战略规划与设计 - Cobit5

企业IT治理和管理之业务框架PersonalCopyof:Mr.WeiChang2ISACA®国际信息系统审计协会国际信息系统审计协会（ISACA®，网址：)是全球公认提供信息系统（IS）鉴证及安全、企业IT治理与管理，以及IT相关风险与合规性之知识、认证、社群、倡导与教育训练的领导组织，会员遍布逾180个国家，总数超过100,000人。ISACA®成立于1969年，是一个非盈利性的独立组织。除了主办国际会议，出版《国际信息系统审计期刊》(ISACA®Journal），并制定国际公认的IS审计与控制标准，以协助其成员缔造一个信赖可靠，优值的信息系统。同时,为促进与证明个人的IT技能及知识，ISACA还推出了一系列全球公认的专业认证,如：注册信息系统审计师（CertifiedInformationSystemsAuditor®,CISA®）、注册信息安全经理（CertifiedInformationSecurityManager®,CISM®）、企业信息科技治理认证（CertifiedintheGovernanceofEnterpriseIT®,CGEIT®）及风险及信息系统监控认证（CertifiedinRiskandInformationSystemsControl™,CRISC™）。ISACA致力于持续更新及扩展根据COBIT®框架推出的实务指南和产品系列。COBIT能协助IT专业人员和企业领袖履行其在IT治理和管理方面的职责，特別是在鉴证、安全、风险与控制等范畴，使业务价值得以提升。QualityStatement质量声明：ThisWorkistranslatedintoChineseSimplifiedfromEnglishlanguageversionofCOBIT®5bytheISACA®China/HongKongChapterwiththepermissionofISACA®.TheISACA®China/HongKongChapterassumessoleresponsibilityfortheaccuracyandfaithfulnessofthetranslation.《COBIT®5》（本著作）经国际信息系统审计协会（ISACA®）许可，ISACA®中国/香港分会根据其英文版翻译成简体中文，ISACA®中国/香港分会对翻译文本的准确性和忠实性承担唯一责任。Copyright版权©2012ISACA.Allrightsreserved.Forusageguidelines,see©2012ISACA版权所有。有关使用指引，参见。Disclaimer免责声明ISACAhasdesignedthispublication,COBIT®5(the‘Work’),primarilyasaneducationalresourceforgovernanceofenterpriseIT(GEIT),assurance,riskandsecurityprofessionals.ISACAmakesnoclaimthatuseofanyoftheWorkwillassureasuccessfuloutcome.TheWorkshouldnotbeconsideredinclusiveofallproperinformation,proceduresandtestsorexclusiveofotherinformation,proceduresandteststhatarereasonablydirectedtoobtainingthesameresults.Indeterminingtheproprietyofanyspecificinformation,procedureortest,readersshouldapplytheirownprofessionaljudgementtothespecificGEIT,assurance,riskandsecuritycircumstancespresentedbytheparticularsystemsorinformationtechnologyenvironment.国际信息系统审计协会（ISACA®）创建的《COBIT®5》（著作）主要作为企业IT治理（GEIT）、鉴证、风险及安全专业人员的教育资源。国际信息系统审计协会（ISACA®）不承诺使用该著作内容能确保取得成果。该著作并非囊括所有适用的信息、流程和测试，不排除在其它信息、流程或测试的合理指导下获得同样结果的可能。读者应该根据具体的系统和信息技术环境所体现的企业IT治理、鉴证、风险与安全状况，通过自身的专业判断来决定采用适当的信息、流程或测试。ISACA3701AlgonquinRoad,Suite1010RollingMeadows,IL60008USA电话：+1.847.253.1545传真：+1.847.253.1443电子邮箱：info@isaca.org网址：反馈：参加使用ISACA知识总汇：在Twitter上关注ISACA：在Twitter中加入COBIT聊天组：#COBIT在LinkedIn加入ISACA：ISACA(官方),在Facebook上喜欢ISACA：®5ISBN978-1-60420-242-7美利坚合众国印刷PersonalCopyof:Mr.WeiChang3鸣谢鸣谢ISACA希望表彰：COBIT5工作组（2009–2011）JohnW.Lainhart,IV,CISA,CISM,CGEIT,IBMGlobalBusinessServices,USA,Co-chairDerekJ.Oliver,Ph.D.,DBA,CISA,CISM,CRISC,CITP,FBCS,FISM,MInstISP,RavenswoodConsultantsLtd.,UK,Co-chairPippaG.Andrews,CISA,ACA,CIA,KPMG,AustraliaElisabethJuditAntonsson,CISM,NordeaBank,SwedenStevenA.Babb,CGEIT,CRISC,Betfair,UKStevenDeHaes,Ph.D.,UniversityofAntwerpManagementSchool,BelgiumPeterHarrison,CGEIT,FCPA,IBMAustraliaLtd.,AustraliaJimmyHeschl,CISA,CISM,CGEIT,ITILExpert,bwin.partydigitalentertainmentplc,AustriaRobertD.Johnson,CISA,CISM,CGEIT,CRISC,CISSP,BankofAmerica,USAErikH.J.M.Pols,CISA,CISM,ShellInternational-ITCI,TheNetherlandsVernonRichardPoole,CISM,CGEIT,Sapphire,UKAbdulRafeq,CISA,CGEIT,CIA,FCA,A.RafeqandAssociates,India开发团队FlorisAmpe,CISA,CGEIT,CIA,ISO27000,PwC,BelgiumGertduPreez,CGEIT,PwC,CanadaStefanieGrijp,PwC,BelgiumGaryHardy,CGEIT,ITWinners,SouthAfricaBartPeeters,PwC,BelgiumGeertPoels,GhentUniversity,BelgiumDirkSteuperaert,CISA,CGEIT,CRISC,ITInBalanceBVBA,Belgium研讨参与人员GaryBaker,CGEIT,CA,CanadaBrianBarnier,CGEIT,CRISC,ValueBridgeAdvisors,USAJohannesHendrikBotha,MBCS-CITP,FSM,getITrightSkillsDevelopment,SouthAfricaKenBuechler,CGEIT,CRISC,PMP,Great-WestLife,CanadaDonCaniglia,CISA,CISM,CGEIT,FLMI,USAMarkChaplin,UKRogerDebreceny,Ph.D.,CGEIT,FCPA,UniversityofHawaiiatManoa,USAMikeDonahue,CISA,CISM,CGEIT,CFE,CGFM,CICA,TowsonUniversity,USAUrsFischer,CISA,CRISC,CPA(Swiss),FischerITGRCConsulting&Training,SwitzerlandBobFrelinger,CISA,CGEIT,OracleCorporation,USAJamesGolden,CISM,CGEIT,CRISC,CISSP,IBM,USAMeenuGupta,CISA,CISM,CBP,CIPP,CISSP,MittalTechnologies,USAGaryLangham,CISA,CISM,CGEIT,CISSP,CPFA,AustraliaNicoleLanza,CGEIT,IBM,USAPhilipLeGrand,PRINCE2,IdeagenPlc,UKDebraMallette,CISA,CGEIT,CSSBB,KaiserPermanenteIT,USAStuartMacGregor,RealIRMSolutions(Pty)Ltd.,SouthAfricaChristianNissen,CISM,CGEIT,FSM,CFNPeople,DenmarkJamiePasfield,ITILV3,MSP,PRINCE2,Pfizer,UKEddyJ.Schuermans,CGEIT,ESRASbvba,BelgiumMichaelSemrau,RWEGermany,GermanyMaxShanahan,CISA,CGEIT,FCPA,MaxShanahan&Associates,AustraliaAlanSimmonds,TOGAF9,TCSA,PreterLex,UKCathieSkoog,CISM,CGEIT,CRISC,IBM,USADejanSlokar,CISA,CGEIT,CISSP,Deloitte&ToucheLLP,CanadaRogerSouthgate,CISA,CISM,UKNickyTiesenga,CISA,CISM,CGEIT,CRISC,IBM,USAWimVanGrembergen,Ph.D.,UniversityofAntwerpManagementSchool,BelgiumGreetVolders,CGEIT,VoqualsN.V.,BelgiumChristopherWilken,CISA,CGEIT,PwC,USATimM.Wright,CISA,CRISC,CBCI,GSEC,QSA,KingstonSmithConsultingLLP,UKPersonalCopyof:Mr.WeiChang4鸣谢（续）专家审核人员MarkAdler,CISA,CISM,CGEIT,CRISC,CommercialMetalsCompany,USAWoleAkpose,Ph.D.,CGEI