⭞⍷ぁ
Personal Copy of: Jiang Lin
2
φ⭞⍷ぁ
ISACA
®
ള䱻ؗᚥ㌱㔕ᇗ䇗অՐ
ള䱻ؗᚥ㌱㔕ᇗ䇗অՐδISACA
®
θ㖇൶φwww.isaca.orgᱥޞ⨹ޢ䇚ᨆבؗᚥ㌱㔕δISε䢪䇷ᆿޞȽԷѐ IT
⋱⨼ф㇗⨼θԛ IT ީ伄䲟ф㿺ᙝҁ⸛䇼Ƚ䇚䇷Ƚ⽴㗚Ƚٗሲфᮏ㛨䇣㓹Ⲻ亼ሲ㓺㓽θՐ䚃ᐹ䙴 180
Ѡളᇬθᙱᮦ䎻䗽 100,000 ӰȾISACA
®
ᡆӄ 1969 ᒪθᱥжѠ䶔⳾ᙝⲺ⤢㓺㓽Ⱦ䲚Ҽѱࣔള䱻Ր䇤θ
࠰⡾Ʌള䱻ؗᚥ㌱㔕ᇗ䇗ᵕࡀɆISACA
®
Journalεθᒬᇐള䱻ޢ䇚Ⲻ IS ᇗ䇗фḽθԛঅࣟެᡆ㕊
䙖жѠؗ䎌䶖θՎٲⲺؗᚥ㌱㔕Ⱦᆹ䘎䙐䗽ޞ⨹㪍Ⲻ⌞߂ؗᚥ㌱㔕ᇗ䇗ᐾδCertified Information Systems
Auditor
®
, CISA
®
εȽ⌞߂ؗᚥᆿޞ㔅⨼δCertified Information Security Manager
®
, CISM
®
εȽԷѐؗᚥ〇ᢶ⋱⨼
䇚䇷δCertified in the Governance of Enterprise IT
®
, CGEIT
®
ε伄䲟ؗᚥ㌱㔕ⴇ䇚䇷δCertified in Risk and
Information Systems Control™, CRISC™εᶛᨆૂ䇷᱄ؗᚥᢶᵥᢶ㜳ф⸛䇼ȾISACA ൞ COBIT
®
ṼⲺะ
руᯣᴪ᯦ૂᢟཝᇔ⭞ૂӝ㌱ࡍȾCOBITঅࣟ䍺䇥〇ᢶщᢃԷѐ亼㻌ኛ㺂൞ IT ⋱⨼ૂ㇗⨼ᯯ䶘Ⲻ㚂
䍙θ⢯࡛ᱥ൞ؗᚥ㌱㔕䢪䇷ȽᆿޞȽ伄䲟фㅿ㤹⮪θֵѐࣗԭٲᗍԛᨆȾ
Quality Statement 䍞䠅༦᱄φ
This Work is translated into Chinese Simplified from English language version of COBIT
®
5 : Enabling Processes by the
ISACA
®
China/Hong Kong Chapter with the permission of ISACA
®
. The ISACA
®
China/Hong Kong Chapter assumes
sole responsibility for the accuracy and faithfulness of the translation.
ɅCOBIT
®
5φ⭞⍷ぁɆδᵢ㪍֒ε㔅ള䱻ؗᚥ㌱㔕ᇗ䇗অՐδISACA
®
ε䇮θISACA
®
ѣള俏⑥࠼Րṯᦤ
ެ㤧ᮽ⡾㘱䈇ᡆㆶ։ѣᮽθISACA
®
ѣള俏⑥࠼Րሯ㘱䈇ᮽᵢⲺ⺤ᙝૂᘖᇔᙝᢵж䍙ԱȾ
Copyright ⡾ᵹ
© 2012 ISACA. All rights reserved. For usage guidelines, see www.isaca.org/COBITuse.
© 2012 ISACA ⡾ᵹᡶᴿȾᴿީֵ⭞ᕋθ৸㿷 www.isaca.org/COBITuseȾ
Disclaimer ރ䍙༦᱄
ISACA has designed this publication, COBIT
®
5: Enabling Processes (the ‘Work’), primarily as an educational resource
for governance of enterprise IT (GEIT), assurance, risk and security professionals. ISACA makes no claim that use of
any of the Work will assure a successful outcome. The Work should not be considered inclusive of all proper information,
procedures and tests or exclusive of other information, procedures and tests that are reasonably directed to obtaining
the same results. In determining the propriety of any specific information, procedure or test, readers should apply their
own professional judgement to the specific GEIT, assurance, risk and security circumstances presented by the particular
systems or information technology environment.
ള䱻ؗᚥ㌱㔕ᇗ䇗অՐδISACA
®
εࡑᔰⲺɅCOBIT
®
5φ⭞⍷ぁɆδ㪍֒εѱ㾷֒ѰԷѐ IT ⋱⨼δGEITεȽ
䢪䇷Ƚ伄䲟ᆿޞщѐӰⲺᮏ㛨䍺ⓆȾള䱻ؗᚥ㌱㔕ᇗ䇗অՐδISACA
®
εуᢵ䈰ֵ⭞䈛㪍֒ᇯ㜳⺤ؓᗍ
ᡆȾ䈛㪍֒ᒬ䶔ഀᤢᡶᴿ䘸⭞ⲺؗᚥȽ⍷ぁૂ⎁䈋θуᧈ䲚൞ެᆹؗᚥȽ⍷ぁᡌ⎁䈋Ⲻ⨼ሲс㧭ᗍṭ
㔉Ⲻ㜳Ⱦ䈱㘻ᓊ䈛ṯᦤޭ։Ⲻ㌱㔕ૂؗᚥᢶᵥ⧥ູᡶ։⧦ⲺԷѐ IT ⋱⨼Ƚ䢪䇷Ƚ伄䲟фᆿޞ⣬߫θ䙐䗽㠠
䓡Ⲻщѐ࡚ᯣᶛߩᇐ䟽⭞䘸ᖉⲺؗᚥȽ⍷ぁᡌ⎁䈋Ⱦ
ISACA
3701 Algonquin Road, Suite 1010
Rolling Meadows, IL 60008 USA
⭫䈓φ +1.847.253.1545
Ֆⵕφ +1.847.253.1443
⭫ᆆ䛤φ info@isaca.org
㖇൶φ www.isaca.org
侾φwww.isaca.org/cobit
৸ֵࣖ⭞ ISACA ⸛䇼ᙱ≽φ www.isaca.org/knowledge-center
൞ Twitter рީ⌞ ISACAφ https://twitter.com/ISACANews
൞ Twitter ѣࣖޛ COBIT 㚀ཟ㓺φ #COBIT
൞ LinkedIn ࣖޛ ISACAφISACAᇎᯯ http://linkd.in/ISACAOfficial
൞ Facebook р⅘ ISACAφ www.facebook.com/ISACAHQ
ɅCOBIT
®
5φ⭞⍷ぁɆ
ISBN 978-1-60420-279-3
㗄ඐՍളদ
Personal Copy of: Jiang Lin
3
呙䉘
呙䉘
ISACA ᑂᵑ㺞ᖦφ
COBIT 5ᐛ֒㓺δ2009–2011ε
John W. Lainhart, IV, CISA, CISM, CGEIT, IBM Global Business Services, USA, Co-chair
Derek J. Oliver, Ph.D., DBA, CISA, CISM, CRISC, CITP, FBCS, FISM, MInstISP,
Ravenswood Consultants Ltd., UK, Co-chair
Pippa G. Andrews, CISA, ACA, CIA, KPMG, Australia
Elisabeth Judit Antonsson, CISM, Nordea Bank, Sweden
Steven A. Babb, CGEIT, CRISC, Betfair, UK
Steven De Haes, Ph.D., University of Antwerp Management School, Belgium
Peter Harrison, CGEIT, FCPA, IBM Australia Ltd., Australia
Jimmy Heschl, CISA, CISM, CGEIT, ITIL Expert, bwin.party digital entertainment plc, Austria
Robert D. Johnson, CISA, CISM, CGEIT, CRISC, CISSP, Bank of America, USA
Erik H.J.M. Pols, CISA, CISM, Shell International-ITCI, The Netherlands
Vernon Richard Poole, CISM, CGEIT, Sapphire, UK
Abdul Rafeq, CISA, CGEIT, CIA, FCA, A. Rafeq and Associates, India
ᔶഘ䱕
Floris Ampe, CISA, CGEIT, CIA, ISO 27000, PwC, Belgium
Gert du Preez, CGEIT, PwC, Canada
Stefanie Grijp, PwC, Belgium
Gary Hardy, CGEIT, IT Winners, South Africa
Bart Peeters, PwC, Belgium
Dirk Steuperaert, CISA, CGEIT, CRISC, IT In Balance BVBA, Belgium
⹊䇞৸фӰ
Gary Baker, CGEIT, CA, Canada
Brian Barnier, CGEIT, CRISC, ValueBridge Advisors, USA
Johannes Hendrik Botha, MBCS-CITP, FSM, getITright Skills Development, South Africa
Ken Buechler, CGEIT, CRISC, PMP, Great-West Life, Canada
Don Caniglia, CISA, CISM, CGEIT, FLMI, USA
Mark Chaplin, UK
Roger Debreceny, Ph.D., CGEIT, FCPA, University of Hawaii at Manoa, USA
Mike Donahue, CISA, CISM, CGEIT, CFE, CGFM, CICA, Towson University, USA
Urs Fischer, CISA, CRISC, CPA (Swiss), Fischer IT GRC Consulting & Training, Switzerland
Bob Frelinger, CISA, CGEIT, Oracle Corporation, USA
James Golden, CISM, CGEIT, CRISC, CISSP, IBM, USA
Meenu Gupta, CISA, CISM, CBP, CIPP, CISSP, Mittal Technologies, USA
Gary Langham, CISA, CISM, CGEIT, CISSP, CPFA, Australia
Nicole Lanza, CGEIT, IBM, USA
Philip Le Grand, PRINCE2, Ideagen Plc, UK
Debra Mallette, CISA, CGEIT, CSSBB, Kaiser Permanente IT, USA
Stuart MacGregor, Real IRM Solutions (Pty) Ltd., South Africa
Christian Nissen, CISM, CGEIT, FSM, CFN People, Denmark
Jamie Pasfield, ITIL V3, MSP, PRINCE2, Pfizer, UK
Eddy J. Schuermans, CGEIT, ESRAS bvba, Belgium
Michael Semrau, RWE Germany, Germany
Max Shanahan, CISA, CGEIT, FCPA, Max Shanahan & Associates, Australia
Alan Simmonds, TOGAF9, TCSA, PreterLex, UK
Cathie Skoog, CISM, CGEIT, CRISC, IBM, USA
Dejan Slokar, CISA, CGEIT, CISSP, Deloitte & Touche LLP, Canada
Roger Southgate, CISA, CISM, UK
Nicky Tiesenga, CISA, CISM, CGEIT, CRISC, IBM, USA
Wim Van Grembergen, Ph.D., University of Antwerp Management School, Belgium
Greet Volders, CGEIT, Voquals N.V., Belgium
Christopher Wilken, CISA, CGEIT, PwC, USA
Tim M. Wright, CISA, CRISC, CBCI, GSEC, QSA, Kingston Smith Consulting LLP, UK
Personal Copy of: Jiang Lin
4
φ⭞⍷ぁ
呙䉘
δ㔣ε
щᇬᇗṮӰ
Mark Adler, CISA, CISM, CGEIT, CRISC, Commercial Metals Company, USA
Wole Akpose, Ph.D., CGEIT, CISSP, Morgan State University, USA
Krzysztof Baczkiewicz, CSAM, CSOX, Eracent, Poland
Roland Bah, CISA, MTN Cameroon, Cameroon
Dave Barnett, CISSP, CSSLP, USA
Max Blecher, CGEIT, Virtual Alliance, South Africa
Ricardo Bria, CISA, CGEIT, CRISC, Meycor GRC, Argentina
Dirk Bruyndonckx, CISA, CISM, CGEIT, CRISC, MCA, KPMG Advisory, Belgium
Donna Cardall, UK
Debra Chiplin, Investors Group, Canada
Sara Cosentino, CA, Great-West Life, Canada
Kamal N. Dave, CISA, CISM, CGEIT, Hewlett Packard, USA
Philip de Picker, CISA, MCA, National Bank of Belgium, Belgium
Abe Deleon, CISA, IBM, USA
Stephen Doyle, CISA, CGEIT, Department of Human Services, Australia
Heidi L. Erchinger, CISA, CRISC, CISSP, System Security Solutions, Inc., USA
Rafael Fabius, CISA, CRISC, Uruguay
Urs Fischer, CISA, CRISC, CPA (Swiss), Fischer IT GRC Consulting & Training, Switzerland
Bob Frelinger, CISA, CGEIT, Oracle Corporation, USA
Yalcin Gerek, CISA, CGEIT, CRISC, ITIL Expert, ITIL V3 Trainer, PRINCE2, ISO/IEC 20000 Consultant, Turkey
Edson Gin, CISA, CISM, CFE, CIPP, SSCP, USA
James Golden, CISM, CGEIT, CRISC, CISSP, IBM, USA
Marcelo Hector Gonzalez, CISA, CRISC, Banco Central Republic Argentina, Argentina
Erik Guldentops, University of Antwerp Management School, Belgium
Meenu Gupta, CISA, CISM, CBP, CIPP, CISSP, Mittal Technologies, USA
Angelica Haverblad, CGEIT, CRISC, ITIL, Verizon Business, Sweden
Kim Haverblad, CISM, CRISC, PCI QSA, Verizon Business, Sweden
J. Winston Hayden, CISA, CISM, CGEIT, CRISC, South Africa
Eduardo Hernandez, ITIL V3, HEME Consultores, Mexico
Jorge Hidalgo, CISA, CISM, CGEIT, ATC, Lic. Sistemas, Argentina
Michelle Hoben, Media 24, South Africa
Linda Horosko, Great-West Life, Canada
Mike Hughes, CISA, CGEIT, CRISC, 123 Consultants, UK
Grant Irvine, Great-West Life, Canada
Monica Jain, CGEIT, CSQA, CSSBB, Southern California Edison, USA
John E. Jasinski, CISA, CGEIT, SSBB, ITIL Expert, USA
Masatoshi Kajimoto, CISA, CRISC, Japan
Joanna Karczewska, CISA, Poland
Kamal Khan, CISA, CISSP, CITP, Saudi Aramco, Saudi Arabia
Eddy Khoo S. K., Prudential Services Asia, Malaysia
Marty King, CISA, CGEIT, CPA, Blue Cross Blue Shield NC, USA
Alan S. Koch, ITIL Expert, PMP, ASK Process Inc., USA
Gary Langham, CISA, CISM, CGEIT, CISSP, CPFA, Australia
Jason D. Lannen, CISA, CISM, TurnKey IT Solutions, LLC, USA
Nicole Lanza, CGEIT, IBM, USA
Philip Le Grand, PRINCE2, Ideagen Plc, UK
Kenny Lee, CISA, CISM, CISSP, Bank of America, USA
Brian Lind, CISA, CISM, CRISC, Topdanmark Forsikring A/S, Denmark
Bjarne Lonberg, CISSP, ITIL, A.P. Moller - Maersk, Denmark
Stuart MacGregor, Real IRM Solutions (Pty) Ltd., South Africa
Debra Mallette, CISA, CGEIT, CSSBB, Kaiser Permanente IT, USA
Charles Mansour, CISA, Charles Mansour Audit & Risk Service, UK
Cindy Marcello, CISA, CPA, FLMI, Great-West Life & Annuity, USA
Nancy McCuaig, CISSP, Great-West Life, Canada
John A. Mitchell, Ph.D., CISA, CGEIT, CEng, CFE, CITP, FBCS, FCIIA, QiCA, LHS Business Control, UK
Makoto Miyazaki, CISA, CPA, Bank of Tokyo-Mitsubishi, UFJ Ltd., Japan
Personal Copy of: Jiang Lin
5
呙䉘
呙䉘
δ㔣ε
щᇬᇗṮӰ
δ㔣ε
Lucio Augusto Molina Focazzio, CISA, CISM, CRISC, ITIL, Independent Consultant, Colombia
Christian Nissen, CISM, CGEIT, FSM, ITIL Expert, CFN People, Denmark
Tony Noblett, CISA, CISM, CGEIT, CISSP, USA
Ernest Pages, CISA, CGEIT, MCSE, ITIL, Sciens Consulting LLC, USA
Jamie Pasfield, ITIL V3, MSP, PRINCE2, Pfizer, UK
Tom Patterson, CISA, CGEIT, CRISC, CPA, IBM, USA
Robert Payne, CGEIT, MBL, MCSSA, PrM, Lode Star Strategy Consulting, South Africa
Andy Piper, CISA, CISM, CRISC, PRINCE2, ITIL, Barclays Bank Plc, UK
Andre Pitkowski, CGEIT, CRISC, OCTAVE, ISO27000LA, ISO31000LA, APIT Consultoria de Informatica Ltd., Brazil
Geert Poels, Ghent University, Belgium
Dirk Reimers, Hewlett-Packard, Germany
Steve Reznik, CISA, ADP, Inc., USA
Robert Riley, CISSP, University of Notre Dame, USA
Martin Rosenberg, Ph.D., Cloud Governance Ltd., UK
Claus Rosenquist, CISA, CISSP, Nets Holding, Denmark
Jeffrey Roth, CISA, CGEIT, CISSP, L-3 Communications, USA
Cheryl Santor, CISSP, CNA, CNE, Metropolitan Water District, USA
Eddy J. Schuermans, CGEIT, ESRAS bvba, Belgium
Michael Semrau, RWE Germany, Germany
Max Shanahan, CISA, CGEIT, FCPA, Max Shanahan & Associates, Australia
Alan Simmonds, TOGAF9, TCSA, PreterLex, UK
Dejan Slokar, CISA, CGEIT, CISSP, Deloitte & Touche LLP, Canada
Jennifer Smith, CISA, CIA, Salt River Pima Maricopa Indian Community, USA
Marcel Sorouni, CISA, CISM, CISSP, ITIL, CCNA, MCDBA, MCSE, Bupa Australia, Australia
Roger Southgate, CISA, CISM, UK
Mark Stacey, CISA, FCA, BG Group Plc, UK
Karen Stafford Gustin, MLIS, London Life Insurance Company, Canada
Delton Sylvester, Silver Star IT Governance Consulting, South Africa
Katalin Szenes, CISA, CISM, CGEIT, CISSP, University Obuda, Hungary
Halina Tabacek, CGEIT, Oracle Americas, USA
Nancy Thompson, CISA, CISM, CGEIT, IBM, USA
Kazuhiro Uehara, CISA, CGEIT, CIA, Hitachi Consulting Co., Ltd., Japan
Rob van der Burg, Microsoft, The Netherlands
Johan van Grieken, CISA, CGEIT, CRISC, Deloitte, Belgium
Flip van Schalkwyk, Centre for e-Innovation, Western Cape Government, South Africa
Jinu Varghese, CISA, CISSP, ITIL, OCA, Ernst & Young, Canada
Andre Viviers, MCSE, IT Project+, Media 24, South Africa
Greet Volders, CGEIT, Voquals N.V., Belgium
David Williams, CISA, Westpac, New Zealand
Tim M. Wright, CISA, CRISC, CBCI, GSEC, QSA, Kingston Smith Consulting LLP, UK
Amanda Xu, PMP, Southern California Edison, USA
Tichaona Zororo, CISA, CISM, CGEIT, Standard Bank, South Africa
ISACA 㪙ӁՐ
Kenneth L. Vander Wal, CISA, CPA, Ernst & Young LLP (retired), USA, International President
Christos K. Dimitriadis, Ph.D., CISA, CISM, CRISC, INTRALOT S.A., Greece, Vice President
Gregory T. Grocholski, CISA, The Dow Chemical Co., USA, Vice President
Tony Hayes, CGEIT, AFCHSE, CHE, FACS, FCPA, FIIA, Queensland Government, Australia, Vice President
Niraj Kapasi, CISA, Kapasi Bangad Tech Consulting Pvt. Ltd., India, Vice President
Jeff Spivey, CRISC, CPP, PSP, Security Risk Management, Inc., USA, Vice President
Jo Stewart-Rattray, CISA, CISM, CGEIT, CRISC, CSEPS, RSM Bird Cameron, Australia, Vice President
Emil D’Angelo, CISA, CISM, Bank of Tokyo-Mitsubishi UFJ Ltd. (retired), USA, Past International President
Lynn C. Lawton, CISA, CRISC, FBCS CITP, FCA, FIIA, KPMG Ltd., Russian Federation, Past International President
Allan Neville Boardman, CISA, CISM, CGEIT, CRISC, CA (SA), CISSP, Morgan Stanley, UK, Director
Marc Vael, Ph.D., CISA, CISM, CGEIT, CISSP, Valuendo, Belgium, Director
Personal Copy of: Jiang Lin