ISO/IEC 27001: COBIT Overview in Computer Science (Essay Sample)

Computer Science.
Name:
Instructor’s Name:
Institution:Date:
Outline.
COBIT Overview.
ISO/IEC 27001 and 27002 Overview.
Comparisons of COBIT and ISO/IEC 27001 and 27002.
Summary of Findings.
COBIT Overview.
The value of information technology for many companies is placed on an extremely high pedestal and yet it is not fully understood by many. Accomplished business enterprises recognize the need for the use of information technology systems to support their business operations within the company. The ever growing need of assurance about the management of information technology risks and the increased need for the control of information have made gained room as elemental roles of governance in organizations.
Control Objectives for Information and Related Technologies, or COBIT is a framework that was developed for the purposes of acting as a framework to merge business and information technology in an efficient manner by helping business executives realize the importance of I.T and making them aware of the risks that it entails. It is also to manage any existing or emergent Information Technology (I.T.) risks, meeting the needs of I.T governance and maintenance of the integrity of information systems in a business (I.T.I, 2007).
The first version was released to the market in 1996 with the main aim of developing and promoting an effective and authoritative information control system that is internationally accepted and recognized by business leaders and professionals. COBIT entails processes to manage I.T. processes within an organization. All the processes are combined with process inputs, outputs, activities, objectives of these processes and the performance measures necessary for the evaluation of the business operations and processes (I.T.I, 2007).
COBIT links the business or operation goals together with I.T. objectives and goals. In doing this, it helps provide models of evaluating and measuring achievement along with the identification of the responsibilities of the owners of both processes related to the business and I.T (I.T.I, 2007). The COBIT process is subdivided into four categories or domains these are planning and organization, acquisition and implementation, delivery and support and finally, monitoring and evaluation. COBIT is integrated with other detailed I.T. standards to develop an encompassing framework of best practice models, governance and business needs (I.T.I, 2007).
Through its framework, COBIT, therefore, manages its information in the seven distinct ways to meet and satisfy business objectives. Firstly, information needs to be relevant to the business process and must be delivered in a timely manner while, in usable form, this is effectiveness. Secondly, the information needs to be provided through the most efficient use of business resources in order to avoid wastefulness. Confidentiality also needs to be maintained by concealing information from unauthorized persons. The information also needs to be accurate and reflective of the business operations. COBIT also makes information available when it is required by the business, therefore, ensuring smooth running of the business process. Compliance is also necessary to ensure that the business process abides to any contractual agreement both within and outside the company. Finally, it helps attain the reliability that the business needs to ensure effective governance of the business processes (I.T.I, 2007).
The main advantages of using COBIT to run the I.T processes of a business are that, firstly, it is highly effective to use on high level processes. It also provides a common language for business executives and I.T. professionals, therefore, making discussions about emergent issues in business and system processes relatively easier. The increased efficiency of the business processes also leads to the optimization of running costs for the business. Finally, there is clear ownership of the business responsibilities because all parties have clearly identified roles in the business process (I.T.I, 2007). This too enhances productivity and efficiency due to the reduction of redundancies and replication of efforts in the business process.
COBIT essential function is, therefore, to provide a stop gap between the operational managers needs to execute functions and processes and the executives need to govern the information and ensure its security.
ISO/IEC 27001 and 27002 Overview.
The ISO 27000 series is a group of information security standards that is published by the International Organization for Standardization (I.S.O) and the International Electrotechnical Commission (I.E.C), and as such is an internationally recognized information security standard. The system essentially makes recommendations on best practices for information security systems that are used by organizations around the world. It operates on the premise that the prevention of information security breaches is preferable to the identifying system faults after the loss of information (Information Security, 2011).
The systems have a broad scope or outlook that covers areas such as privacy, confidentiality and technical security matters. The systems are versatile in the application and are suitable for small, midsized and large organizations (Information Security, 2011). The assessment of possible information security risks and vulnerabilities is necessary to help determine the system that best suits the enterprise.
The ISO/IEC 27001 is part of the series and was published in 2005. It is designed to bring information security wholly under management control by mandating specific requirements. These requirements include the systematic evaluation of the organization's security risks, vulnerabilities and possible impacts of attacks on the information system (Information Security, 2011). The design and implementation of information security controls to address those risks that have been identified and great or unacceptable. Finally, the adoption of a management process that ensures that the information security controls effectively meet the information security requirements of the organization at all times (Information Security, 2011).
The ISO/IEC 27002 is also part of the series of information security management systems. It bears subtle differences from the ISO/IEC 27001 in that its emphasis lays in best practices. The most salient difference between the two is that ISO/IEC 27002 provides a list of best practices that can be implemented and produce tangible results on the protection of an information system (Information Security, 2011).
The two, however, work complement each other and are usually taken and employed together in an organization. This is quite simply because the management framework provided for in ISO/IEC 27001 is required by ISO/IEC 27002 to make it coherent and stop it from seeming disjointed in practice and rejected by enterprise management. Conversely, ISO/IEC 27001 needs the best practices of ISO/IEC 27002 to make implementation by top management possible in the first place. This co-dependence, therefore, makes the two systems inseparable (I.S.AR, 2011).
The benefits of using the ISO/IEC 27000 series are abundant in relation to information system management security. The first benefit is that the identification, mitigation, management and improvement of information security systems will be carried out in a planned and organized manner. Secondly, by using the internationally recognized system of information system management security, the best practices will be documented and embedded into practice. This will earn the enterprise international acceptance (Information Security, 2011). Third, organization commitment to information security practices will ensure the proper allocation of resources and identification of roles and responsibilities. The next benefit is that information will be protected from any unauthorized persons who wish to access it. This also contributes significantly to the overall organization security. Finally, intellectual property rights are better protected by the intricate design and best practices that the ISO/IEC series has to offer organizations and enterprises alike (I.S.A.R, 2011).
Comparisons of COBIT and ISO/IEC 27001 and 27002.
COBIT and ISO/IEC 27001 and 27002 have similarities, contrasts as well as aspects of information technology that one handles better than the other.
Similarities.
The similarities in between COBIT and the ISO/IEC 27000 series is that both systems deal with information technology controls in business processes of the enterprises in which they are used. Both these products are designed to strengthen the security of an enterprise’s information and keep it inaccessible from any unauthorized persons wishing to access the information (I.S.A.R, 2011).
Next, both products have been created based on past experience in information security management systems. They have both had preceding versions since their initial conceptions up to today. Each successive version has been more comprehensive than the last based on the information gathered about potential information security vulnerabilities and loop holes that can be exploited by intruders (Arora, 2011). They are continuously refined and perfected to be more competitive in the market and more helpful to the consumers. In effect, each successive version is a more effective information security solution than the last.
Contrasts.
The first contrast originates from their production. COBIT is a framework created by ISACA for information technology management and IT Governance whereas ISO/IEC 27001 and 27002 are part of the growing ISO/IEC 27000 family of standards, is an Information Security Management System (ISMS) standard developed by the International Organization for Standardization (ISO) and THE International Electrotechnical Commission (IEC) (I.S....