This publication is being updated with references to COBIT 4.0, which was published in December 2005. It provides a good overview of Control Objectives for Information and related Technology (COBIT®) and ISO/IEC 17799:2000 and is a profound source of information for all stakeholders responsible for, and interested in, IT governance, information security management and their respective controls.
As COBIT is an internationally recognized framework for control of IT governance and ISO 17799 is equally recognized and established in the field of information security management, these two guidance publications are complementary. COBIT, by its nature, is broader, and ISO/IEC 17799 tends to be deeper in the area of security.
For this detailed mapping, ISO/IEC 17799 has been split into small pieces of information (information requirements). Almost 1,000 information requirements have been mapped to the hundreds of detailed COBIT control objectives. The detailed mapping document describes how the two standards are interrelated and how all detailed requirements of ISO/IEC 17799:2000 can be integrated with COBIT.
This publication will be available as a complimentary download from www.itgi.org and www.isaca.org/downloads in late May.
A mapping of ISO 17799:2005 with COBIT 4.0 is in development and will be available in late 2006
ITGI, ISACA and the contributors to IT Control Objectives for Sarbanes-Oxley, 2nd Edition, have designed this publication primarily as a reference for executive management and IT control professionals, including IT management and assurance professionals, when evaluating an organization’s IT controls required by the US Sarbanes-Oxley Act of 2002.
An exposure draft of the second edition is available for review and comment at www.isaca.org.
CIOs, CFOs, information security managers, auditors, and those involved in corporate and IT governance need a framework to compare international standards and guidance for managing the IT function. This second edition offers a global overview of the following important international standards and guidance for IT control and IT security in relationship to COBIT 4.0: COSO, ITIL®, ISO/IEC 17799:2005, FIPS PUB 200, ISO/IEC TR 13335, ISO/IEC 15408:2005, PRINCE2®, PMBOK©, TickIT, CMMI, TOGAF 8.1, IT Baseline Protection Manual and NIST 800-14. It can serve as a road map to implementing guidance supporting IT governance. For each of the international standards/guidance examined, the document provides a classification, a short overview of the contents, the business driver for implementing the guidance and the risks of noncompliance. This publication is posted for complimentary download at www.itgi.org and www.isaca.org/downloads.
With increased networking and a growing realization of the value of information assets, information security is recognized as one of the most important issues to address for all IT users. This updated publication helps explain information security in business terms and includes ideas and techniques to help boards and executive management uncover security-related problems. It is available in print and as a complimentary download.
The print edition may be purchased from the ISACA Bookstore, www.isaca.org/bookstore. The complimentary download is available at www.itgi.org and www.isaca.org/downloads.
ITGI has released the first deliverables in the Val IT series, a set of publications designed to shed light on realizing value from IT-enabled investments. The first release of Val IT includes:
· Enterprise Value: Governance of IT Investments, The Val IT Framework
· Enterprise Value: Governance of IT Investments, The Business Case
· Enterprise Value: Governance of IT Investments, The ING Case Study
COBIT provides a comprehensive framework for the management and delivery of high-quality IT-based services. It sets best practices for the means of contributing to the process of value creation. Val IT now adds best practices for the end, thereby providing the means to unambiguously measure, monitor and optimize the returns, both financial and nonfinancial, from investment in IT.
Val IT is available as a complimentary download from www.itgi.org and www.isaca.org/downloads and for purchase in hard copy from the ISACA Bookstore, www.isaca.org/bookstore.