preview

ISO 27002, COBIT And ITIL Frameworks

Good Essays
Part B. Comparison of the ISO 27002, COBIT, NIST, and ITIL frameworks.
1. Common Usage of the Framework
ISO 27002: This framework is commonly used by organizations that are interested in deploying and managing an information security management system (ISMS) based on best practices.

COBIT: This business framework is often used as a comprehensive IT management and governance framework. It helps with security and regulatory compliance, such as Sarbanes-Oxley.

NIST: The federal information systems and organizations require FIPS Special Publication 800-53 to be in compliance with the security and privacy controls mandated by the U.S. government.

ITIL: It is a popular framework, used worldwide, to deliver Information Technology (IT) services that are based on best practices that can help organizations improve productivity and attain efficiency.
…show more content…
Purpose of the Framework
ISO 27002: The purpose of ISO 27002 is to provide necessary guidance to organizations that are interested in developing an information security program. It uses best practices to improve dependability on information security when dealing with inter-organizational relationships. (COBIT Mapping of ISO, 2006, pg. 18).

COBIT: The purpose of COBIT is to develop a framework for IT governance control that is not only current but accepted globally by the IT professionals and company executives. (COBIT Mapping of NIST, 2007, pg. 7).

NIST: The purpose of NIST SP800-53 is to provide U.S. government agencies directives for identifying security controls for information systems. The rules and recommendations apply to all parts of an information system that deal with storing, managing, or communicating government data. (COBIT Mapping of NIST, 2007, pg. 18).

ITIL: The purpose of ITIL is to design a low-cost, efficient, vendor-neutral standard for IT services that is based on best practices, improves customer satisfaction, and can be deployed in stages.

3. Strengths of the
Get Access