Cobit, Itil and Iso 27002 Alignments for Information Security Governance in Modern Organisations

Download Article

Authors : Tanvir Orakzai


Over the years; there have been a number of methodologies and standards designed to help IT Governance and information security within modern organizations to achieve optimum process to achieve business objectives. Companies pursue the use of various mechanisms to ensure that their IT infrastructure is aligned with the objectives of the business and comply with local and global IT governance rules and regulations. Despite the vast amount of options available, there has been considerable confusion over the various methods used IT manager due to their lack of compressive information Governess approach. This paper proposes the comprehensive alignment of ITIL, COBIT and ISO/IEC 27002 that can be effectively used by any organization as a comprehensive solution to handle IT Governance and Information Technology Management in their organizations.


ITIL, COBIT, ISO- 27002, information security, IT Governance, Information Technology Management


[1.] BRENNER, Michael et al. Towards an Information Model for ITIL and ISO/IEC 20000 processes. IEEE Computer Society and Information Engineering. 2009.

[2.] 2) CHASE, Richard B.; JACOBS, F. Robert; AQUILANO, Nicholas. Administração da Produção para a Vantagem,Competitiva. 10. ed. Porto Alegre: Bookman, 2006.

[3.] 3) IT GOVERNANCE. Global Status Report. [2008]. Available at: nt/ContentDisplay.cfm>. Accessed: May, 30, 2013.

[4.] 4) ITGTI - IT GOVERNANCE INSTITUTE. Board Briefing On It Governance. 2. ed. 2008. Available at:

< agement/ContentDisplay.cfm&ContentID=39649>. Accessoem: April, 18.,2013.

[5.] ITGTI - IT GOVERNANCE INSTITUTE. COBIT 4.1. Ilinois: IT Governance Institute, 2007.

[6.] NABIOLLAHI, Akbar; SAHIBUDDIN, Shamsul Bin. Considering Service Strategy in ITIL V3 as a Framework for IT Governance. 2008

[7.] RIDLEY, Gail; YOUNG, Judy; CARROLL, Peter. COBIT and its Utilization: A framework from the literature. IEEE Transactions on Systems, Man and Cybernetics. Part B, Cybernetics, United States, Jan. [2004].

[8.] SAINT-GERMAIN, Rene. Information Security Management Best Practice Based on ISO/IEC 17799. The Information Management Journal, v.25, n.1, Jul./Aug. 2005.

[9.] SIMONSSON, Marten; JOHNSON, Pontus. The IT organization modelling and assessment tool: Correlating IT governance maturity with the effect of IT. IEEE Transactions on Systems, Man and Cybernetics. Part B, Cybernetics, United States. 2008.

[10.]         ZHANG, Shaohua et al. ITIL Process Integration in the Context of Organization Environment. IEEE Computer Society and Information Engineering, United States. [2009]. Available at:

<> .

Accessed: July, 3, 2013.