There are currently, 34 guest(s) and 1 member(s) that are online.
You are Anonymous user. You can register for free by clicking here
.:COBIT Trademark
COBIT is a trademark of the Information Systems Audit and Control Association and the IT Governance Institute.
ISACA/ITGI does not endorse, approve or sponsor any activities identified on this web site, nor is ISACA/ITGI affiliated in any manner with this web site, the activites hereunder, or the ControlIT User Group.
I've not seen anything formal, but I think we need to be clear that 'ISO 17799' actually comes in two parts: ISO17799 and BS7799-2. ISO17799 was originally BS7799-1.
The first part is a code of practice, the second a management system (ISMS).
It is difficult to compare this with CobiT at a detailed level, but I have heard the question asked many times, so there may well be something out there. It would be nice if it was posted here.
I know that 7799 does have a formal certification scheme, similar to ISO 9000, and according to a thread on here CobiT doesn't, so there's one conceptual different.
Posted: Thu Mar 03, 2005 1:24 am Post subject: Re: CobiT v ISO 17799
JLM wrote:
Has anyone done any formal comparisons between CobiT and ISO 17799? I'd be interested in anything you could post. Thanks.
This may be more than you asked for, but it should answer your question. This is from my Preliminary Doctoral Dissertation Proposal.
----
COBIT
One approach to IT governance is the Control Objectives for Information and Related Technology (COBIT) project sponsored by the Governance Institute and the Control Objectives Information Systems Audit and Control Association (ISACA). The COBIT project is supervised by an international committee, from multiple industries, responsible for the research and development of the COBIT framework and multiple working groups (COBIT, 2000c).
COBIT was developed to bridge the gap between business control models and the more focused control models that exist for IT (Curtis & Wu, 2000). COBIT (2000c) described the framework’s principals. The underpinning concept of COBIT is that control in IT is achieved by looking at information needed to support an organization’s requirements. Control is also achieved by perceiving information as the combined application of IT resources managed by IT processes.
A broad classification of business objectives includes value requirements, such as quality, cost, and delivery, fiduciary requirements, such as effectiveness and efficiency of operations, reliability of information, compliance with laws and regulations, and security requirements, such as confidentiality, integrity, and availability. These were further broken down into overlapping categories including effectiveness, efficiency, confidentiality, integrity, availability, compliance, and reliability of information.
The resources identified in COBIT include components such as data, application systems, technology, facilities, and people. Data refers to internal and external objects, structured and non-structured, graphics, and sounds. Application systems are all manual and programmed procedures. Technology describes items such as, hardware, operating systems, database management systems, networking infrastructure, and multimedia. Facilities include all the resources to house and support information systems. People include staff skills, awareness, and productivity to plan, organize, acquire, deliver, support, and monitor information systems and services.
--snip--
Carlson, (2004) described ISO 17799 as an internationally recognized information security management standard published by the ISO in 2000. This standard is devoted to information security management and does not cover other internal IT controls. The model defines information security as the preservation of confidentiality, integrity, and availability. Confidentiality implies that information is accessible only to individuals who are authorized to have access. Integrity implies that the accuracy and completeness of data and processing methods is safeguarded. Availability implies that data are available when needed. The model describes eight implementation processes. These include, upper management support, definition of security perimeter, policy creation, management
----snip----
Carlson, C. (2004). Congress ponders cyberbills. eWeek, 21(39), 24.
COBIT. (2000, July-c). COBIT 3rd edition Implementation Tool Set (White Paper). Rolling Meadows, IL: Information Systems Audit and Control Foundation.
Curtis, M. B., & Wu, F. H. (2000). The components of a comprehensive framework of internal control. The CPA Journal, 70(3), 64-66.
I see that you are expert in analyising details of the COBIT framework.
Working in implementing SOXA and then related internal controls in house, I have only been aware of this COBIT recently.
Any possibilities that you would e-mail me any Pdf files that you have gathered related to this subject?
I went ot ISACA. org to get some download, but nothing is free!
Posted: Tue Jul 12, 2005 3:43 am Post subject: Re: CobiT v ISO 17799
JLM wrote:
Has anyone done any formal comparisons between CobiT and ISO 17799? I'd be interested in anything you could post. Thanks.
Type "mapping" into the search-box at [isaca.org] and you will find
COBIT Mapping to ISO/IEC 17799 :2000 With COBIT (96%)
ISO/IEC 17799:2000-The Code of Practice for Information Security Management is an international standard, based on BS 7799-1. It is presented as best practice for implementing information security management....
Posted: Sat Aug 13, 2005 8:13 am Post subject: Re: CobiT v ISO 17799
There is a control-level comparison of COBIT/ISO 17799 and other frameworks at itcinstitute.com/UCP. Click into any subsection, then hit the link for an HTML "Impact Matrix." It'll pull up a grid.
This might be particularly helpful if you're looking for a comparison of which section of each standard recommends a particular IT process.
Unfortunately, you can't pull a comparison across all "zones" and you can't reduce any of the grids to just compare the two frameworks. But with a little effort you can probably extrapolate some of the information you're looking for.
Posted: Mon Sep 26, 2005 6:56 pm Post subject: cobit VS BS 7799
Comparison is given as under:
BS7799 Vs COBIT Standards
1.BS7799 has Focus on security management system only whereas COBIT Generic in nature- Accepted framework for IT governance and control.
2.BS7799 Covers 10 domains covering different aspects of Security.
is Structured into 10 controls/ 36 control objectives/127 controls whereas COBIT Covers four domains namely : 1.Planning and Organization 2. Acquisition and Implementation, 3.Delivery and Support, and 4. Monitoring
Has 34 high level obj/318 controls.
3 COBIT is Created by ISACA USA whereas BS7799 Created by ITSMF UK
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
Forum FAQ
Search
Usergroups
Profile
Log in to check your private messages
Log in
