Comparative Analysis of IT Governance Models and Frameworks

Verified

Added on 2022/09/02

AI Summary

This report provides a comprehensive overview of four key IT governance models: COBIT, ISO 27002, ITIL, and OCTAVE. It begins with a detailed explanation of each model, including their core principles, objectives, and practical applications. The COBIT framework, published by ITGI, is presented as a high-level framework that helps organizations manage IT processes and align them with business objectives. The ISO 27002 standard is described as a set of best practices for information security management systems (ISMS), providing a framework for controlling information security. ITIL is presented as a set of best practices that organizations can implement to support IT assets and align with business goals, with an emphasis on its five core publications and lifecycle phases. Finally, the OCTAVE framework is discussed as a security framework designed to assess risks and prepare defenses against cyberattacks, including its three segments for building threat profiles, identifying vulnerabilities, and developing security strategies. The report then explores the reasons why organizations may choose one governance model over another, considering factors such as the scope of the framework, the need for international recognition, and the specific expertise required for implementation. References in APA format are included.

Running head: POLICY MANAGEMENT
POLICY MANAGEMENT
Enter the name of the Student:
Enter the name of the University:
Author note:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1POLICY MANAGEMENT
Table of Contents
1. Overview of the models.........................................................................................................2
1.1. COBIT (Control Objective over Information and related Technology).........................2
1.2. ISO 27002.......................................................................................................................2
1.3. ITIL (Information Technology Infrastructure Library)...................................................2
1.4. OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation)...........3
2. Reasons of choosing the governance models by any organization........................................3
3. References..............................................................................................................................5

2POLICY MANAGEMENT
1. Overview of the models
1.1. COBIT (Control Objective over Information and related Technology)
The COBIT is the framework that is high level and is published by the ITGI. It can
map the core processes of the IT such a way that permits the authority bodies mainly the
business executives to perform the important policies also the techniques successfully
(Huygh, De Haes, Joshi & Van Grembergen, 2018). Sometime this is used for linking
together the controls, risks and the technical issues within any organization.
1.2. ISO 27002
It supplies the top exercise references for the ISMS that is Information Security
Management System standard executed sometime by consuming this ISO 27001 (Pereira,
Ferreira & Amaral, 2017). Both are developed by ISO that is International Organization for
Standard. Whenever 27001 conveys the system of management which for controlling the
security of the information, this does not deliver particular or business connected controls
which is left up to the ISO 27002. It is mainly used by the IT department exact to any
organization (Tari Schreider, CISM & CISO, 2017). Department of IT is the main center of
this resulting controls of the management system.
1.3. ITIL (Information Technology Infrastructure Library)
It is the set of the greatest practices any association may execute with the intention of
the support assets of IT also presents to the aims of business. It is presented in the sequence
of five main publications. Each one are equivalent to the phase in the IT lifespan (Fenz,
Plieschnegger & Hobel, 2016). This procedures develops documents of this procedures, tasks
also the worksheets that are not exact to this business with the aim of being capable to
generate the standard from which execute the controls also determine the success. Originally
it was designed for the use inside the government of U.K. also it is the most related inside this

3POLICY MANAGEMENT
territory. Though, now it is the universally recognized standard also is in practice by several
organizations external the origin geographical zone.
1.4. OCTAVE (Operationally Critical Threat, Asset, and Vulnerability
Evaluation)
It is the framework of security to determine the level of the risk also the preparation
defences against the assaults of cyber (Jufri, Hendayun & Suharto, 2017). This framework
describes the methodology for helping the organizations to reduce the coverage to possible
threats, measure possible concerns of the attack also contract with this attacks which succeed.
It was produced in the year 2001 at the Carnegie Mellon University (CMU) for the
Department of Defence in United States. It has three segments, first segment is to build the
threat profiles that are asset based, second segment is to recognize the vulnerabilities of
infrastructure and last segment is to develop the strategy and plans of security. Two versions
are present, one is OCTAVE-S and another is the OCTAVE Allegro. The OCTAVE-S is used
for small size organization and OCTAVE Allegro is used for the larger organization.
2. Reasons of choosing the governance models by any organization
There are many reasons present why any organization may select one of this
governance models over another and these reasons are as follows:
i) The COBIT is the good applicant whenever the company wants to make the framework of
company wide for the management which is scoped outdoor of the information security only
(Huygh, De Haes, Joshi & Van Grembergen, 2018). When the direct accreditation is not
provided then the certification can achieve via the narrowly aligned paths.
ii) For the ISO 27002, the related certification delivers the globally acknowledgement also
the acceptance. So, the organizations wanted to operation across the international boundaries
may be found execution also the certification advantageous (Pereira, Ferreira & Amaral,

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4POLICY MANAGEMENT
2017). Additionally, some of the ISO 27001 specialized comapnies need the associates for
becoming specialized too.
iii) The ITIL facts to the ISO standards by way of the framework wherein to execute the
resolution. It applies fine for the companies wanting to practice the ISO standards with the
international acknowledgement deprived of essentially achieving the certification of the ISO
27001 (Fenz, Plieschnegger & Hobel, 2016).
iv) This OCTAVE is designed for leveraging experience also the expertise of the people
inside the organization. The first stage is to develop the profiles of the threats based on
comparative risk which they stance (Lie, 2019). The procedure goes on to comportment the
vulnerability calculation exact to this organization.

5POLICY MANAGEMENT
3. References
Huygh, T., De Haes, S., Joshi, A., & Van Grembergen, W. (2018, January). Answering key
global IT management concerns through IT governance and management processes: A
COBIT 5 View. In Proceedings of the 51st Hawaii International Conference on System
Sciences.
Pereira, C., Ferreira, C., & Amaral, L. (2017, September). IT value management capability
enabled with COBIT 5 framework. In European, Mediterranean, and Middle Eastern
Conference on Information Systems (pp. 431-446). Springer, Cham.
Tari Schreider, S. S. C. P., CISM, C., & CISO, I. (2017). Building Effective Cybersecurity
Programs: A Security Manager’s Handbook. Rothstein Publishing.
Fenz, S., Plieschnegger, S., & Hobel, H. (2016). Mapping information security standard ISO
27002 to an ontological structure. Information & Computer Security.
Jufri, M. T., Hendayun, M., & Suharto, T. (2017, November). Risk-assessment based
academic information System security policy using octave Allegro and ISO 27002. In 2017
Second International Conference on Informatics and Computing (ICIC) (pp. 1-6). IEEE.
Lie, K. A. (2019). An introduction to reservoir simulation using MATLAB/GNU Octave:
User guide for the MATLAB Reservoir Simulation Toolbox (MRST). Cambridge University
Press.