Cobit－COSO－ISO17799-ITIL

Cobit－COSO－ISO17799-ITIL

 

CobiT and COSO provide the “what is to be achieved,” but not the “how to
achieve it.” This is where ITIL and ISO 17799 come in. The Information Technology
Infrastructure Library (ITIL) is the de facto standard of best practices for IT service management.
ITIL was created because of the increased dependence on information technology
to meet business needs. Unfortunately, a natural divide exists between business
people and IT people in every organization because they use different terminology and
have different focuses within the organization. The lack of a common language and
understanding of each other’s domain (business versus IT) has caused many companies
to not properly blend their business objectives and IT functions in an effective manner.
The results of this lack of blending usually end up generating confusion, miscommunication,
missed deadlines, missed opportunities, increased cost in time and labor, and
frustration on both the business and technical sides of the house. ITIL is a customizable
framework that is provided in a set of books or in an online format. It provides the
goals, the general activities necessary to achieve these goals, and the input and output
values for each process required to meet these determined goals. Where CobiT defines
IT goals, ITIL provides the steps at the process level on how to achieve those goals. Although
ITIL has a component that deals with security, its focus is more towards internal
service level agreements between the IT department and the “customers” it serves. The
customers are usually internal departments.

COBIT---it治理；

COSO---it审计；

ITIL---it服务；

ISO17799---信息安全管理体系。