security-basics: Re: CobiT / ISO 20000 / ITIL / ISO 27001
Re: CobiT / ISO 20000 / ITIL / ISO 27001
Date: Mon Feb 25 2008 - 13:43:09 GMT To: firstname.lastname@example.org
('binary' encoding is not supported, stored as-is)
The answer to your question depends on your objectives for obtaining certification, since each of the indicated standards are designed to accomplish different ends. These also may be fairly complimentary, because they address different governance, risk management and compliance needs for the business. To oversimplify a bit- CobiT looks at IT governance capabilities across a number of areas, ISO 20000 addresses IT service level management, and ISO 27001 (and associated standard) specifically addresses information security management. I'd also suggest that "most easily implemented" might not be the best evaluation criterion for any of the indicated standards...