The standards discussed here are:
• COBIT (Control Objective over Information and related Technology)
• ITIL (Information Technology Infrastructure Library)
• ISO 27001
Objective
- COBIT (published by ITGI) is a high-level framework (relative to ITIL, ISO 27001) that maps core IT processes in a manner that allows governance bodies - usually business executives - to successfully execute key policies and procedures. Similar to ISO 27002, it answers the ‘what’ that is being managed, as opposed to the ‘how’ answered by ITIL. However, whereas ITIL and ISO 27001 are focused only on information security, COBIT allows for a much broader scope, taking into account all of IT management processes.
- ITIL is a set of best practices an organization may implement in order to align IT resources and offerings to business goals. It is offered in a series of five core publications each corresponding to a stage in the lifecycle of IT. This process produces documentation of processes, tasks and checklists not specific to the organization with a goal of being able to create a baseline from which to implement controls and measure success.
- ISO 27001 (formally known as ISO/IEC 27001:2005) is a specification for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation's information risk management processes.
Common Uses
- COBIT is usually employed by business executives to successfully execute key policies and procedures. dditionally, it is often used to tie together controls, technical issues and risks within an organization.
- ITIL was originally designed for use within the U.K. government and is most applicable within that realm. However, it is now an globally accepted standard and is in-use by many companies outside the geographical area of origin.
- ISO 27001 is commonly used by or in accord with an IT department specific to the organization. The IT department is the focus of the resulting management system controls.
COBIT
Control Objectives for Information and Related Technology (COBIT) is a framework created by ISACA for information technology (IT) management and IT governance. It is a supporting toolset that allows[citation needed] managers to bridge the gap between control requirements, technical issues and business risks. Cobit usually choosen by the company who performing information system audit, whether related to financial audit or general IT audit.COBIT contains 34 IT processes, each with high-level control objectives (COs - Control Objective) and a set of detailed control objectives (DCOs - Detailed Control Objective). In total, there is a sum of 318 DCOs defined for these processes. COBIT is a good candidate when an organization wishes to create an organization-wide framework for management that is scoped outside of information security only. While not providing direct accreditation, certification can be achieved through closely aligned paths.
ITIL
ITIL(Information Technology Infrastructure Library) framework is designed to standardize the selection, planning, delivery and support of IT services to a business. IT service management is concerned with planning, sourcing, designing, implementing, operating, supporting and improving IT services that are appropriate to business needs. ITIL provides a comprehensive, consistent and coherent best practice framework for IT service management and related processes, promoting a high-quality approach for achieving business effectiveness and efficiency in IT service management. ITIL could be seen as the way to manage the IT services across their lifecycle, while COBIT is about how to Govern the Enterpise IT in order to generate the maximum creation of value by the business, enabled by IT investments, while optimizing the risks and the resources. COBIT 5 describes the principles and enablers that support an enterprise in meeting stakeholder needs, specifically those related to the use of IT assets and resources across the whole enterprise. ITIL describes in more detail those parts of enterprise IT that are the service management enablers (organizational structures, etc.)
ISO 27001
ISO 27000 series is a family of IS management standards. It is the set of standards in this family that focuses on Information Systems Management (ISM). ISO 27001 defines methods and practices of implementing information security in organizations with detailed steps on how these implemented. The standard is especially suitable where the protection of information is critical, such as in the banking, financial, health, public and IT sectors. The standard is also very applicable for organisations which manage high volumes of data, or information on behalf of other organisations such as datacentres and IT out sourcing companies.
|
|
COBIT
|
ITIL
|
ISO27001
|
|
Function
|
Mapping IT Process
|
Mapping IT Service Level Management
|
Information Security Framework
|
|
Area
|
4 Process and 34 Domain
|
9 Process
|
10 Domain
|
|
Issuer
|
ISACA
|
OGC
|
ISO Board
|
|
Implementation
|
Information System Audit
|
Manage Service Level
|
Compliance to security Standard
|
|
Consultant
|
Accounting Firm, IT Consulting Firm
|
IT Consulting firm
|
IT Consulting firm, Security firm,
Network Consultant
|
Hiç yorum yok:
Yorum Gönder