Mapping COBIT to Other Guidance
Most organizations employ multiple frameworks and standards for implementing and controlling technology. Here are some publications that map COBIT to other sources of guidance.
COBIT Mapping Overview of International IT Guidance 3rd Edition
This document can be used to align guidance supporting IT governance, especially regarding IT control and IT security guidance in relationship to COBIT. It lists over a dozen international standards/guidance, and for each one provides a classification, a short overview of the contents and the business driver for implementing the guidance, and the risks of noncompliance. Included are:
- COBIT
- COSO
- ITIL
- ISO/IEC 17799:2005
- FIPS Pub 200
- ISO/IEC TR13335
- ISO/IEC 15408 2005/Common Criteria/ITSEC
- PRINCE2
- PMBOK
- TickIT
- CMMI
- TOGAF 8.1
- IT Baseline Protection Manual
- NIST 800-14.
Aligning COBIT 4.1, ITIL V3 and ISO/IEC 27002 for Business Benefit
IT best practices should be aligned to business requirements and processes. Organizations often use multiple frameworks to inform how to achieve this. This management briefing is the result of a joint study initiated by the UK’s Office of Government Commerce and the IT Governance Institute. It was first published in November 2005, and was updated in August 2008 to reflect the latest versions of three sets of guidance:
- ITIL V3-Published by the UK government to provide a best practice framework for IT service management
- COBIT 4.1-Published by ITGI and positioned as a high-level governance and control framework over IT processes
- ISO/IEC 27002:2005-Published by the International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) ato provide a framework of a standard for information security management
The appendices provide mappings:
- COBIT to sections of ITIL and ISO/IEC 27002
- ITIL key topics to COBIT
- ISO/IEC 27002 classifications to COBIT