ISO 27002, COBIT And ITIL Frameworks

1284 Words3 Pages

Part B. Comparison of the ISO 27002, COBIT, NIST, and ITIL frameworks.
1. Common Usage of the Framework
ISO 27002: This framework is commonly used by organizations that are interested in deploying and managing an information security management system (ISMS) based on best practices.

COBIT: This business framework is often used as a comprehensive IT management and governance framework. It helps with security and regulatory compliance, such as Sarbanes-Oxley.

NIST: The federal information systems and organizations require FIPS Special Publication 800-53 to be in compliance with the security and privacy controls mandated by the U.S. government.

ITIL: It is a popular framework, used worldwide, to deliver Information Technology (IT) services that are based on best practices that can help organizations improve productivity and attain efficiency. …show more content…

Purpose of the Framework
ISO 27002: The purpose of ISO 27002 is to provide necessary guidance to organizations that are interested in developing an information security program. It uses best practices to improve dependability on information security when dealing with inter-organizational relationships. (COBIT Mapping of ISO, 2006, pg. 18).

COBIT: The purpose of COBIT is to develop a framework for IT governance control that is not only current but accepted globally by the IT professionals and company executives. (COBIT Mapping of NIST, 2007, pg. 7).

NIST: The purpose of NIST SP800-53 is to provide U.S. government agencies directives for identifying security controls for information systems. The rules and recommendations apply to all parts of an information system that deal with storing, managing, or communicating government data. (COBIT Mapping of NIST, 2007, pg. 18).

ITIL: The purpose of ITIL is to design a low-cost, efficient, vendor-neutral standard for IT services that is based on best practices, improves customer satisfaction, and can be deployed in stages.

3. Strengths of the

Security Controls Based On Auditing Frameworks Within The Seven Domains
1924 Words | 4 Pages
This project must meet the requirements of DoD security policies and standards for delivery of the technology services. The first requirement we are to discuss is Federal Information Security Management Act (FISMA) which is a United States legislation that defines a comprehensive framework to protect government information, operations and assets against natural or man-made threats. FISMA assigned the National Institute of Standards and Technology (NIST), the responsibility of defining standards and security procedures to be followed and must be complied. There are nine processes NIST outlines to be in compliance with FISMA:
Read More
ISO 9001 Case Study
728 Words | 2 Pages
ISO 9001 is a quality management standard that helps a company or an organisation to continually monitor quality across all operations. As an internationally recognised quality standard, it outlines ways to achieve, as well as
Read More
Physical And Environmental Security Impact On Forensics Investigations
1934 Words | 4 Pages
Physical and environmental security programs are generally considered to be a collection of mechanisms and controls put into place that help ensure the availability of information technology capabilities. These programs protect an organization from fire, flood, theft, power failure, intentional, and even unintentional damage through negligence. Implementation of these programs at the organizational level can take place in a number of ways but most organizations choose to follow the application of a body of standards, usually set forth by an organization such as the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Once such body of standards put forth by ISO/IEC is 27002, Information technology – Security techniques – Code of practice for information secur...
Read More
The Healthy Body Wellness Center
1145 Words | 3 Pages
The HBWC business objectives should be included in the Information Security Management System (ISMS) as this document will represent the organizations approach in designing, implementing, and auditing the company 's information system security objectives. In order for the ISMS to be applicable and appropriate to the organization, an examination of the business objectives of the company is required. This step is necessary to understand the needs to the organization when designing these objectives.
Read More
NIST 800-53 Security Control Framework
220 Words | 1 Pages
With the increasing use of emerging technologies and the associated information security threat threshold, Ohio University has adopted the NIST 800-53 security control framework to support their regulatory compliance efforts. NIST 800-53 is being implemented to provide a comprehensive set of security controls. This control framework is responsible for instituting minimum requirements that meet approved standards and guidelines for information security systems. It provides a baseline for managing issues relating to mobile and cloud computing, insider threats, trustworthiness and resilience of their information systems. NIST defines the standards and guidelines to be adhered to meet the cyber security control that align to FISMA expectations.
Read More
Healthy Body Wellness Center Case Study
607 Words | 2 Pages
Information Security Management System (ISMS) plan offers a systematic process for designing, implementing, maintaining, and auditing an organization’s information system security objectives using Plan-Do-Check-Act (PDCA) process. If a qualified security professional is not employed to continually monitor and review ISMS plan, its effectiveness will tend to deteriorate.
Read More
Sox Compliance: Eleven Essential Controls For The Sme
1555 Words | 4 Pages
SMEs must implement control objectives for compliance and improved security, but have limited means to do so. The ISACA study prioritizes the most important IT controls so that SMEs can get on top of their control game.
Read More
IT Governance in Airline Industry Case Study
1556 Words | 4 Pages
Recently, IT governance has been a mainly factor for fulfill business need from investing in IT area. In addition, Sarbanes-Oxley Act (SOX) mentioned IT governance issues for enhancing internal contro...
Read More
Quickbooks Accounting Software
1583 Words | 4 Pages
Information Technology (IT) is a foundation for conducting business today. It plays a critical role in increasing productivity of firms and entire nation. It is proven that firms who invested in IT have experienced continued growth in productivity and efficiency. Many companies' survival and even existence without use of IT is unimaginable. IT has become the largest component of capital investment for companies in the United States and many other countries.
Read More
Essay On Service Desk Proposal
941 Words | 2 Pages
All Modern IT departments of any size need to do more with less, even as expectations for greater IT service responsiveness to innovativeness demands rise. In addition, the IT departments face increasing challenges with dealing with increased scrutiny to comply with new requirement for the ITIL evaluation model. The following chapter will outline the aim of this project to which aimed at evaluating SAGE IRELAND Service Desk. A number of specific objectives will be examined to present the reader with an understanding of the SAGE IRELAND Service Desk software; it’s compliance to the ITIL evaluation model, how the knowledge gained is used to optimise and improve the service and what impact it has on the company and its customers. The aims and objectives of this project will be described and stated.
Read More
Google Inc.
1727 Words | 4 Pages
Lawrence, P. (2006, December). Frameworks of IT and IS. Lecture presented at the BUAD 683 : Information & Knowledge Management, Orange County Campus, CA.
Read More
Kmart Essay
1226 Words | 3 Pages
5.0 HOW IT ACT AS ENABLER- IT BECOME AN ENABLER FOR THE COMPANY STRATEGY Information technology (IT) is the use of any computers, storage, networking and other physical devices, infrastructure and processes to create, process, store, secure and exchange all forms of electronic data. IT includes several layers of physical equipment (hardware), virtualization and management or automation tools, operating systems and applications (software) used to perform essential functions. IT becomes enabler technology is an equipment or methodology that, alone in combination with associated technologies, provides the means to generate giant leaps in performance and capabilities of the user. Walmart have several information systems that used to run the
Read More
Hefty Case Study Summary
112 Words | 1 Pages
Answer: The overall partnership between IT and the business at Hefty was strong and dependent on each other. Hefty had to take help from IT in order to be in the competitive market. They had to use different mode of IT to promote and grow their business. For example, Hefty wanted to use mobile apps for promotion of their products. IT had previously helped Hefty to do book keeping very efficiently and quickly. IT made it possible for then to keep records of data and also to save the data from viruses. It tried to understand the strategy of the business in order to perform better and help the business in
Read More
Information Security
2693 Words | 6 Pages
The first thing that we must consider about Information Security is that there is not a final destination at which we can arrive. IT Security is an ongoing set of processes and activities that requires attention and expertise on a daily basis. It is important to understand that systems are not secured by themselves and it is our responsibility to maintain and improve them periodically as required. It is of vital importance to establish the appropriate mechanisms and requirements in order to support the company’s CIA triad. The following report will provide you guidance about auditing and hardening techniques applied though the 7 Domains by utilizing IT Security Best Practices.
Read More
Environmental Management Systems
4693 Words | 10 Pages
. ISO 14001 is a management standard, it is not a performance or product standard. The underlying purpose of ISO 14001 is that companies will improve their environmental performance by implementing ISO 14001, but there are no standards for performance or the level of improvement. It is a process for managing company activities that impact the environment.
Read More

Open Document

Wait a second!

ISO 27002, COBIT And ITIL Frameworks

Security Controls Based On Auditing Frameworks Within The Seven Domains

ISO 9001 Case Study

Physical And Environmental Security Impact On Forensics Investigations

The Healthy Body Wellness Center

NIST 800-53 Security Control Framework

Healthy Body Wellness Center Case Study

Sox Compliance: Eleven Essential Controls For The Sme

IT Governance in Airline Industry Case Study

Quickbooks Accounting Software

Essay On Service Desk Proposal

Google Inc.

Kmart Essay

Hefty Case Study Summary

Information Security

Environmental Management Systems

More about ISO 27002, COBIT And ITIL Frameworks