INTERACTIONS BETWEEN ITIL, COBIT

AND ISO27001KAĞAN BOZKURT1358110080Department of Computer Engineering /Istanbul University

WHAT IS ITIL?

The ITIL (Information Technology Infrastructure Library) framework is designed to standardize the selection, planning, delivery and support of IT services to a business. The goal is to improve efficiency and achieve predictable service levels. The ITIL framework enables IT to be a business service partner, rather than just back-end support. ITIL guidelines and best practices align IT actions and expenses to business needs and change them as the business grows or shifts direction.

ITIL traces its roots back to the 1980s as data centers began decentralizing and adopting more distributed or geographically diverse architectures. This flexibility led to unwanted differences in processes and deployments, creating inconsistent or suboptimal performance. The United Kingdom's government recognized the importance of perceiving IT as a service and then applying consistent practices across the entire IT service lifecycle, and initiated ITIL.

ITIL-based IT infrastructure management can be a complex specialty for any business, and is often the domain of the largest IT-centric businesses such as Microsoft, Hewlett-Packard and IBM, along with other major enterprises in retail, finance, pharmaceuticals, entertainment and manufacturing. ITIL adoption and maintenance normally requires trained and certified experts to guide a company and its IT staff.

EVOLUTION OF ITIL

WHAT IS COBIT? Control Objectives for Information and Related Technology (COBIT) is an IT governance framework and supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks.

COBIT is sponsored by the Information Systems Audit and Control Association (ISACA). This group was formed in 1967 of individuals with similar auditing controls jobs. They wanted it to be more centralized so the formed the EDP Auditors Association. In 1976 the association formed an education foundation to undertake large-scale research efforts to expand the knowledge and value of the IT governance and control field.

COBIT now enables clear policy development and good practice for IT control throughout organizations. COBIT emphasizes regulatory compliance, helps organizations to increase the value attained from IT, enables alignment and simplifies implementation of the COBIT framework.

WHAT IS ISO 27001 CERTIFICATION ?

ISO 27001 provides a framework around which organisations, of all sizes and from different market sectors, can build a management system to protect one of their most important assets, information. Adopting a risk based approach, ISO 27001 enables organisations to select suitable and proportionate controls for information held electronically, on paper or other media. The information security management system (ISMS) incorporates ongoing management review and auditing activities to ensure that information security practices are appropriate, remain relevant and are continually improved. Certifying to ISO 27001 involves an external assessment of an organisations ISMS by an accredited certification body.

COMPARASIONA first difference of the three standards is the fact that they are issued by different organizations with different areas of activities and objectives.

The general function of the standards is also slighlty different.

COBIT provides best practices and tools for monitoring and mapping IT processes while ITIL aims to map IT service level management and ISO 27002 provides guidelines for implementing a standardized information security framework.

COMPARASIONCOBIT consists of 4 domains and 34 processes which are required for the implementation of the information system audit. ITIL’s best practice framework covers a total of 9 processes and enables the implementation of IT service level management with focus on achieving business effectiveness and efficiency in IT service management.

Thank you for your consideration.