|
Written by Louis J. Taborda
|
|
Sunday, 15 November 2009 04:34 |
 The Information Systems Audit and Control Foundation (ISACF) created the first edition of the Control Objectives for Information and related Technologies (COBIT) in 1996. The COBIT framework has been evolving since and is now an important, internationally accepted perspective on IT Governance – but it is not the only IT standards and best practice frameworks out there.
Therefore, the recently published COBIT Mapping document provides a valuable comparative study of the coverage of the different IT guidance frameworks identified in the table below. An enhanced, tabular representation of the comparison is provided here and is a more readable summary than in the original report (with colour coding) and gives an overview of the processes and controls that the different frameworks address.
The frameworks compared and the acronyms used are listed below:
|
COSO
|
Internal Control – Integrated Framework defines a framework that initiates an integrated
process of internal control
|
|
ITIL
|
The IT Infrastructure Library is a collection of best practices in IT service management
|
ISO/IEC 17799: 2005
|
The Code of Practice from Information Security Management is an international standard
that presents best practices for implementing information security management
|
FIPS PUB 200
| The Minimum Security Requirements for Federal Information and Information Systems, is
applicable to federal government organizations in the US and defines categories from
systems and guidelines for information security controls
|
|
ISO/ IEC TR 13335
|
The technical report Guidelines for the Management of IT Security contains information on
IT security management not only from the planning perspective, but also from the
implementation and maintenance perspectives
|
| ISO/ IEC 15408:2005 |
Security Techniques – Evaluation Criteria for IT Security is used as a reference to evaluate
and certify the security of IT products and services
|
|
PRINCE2 |
Projects in Controlled Environments (PRINCE) provides a structured method for effective
project management
|
|
PMBOK |
A Guide to the Project Management Body of Knowledge, is described as “the sum of
knowledge within the profession of project management”
|
|
TickIT |
It provides a scheme for the certification of a software quality management system and
targets customers, suppliers and assurance professionals
|
|
CMMI |
Capability Maturity Model Integration provides a single improvement framework for use
by organizations pursuing enterprise wide process improvement
|
|
TOGAF 8.1
|
The Open Group Architectural Framework, provides a detailed method and set of supporting
tools for developing an enterprise architecture
|
| IT BPM |
IT Baseline Protection Manual provides IT security standard safeguards
|
|
NIST 800-14 |
The US National Institute of Standards and Technology special publication Generally Accepted Principles and Practices for Securing Information Technology Systems contains information for establishing a comprehensive IT security programme
|
Click on the image below for the PDF of the enhanced framework comparison table:
|
Louis J. Taborda |
| About the author: |
| Louis has over twenty two years industry experience that started in complex systems development and morphed into architecting business systems and implementing management best practices. He was awarded a PhD in 2007 for his research into the management of change and architectural complexity in the enterprise. He has consulted internationally for clients in the USA, Europe and Asia, helping organizations streamline their management processes and implement tools that improve team productivity and communications. He is currently the Editor of the Alinement Magazine and continues to evangelize a holistic, end-to-end approach to implementing business strategy. | | Read More >> |
 |
|
Last Updated on Saturday, 20 February 2010 08:03 |
Subscribe to this comment's feed
Show/hide comment form