Friday, May 05, 2006

ISO 17799 compared to COBIT

Your organization has gone through a Sarbanes-Oxley audit and survived. As a C-Level executive you may be thinking how to turn this yearly regulatory necessity into a positive experience. You may even be thinking how you can turn these audits to your company’s advantage. If you are thinking like this you are in good company. The majority of Fortune 500 Companies are already using regulatory compliance as a motivator to improve the business processes within their organizations. Additionally, over 64% of private companies are using SOX as a catalyst for change even though they are exempt from the regulation[1].

The opportunities for change range from merely implementing better accounting methodologies to a complete reworking of an organization’s business process. The focus of this paper is to help those organizations that are interested in getting their IT departments compliant with one of the major international standards: ITIL, ISO 17799 and COBIT.

While ITIL is the most widely used model for best IT practices[2], COBIT has proven to be the most popular framework here in the US. The similarities between the models are very high and indeed there is work between the organizations to align their standards even more closely[3]. Which standard should you choose for your business? We will try and help you decide between the standards as well as provide you with a comparison (where appropriate) of the differences. It should be noted that while COBIT and ITIL provide an infrastructure (a view from 30,000 feet as it were) ISO17799 provides actual implementation advice (the view from “where the rubber meets the road”). As such, there are many instances where the ISO17799 procedures fit nicely into the Business Controls Model of either ITIL or COBIT. When the ISO practices cannot fit well into one of the frameworks, a note is attached explaining the discrepancy.

[1] http://www.cfo.com/printable/article.cfm/4102770?f=options

[2] http://www.ogc.gov.uk/index.asp?id=1000368&syncNav=1#11

[3]http://www.isaca.org/Template.cfm?Section=Home&CONTENTID=22493&TEMPLATE=/ContentManagement/ContentDisplay.cfm









esn 44510-060505-362236-15
© 2006 All Rights Reserved.

posted by Chaz at 9:03 AM

0 Comments:

Post a Comment

<< Home