COBIT
Cobit is stand for Control
Objective over Information and Related
Technology. Cobit issued
by ISACA (Information System Control Standard) a non profit organization for
IT Governance. The Cobit main function is to help the company, mapping their IT
process to ISACA best practices standard. Cobit usually choosen by the company
who performing information system audit, whether related to financial audit or
general IT audit.
ITIL
ITIL stand for Information
Technology Library. ITIL issued by OGC, is a set of framework for managing IT
Service Level. Although ITIL is quite similar with COBIT in many ways, but the
basic difference is Cobit set the standard by seeing
the process based and risk, and in the other hand ITIL set the standard from basic IT service.
ISO27001
ISO27001 is much more different between COBIT and ITIL, because ISO27001 is a security
standard, so it has smaller
but deeper domain compare to COBIT and ITIL.
What should be implemented first?
There's no exact answer about this
question, but i think its really depend on your company and your requirement.
Most of company start to implemented Cobit first
because its cover general information system. And after that they usually
choose between ITIL or ISO27001.
What is the easiest standard?
From the implementatation view, ITIL
is the easiest standard to be implemented. Because, ITIL could be implemented
partially and still not have impact(etki) on performance. Example, if IT
departement lack of(eksiklik) budget and he could choose to implement IT
Service Delivery layer only, and the next year he will try to implement IT
Release Management or IT Problem Management.
