Re: CobiT / ISO 20000 / ITIL / ISO 27001

From: <patrick.sullivan_at_nospam>
Date: Mon Feb 25 2008 - 13:43:09 GMT
To: security-basics@securityfocus.com

('binary' encoding is not supported, stored as-is)
The answer to your question depends on your objectives for obtaining certification, since each of the indicated standards are designed to accomplish different ends. These also may be fairly complimentary, because they address different governance, risk management and compliance needs for the business. To oversimplify a bit- CobiT looks at IT governance capabilities across a number of areas, ISO 20000 addresses IT service level management, and ISO 27001 (and associated standard) specifically addresses information security management. I'd also suggest that "most easily implemented" might not be the best evaluation criterion for any of the indicated standards...

This message: [ Message body ]
Next message: Michael Condon: "Metadata Analyzer"
Previous message: Aaron Howell: "Re: Mail relay question"
Maybe in reply to: Harshal Mehta: "CobiT / ISO 20000 / ITIL / ISO 27001"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]