ITSM that is the IT service and management. This focuses on make even the services provided by the IT along with the business needs.
Trying to fulfill the stakeholders needs, end to end covering of the enterprise, applying a single framework which is integrated, considering a holistic approach for decision making in business and keeping the governance and the management separate. It is known to meet the wants, needs and the benefits in the initiatives of IT.
Q. What are certain advantages of the certification?
It helps in preparing the professionals for an challenges in the processes and provides information on the issues related to management and its effect on the organizations, providing information on how COBIT 5 can help in establishing the 5 principles. And providing the difference in the governance and the management.
Q. Who is it used by?
It is hugely beneficial for the Owners of the process, the risk committees, Managers and Directors of IT and professionals in audit, governance, security etc.
Q. Why do you think one should use COBIT 5?
The framework provided by COBIT provides utmost benefits and breadth unlike any other framework. It helps in maintaining high level of information to provide the needed support for any decisions regarding business and it also helps in achieving the strategic set goals through innovative and effective usage of the IT. It also helps in attaining optimal cost of the technology and services provided by the IT.
Q. Why is COBIT 5 better than the COBIT 4 for the information security?
COBIT 5 is supposed to recognize that information security is a prevalent enabler which affects the entire enterprise and not just one service.
What are the differences between the COBIT 5 and COBIT 4.1
COBIT 5 clearly differentiates between management and governance. It also calls for different dimensions and inputs to the regime of the governance. COBIT 5 also incorporates the different frameworks that were developed by ISACA.
Q. Explain about the version COBIT 4.1?
It is a framework of governance and a tool of support that allows the participants to bridge the distance between any issues of technicality, risks involved in business and the requirements of control.
Q. Explain something about ITIL?
It is an acronym for Information Technology Infrastructure Library. It is an all-inclusive set of practices that are developed and executed in the IT. It has a series of 5 volumes and each of these volumes have a different stage of the IT. ITIL supports the previous BS 15000 there is still a difference between the framework of ITIL and the BS 15000 which is now known as the ISO 20000. It describes the tasks, procedures, processes, checklists which aren’t specific to the organization but they can be applied by any organization which are trying to establish integration. It lets the organization to have a baseline which helps them to measure, implement and plan which can be helpful in the demonstration of compliance and to measure the improvement. AXELOS has ownership over ITIL and it provides licenses to the organization for the usage of ITIL. It provides accreditation to the institutes which are licensed for the examination and managing the updates of the framework.
Mostly people choose both COBIT and ITIL they are mostly complementary together and not much competing against each other.
Q. What is the entailment of implementing of the NIST Cybersecurity using the COBIT 5?
It will be ruled by the management and it will be used as an investment which is supported by any of the cases of business. COBIT 5 helps in a dialogue amongst the security and the management which is easy for understanding the security practices.
Q. Does COBIT 5 deals between management and governance?
It helps in differentiating between the roles of the management and the board and to direct and monitor the objectives, priorities and decisions related to IT.
Q. What does transition to COBIT5 involve?
There is a publication developed which acts as a guide with respect to what needs to be done in order to make the transition smoother and effective.
Q. What is the relationship between compliance and governance?
Governance looks after the perspectives and laws which are required in the organization. Compliance is the measures taken up by the company to follow to governance in various manners.
Q. What is the problem with the security with the IT companies?
Anyone who has a minimum knowledge can have access to the information related to intellectual property. Businesses fail to classify the data and there isn’t someone who keeps track of who downloads what. So classification of data would be the first thing that would be essential to address any loss in the data and its protection.
Q. Is application of a single integrated framework essential?
Yes, because the organizations fail to look at the numerous vulnerabilities in a system and they usually fix that particular problem and not take into account those numerous vulnerabilities. One method of doing this is to create and manage the control matrix. This should incorporate areas of controls which are critical and the interest. These can be developed either during assessments of risks or by the usage of the standards which are essential for the better practice. Processes are used by the business organizations as well as the IT for getting outcomes and they need to be consistent. Security teams must have a security program and a framework. A organizational hierarchy is essential to monitor an d reach the strategic objectives. The decision makers at every level are the stakeholders in the processes and the outcomes. The cultural differences of the employees must be considered when securing the workplace. The information delivered by the IT is through applications, services and the infrastructure. The implementation of the control of security calls for attention to competencies, people and the skills which are both inside and outside of the IT. It is necessary to integrate the enablers and frameworks, principles and policies are the means for that. The expected outcomes are achieved by the help of enablers and also in the development of the frameworks, policies and the principles.
Q. Explain more about the end to end covering of the enterprise.
As far as security is concerned with its general application it necessitates various reviews related to security with respect to the processes and the implementation and development of the IT activities. Not only the horizontal level of integration but all the management levels must have InfoSec in all the strategic business and planning of activities.
Q. Why is COBIT 5 important?
COBIT 5 is closely related to most frameworks, controls and standards which includes ISO27001, Prince 2, ITIL, ISO20000, TOGAF, SOX and many such frameworks. It looks after all the internal as well as external services of IT which are relevant. And it also looks after the processes of business which are external as well as internal. It also gives an overall systematic view of the management and governance of the IT enterprises which is based on the enablers and their total numbers.
Get Updates on Tech posts, Interview & Certification questions and training schedules