isaca san francisco 2011 fall security conference g32 a modest proposal

G32 The Changing Influences of Social

Media, WikiLeaks and WhistleblowersA Modest Proposal: The Future of IT Auditing

by Mapping ITIL V3 and ISO/IEC 27002 With

CobiT 4.1 Control Objectives

Mapping ITIL V3 and ISO/IEC 27002 With CobiT 4.1 Control Objectives

• AI (Acquire & Implement)• 1, 2, 3 & 4 --- 6 & 7

• DS (Deliver & Support)• 3, 4, & 5 --- 8, 9, 10, 11, 12 & 13

• ME (Monitor & Evaluate)• 1 & 2

• PO (Plan & Organize)• 1, 2, & 3 --- 5 & 6 --- 8, 9, & 10

2

Mapping ITIL V3 & ISO/IEC 27002 W/CobiT 4.1 Control Objectives: Acquire and Implement (AI)

3


4


5


6


7


8


9


10


11


12

Mapping ITIL V3 and ISO/IEC 27002 With CobiT 4.1 Control Objectives: Deliver and Support (DS)


16


17


18


19


20


21


22


23


24


25


26


27


28


29


30


31


32


33

Mapping ITIL V3 and ISO/IEC 27002 With CobiT 4.1 Control Objectives: Monitor and Evaluate (ME)

34


35


36


37


38

Mapping ITIL V3 and ISO/IEC 27002 With CobiT 4.1 Control Objectives: Plan & Organize (PO)

39


40


41


42


43


44


45


46


47


48


49


50


51


52


53


54


55


56


57


58

Summary, Conclusions & Questions

59

Thank you all for your courteous time and attention today:

• Please Note: We’ll be open to and available for discussing any & all areas addressed during this presentation.

Respectfully yours,

Pw CareyConsultant CISA-CISSPCompliance Partners, LLC1250 Grove Avenue, Suite 200Barrington, IL [email protected]/[email protected] or 224-633-1378Fax: 847-381-2067

mailto:[email protected]/

mailto:[email protected]

Mapping ITIL V3 and ISO/IEC 27002 With CobiT 4.1 Control Objectives References

60

1. Aligning Cob iT® 4.1, ITIL® V3 and ISO/IEC 27002 for Business Benefit ® A Management Briefing From ITGI and OGC

Reservation of Rights © 2008 ITGI. All rights reserved. No part of this publication may be used, copied, reproduced, modified,

distributed, displayed, stored in a retrieval system, or transmitted in any form by any means (electronic, mechanical, photocopying, recording or otherwise), without the prior written authorisation of ITGI.

Reproduction and use of all or portions of this publication are solely permitted for academic, internal and non-commercial use and for consulting/advisory engagements, and must include full attribution of the material’s source. No other right or permission is granted with respect to this work.

© Crown Copyright material 2008, published in conjunction with the Office of Government Commerce, is reproduced with the permission of the controller of HMSO and Queen’s Printer for Scotland.

ISACA and ITGI are registered trademarks of ISACA. Co b i T® is a registered trademark of ISACA and ITGI. ITIL® is a Registered Trade Mark of the Office of Government Commerce in the United Kingdom and other countries. IT Infrastructure Library® is a Registered Trade Mark of the Office of Government Commerce in the United Kingdom and other countries.

Copies of ISO/IEC 27002:2005 and all ISO standards can be purchased from the American National Standards Institute (ANSI) at http://webstore.ansi.org, phone: +1.212.642.4980; BSI in the UK (www.bsi-global.com/shop.html); and ISO (www.iso.org/iso/store.htm).

isaca san francisco 2011 fall security conference g32 a modest proposal

Documents

mapping itil v3 isoiec

control objectives ai

support ds

po plan

modest proposal