PricingBlogAbout Us

An Analysis of IT Governance Models: COBIT, ISO 27002, ITIL, OCTAVE

Verified

Added on  2022/09/02

|8
|1359
|20
Report
AI Summary
This report provides a comparative analysis of four prominent IT governance models: COBIT, ISO 27002, ITIL, and OCTAVE. It begins with an overview of COBIT, emphasizing its role in connecting IT and enterprise governance, along with its four key domains and various components. The report then delves into ISO 27002, highlighting its importance in securing information and maintaining privacy, including its list of controls to address IT risks and its global recognition. The report also discusses ITIL, detailing its best practices for delivering efficient IT services and its five lifecycle stages, emphasizing its customer-centric approach. Finally, the report examines OCTAVE, describing it as a comprehensive planning tool for identifying and managing information security risks, and its three-phase framework. Each model's overview is followed by a rationale for its selection and implementation within an organization, providing insights into their strengths and applications.
Document Page
Running head: COMPARISON OF GOVERNANCE MODELS
COMPARISON OF GOVERNANCE MODELS
Name of the student:
Name of the university:
Author Note:
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
1COMPARISON OF GOVERNANCE MODELS
Table of Contents
Control Objectives for Information and Related Technology (COBIT)....................................2
Overview................................................................................................................................2
Reason to choose it.................................................................................................................2
ISO 27002..................................................................................................................................2
Overview................................................................................................................................2
Reason to choose it.................................................................................................................3
Information Technology Infrastructure Library (ITIL)..............................................................3
Overview................................................................................................................................3
Reason to choose it.................................................................................................................4
Operationally Critical Threat, Asset and Vulnerability Evaluation (OCTAVE).......................4
Overview................................................................................................................................4
Reason to choose it.................................................................................................................4
References..................................................................................................................................6
Document Page
2COMPARISON OF GOVERNANCE MODELS
Control Objectives for Information and Related Technology (COBIT)
Overview
The framework of COBIT provides for the best IT management practices that helps
the organizations in the IT industry to achieve their goals through utilising their resources
well and minimizing the IT risks at a significant rate. COBIT is responsible for connecting
the IT and the Enterprise governance based on the metrics and the maturity models to obtain
business goals. ISACA organization released the first COBIT version in 1996 (Andry &
Setiawan, 2019). The four specific domains of COBIT include a) Organizing and Planning, b)
Support and Delivery, c) Acquiring and implementing and d) Supervising and Evaluating.
The various COBIT components comprises of Framework, Process Descriptions, Control
Objectives, Models of Maturity and Management Policies.
Reason to choose it
The COBIT certification not only prepares the IT professionals to face the global IT
risks but also provides a sufficient expertise information of the issues of IT management such
that the organizations can minimize the chances of risk (Alkhaldi, Hammami & Ahmar
Uddin, 2017). It helps the organizations to differentiate between the management and
governance and incorporates exact risk-free solutions for the new age IT businesses
comprising of features like Cloud Computing, Big Data and many more.
ISO 27002
Overview
Securing information in an organization and maintaining privacy of the confidential
information is crucial for any IT organization. The International Organization for
Standardization published ISO 27002 in the year 2000 with the aim to provide numerous

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

Document Page
3COMPARISON OF GOVERNANCE MODELS
potential controls and mechanisms to control the IT risks (Kurniawan & Riadi, 2018). The
standard suggests a list of controls to address during the formal risk assessment procedure. It
also provides a guide for developing the security standards and substantial security
management practices that comprises of selection, implementation and finally controlling the
management that is based on any particular organization’s unique security management.
Reason to choose it
The speciality of this standardized government model is that it not only enhances
security awareness in the IT organizations but also reduces the cost of insurance premiums
based on IT risks (Alexander & Panguluri, 2017). The model provides for policies and
procedures that recognizes the criteria, structure as well as methodology on a global basis.
Moreover, due to such enhanced security practices, it incorporates lower delivery costs
reducing the frauds and inefficiency in the management controls. It also enhances the
confidence of the client towards the organization.
Information Technology Infrastructure Library (ITIL)
Overview
Developed by the Central Computer and Telecommunications Agency of the British
government in the year 1980, the ITIL is a library that describes the best practises for
delivering efficient IT services in a single framework (Palilingan & Batmetan, 2018). After
undergoing several revisions, the ITIL library comprises of five books that covers all the
processes of the lifecycle of IT services. It not only provides solutions to manage risks in IT
businesses but also guides the organization in strengthening customer relations, incorporate
cost-effective practices and enhance growth through sustainable development. The service
lifecycle stages of ITIL are the service strategy, service design, service transition, operations
of service and continual improvement of services.
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
4COMPARISON OF GOVERNANCE MODELS
Reason to choose it
The organizations incorporating IT services will choose ITIL over any other
governance model because it just not limits itself to providing best IT services. In addition, it
incorporates a professional approach in providing service delivery by maintaining standards
and guidance that helps to gain customer satisfaction at its best (Alimam, Bertin & Crespi,
2017). The systematic approach in this model ensures improvement in the delivery of third-
party services to improve productivity. No other model helps to build a stable environment of
IT practices that incorporates growth, change and scale.
Operationally Critical Threat, Asset and Vulnerability Evaluation
(OCTAVE)
Overview
OCTAVE is a comprehensive planning tool to identify the risk assessment methods
and manage all types of Information Security risks in an organization. This security
framework was developed in the year 2001 at Carnegie Mellon University such that the U.S.
Department of Defence can use it for their security purposes (Ramadhani, Hartanto &
Nugroho, 2018). Apart from only looking into the IT risks, the framework adheres to the
operational as well as the security initiatives of an organization and its components. The
framework of OCTAVE is built on three phases: a) Organizational Analysis- that cultivates
the basic security strategies, b) Technological Analysis- that identifies the infrastructure and
its associated vulnerabilities and c) Risk Analysis- that recognises the IT risks and develops
mitigation plans against it.
Reason to choose it
The major benefit of adopting OCTAVE framework for mitigating risks is that it
incorporates qualitative descriptions against risk methodologies instead of quantitative ones
Document Page
5COMPARISON OF GOVERNANCE MODELS
(Wagiu, Siregar & Maulany, 2019). The risk assessment process of OCTAVE enables the
organizations to implement controls where it is necessary thus bringing in flexibility of the
operations. It is also a cost-effective approach because it only concerns about the
unacceptable risks and develops ways to deal them consistently.

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

Document Page
6COMPARISON OF GOVERNANCE MODELS
References
Alexander, R. D., & Panguluri, S. (2017). Cybersecurity terminology and frameworks.
In Cyber-Physical Security (pp. 19-47). Springer, Cham.
Alimam, M., Bertin, E., & Crespi, N. (2017). ITIL perspective on enterprise social
media. International Journal of Information Management, 37(4), 317-326.
Alkhaldi, F. M., Hammami, S. M., & Ahmar Uddin, M. (2017). Understanding value
characteristics toward a robust IT governance application in private organizations
using COBIT framework. International Journal of Engineering Business
Management, 9, 1847979017703779.
Andry, J. F., & Setiawan, A. K. (2019). IT Governance Evaluation using COBIT 5
Framework on the National Library. Jurnal Sistem Informasi, 15(1), 10-17.
Kurniawan, E., & Riadi, I. (2018). Security level analysis of academic information systems
based on standard iso 27002: 2013 using Sse-Cmm. International Journal of
Computer Science and Information Security (IJCSIS), 16(1), 139-147.
Palilingan, V. R., & Batmetan, J. R. (2018, February). Incident management in academic
information system using ITIL framework. In IOP Conference Series: Materials
Science and Engineering (Vol. 306, No. 1, p. 012110). IOP Publishing.
Ramadhani, S. T. A., Hartanto, R., & Nugroho, E. (2018). RISK-MANAGEMENT BASED
GOVERNMENT INFORMATION SYSTEM SECURITY USING OCTAVE
ALLEGRO FRAMEWORK. In Proceeding of International Seminar & Conference
on Learning Organization.
Wagiu, E. B., Siregar, R., & Maulany, R. (2019, December). Information System Security
Risk Management Analysis in Universitas Advent Indonesia Using Octave Allegro
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
7COMPARISON OF GOVERNANCE MODELS
Method. In Abstract Proceedings International Scholars Conference (Vol. 7, No. 1,
pp. 1715-1724).
chevron_up_icon
1 out of 8
circle_padding
hide_on_mobile
zoom_out_icon
logo.png

Your All-in-One AI-Powered Toolkit for Academic Success.

  +13062052269
info@desklib.com

Available 24*7 on WhatsApp / Email

[object Object]
Unlock your academic potential

Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.