LINKING
COBIT®, ITIL® & ISO27001/2
Presented by:Marianne Coop
“ITIL® is a Registered Trade Mark of the Office of Government Commerce in the United Kingdom and other countries”
Assumptions / Misconceptions:
Linking COBIT, ITIL & ISO27001/2
COBIT is only for IT Auditors
ITIL is only for “Techies”
ISO27001/2 is only for IT Security boffs
These are mutually exclusive
Only one of can be primary “governance” for
an organisation
Aim of this session
Linking COBIT, ITIL & ISO27001/2
Why These Three?
Linking COBIT, ITIL & ISO27001/2
What• COBIT
How• ITIL
Guidance• ISO 27002
• ISO 27001
• ISO 27001
Common Ground:
Linking COBIT, ITIL & ISO27001/2
ISO27001/2
ITIL
COBIT
Business Strategy
Success£
IT Management
EffectiveEfficient
Brief bit about COBIT 4.1:
Linking COBIT, ITIL & ISO27001/2
Common IT control framework.
Generic set of IT processes.
Globally accepted.
Monitoring & managing IT activities.
Maturity Model.
COBIT Lifecycle:
Linking COBIT, ITIL & ISO27001/2
COBIT Framework (Simpler picture):
Linking COBIT, ITIL & ISO27001/2
Develop & Support
Monitor & Evaluate
Information Criteria
Plan & Organise
Acquire & Implement
Governance ObjectivesBusiness Objectives
IT Resources
Brief bit about ITIL V3 :
Linking COBIT, ITIL & ISO27001/2
For IT Service Managers.
Not dictate business processes.
Strives for continuous improvement.
Guidance to demonstrate compliance to:ISO/IEC 20000:2005 standardCOBIT Control Objectives
ITIL Framework :
Linking COBIT, ITIL & ISO27001/2
Brief bit about ISO27001/2:
Linking COBIT, ITIL & ISO27001/2
ISO 27001 defines requirements for an ISMS (Information Security Management System).
ISO 27002 provides guidance for an ISMS.
Certified as compliant to ISO 27001.
It is a best practice that can be adopted
without being certified.
ISO27001/2 ISMS Processes:
Linking COBIT, ITIL & ISO27001/2
Monitor & review ISMS
Implement & operate
ISMS
Establish ISMS
Maintain & improve
ISMS
Plan
Check
IT Service Management Pyramid:
Mapping COBIT, ITIL & ISO27001/2
How they link together:
Mapping COBIT, ITIL & ISO27001/2
Develop & Support
Monitor & Evaluate
Plan & Organise
Acquire & Implement
Service Operation
Service Design
Service Strategy
Service Transition
Continual Improvement
Monitor & review ISMS
Implement & operate ISMS
Establish ISMS
Maintain & improve ISMS
IT Resources
Business Objectives
ITGI’s Products Support Adoption of ISO/IEC 38500:
Mapping COBIT, ITIL & ISO27001/2
How they link together:
Mapping COBIT, ITIL & ISO27001/2
Links to further reading:
Mapping COBIT, ITIL & ISO27001/2
ISACA’s COBIT Pages:COBIT Home page
www.isaca.org/Knowledge-Center/COBIT/Pages/Overview.aspx
COBIT Download Pagewww.isaca.org/Knowledge-Center/cobit/Pages/Downloads.aspx
Enabling Adoption of ISO 3850 www.isaca.org/Knowledge-Center/Research/ResearchDeliverables/Pages/ITGI-Enables-ISO-IEC-38500-2008-Adoption-.aspx
COBIT Downloads:A good overview: Excerpt and Executive SummaryAll of COBIT 4.1: COBIT 4.1 pdf
http://www.isaca.org/Knowledge-Center/cobit/Documents/CobiT_4.1.pdf
COBIT Mapping:www.isaca.org/Knowledge-Center/Research/ResearchDeliverables/Pages/Aligning-COBIT-4-1-ITIL-V3-and-ISO-IEC-27002-for-BusinessBenefit.aspx
Links to further reading:
Mapping COBIT, ITIL & ISO27001/2
ITIL:Official ITIL® Website
http://www.itil-officialsite.com/home/home.asp
Overview: An Introductory Overview of ITIL V3.pdfhttp://www.best-management-practice.com/gempdf/itSMF_An_Introductory_Overview_of_ITIL_V3.pdf
Service Management - ITIL® Version 3 Publicationshttp://www.best-management-practice.com/Publications-Library/IT-Service-Management-ITIL/?DI=603118#GEMS6415420
ISO:ISO Online
http://www.27001-online.com/index.htm
Official Site: BSIhttp://www.bsigroup.co.uk/
Thank you
And Enjoy
Mapping COBIT, ITIL & ISO27001/2