SharePoint Development and Governance Using COBIT 4.1: A Practical Approach (book excerpt)


Applies to: SharePoint Server 2010

The following is an excerpt from the book "SharePoint® Deployment and Governance Using COBIT® 4.1: A Practical Approach," which can be purchased at book store.


With more than 86,000 constituents in more than 160 countries, ISACA ( is a leading global provider of knowledge, certifications, community, advocacy and education on information systems (IS) assurance and security, enterprise governance of IT, and IT-related risk and compliance. Founded in 1969, ISACA sponsors international conferences, publishes the ISACA® Journal, and develops international IS auditing and control standards. It also administers the globally respected Certified Information Systems Auditor™ (CISA®), Certified Information Security Manager® (CISM®), Certified in the Governance of Enterprise IT® (CGEIT® ) and Certified in Risk and Information Systems ControlTM (CRISCTM) designations.

ISACA offers the Business Model for Information Security (BMIS) and the IT Assurance Framework (ITAF). It also developed and maintains the CobiT®, Val IT™ and Risk IT frameworks, which help IT professionals and enterprise leaders fulfill their IT governance responsibilities and deliver value to the business.


The opinions and views expressed in SharePoint® Deployment and Governance Using CobiT®: A Practical Approach are solely those of the authors of this publication as a practical application and implementation of CobiT 4.1 principles and best practices. The opinions and views of the authors do not necessarily reflect those of ISACA. ISACA does not guarantee or warrant the accuracy, adequacy, completeness or suitability of the content of this publication. ISACA accepts no responsibility or liability for damages incurred as a result of the content contained herein.

Reservation of Rights

© 2010 ISACA. All rights reserved. No part of this publication may be used, copied, reproduced, modified, distributed, displayed, stored in a retrieval system or transmitted in any form by any means (electronic, mechanical, photocopying, recording or otherwise) without the prior written authorization of ISACA. Reproduction and use of all or portions of this publication are solely permitted for academic, internal and noncommercial use and for consulting/advisory engagements, and must include full attribution of the material’s source. No other right or permission is granted with respect to this work. This text uses the following ISACA publications with permission:

  • ISACA, CobiT® 4.1, USA, ©1996, 1998, 2000, 2005, 2007. All rights reserved.

  • ISACA, CobiT® Security BaselineTM, 2nd Edition, USA, 2007. All rights reserved.

  • ISACA, CobiT® Control Practices: Guidance to Achieve Control Objectives for Successful IT Governance, 2nd Edition, USA, 2007. All rights reserved.

  • ISACA, CobiT® QuickstartTM, 2nd Edition, USA, 2007. All rights reserved.

Cover photograph used by permission of Dylan Chennault and Nicole Chennault


3701 Algonquin Road, Suite 1010

Rolling Meadows, IL 60008 USA

Phone: +1.847.253.1545

Fax: +1.847.253.1443


Web site:

ISBN 978-1-60420-117-8

SharePoint® Deployment and Governance Using CobiT® 4.1: A Practical Approach

Printed in the United States of America

ISACA®, IT Governance Institute® and CobiT® are registered trademarks of ISACA, and CobiT Online™ and CobiT Quickstart™ are ISACA trademarks. CGEIT® is a trademark/service mark of ISACA. The mark has been applied for or registered in countries throughout the world.


Dave Chennault, CISA, MCP—Dave is a Microsoft Certified Professional Business Process Automation Specialist with 25 years of experience as a software developer and architect. He is also an MCTS in Microsoft Office SharePoint Server 2007, configuration and Windows SharePoint Services 3.0, configuration. He recently led a multimillion-dollar SharePoint consulting practice for one of the top 25 Microsoft National System Integrators before founding a new corporation ( focused on building software applications for SharePoint 2010 in the cloud. Dave was a senior manager at Deloitte Consulting and a manager at Coopers & Lybrand and Grant Thornton—specializing in building and leading software development engagements for large, multinational corporations in the US and Europe. He has led large software development initiatives for federal, state and local governments in the US and worked on the Space Station project for McDonnell Douglas as a senior software developer. Dave received his MBA from the Marshall School of Business at the University of Southern California and has a double undergraduate degree in economics/mathematics and communication studies from the University of California at Santa Barbara. Dave can be reached at

Chuck Strain, CISA, MCSE, MCTS—Chuck is a Microsoft Certified Technology Specialist in SharePoint administration. He has specialized in IT management and governance consulting for over 25 years, working with many Fortune 500 customers in the continental US, as well as in Hawaii and Mexico. He has been involved in numerous SharePoint development projects domestically and internationally. He holds a Bachelor of Science degree in information technology from Western Governors University. Chuck can be reached at