[摘要] The purpose of this assignment is to ascertain whether the COBIT framework is an adequate framework to assist in the governance of virtual private networks. The assignment focuses on whether the framework can ensure the identification of virtual private network-related risks and address IT compliance with policies and statutory regulations.A brief summary of the risks and issues pertaining to the pre-implementation, implementation and post-implementation phases of virtual private networks is included in the assignment. These risks and issues are then individually mapped onto a relevant COBIT control objective. The scope of the assignment does not include the intricacies of how these networks operate, the different types of network topologies or the different technologies used in virtual private networks.It was found that the COBIT framework can be implemented to manage and/or mitigate virtual private network risks.