Module 03 - Defining The Problem

1 COBIT® 5 Enabler 5

This lesson provides a detailed understanding of the fifth enabler of COBIT® 5 (read as KOBIT five). Let us explore the objectives of this lesson in the next screen.

2 Objectives

By the end of this lesson, you will be able to: • Explain enabler 5 of COBIT® 5 • Discuss the information quality categories • Describe the meta data information cycle • Define the information layers • Explain the contextual and representational quality of information requirements Let us move on to the next screen to discuss the fifth enabler of COBIT® 5.

3 Enabler 5—Information

The fifth enabler, ‘information’, is highlighted in the image on the screen. Information is currently considered as the lifeline of an enterprise, without which functioning will be next to impossible. Information is the enabler which assists enterprises in making decisions. It also helps in evaluating, directing, planning, building, running and monitoring of the organisation as a whole. Information has various characteristics or criteria that enable organisations to function effectively and efficiently to meet stakeholder needs. Let us look at the categories of information quality in the next screen.

4 Information Quality Categories

Information quality categories and dimensions are as follows: • Intrinsic quality: It is the extent to which data values are in conformance with the actual or true values. • Contextual and representational quality: It is the extent to which information is applicable to the task of the information user and is presented in an intelligible and clear manner, recognising that information quality depends on the context of use. • Security or accessibility quality: It is the extent to which information is available or obtainable. In the next screen, we will focus on information criteria.

5 Concept of Information Criteria

To satisfy business objectives, information needs to conform to certain control criteria, which COBIT refers to as business requirements for information. The concept of seven key information criteria was introduced in COBIT® 3rd edition in 2000 and played a key role in COBIT® 4.1. These were important in demonstrating how to meet business requirements. Based on broader quality, fiduciary and security requirements, seven distinct information criteria are defined. These are: • Effectiveness • Efficiency • Confidentiality • Integrity • Availability • Compliance • Reliability The IT Processes, Information Criteria and IT Resources constitute a cube, with Business requirements, IT Processes and IT resources constituting the faces. In the next screen, we will look at business requirements from COBIT® 4.1.

6 Business Requirements from COBIT® 4.1

Let us look at each information criterion and its corresponding business requirement: Effectiveness deals with information being relevant and pertinent to the business process as well as being delivered in a timely, correct, consistent, and usable manner. Efficiency is concerned with the provision of information through the optimal–most productive and economical–use of resources. Confidentiality is concerned with the protection of sensitive information from unauthorised disclosure. Integrity relates to the accuracy and completeness of information as well as its validity in accordance with business values and expectations. Availability relates to information being available, when required by the business process, at present and in the future, and the safeguarding of necessary resources and associated capabilities. Compliance deals with complying with those laws, regulations and contractual arrangements to which the business process is subject, that is, externally imposed business criteria as well as internal policies. Reliability relates to the provision of appropriate information for the management to operate the entity and to exercise its fiduciary and governance responsibilities. Let us look at the COBIT® 5 equivalent in the next screen.

7 COBIT® 5 Equivalent

Let us look at the information criteria defined as part of COBIT® 4.1 business requirements and their equivalent in COBIT® 5. Information is effective if it meets the needs of the information consumer who uses the information for a specific task. If the consumer can perform the task with the information, then it is effective. This corresponds to the information goals including the appropriate amount, relevance, understandability, interpretability and objectivity of the information. Efficiency relates to the process of obtaining and using information and therefore aligns to the ‘information as a service’ view. If information meeting consumer needs is obtained and used easily, that is with minimum physical effort, cognitive effort, time, money, the use of information is said to be efficient. This corresponds to the information quality goals of believability, accessibility, ease of operation and reputation. If information has integrity, it is free of error and complete. It corresponds to the information quality goals of completeness and accuracy. Information is said to be reliable if it is regarded as true and credible. Reliability is more subjective than integrity, more related to perception, and not just factual. It corresponds to the information quality goals of believability, reputation and objectivity. Availability is one of the information quality goals under the accessibility and security heading. Confidentiality corresponds to the restricted access information quality goal. Compliance, in the sense that information must conform to specifications, is covered by any of the information quality goals, depending on the requirements. Compliance to regulations is most often a goal or requirement of the use of the information, and not an inherent quality of information. We will look at the metadata information cycle in the following screen.

8 Meta Data Information Cycle

The image on the screen shows the flow of information as part of the meta data information cycle. In this cycle, business process or IT process generates, processes and produces data. This data is then transformed to useful, relevant information. Information is then transformed to useful knowledge for future use and reference. Knowledge in turn creates value. This value drives the business process or IT process. This continues in a cycle as the business process or IT process generates and processes new data based on the value already provided to it. This in turn creates more value eventually, thus leading to continual improvement of the business or IT process. Let us look at the different information attributes in the next screen.

9 Information Attributes

The various information attributes are as follows: Code or language identifies the information access channel, for example, user interfaces, and the rules for combining symbols of the language to form syntactic structures. Information type identifies the kind of information, such as, financial information or marketing information. Information currency identifies the time horizon referred by information. Information level identifies the degree of detail of the information such as sales per year. Retention period identifies how long information can be retained before it is destroyed. Information status identifies whether the information is operational or historical. Novelty identifies whether the information creates new knowledge or confirms existing knowledge that is, information versus confirmation. Let us focus on information layers in the next screen.

10 Information Layers

Information attributes are applied to various layers defined as follows: Physical World Layer is the world where all phenomena that can be empirically observed take place. Empirical Layer refers to the empirical observation of the signs used to encode information and their distinction from each other. Syntactical Layer refers to the rules and principles for constructing sentences in natural or artificial languages. Syntax refers to the form of information. Semantic Layer includes the rules and principles for constructing meaning out of the syntax structures. Pragmatic Layer refers to the rules and structures for constructing larger language structures that fulfil specific purposes in human communication. Pragmatics refers to the use of information. Social World Layer is the world that is socially constructed through the use of language structures at the pragmatic level of semiotics, such as, contracts, laws and culture. Let us proceed to the next screen to focus on the uses of the Information Model.

11 Uses of the Information Model

The Information Model or IM (read as I-M) is used for: information specifications; determining the required protection; and determining the easy usage of data. In the next few screens, we shall explore the uses mentioned here. Let us focus on the information specifications related to the Information Model in the next screen.

12 Information Model—Information Specifications

When developing a new application, the IM can be used to assist with the specifications of the application and the associated information or data models. The information attributes of the IM can be used to define specifications for the application and the business processes which will use the information. For example, the design and specifications of the new system need to specify the following: Physical layer, that is, where information will be stored. For example, information may be stored in a shared drive or it can be stored in physical media such as a CD, DVD or Hard Disk Drive or in a virtual media like in a cloud drive or location. Empirical Layer or how the information can be accessed, for instance, information may be accessed from a location on the Internet, or it may be accessed locally on a system Hard Disk drive or USB Pen drive. It may also be accessed by requesting custodians by email or chat. Syntactical Layer or how the information will be structured and coded. For example, the information may be stored in editable formats such as MS Word, PowerPoint, Excel, rich text formats or it can be stored in non-editable formats such as a PDF or Portable Document Format. It may also be stored in encrypted formats that are secured and made accessible only to authorised users of the information. Semantic layer, that is, what sort of information it is and what is the information level. For instance, the information may be classified as confidential such as client information, a unique product or service composition and procedures, salary details of employees and others. There is also information that can be made public such as services offered by the enterprise through websites, information for shareholders, to name a few. The information level depends on the amount of it to be provided when required. Pragmatic layer or what are retention requirements, and what other information is required for this information to be useful and usable. For example, information is required to be stored securely by financial services companies for ‘x’ years and should be retrievable whenever asked up to 6 years, after which it should be disposed of securely, without leaving any traces. The stakeholder dimension combined with the information lifecycle is used to define who will need what type of access to the data during which phase of the information lifecycle. Additionally, when the application is tested, testers can look at the information quality criteria to develop a comprehensive set of test cases. In the next screen, we will focus on how the IM is used to determine the level of protection.

13 Information Model—Determine Required Protection

Security groups within the enterprise can benefit from the attributes dimension of the IM. When charged with protection of information, they need to look at the following: • Physical layer, that is, how and where information is physically stored • Empirical layer or what are the access channels to the information • Semantic layer, or what type of information it is and whether the information is current or relating to the past or future • Pragmatic layer, that is, what are retention requirements and whether the information historic or operational Using these attributes will allow the user to determine the level of protection and the protection mechanisms required. Looking at another dimension of the IM, security professionals can also consider the information lifecycle stages, because information needs to be protected during all phases of the lifecycle. The IM ensures that information is protected during the full lifecycle. In the next screen, we will discuss how the IM is used to determine easy usage of data.

14 Information Model—Determine Easy Usage

When performing a review of a business process or an application, the IM can be used to assist with a general review of the information delivered by the process, and of the underlying information systems. Quality criteria can be used to assess the extent to which information is available—whether the information is complete, available on a timely basis, factually correct, relevant, and available in the appropriate amount. Accessibility criteria are also considered—whether the information is accessible when required and adequately protected. The review can be even further extended to include representation criteria, for example, the ease with which the information can be understood, interpreted, used and manipulated. A review that uses the information quality criteria of the IM provides an enterprise with a comprehensive and complete view on the current information quality within a business process. In the next screen, we will understand the contextual and representational quality of information.

15 Contextual and Representational Quality of Information

The contextual and representational quality of information requirements to the user includes the following: Relevancy is the extent to which information is applicable and helpful for the task at hand. Completeness refers to the extent to which information is not missing and is of sufficient depth and breath for the task at hand. Appropriateness is the extent to which the volume of information is appropriate for the task at hand. Conciseness refers to the extent to which the information is compactly represented. Consistency is the extent to which the information is presented in the same format. Understandability is the extent to which the information is easily understandable. Ease of manipulation refers to the extent to which information is easy to manipulate and apply to different tasks.

16 Summary

Let us summarise what we have learnt in this lesson: ? The information enabler assists organisations to make decisions. The different characteristics of information determine how effectively an organisation meets their stakeholders’ needs. ? Information quality categories include intrinsic quality, contextual and representational quality and security or accessibility quality. ? In the meta data information cycle, business process or IT process generates, processes and produces data which is transformed to useful, relevant information. ? The information layers are Physical World Layer, Empirical Layer, Syntactical Layer, Semantic Layer, Pragmatic Layer and Social World Layer. ? The contextual and representational quality of information requirements to the user includes relevancy, completeness, appropriateness, conciseness, consistency, understandability and ease of manipulation. Next, we will focus on the sixth and seventh enablers of COBIT 5.

  • Disclaimer
  • PMP, PMI, PMBOK, CAPM, PgMP, PfMP, ACP, PBA, RMP, SP, and OPM3 are registered marks of the Project Management Institute, Inc.

Request more information

For individuals
For business
Phone Number*
Your Message (Optional)
We are looking into your query.
Our consultants will get in touch with you soon.

A Simplilearn representative will get back to you in one business day.

First Name*
Last Name*
Phone Number*
Job Title*