ISO/IEC 27002 for Business Benefit
A Management Briefing From ITGI and OGC
Aligning CobiT 4.1, ITIL V3 and ISO/IEC 27002 for Business Benefit
IT Governance Institute® The IT Governance Institute (ITGITM) (www.itgi.org) is a non-profit, independent research entity that provides guidance for the global business community on issues related tothe governance of IT assets. ITGI was established by the non-profit membership association ISACA® in 1998 to help ensure that IT delivers value and its risks are mitigated through alignment with enterprise objectives, IT resources are properly managed, and IT performance is measured. ITGI developed Control Objectives for Information and related Technology (CobiT®) and Val ITTM, and offersoriginal research and case studies to help enterprise leaders and boards of directors fulfil their IT governance responsibilities and help IT professionals deliver value-adding services. The Office of Government Commerce The mission of the Office of Government Commerce (OGC) (www.ogc.gov.uk) is to work with public sector organisations to help them achieve efficiency, value for money in commercialactivities and improved success from programmes and projects. OGC supports the achievement of its targets through concentrating its efforts in a wide-ranging programme supporting improvement through three significant activities in public sector organisations: efficiency, programme and project management, and procurement. The Stationery Office (TSO) commissioned support for this work of behalf of OGC.Disclaimer ITGI and OGC have designed and created Aligning CobiT® 4.1, ITIL® V3 and ISO/IEC 27002 for Business Benefit (the ‘Work’), primarily as an educational resource for chief information officers, senior management and IT management. ITGI and OGC make no claim that use of any of the Work will assure a successful outcome. The Work should not be considered inclusive of all proper information,procedures and tests or exclusive of other information, procedures and tests that are reasonably directed to obtaining the same results. In determining the propriety of any specific information, procedure or test, the chief information officers, senior management and IT management should apply their own professional judgement to the specific circumstances presented by the particular systems orinformation technology environment. Reservation of Rights © 2008 ITGI. All rights reserved. No part of this publication may be used, copied, reproduced, modified, distributed, displayed, stored in a retrieval system, or transmitted in any form by any means (electronic, mechanical, photocopying, recording or otherwise), without the prior written authorisation of ITGI. Reproduction and use of all orportions of this publication are solely permitted for academic, internal and non-commercial use and for consulting/advisory engagements, and must include full attribution of the material’s source. No other right or permission is granted with respect to this work. © Crown Copyright material 2008, published in conjunction with the Office of Government Commerce, is reproduced with the permission of thecontroller of HMSO and Queen’s Printer for Scotland. ISACA and ITGI are registered trademarks of ISACA. CobiT® is a registered trademark of ISACA and ITGI. ITIL® is a Registered Trade Mark of the Office of Government Commerce in the United Kingdom and other countries. IT Infrastructure Library® is a Registered Trade Mark of the Office of Government Commerce in the United Kingdom and other countries.Copies of ISO/IEC 27002:2005 and all ISO standards can be purchased from the American National Standards Institute (ANSI) at http://webstore.ansi.org, phone: +1.212.642.4980; BSI in the UK (www.bsi-global.com/shop.html); and ISO (www.iso.org/iso/store.htm). IT Governance Institute 3701 Algonquin Road, Suite 1010 Rolling Meadows, IL 60008 USA Phone: +1.847.660.5700 Fax: +1.847.253.1443 E-mail:...