Module 03 - Defining The Problem

COBIT® 5 Enabler 5

This lesson provides a detailed understanding of the fifth enabler of COBIT® 5. The lesson is a part of COBIT® 5 Foundation Certification CourseLet us explore the objectives of this lesson.

Objectives

By the end of COBIT 5 Enabler 5 lesson, you will be able to:

  • Explain enabler 5 of COBIT® 5
  • Discuss the information quality categories
  • Describe the metadata information cycle
  • Define the information layers
  • Explain the contextual and representational quality of information requirements

Let us move on to the next section to discuss the fifth enabler of COBIT® 5.

Enabler 5—Information

The fifth enabler is ‘information.’
Enabler 5
Information is currently considered as the lifeline of an enterprise, without which functioning will be next to impossible. Information is the enabler which assists enterprises in making decisions. It also helps in:

  • evaluating,

  • directing,

  • planning,

  • building,

  • running and

  • monitoring of the organization as a whole.

Information has various characteristics or criteria that enable organizations to function effectively and efficiently to meet stakeholder needs.

Let us look at the categories of information quality in the next section.
 

Preparing for a career in COBIT® 5? Take this test to know where you stand!

Information Quality Categories

Information quality categories and dimensions are as follows:

  • Intrinsic quality: It is the extent to which data values are in conformance with the actual or true values.

  • Contextual and representational quality: It is the extent to which information is applicable to the task of the information user and is presented in an intelligible and clear manner, recognizing that information quality depends on the context of use.

  • Security or accessibility quality: It is the extent to which information is available or obtainable. In the next section, we will focus on information criteria.

The Concept of Information Criteria

To satisfy business objectives, information needs to conform to certain control criteria, which COBIT refers to as business requirements for information. The concept of seven key information criteria was introduced in COBIT® 3rd edition in 2000 and played a key role in COBIT® 4.1. These were important in demonstrating how to meet business requirements.

Based on broader quality, fiduciary and security requirements, seven distinct information criteria are defined. These are:

  • Effectiveness

  • Efficiency

  • Confidentiality

  • Integrity

  • Availability

  • Compliance

  • Reliability

The IT Processes, Information Criteria and IT Resources constitute a cube, with Business requirements, IT Processes and IT resources constituting the faces.

In the next section, we will look at business requirements from COBIT® 4.1.

Business Requirements from COBIT® 4.1

The business requirements from COBIT® 4.1 are given below:

Criteria

Business Requirement

Effectiveness

Deals with information being relevant and pertinent to the business process as well as being delivered in a timely, correct, consistent, and usable manner

Efficiency

Concerns the provision of information through the optimal–most productive and economical–use of resources

Confidentiality

Concerns the protection of sensitive information from unauthorized disclosure

Integrity

Relates to the accuracy and completeness of information as well as its validity in accordance with business values and expectations

Availability

Relates to information being available, when required by the business process, at present and in the future, and the safeguarding of necessary resources and associated capabilities

Compliance

Deals with complying with those laws, regulations and contractual arrangements to which the business process is subject, that is, externally imposed business criteria as well as internal policies

Reliability

Relates to the provision of appropriate information for the management to operate the entity and to exercise its fiduciary and governance responsibilities

Let us look at the COBIT® 5 equivalent in the next section.

COBIT® 5 Equivalent

Let us look at the information criteria defined as part of COBIT® 4.1 business requirements and their equivalent in COBIT® 5:

COBIT®4.1 information criteria

COBIT®5 equivalent

Effectiveness

Information is effective if it meets the needs of the information consumer who uses the information for a specific task. If the consumer can perform the task with the information, then it is effective. This corresponds to the information goals including the appropriate amount, relevance, understandability, interpretability, and objectivity

Efficiency

Efficiency relates to the process of obtaining and using information and therefore aligns with the ‘information as a service’ view. If information meeting consumer needs is obtained and used easily, that is with minimum physical effort, cognitive effort, time, money, the use of information is said to be efficient. This corresponds to the information quality goals of believability, accessibility, ease of operation and reputation.

Integrity

If information has integrity, it is free of error and complete. It corresponds to the information quality goals of completeness and accuracy.

Reliability

Information is said to be reliable if it is regarded as true and credible. Reliability is more subjective than integrity, more related to perception, and not just factual. It corresponds to the information quality goals of believability, reputation, and objectivity.

Availability

Availability is one of the information quality goals under the accessibility and security heading.

Confidentiality

Confidentiality corresponds to the restricted access information quality goal.

Compliance

Compliance, in the sense that information must conform to specifications, is covered by any of the information quality goals, depending on the requirements. Compliance with regulations is most often a goal or requirement of the use of the information and not an inherent quality of information.

We will look at the metadata information cycle in the following section.

Metadata Information Cycle

The image below shows the flow of information as part of the metadata information cycle.
Meta data Information Cycle

In this cycle:

  • The business process or IT process generates, processes and produces data.

  • This data is then transformed into useful, relevant information.

  • Information is then transformed into useful knowledge for future use and reference.

  • Knowledge, in turn, creates value.

  • This value drives the business process or IT process.

  • This continues in a cycle as the business process, or IT process generates and processes new data based on the value already provided to it.

  • This, in turn, creates more value eventually, thus leading to continual improvement of the business or IT process.

Let us look at the different information attributes in the next section.

Information Attributes

The various information attributes are as follows:

  • Code or language: It identifies the information access channel, for example, user interfaces, and the rules for combining symbols of the language to form syntactic structures.

  • Information type: It identifies the kind of information, such as financial information or marketing information.

  • Information currency: It identifies the time horizon referred by information.

  • Information level: It identifies the degree of detail of the information such as sales per year.

  • Retention period: It identifies how long information can be retained before it is destroyed.

  • Information status: It identifies whether the information is operational or historical.

  • Novelty: It identifies whether the information creates new knowledge or confirms existing knowledge that is, information versus confirmation.

Let us focus on information layers in the next section.

Information Layers

Information attributes are applied to various layers defined as follows:

  • Physical World Layer: The layer where all phenomena that can be empirically observed take place.

  • Empirical Layer: The empirical observation of the signs used to encode information and their distinction from each other.

  • Syntactical Layer: The rules and principles for constructing sentences in natural or artificial languages. Syntax refers to the form of information.

  • Semantic Layer: The rules and principles for constructing meaning out of the syntax structures.

  • Pragmatic Layer: The rules and structures for constructing larger language structures that fulfill specific purposes in human communication. Pragmatics refers to the use of information.

  • Social World Layer: The world that is socially constructed through the use of language structures at the pragmatic level of semiotics, such as, contracts, laws, and culture.

Let us proceed to the next section to focus on the uses of the Information Model.

Uses of the Information Model

The Information Model or IM is used for:

  • information specifications;

  • determining the required protection; and

  • determining the easy usage of data.

In the next few sections, we shall explore the uses mentioned here.

Let us focus on the information specifications related to the Information Model in the next section.

Interested in taking a look at COBIT® 5 Course? Click to watch our Course Preview!

Information Model—Information Specifications

When developing a new application, the IM can be used to assist with the specifications of the application and the associated information or data models. The information attributes of the IM can be used to define specifications for the application and the business processes which will use the information.

For example, the design and specifications of the new system need to specify the following:

  • Physical layer - Where will the information be stored?

​​Information may be stored on a shared drive, or it can be stored in physical media such as a CD, DVD or Hard Disk Drive or in a virtual media like in a cloud drive or location.

  • Empirical layer - How can the information be accessed?

​Information may be accessed from a location on the Internet, or it may be accessed locally on a system Hard Disk drive or USB Pen drive. It may also be accessed by requesting custodians by email or chat.

  • Syntactical Layer - How will the information be structured and coded?

The information may be stored in editable formats such as MS Word, PowerPoint, Excel, rich text formats or it can be stored in non-editable formats such as a PDF or Portable Document Format. It may also be stored in encrypted formats that are secured and made accessible only to authorized users of the information.

  • Semantic layer - What sort of information it is and what the information level is?​​

The information may be classified as confidential such as client information, a unique product or service composition and procedures, salary details of employees and others. There is also information that can be made public such as services offered by the enterprise through websites, information for shareholders, to name a few. The information level depends on the amount of it to be provided when required. 

  • Pragmatic layer - What are retention and other information requirements?

Information is required to be stored securely by financial services companies for ‘x’ years and should be retrievable whenever asked up to 6 years, after which it should be disposed of securely, without leaving any traces.

The stakeholder dimension combined with the information lifecycle is used to define who will need what type of access to the data during which phase of the information lifecycle.
Additionally, when the application is tested, testers can look at the information quality criteria to develop a comprehensive set of test cases.
In the next section, we will focus on how the IM is used to determine the level of protection.

Information Model—Determine Required Protection

Security groups within the enterprise can benefit from the attributes dimension of the IM. When charged with the protection of information, they need to look at the following:

  • Physical layer - How and where information is physically stored?

  • Empirical layer - What are the access channels to the information?

  • Semantic layer - What type of information it is and whether the information is current or relating to the past or future?

  • Pragmatic layer - What are retention requirements and whether the information historical or operational? 

Using these attributes will allow the user to determine the level of protection and the protection mechanisms required. Looking at another dimension of the IM, security professionals can also consider the information lifecycle stages, because information needs to be protected during all phases of the lifecycle. The IM ensures that information is protected during the full lifecycle.

In the next section, we will discuss how the IM is used to determine the easy usage of data.

Information Model—Determine Easy Usage

When performing a review of a business process or an application:

  • The IM can be used to assist with a general review of the information delivered by the process, and of the underlying information systems.

  • Quality criteria can be used to assess the extent to which information is available—whether the information is complete, available on a timely basis, factually correct, relevant, and available in the appropriate amount.

  • Accessibility criteria are also considered—whether the information is accessible when required and adequately protected.

  • Representation criteria can also be included, for example, the ease with which the information can be understood, interpreted, used and manipulated.

A review that uses the information quality criteria of the IM provides an enterprise with a comprehensive and complete view of the current information quality within a business process.

In the next section, we will understand the contextual and representational quality of information.

What are you waiting for? Interested in taking up a COBIT® 5 Course? Check out our Course Preview!

Contextual and Representational Quality of Information

The contextual and representational quality of information requirements to the user includes the following:

  • Relevancy: It is the extent to which information is applicable and helpful for the task at hand.

  • Completeness: It refers to the extent to which information is not missing and is of sufficient depth and breath for the task at hand.

  • Appropriateness: It is the extent to which the volume of information is appropriate for the task at hand.

  • Conciseness: It refers to the extent to which the information is compactly represented.

  • Consistency: It is the extent to which the information is presented in the same format.

  • Understandability: It is the extent to which the information is easily understandable.

  • Ease of manipulation: It refers to the extent to which information is easy to manipulate and apply to different tasks.

Summary

Let us summarise what we have learned in this lesson:

  • The information enabler assists organizations to make decisions. The different characteristics of information determine how effectively an organization meets their stakeholders’ needs.

  • Information quality categories include intrinsic quality, contextual and representational quality and security or accessibility quality.

  • In the metadata information cycle, business process or IT process generates, processes and produces data which is transformed into useful, relevant information.

  • The information layers are Physical World Layer, Empirical Layer, Syntactical Layer, Semantic Layer, Pragmatic Layer and Social World Layer.

The contextual and representational quality of information requirements to the user includes relevancy, completeness, appropriateness, conciseness, consistency, understandability and ease of manipulation.

The next lesson talks about COBIT 5 Enabler 6 and 7.

  • Disclaimer
  • PMP, PMI, PMBOK, CAPM, PgMP, PfMP, ACP, PBA, RMP, SP, and OPM3 are registered marks of the Project Management Institute, Inc.

Request more information

For individuals
For business
Name*
Email*
Phone Number*
Your Message (Optional)
We are looking into your query.
Our consultants will get in touch with you soon.

A Simplilearn representative will get back to you in one business day.

First Name*
Last Name*
Email*
Phone Number*
Company*
Job Title*