ITIL, Cobit and ISO27001
Governance
framework is for help businesses and organizations implement best practice in
their particular fields. IT governance framework
should answer some key questions, such as how the IT department is functioning
overall, what key metrics management needs and what return IT is giving back to
the business from the investment it’s making.There are three big governance
frameworks for those operating in the Information Technology space are ITIL (Information
Technology Infrastructure Library), ISO
27001 (International Standards Organisation) and COBIT (Control
Objectives for Information and Related Technology).
ITIL
ITIL is stand for Information Technology Library. ITIL is
a set of framework for managing IT Service Level and is focused on how IT
Services should be used to underpin business goals and objectives. . Originally developed by the UK government in
the 1980s to standardise their growing IT use, it is now used by institutions
and businesses of all shapes and sizes. Although ITIL is quite similar
with COBIT in many ways, but the basic difference is Cobit set the standard by
seeing the process based and risk, and in the other hand ITIL set the standard
from basic IT service.
COBIT
Cobit is stand for Control Objective over Information and
Related Technology. COBIT is a governance framework aimed at regulatory
compliance and risk management.The Cobit main function is to help the company,
mapping their IT process to ISACA(Information System Control Standard) best practices standard. Cobit usually
choosen by the company who performing information system audit, whether
related to financial audit or general IT audit.
ISO 27001
ISO 27001 is a "Management System” focused on information security standards.It
describes a number of best practice guidelines for ensuring electronic data is
maintained in a safe and secure manner.
ISO27001 is much more
different between COBIT and ITIL, because ISO27001 is a security standard, so
it has smaller but deeper domain compare to COBIT and ITIL.
AREA
|
COBIT
|
ITIL
|
ISO27001
|
Function
|
Mapping IT Process
|
Mapping IT Service Level Management
|
Information Security Framework
|
Area
|
4 Process and
34 Domain
|
9 Process
|
10 Domain
|
Issuer
|
ISACA
|
OGC
|
ISO Board
|
Implementation
|
Information System Audit
|
Manage Service Level
|
Compliance to security standard
|
Consultant
|
Accounting Firm
|
IT Consulting Firm
IT Consulting firm
|
IT Consulting firm, Security Firm, Network Consultant
|
Implement priority
Implement priority depends on your company and your
requirement. Most of company start to implemented Cobit first because its cover
general information system. And after that they usually choose between ITIL or
ISO27001.
Another consideration is about budget and authoritive.
Cobit implementation usually run from internal audit budget and ITIL or
ISO27001 usually performed using IT departement budget. This consideration
usually makes what kind of standard to implemented first become depend on management policy.
Hiç yorum yok:
Yorum Gönder