Gotcha 5: SOX COBIT Settings don't include high security.

问题5：sox COBIT设置并不包含高安全性设置。

The COBIT framework groups 34 IT processes into four domains.

COBIT框架将34个IT过程分为四个领域。

You can develop a hybrid process by overlapping CMMI with COBIT.

通过将CMMI和COBIT重叠，您可以开发出一个混合的过程。

CMMI addresses 12 out of 34 COBIT processes in four domains.

CMMI 着眼于四个领域中的 12/34 的 COBIT 过程。

Most people in the IT industry have at least heard of CMM or COBIT.

IT 行业的大多数员工至少都听说过 CMM 或 COBIT。

You can also achieve a hybrid approach by overlapping CMMI with COBIT.

您还可以通过重叠CMMI和COBIT来实现混合的方法。

I will cover the COBIT domain lifecycle and then IT processes of all domains.

我将涉及到COBIT的领域生命周期，然后是所有领域的IT过程。

After this, you need to check the workflow of your custom COBIT framework as you build it.

在此之后，在您建立定制的COBIT框架的工作流时，您需要对其进行检查。

You can customize the COBIT framework by combining it with another framework of your choice.

通过将COBIT框架与另一个您所选择的框架相结合，您可以对该框架进行定制。

For example, COBIT calls for IT Governance to govern information systems, domains, and owners.

例如，COBIT使用IT治理管理信息系统、域和所有者。

The maturity model uses standard CMM-based maturity levels as modified by COBIT and described in table 1 below.

这个成熟度模型使用经过 COBIT 修改的标准 CMM 成熟度级别，见表 1。

The IT capability frameworks such as CobiT and ITIL, which define a set of processes executed by an IT organization

IT 能力框架，例如 CobiT 和 ITIL，它们定义了一组由 IT 组织执行的过程

COBIT is a set of internationally accepted it governance standards, which are most advanced and authoritative as yet.

COBIT是国际上公认的进行IT治理的最先进和最权威的标准。

In this article, I will talk about how you can use Portfolio Manager to automate business processes dictated by COBIT.

在本文中，我将讨论您如何能够利用Portfolio Manager将COBIT指示的业务流程自动化。

Then I introduce some of the general concepts of IT Governance and COBIT model to identify the objective of IT Governance.

然后介绍了IT治理的一些基本概念，并介绍了COBIT框架，明确了IT治理的目标。

However, as CobiT focuses mainly on control objectives, the model does not assess other governance measures and mechanisms.

然而，由于CobiT主要关注控制目标，所以模型不评估其他治理方法和机制。

We now take a brief look how Portfolio Manager can leverage the processes of risk and resource management dictated by the COBIT.

现在我们简略地看一下，Portfolio Manager 如何能够利用 COBIT 指示的风险及资源管理过程。

In the COBIT framework, resource management looks at critical it resources: applications, information, infrastructure and people.

在COBIT框架中，资源管理观察关键的IT资源：应用程序、信息、基础结构和人。

Choosing the COBIT framework to dictate business processes that can be automated by Portfolio Manager requires planning ahead of time.

选择COBIT框架来指示可以由Portfolio Manager自动化的业务流程需要提前计划。

One of the best ways of looking at each domain in a capsule is to consider a COBIT lifecycle of four domains, the domain lifecycle for short.

观察每个气泡中的领域的最好方法之一是考虑四个领域的 COBIT 生命周期，简称领域生命周期。

You need to define change control properties to find out where you are at when you custom a hybrid framework with COBIT as its major component.

您需要定义变更控制属性，以便在您将COBIT作为主要组件来定制混合框架时，找到您所在的位置。

Now, you may think (as I did) that if you apply the SOX COBIT rules, your system's locked down, with all the high-level security rules in place.

您可能会认为，如果应用了SOX COBIT规则，系统就会得到保护，所有高级安全规则都就位了，我以前也这么想。

The CobiT framework includes a maturity model that allows an organization to make judgments about how well it controls the CobiT canonical process set.

CobiT 框架中包含一个成熟模型，该模型允许组织判断，它能有多好地控制 CobiT 规范过程集。

Governance standards have been put forth in the past by organizations such as COBIT and ITIL, but now the Open Group has created a standard for SOA Governance.

一些组织(如cobit和ITIL)过去提出了治理标准，但现在Open Group已为soa治理建立了标准。

COBIT provides a set of generally accepted measures, processes, and best practices for maximizing the benefits of information technology and developing it Governance.

COBIT提供一套被普遍接受的度量、过程和最佳实践，用于尽可能发挥信息技术的作用和开发IT治理。

With regard to delivering IT service, there are subsequent, more detailed standards that come into play, such as TOGAF, ISO/IEC 20000, CMMI, COBIT and Six Sigma.

关于交付IT服务方面，有后续的更细节的标准可以遵循，比如TOGAF，ISO/IEC 20000，CMMI，COTIT以及Six Sigma。

CobiT is an IT governance framework and supporting toolset that allows managers to bridge the gaps between control requirements, technical issues, and business risks.

CobiT是一个IT治理框架及支持工具集，它令管理人员跨越了控制需求、技术问题，及业务风险之间的鸿沟。

In the COBIT framework, risk management requires understanding of compliance requirements, significant risks to the enterprise and risk management responsibilities.

在COBIT框架中，风险管理需要了解遵从法规的需求、对企业的重要风险，和风险管理职责。