Consequently,
COBIT4 (ITGI 2007), a normative framework for control and governance of information technology,
stresses that it is a component of management's governance responsibilities to design and implement a costeffective
information security program.