Security Basics mailing list archives
Re: CobiT / ISO 20000 / ITIL / ISO 27001
From: patrick.sullivan () jbwgroup com
Date: 25 Feb 2008 13:43:09 -0000
The answer to your question depends on your objectives for obtaining certification, since each of the indicated standards are designed to accomplish different ends. These also may be fairly complimentary, because they address different governance, risk management and compliance needs for the business. To oversimplify a bit- CobiT looks at IT governance capabilities across a number of areas, ISO 20000 addresses IT service level management, and ISO 27001 (and associated standard) specifically addresses information security management. I'd also suggest that "most easily implemented" might not be the best evaluation criterion for any of the indicated standards...
Current thread:
- CobiT / ISO 20000 / ITIL / ISO 27001 rafael . almeida (Feb 22)
- Re: CobiT / ISO 20000 / ITIL / ISO 27001 mamo (Feb 25)
- Re: CobiT / ISO 20000 / ITIL / ISO 27001 Sergii Khomenko (Feb 25)
- Message not available
- CobiT / ISO 20000 / ITIL / ISO 27001 Harshal Mehta (Feb 27)
- Message not available
- <Possible follow-ups>
- Re: CobiT / ISO 20000 / ITIL / ISO 27001 patrick . sullivan (Feb 25)