Section 5.11.  Frequently Asked Questions

5.11. Frequently Asked Questions The following Frequently Asked Questions, answered by the authors of this book, are designed to both measure your understanding of the concepts presented in this chapter and to assist you with real-life implementation of these concepts. To have your questions about this chapter answered by the author, browse to www.syngress.com/solutions and click on the "Ask the Author" form. You will also gain access to thousands of other FAQs at ITFAQnet.com. Q: Can I really customize COBIT? A: Yes. However, prior to formalizing any processes or documentation based on your customizations, you will want to run it by your auditor. Q: Can the customization really be that simple? A: Yes, as long as you allow your environment to drive the process. However, keep in mind that you will need to justify your decisions. Q: Can I use the example forms? A: Yes, you can use any example forms, but you should format them to work best in your environment. These examples were developed to cover many of the items in the Planning and Organization domain. Q: Is there a particular type of environment in which COBIT works better? A: No. The COBIT guidelines are platform and environment agnostic. Q: If COBIT is so cumbersome, why should I use it? A: Because the guidelines are sound. However, we should apply another quality principle when looking at COBIT guidelines: the 80/20 rule. Q: Can I use my exiting policies? A: Yes, but you may have to make some slight modifications. The main thing to remember is that they need to be documented and support a control. By using a tool such as Wiki, the collaborative effort between you and your auditors becomes much easier to manage and track. Q: I am interested in learning more about Wiki collaboration in general; where can I get more information? A: Wiki is fast becoming an important collaboration tool, and we have applied it to some very specific functions. There are many Wikis in the open source world (in fact, a freshmeat.net search yielded 118 projects!). Here are a few of the most popular: WikkiTikkiTavi, what eGroupware is based onhttp://tavi.sourceforge.net/. Twiki, a full-blown collaboration serverhttp://twiki.org/. Tiki CMS/Groupware, an interesting content management system Wikihttp://tikiwiki.org/. PhpWiki, WikiWikiWeb clone written in PHPhttp://phpwiki.sourceforge.net/.