5 Mart 2016 Cumartesi





Comparison Between Cobit, ITIL and ISO27001

Association (ISACA) published “IT Control Objectives for Cloud Computing” to facilitate the understanding of cloud computing and the associated risks. ISACA is the organization behind Cobit. Control Objectives for Information and Related Technology (Cobit) is an IT governance control framework that helps organizations address the areas of regulatory compliance, risk management and aligning IT strategy with organizational goals.

1.Cobit History


*      COBIT is a globally accepted framework for IT governance based on industry standards and best practices. Once implemented, executives can ensure IT is aligned effectively with business goals and better direct the use of IT for business advantage. COBITprovides a common language for business executives to communicate goals, objectives and results with audit, IT and other professionals.
*      COBIT provides best practices and tools for monitoring and managing IT activities. The use of IT is a significant investment that needs to be managed. COBIT helps executives understand and manage IT investments throughout their life cycle and provides a method to assess whether IT services and new initiatives are meeting business requirements and are likely to deliver the benefits expected.
*      The difference between enterprises that manage IT well and those that do not, or cannot, is tremendous. COBIT enables clear policy development and good practice for IT management. The framework helps increase the value attained from IT. It also helps organisations manage IT-related risk and ensure compliance, continuity, security and privacy.
*      Because COBIT is a set of proven and internationally accepted tools and techniques, implementation of COBIT is a sign of a well-run organisation. It helps IT professionals and enterprise users demonstrate professional competence to senior management. As with many generic business processes, there are specific IT industry standards and good practices that enterprises should follow when using IT. COBIT captures these and provides a framework for implementing and managing them.

                                                                    2.Cobit and IT



ITIL is stand for Information Technology Library. ITIL issued by OGC, is a set of framework for managing IT Service Level. Although ITIL is quite similar with COBIT in many ways, but the basic difference is Cobit set the standard by seeing the process based and risk, and in the other hand ITIL set the standard from basic IT service.

3.ITIL History


ITIL developed at the end of the 1980’s – when the level of IT service provided to the British Government was deemed insufficient. The Office of Government Commerce (OGC) - which was then called The Central Computer and Telecommunications Agency (CCTA), had the task of developing an efficient IT framework with the use of IT resources within the British Governments private sector.

In 1990 government agencies and large companies in Europe quickly adopted the framework. ITIL was used in government and non-government organisations and was spreading very quickly. IT evolved and likewise ITIL did - it grew in popularity in the UK, USA and across the world.
It was in 2000 that CCTA merged into OGC. In that same year Microsoft also developed their Microsoft Operations Framework (MOF) using ITIL.

Version 2 of ITIL was released in 2001. The Service Delivery books and Service Support were rethought and redeveloped into more usable concise volumes. It became, by far, the most widely used IT service management system with the best practice approach.

Version 3 of ITIL was published in 2007. It adopted more of a lifecycle approach to service management and had greater emphasis on the IT business integration.

ITIL was updated in 2011. No entirely new concepts were added.


ITIL 2007 has five volumes, published in May 2007, and updated in July 2011 as ITIL 2011 for consistency:
*      ITIL Service Strategy: understands organizational objectives and customer needs.
*      ITIL Service Design: turns the service strategy into a plan for delivering the business objectives.
*      ITIL Service Transition: develops and improves capabilities for introducing new services into supported environments.
*      ITIL Service Operation: manages services in supported environments.
*      ITIL Continual Service Improvement: achieves services incremental and large-scale improvements.

 
4.ITIL continual process improvement




ISO 27001 is a specification for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation's information risk management processes.
According to its documentation, ISO 27001 was developed to "provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system."

ISO 27001 uses a topdown, risk-based approach and is technology-neutral. The specification defines a six-part planning process:

1. Define a security policy.
2. Define the scope of the ISMS.
3. Conduct a risk assessment.
4. Manage identified risks.
5. Select control objectives and controls to be implemented.
6. Prepare a statement of applicability.

The specification includes details for documentation, management responsibility, internal audits, continual improvement, and corrective and preventive action. The standard requires cooperation among all sections of an organisation.
The 27001 standard does not mandate specific information security controls, but it provides a checklist of controls that should be considered in the accompanying code of practice, ISO/IEC 27002:2005. This second standard describes a comprehensive set of information security control objectives and a set of generally accepted good practice security controls.

ISO 27002 contains 12 main sections:
1. Risk assessment
2. Security policy
3. Organization of information security
4. Asset management
5. Human resources security
6. Physical and environmental security
7. Communications and operations management
8. Access control
9. Information systems acquisition, development and maintenance
10. Information security incident management
11. Business continuity management
12. Compliance
                          
5. ISO 27002

Analysis in Relation between ITIL, COBIT
Firstly check out relation between ITIL and COBIT, TOGAF and ITIL then we will do a general analysis between ITIL, COBIT, CMMI and TOGAF.
IT organizations are facing the challenging, but necessary, transition to manage IT based on business priorities. They are looking to frameworks, such as ITIL and COBIT, to help them meet the challenge, but there is some confusion about how best to use them. ITIL and COBIT are complementary and can be used together to facilitate the transition to Business Service Management. ITIL provides a framework for best practice processes in ITSM that help IT manage resources from a business perspective. COBIT provides the framework for setting business goals and objectives, and measuring the progress of “ITIL-izing” the organization to meet those goals and objectives.                                                      
               
6.Cobit Itil and IT

ITIL, CMMI, TOGAF and COBIT have profound influence and reach in the IT industry globally, serving as defining frameworks for wide sections of IT practice. The frameworks are often utilized as stringent criteria for awarding contracts and assessing maturity, risk, and performance. Training ecosystems have arisen, and books, conferences, and research revolve around them. All essentially serve to define and stabilize much IT terminology and direct it towards a common description of IT practice.

7.Main Framework Interactions
ITIL, COBIT also contain an inestimable amount of valuable and hard won industry insight. Any of them could be re-engineered to be more consistent with BPM(Business Process Management) approaches, while retaining their previous value. Doing so would make them both simpler and more powerful, as well as easier to implement. This in turn could lead to improved IT performance and success for its practitioners and partners.


                             
8. Schema Of  Relationship



9.Comparison







How to Choose The Right Vendor?
*      Many vendor said that he could help your company to implement these standard effectively, in fact there is no one solution for all. Usually the COBIT vendor come from Publci Accounting Firm who has an IT Audit arm, eg PWC, DTT, KPMG, EY. This type of vendor is best choice for COBIT since they also work for COBIT implementation derivative such as COBIT for Sarbanes Oxley.
*      The other standard ITIL and ISO27001 usually come from General IT Consulting Company, eg. IBM, Accenture. And for ISO27001 most of IT networking company also could offer this standard consultation.






REFERENCES
*      A Short History of ITIL , http://itsm.fwtk.org/History.htm , 01.03.2016

*      COBIT, ITIL and ISO 27001, http://www.cluteinstitute.com/ojs/index.php/IBER/article/viewFile/7972/8026 ,01.03.2016

*      CobiT Nedir ?, http://www.cozumpark.com/blogs/cobititil/archive/2010/11/21/cobit-nedir.aspx , 01.03.2016

*      Cobit  , http://www.isaca.org/knowledge-center/cobit/pages/overview.aspx

*      A Comparison of COBIT, ITIL, ISO 27002 and NIST , http://agnosticationater.blogspot.com.tr/2013/12/a-comparison-of-cobit-itil-iso-27002.html

*      Comparison between COBIT, ITIL and ISO 27001 http://www.docfoc.om/comparison-between-cobit-itil-and-iso-27001




Gönderen zaman: Hiç yorum yok:
Kaydol: Yorumlar (Atom)