Standardization of Information Security Management System: ISO/IEC 27001:2005, ITIL®, CoBIT®

Abstract

Information is currently the most important asset of modern companies. Its security is therefore very important and becomes the top priority of each company. Unfortunately, there is no simple recipe providing 100 % security of information. A company must apply the best security procedures with the aim to achieve an appropriate level of its information security. This paper presents and compares the most widely used approaches to Information Security Management System – ISO/IEC 27001:2005, BS 7799, ITIL® and CoBIT®. Each standard has its own scope, focus and target audience, which complement each other and play an important role in a company. The company should have an implemented methodological guidance of IT management to ensure a consistent approach to IT management and IT security. In addition to the standards and frameworks, other important players in the standardization of information security are e.g. AIM, BISLA®, CMMI®, ISO/IEC 15504–x, AS8015, etc.