Most organizations employ multiple frameworks and standards for implementing and controlling technology. Here are some publications that map COBIT to other sources of guidance. While this is slightly out of date in terms of TOGAF it is still an interesting read to see how these frameworks relate.
This document can be used to align guidance supporting IT governance, especially regarding IT control and IT security guidance in relationship to COBIT. It lists over a dozen international standards/guidance, and for each one provides a classification, a short overview of the contents and the business driver for implementing the guidance, and the risks of noncompliance. Included are:
COBIT
COSO
ITIL
ISO/IEC 17799:2005
FIPS Pub 200
ISO/IEC TR13335
ISO/IEC 15408 2005/Common Criteria/ITSEC
PRINCE2
PMBOK
TickIT
CMMI
TOGAF 8.1
IT Baseline Protection Manual
NIST 800-14. Aligning COBIT 4.1, ITIL V3 and ISO/IEC 27002 for Business Benefit
IT best practices should be aligned to business requirements and processes. Organizations often use multiple frameworks to inform how to achieve this. This management briefing is the result of a joint study initiated by the UK's Office of Government Commerce and the IT Governance Institute. It was first published in November 2005, and was updated in August 2008 to reflect the latest versions of three sets of guidance:
ITIL V3-Published by the UK government to provide a best practice framework for IT service management
COBIT 4.1-Published by ITGI and positioned as a high-level governance and control framework over IT processes
ISO/IEC 27002:2005-Published by the International Organization for Standardization (ISO) and International Electro technical Commission (IEC) a to provide a framework of a standard for information security management The appendices provide mappings:
COBIT to sections of ITIL and ISO/IEC 27002
ITIL key topics to COBIT
ISO/IEC 27002 classifications to COBIT
Comments