Comparison Of ISO 27002, NIST And COBIT Case Study

Good Essays
B. Comparison of ISO 27002, COBIT, NIST, and ITIL. B1. Discuss how each framework is most commonly used.
• ISO 27002 is a framework published by the International Organization for Standardization and the International Electrotechnical Commissions. It is used to provide best practice recommendations for use by those responsible for initiating, implementing, and maintaining information security.
• COBIT is a framework that supports control of IT by defining and aligning business goals with IT goals and processes. It is used to provide a group of recommended best practices for control process by providing metrics and maturity models to measure achievement and identifies the accountabilities of business and IT process owners.
• NIST framework
…show more content…
It is used to help an organization to develop a set of baselines to show compliance and measure improvement.
B2. Analyze the purpose of each framework design.
• ISO 27002’s purpose is to provide an all-inclusive information security management program for any organization requiring a new information security management program, or wants to improve its existing policies.
• COBIT’s purpose is to provide management and business process owners with an information technology governance model that helps in delivering value from IT and understanding and managing the risks associated with IT. (ISACA, 2014)
• NIST framework’s purpose is to provide a common language for understanding, managing, and expressing cybersecurity risk both internally and externally. (NIST, 2014)
• ITIL framework’s purpose is to provide a set of best practices for IT management. It provides a service management program that an organization can adopt to manage all IT services. (ISACA, 2008)
B3. Evaluate the strengths of each
…show more content…
• ITIL provides a guide to improve management process to make a more efficient and effective organization. This hopes to improve effectiveness and affects the financial bottom line by providing an organization with a complete vision. B4. Evaluate the weaknesses of each framework.
• ISO 27002 was established to explicitly cover IT security issues and not the full range of IT functions.
• COBIT is designed to be an overall IT governance program and doesn’t provide a detailed security methodology. It is designed to adopt best practices and does not consider specifics with respect to information security.
• NIST publications are very narrow in scope and an organization must combine multiple publications to cover all bases.
• ITIL is a guide for improving management process, and not to provide specifics for information security. The improvement process is based on the ISO standards and refers users to ISO for issues pertaining to ISMS. (ISACA, 2008)
B5. Discuss the certification and accreditation process for the
Get Access