원문정보
초록
영어
Information is a fundamental asset within any organization and the protection of this asset, through a process of information security is of equal importance. COBIT and ISO27001 are as reference frameworks for information security management to help organizations assess their security risks and implement appropriate security controls. One of the most important sections of IT within the COBIT framework is information security management that cover confidentiality, integrity and availability of resources. Since the issues raised in the information security management of COBIT, are the area covered by the ISO/IEC27001 standard, the best option to meet the information security management in COBIT infrastructure, is using of ISO/IEC27001 standard. For coexistence of and complementary use of COBIT and ISO27001, mapping of COBIT processes to ISO/IEC 27001 controls is beneficial. This paper explores the role of information security within COBIT and describes mapping approach of COBIT processes to ISO/IEC27001 controls for information security management.
목차
1. Introduction
2. COBIT Framework
2.1. Description of the Guidance and Content of the COBIT
2.2. Characteristics of the COBIT Framework
2.3. COBIT Framework Model
2.4. COBIT as a Foundation for Information Security Management
3- ISO/IEC 27001 Standard
4. Mapping of COBIT Processes to ISO/IEC27001 Controls
4.1 Scenario 1
4.2 Scenario 2
4.3 Scenario 3
5. Conclusion and Future Work
References