How does a security audit of software support the implementation of the COBIT framework?
COBIT (Control Objectives for Information and related Technology) is a widely recognized framework for information, systems, and technology controls, compliance, and auditing. Promulgated by the Information Systems Audit and Control Association, ISACA refers to COBIT as an “Open Standard.” The COBIT framework control objectives for acquiring and implementing software systems require that each organization ensures and builds Internet-facing infrastructure to a high standard of security because it becomes part of the global information infrastructure. Conducting security audits using consistent, reliable, and affordable security auditing software that measures and helps manage security vulnerabilities in the source code has become a “best-practice” in acquiring and implementing systems and programs. COBIT also requires organizations to audit online IT systems for security, including measuring security vulnerabilities as well as any exploits in those systems. Given that the typical organi